(electronic music) >> Hello, I'm John Furrier with SiliconANGLE News and host of theCUBE, and welcome to our news update for MWC in Barcelona, the premier event for cloud and to the telecommunication industry. News today, VMware in the news has lots of announcements, where it's expanding its line of products for communication service providers with Open RAND portfolio VMware's unveiled service management orchestration framework for simplifying and automating radio access networks and their applications. RANDs have traditionally been proprietary because of their need for low latency and speed and the Overran Alliance is championed open standard that would expand the number of players in the RAND ecosystem. According to Sanjay Oppai, senior vice president and general manager of the service provider and Edge Business Unit at VMware, VMware is the forefront of getting deployed in telcos both in the RAND as well as the core and VMware hopes they can extend their leadership from the enterprise data center and SD WAN and be the defacto standard in the RAND. VMware is also announcing a technical preview that'll allow communications service providers to run disaggregated and virtualized RAND functions directly on bare metal servers using VMware Tanzu. Project Hui is the initiative aimed at telecom providers that need flexibility in how they deploy edge devices. The VMware Telco cloud platform is also being improved to deliver carrier grade intelligent networking and lateral security features such as distributed firewall and intrusion detection and prevention, along with support for energy efficient use cases for 4G and 5G core load balancing. For enterprise customers, VMware is delivering new and enhanced remote worker device connectivity and intelligent wireless capabilities to its SD WAN and Secure Access Service Edge, or SASE Products, is also expanding its collaboration with Intel aimed at delivering new edge applications based on 5G connectivity that will support SD WAN use cases involving mobile and internet of things devices. Again, VMware spinning their portfolio in the news. Again, VMware is not stopping. Of course, theCUBE's, all the coverage of VMware Explorer will be coming up this year in 2023. Don't miss that. But at mwc, Dave Vellante and Lisa Martin, the entire Cube team are there for four days of live coverage. Of course, all the news and reporting is on SiliconANGLE.com. For all the action, go there. And of course theCUBE.net is where the broadcast is in Barcelona. This is theCUBE News. Thanks for watching.

(upbeat music) >> Welcome back, everyone, to our Cube special programming on "Securing Compute, Engineered for the Hybrid World." We got Cole Humphreys who's with HPE, global server security product manager, and Mike Ferron-Jones with Intel. He's the product manager for data security technology. Gentlemen, thank you for coming on this special presentation. >> All right, thanks for having us. >> So, securing compute, I mean, compute, everyone wants more compute. You can't have enough compute as far as we're concerned. You know, more bits are flying around the internet. Hardware's mattering more than ever. Performance markets hot right now for next-gen solutions. When you're talking about security, it's at the center of every single conversation. And Gen11 for the HPE has been big-time focus here. So let's get into the story. What's the market for Gen11, Cole, on the security piece? What's going on? How do you see this impacting the marketplace? >> Hey, you know, thanks. I think this is, again, just a moment in time where we're all working towards solving a problem that doesn't stop. You know, because we are looking at data protection. You know, in compute, you're looking out there, there's international impacts, there's federal impacts, there's state-level impacts, and even regulation to protect the data. So, you know, how do we do this stuff in an environment that keeps changing? >> And on the Intel side, you guys are a Tier 1 combination partner, Better Together. HPE has a deep bench on security, Intel, We know what your history is. You guys have a real root of trust with your code, down to the silicon level, continuing to be, and you're on the 4th Gen Xeon here. Mike, take us through the Intel's relationship with HPE. Super important. You guys have been working together for many, many years. Data security, chips, HPE, Gen11. Take us through the relationship. What's the update? >> Yeah, thanks and I mean, HPE and Intel have been partners in delivering technology and delivering security for decades. And when a customer invests in an HPE server, like at one of the new Gen11s, they're getting the benefit of the combined investment that these two great companies are putting into product security. On the Intel side, for example, we invest heavily in the way that we develop our products for security from the ground up, and also continue to support them once they're in the market. You know, launching a product isn't the end of our security investment. You know, our Intel Red Teams continue to hammer on Intel products looking for any kind of security vulnerability for a platform that's in the field. As well as we invest heavily in the external research community through our bug bounty programs to harness the entire creativity of the security community to find those vulnerabilities, because that allows us to patch them and make sure our customers are staying safe throughout that platform's deployed lifecycle. You know, in 2021, between Intel's internal red teams and our investments in external research, we found 93% of our own vulnerabilities. Only a small percentage were found by unaffiliated external entities. >> Cole, HPE has a great track record and long history serving customers around security, actually, with the solutions you guys had. With Gen11, it's more important than ever. Can you share your thoughts on the talent gap out there? People want to move faster, breaches are happening at a higher velocity. They need more protection now than ever before. Can you share your thoughts on why these breaches are happening, and what you guys are doing, and how you guys see this happening from a customer standpoint? What you guys fill in with Gen11 with solution? >> You bet, you know, because when you hear about the relentless pursuit of innovation from our partners, and we in our engineering organizations in India, and Taiwan, and the Americas all collaborating together years in advance, are about delivering solutions that help protect our customer's environments. But what you hear Mike talking about is it's also about keeping 'em safe. Because you look to the market, right? What you see in, at least from our data from 2021, we have that breaches are still happening, and lot of it has to do with the fact that there is just a lack of adequate security staff with the necessary skills to protect the customer's application and ultimately the workloads. And then that's how these breaches are happening. Because ultimately you need to see some sort of control and visibility of what's going on out there. And what we were talking about earlier is you see time. Time to seeing some incident happen, the blast radius can be tremendous in today's technical, advanced world. And so you have to identify it and then correct it quickly, and that's why this continued innovation and partnership is so important, to help work together to keep up. >> You guys have had a great track record with Intel-based platforms with HPE. Gen11's a really big part of the story. Where do you see that impacting customers? Can you explain the benefits of what's going on with Gen11? What's the key story? What's the most important thing we should be paying attention to here? >> I think there's probably three areas as we look into this generation. And again, this is a point in time, we will continue to evolve. But at this particular point it's about, you know, a fundamental approach to our security enablement, right? Partnering as a Tier 1 OEM with one of the best in the industry, right? We can deliver systems that help protect some of the most critical infrastructure on earth, right? I know of some things that are required to have a non-disclosure because it is some of the most important jobs that you would see out there. And working together with Intel to protect those specific compute workloads, that's a serious deal that protects not only state, and local, and federal interests, but, really, a global one. >> This is a really- >> And then there's another one- Oh sorry. >> No, go ahead. Finish your thought. >> And then there's another one that I would call our uncompromising focus. We work in the industry, we lead and partner with those in the, I would say, in the good side. And we want to focus on enablement through a specific capability set, let's call it our global operations, and that ability to protect our supply chain and deliver infrastructure that can be trusted and into an operating environment. You put all those together and you see very significant and meaningful solutions together. >> The operating benefits are significant. I just want to go back to something you just said before about the joint NDAs and kind of the relationship you kind of unpacked, that to me, you know, I heard you guys say from sand to server, I love that phrase, because, you know, silicone into the server. But this is a combination you guys have with HPE and Intel supply-chain security. I mean, it's not just like you're getting chips and sticking them into a machine. This is, like, there's an in-depth relationship on the supply chain that has a very intricate piece to it. Can you guys just double down on that and share that, how that works and why it's important? >> Sure, so why don't I go ahead and start on that one. So, you know, as you mentioned the, you know, the supply chain that ultimately results in an end user pulling, you know, a new Gen11 HPE server out of the box, you know, started, you know, way, way back in it. And we've been, you know, Intel, from our part are, you know, invest heavily in making sure that all of our entire supply chain to deliver all of the Intel components that are inside that HPE platform have been protected and monitored ever since, you know, their inception at one of any of our 14,000, you know, Intel vendors that we monitor as part of our supply-chain assurance program. I mean we, you know, Intel, you know, invests heavily in compliance with guidelines from places like NIST and ISO, as well as, you know, doing best practices under things like the Transported Asset Protection Alliance, TAPA. You know, we have been intensely invested in making sure that when a customer gets an Intel processor, or any other Intel silicone product, that it has not been tampered with or altered during its trip through the supply chain. HPE then is able to pick up that, those components that we deliver, and add onto that their own supply-chain assurance when it comes down to delivering, you know, the final product to the customer. >> Cole, do you want to- >> That's exactly right. Yeah, I feel like that integration point is a really good segue into why we're talking today, right? Because that then comes into a global operations network that is pulling together these servers and able to deploy 'em all over the world. And as part of the Gen11 launch, we have security services that allow 'em to be hardened from our factories to that next stage into that trusted partner ecosystem for system integration, or directly to customers, right? So that ability to have that chain of trust. And it's not only about attestation and knowing what, you know, came from whom, because, obviously, you want to trust and make sure you're get getting the parts from Intel to build your technical solutions. But it's also about some of the provisioning we're doing in our global operations where we're putting cryptographic identities and manifests of the server and its components and moving it through that supply chain. So you talked about this common challenge we have of assuring no tampering of that device through the supply chain, and that's why this partnering is so important. We deliver secure solutions, we move them, you're able to see and control that information to verify they've not been tampered with, and you move on to your next stage of this very complicated and necessary chain of trust to build, you know, what some people are calling zero-trust type ecosystems. >> Yeah, it's interesting. You know, a lot goes on under the covers. That's good though, right? You want to have greater security and platform integrity, if you can abstract the way the complexity, that's key. Now one of the things I like about this conversation is that you mentioned this idea of a hardware-root-of-trust set of technologies. Can you guys just quickly touch on that, because that's one of the major benefits we see from this combination of the partnership, is that it's not just one, each party doing something, it's the combination. But this notion of hardware-root-of-trust technologies, what is that? >> Yeah, well let me, why don't I go ahead and start on that, and then, you know, Cole can take it from there. Because we provide some of the foundational technologies that underlie a root of trust. Now the idea behind a root of trust, of course, is that you want your platform to, you know, from the moment that first electron hits it from the power supply, that it has a chain of trust that all of the software, firmware, BIOS is loading, to bring that platform up into an operational state is trusted. If you have a breach in one of those lower-level code bases, like in the BIOS or in the system firmware, that can be a huge problem. It can undermine every other software-based security protection that you may have implemented up the stack. So, you know, Intel and HPE work together to coordinate our trusted boot and root-of-trust technologies to make sure that when a customer, you know, boots that platform up, it boots up into a known good state so that it is ready for the customer's workload. So on the Intel side, we've got technologies like our trusted execution technology, or Intel Boot Guard, that then feed into the HPE iLO system to help, you know, create that chain of trust that's rooted in silicon to be able to deliver that known good state to the customer so it's ready for workloads. >> All right, Cole, I got to ask you, with Gen11 HPE platforms that has 4th Gen Intel Xeon, what are the customers really getting? >> So, you know, what a great setup. I'm smiling because it's, like, it has a good answer, because one, this, you know, to be clear, this isn't the first time we've worked on this root-of-trust problem. You know, we have a construct that we call the HPE Silicon Root of Trust. You know, there are, it's an industry standard construct, it's not a proprietary solution to HPE, but it does follow some differentiated steps that we like to say make a little difference in how it's best implemented. And where you see that is that tight, you know, Intel Trusted Execution exchange. The Intel Trusted Execution exchange is a very important step to assuring that route of trust in that HPE Silicon Root of Trust construct, right? So they're not different things, right? We just have an umbrella that we pull under our ProLiant, because there's ILO, our BIOS team, CPLDs, firmware, but I'll tell you this, Gen11, you know, while all that, keeping that moving forward would be good enough, we are not holding to that. We are moving forward. Our uncompromising focus, we want to drive more visibility into that Gen11 server, specifically into the PCIE lanes. And now you're going to be able to see, and measure, and make policies to have control and visibility of the PCI devices, like storage controllers, NICs, direct connect, NVME drives, et cetera. You know, if you follow the trends of where the industry would like to go, all the components in a server would be able to be seen and attested for full infrastructure integrity, right? So, but this is a meaningful step forward between not only the greatness we do together, but, I would say, a little uncompromising focus on this problem and doing a little bit more to make Gen11 Intel's server just a little better for the challenges of the future. >> Yeah, the Tier 1 partnership is really kind of highlighted there. Great, great point. I got to ask you, Mike, on the 4th Gen Xeon Scalable capabilities, what does it do for the customer with Gen11 now that they have these breaches? Does it eliminate stuff? What's in it for the customer? What are some of the new things coming out with the Xeon? You're at Gen4, Gen11 for HP, but you guys have new stuff. What does it do for the customer? Does it help eliminate breaches? Are there things that are inherent in the product that HP is jointly working with you on or you were contributing in to the relationship that we should know about? What's new? >> Yeah, well there's so much great new stuff in our new 4th Gen Xeon Scalable processor. This is the one that was codenamed Sapphire Rapids. I mean, you know, more cores, more performance, AI acceleration, crypto acceleration, it's all in there. But one of my favorite security features, and it is one that's called Intel Control-Flow Enforcement Technology, or Intel CET. And why I like CET is because I find the attack that it is designed to mitigate is just evil genius. This type of attack, which is called a return, a jump, or a call-oriented programming attack, is designed to not bring a whole bunch of new identifiable malware into the system, you know, which could be picked up by security software. What it is designed to do is to look for little bits of existing, little bits of existing code already on the server. So if you're running, say, a web server, it's looking for little bits of that web-server code that it can then execute in a particular order to achieve a malicious outcome, something like open a command prompt, or escalate its privileges. Now in order to get those little code bits to execute in an order, it has a control mechanism. And there are different, each of the different types of attacks uses a different control mechanism. But what CET does is it gets in there and it disrupts those control mechanisms, uses hardware to prevent those particular techniques from being able to dig in and take effect. So CET can, you know, disrupt it and make sure that software behaves safely and as the programmer intended, rather than picking off these little arbitrary bits in one of these return, or jump, or call-oriented programming attacks. Now it is a technology that is included in every single one of the new 4th Gen Xeon Scalable processors. And so it's going to be an inherent characteristic the customers can benefit from when they buy a new Gen11 HPE server. >> Cole, more goodness from Intel there impacting Gen11 on the HPE side. What's your reaction to that? >> I mean, I feel like this is exactly why you do business with the big Tier 1 partners, because you can put, you know, trust in from where it comes from, through the global operations, literally, having it hardened from the factory it's finished in, moving into your operating environment, and then now protecting against attacks in your web hosting services, right? I mean, this is great. I mean, you'll always have an attack on data, you know, as you're seeing in the data. But the more contained, the more information, and the more control and trust we can give to our customers, it's going to make their job a little easier in protecting whatever job they're trying to do. >> Yeah, and enterprise customers, as you know, they're always trying to keep up to date on the skills and battle the threats. Having that built in under the covers is a real good way to kind of help them free up their time, and also protect them is really killer. This is a big, big part of the Gen11 story here. Securing the data, securing compute, that's the topic here for this special cube conversation, engineering for a hybrid world. Cole, I'll give you the final word. What should people pay attention to, Gen11 from HPE, bottom line, what's the story? >> You know, it's, you know, it's not the first time, it's not the last time, but it's our fundamental security approach to just helping customers through their digital transformation defend in an uncompromising focus to help protect our infrastructure in these technical solutions. >> Cole Humphreys is the global server security product manager at HPE. He's got his finger on the pulse and keeping everyone secure in the platform integrity there. Mike Ferron-Jones is the Intel product manager for data security technology. Gentlemen, thank you for this great conversation, getting into the weeds a little bit with Gen11, which is great. Love the hardware route-of-trust technologies, Better Together. Congratulations on Gen11 and your 4th Gen Xeon Scalable. Thanks for coming on. >> All right, thanks, John. >> Thank you very much, guys, appreciate it. Okay, you're watching "theCube's" special presentation, "Securing Compute, Engineered for the Hybrid World." I'm John Furrier, your host. Thanks for watching. (upbeat music)

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back to Vegas. Guys. We're happy that you're here. Lisa Martin here covering with Dave Valante, Palo Alto Networks Ignite 22. We're at MGM Grand. This is our first day, Dave of two days of cube coverage. We've been having great conversations with the ecosystem with Palo Alto executives, with partners. One of the things that they have is unit 42. We're gonna be talking with them next about cyber intelligence. And the threat data that they get is >>Incredible. Yeah. They have all the data, they know what's going on, and of course things are changing. The state of play changes. Hold on a second. I got a text here. Oh, my Netflix account was frozen. Should I click on this link? Yeah. What do you think? Have you had a, it's, have you had a little bit more of that this holiday season? Yeah, definitely. >>Unbelievable, right? A lot of smishing going on. >>Yeah, they're very clever. >>Yeah, we're very pleased to welcome back one of our alumni to the queue. Wendy Whitmore is here, the SVP of Unit 42. Welcome back, Wendy. Great to have >>You. Thanks Lisa. So >>Unit 42 created back in 2014. One of the things that I saw that you said in your keynote this morning or today was everything old is still around and it's co, it's way more prolific than ever. What are some of the things that Unit 42 is seeing these days with, with respect to cyber threats as the landscape has changed so much the last two years alone? >>You know, it, it has. So it's really interesting. I've been responding to these breaches for over two decades now, and I can tell you that there are a lot of new and novel techniques. I love that you already highlighted Smishing, right? In the opening gate. Right. Because that is something that a year ago, no one knew what that word was. I mean, we, it's probably gonna be invented this year, right? But that said, so many of the tactics that we have previously seen, when it comes to just general espionage techniques, right? Data act filtration, intellectual property theft, those are going on now more than ever. And you're not hearing about them as much in the news because there are so many other things, right? We're under the landscape of a major war going on between Russia and Ukraine of ransomware attacks, you know, occurring on a weekly basis. And so we keep hearing about those, but ultimately these nations aid actors are using that top cover, if you will, as a great distraction. It's almost like a perfect storm for them to continue conducting so much cyber espionage work that like we may not be feeling that today, but years down the road, they're, the work that they're doing today is gonna have really significant impact. >>Ransomware has become a household word in the last couple of years. I think even my mom knows what it is, to some degree. Yeah. But the threat actors are far more sophisticated than they've ever written. They're very motivated. They're very well funded. I think I've read a stat recently in the last year that there's a ransomware attack once every 11 seconds. And of course we only hear about the big ones. But that is a concern that goes all the way up to the board. >>Yeah. You know, we have a stat in our ransomware threat report that talks about how often victims are posted on leak sites. And I think it's once every seven minutes at this point that a new victim is posted. Meaning a victim has had their data, a victim organization had their data stolen and posted on some leak site in the attempt to be extorted. So that has become so common. One of the shifts that we've seen this year in particular and in recent months, you know, a year ago when I was at Ignite, which was virtual, we talked about quadruple extortion, meaning four different ways that these ransomware actors would go out and try to make money from these attacks in what they're doing now is often going to just one, which is, I don't even wanna bother with encrypting your data now, because that means that in order to get paid, I probably have to decrypt it. Right? That's a lot of work. It's time consuming. It's kind of painstaking. And so what they've really looked to do now is do the extortion where they simply steal the data and then threaten to post it on these leak sites, you know, release it other parts of the web and, and go from there. And so that's really a blending of these techniques of traditional cyber espionage with intellectual property theft. Wow. >>How trustworthy are those guys in terms of, I mean, these are hackers, right? In terms of it's really the, the hacker honor system, isn't it? I mean, if you get compromised like that, you really beholden to criminals. And so, you >>Know, so that's one of the key reasons why having the threat intelligence is so important, right? Understanding which group that you're dealing with and what their likelihood of paying is, what's their modus operandi. It's become even more important now because these groups switch teams more frequently than NFL trades, you know, free agents during the regular season, right? Or players become free agents. And that's because their infrastructure. So the, you know, infrastructure, the servers, the systems that they're using to conduct these attacks from is actually largely being disrupted more from law enforcement, international intelligence agencies working together with public private partnerships. So what they're doing is saying, okay, great. All that infrastructure that I just had now is, is burned, right? It's no longer effective. So then they'll disband a team and then they'll recruit a new team and it's constant like mixing and matching in players. >>All that said, even though that's highly dynamic, one of the other areas that they pride themselves on is customer service. So, and I think it's interesting because, you know, when I said they're not wanting to like do all the decryption? Yeah. Cuz that's like painful techni technical slow work. But on the customer service side, they will create these customer service portals immediately stand one up, say, you know, hey it's, it's like an Amazon, you know, if you've ever had to return a package on Amazon for example, and you need to click through and like explain, you know, Hey, I didn't receive this package. A portal window pops up, you start talking to either a bot or a live agent on the backend. In this case they're hu what appeared to be very much humans who are explaining to you exactly what happened, what they're asking for, super pleasant, getting back within minutes of a response. And they know that in order for them to get paid, they need to have good customer service because otherwise they're not going to, you know, have a business. How, >>So what's the state of play look like from between nation states, criminals and how, how difficult or not so difficult is it for you to identify? Do you have clear signatures? My understanding in with Solar Winds it was a little harder, but maybe help us understand and help our audience understand what the state of play is right now. >>One of the interesting things that I think is occurring, and I highlighted this this morning, is this idea of convergence. And so I'll break it down for one example relates to the type of malware or tools that these attackers use. So traditionally, if we looked at a nation state actor like China or Russia, they were very, very specific and very strategic about the types of victims that they were going to go after when they had zero day. So, you know, new, new malware out there, new vulnerabilities that could be exploited only by them because the rest of the world didn't know about it. They might have one organization that they would target that at, at most, a handful and all very strategic for their objective. They wanted to keep that a secret as long as possible. Now what we're seeing actually is those same attackers going towards one, a much larger supply chain. >>So, so lorenzen is a great example of that. The Hafnia attacks towards Microsoft Exchange server last year. All great examples of that. But what they're also doing is instead of using zero days as much, or you know, because those are expensive to build, they take a lot of time, a lot of funding, a lot of patience and research. What they're doing is using commercially available tools. And so there's a tool that our team identified earlier this year called Brute Rael, C4 or BRC four for short. And that's a tool that we now know that nation state actors are using. But just two weeks ago we invested a ransomware attack where the ransomware actor was using that same piece of tooling. So to your point, yak can get difficult for defenders when you're looking through and saying, well wait, they're all using some of the same tools right now and some of the same approaches when it comes to nation states, that's great for them because they can blend into the noise and it makes it harder to identify as >>Quickly. And, and is that an example of living off the land or is that B BRC four sort of a homegrown hacker tool? Is it, is it a, is it a commercial >>Off the shelf? So it's a tool that was actually, so you can purchase it, I believe it's about 2,500 US dollars for a license. It was actually created by a former Red teamer from a couple well-known companies in the industry who then decided, well hey, I built this tool for work, I'm gonna sell this. Well great for Red teamers that are, you know, legitimately doing good work, but not great now because they're, they built a, a strong tool that has the ability to hide amongst a, a lot of protocols. It can actually hide within Slack and teams to where you can't even see the data is being exfiltrated. And so there's a lot of concern. And then now the reality that it gets into the wrong hands of nation state actors in ransomware actors, one of the really interesting things about that piece of malware is it has a setting where you can change wallpaper. And I don't know if you know offhand, you know what that means, but you know, if that comes to mind, what you would do with it. Well certainly a nation state actor is never gonna do something like that, right? But who likes to do that are ransomware actors who can go in and change the background wallpaper on a desktop that says you've been hacked by XYZ organization and let you know what's going on. So pretty interesting, obviously the developer doing some work there for different parts of the, you know, nefarious community. >>Tremendous amount of sophistication that's gone on the last couple of years alone. I was just reading that Unit 42 is now a founding member of the Cyber Threat Alliance includes now more than 35 organizations. So you guys are getting a very broad picture of today's threat landscape. How can customers actually achieve cyber resilience? Is it achievable and how do you help? >>So I, I think it is achievable. So let me kind of parse out the question, right. So the Cyber Threat Alliance, the J C D C, the Cyber Safety Review Board, which I'm a member of, right? I think one of the really cool things about Palo Alto Networks is just our partnerships. So those are just a handful. We've got partnerships with over 200 organizations. We work closely with the Ukrainian cert, for example, sharing information, incredible information about like what's going on in the war, sharing technical details. We do that with Interpol on a daily basis where, you know, we're sharing information. Just last week the Africa cyber surge operation was announced where millions of nodes were taken down that were part of these larger, you know, system of C2 channels that attackers are using to conduct exploits and attacks throughout the world. So super exciting in that regard and it's something that we're really passionate about at Palo Alto Networks in terms of resilience, a few things, you know, one is visibility, so really having a, an understanding of in a real, as much of real time as possible, right? What's happening. And then it goes into how you, how can we decrease operational impact. So that's everything from network segmentation to wanna add the terms and phrases I like to use a lot is the win is really increasing the time it takes for the attackers to get their work done and decreasing the amount of time it takes for the defenders to get their work done, right? >>Yeah. I I call it increasing the denominator, right? And the ROI equation benefit over or value, right? Equals equals or benefit equals value over cost if you can increase the cost to go go elsewhere, right? Absolutely. And that's the, that's the game. Yeah. You mentioned Ukraine before, what have we learned from Ukraine? I, I remember I was talking to Robert Gates years ago, 2016 I think, and I was asking him, yeah, but don't we have the best cyber technology? Can't we attack? He said, we got the most to lose too. Yeah. And so what have we learned from, from Ukraine? >>Well, I, I think that's part of the key point there, right? Is you know, a great offense essentially can also be for us, you know, deterrent. So in that aspect we have as an, as a company and or excuse me, as a country, as a company as well, but then as partners throughout all parts of the world have really focused on increasing the intelligence sharing and specifically, you know, I mentioned Ukrainian cert. There are so many different agencies and other sorts throughout the world that are doing everything they can to share information to help protect human life there. And so what we've really been concerned with, with is, you know, what cyber warfare elements are going to be used there, not only how does that impact Ukraine, but how does it potentially spread out to other parts of the world critical infrastructure. So you've seen that, you know, I mentioned CS rrb, but cisa, right? >>CISA has done a tremendous job of continuously getting out information and doing everything they can to make sure that we are collaborating at a commercial level. You know, we are sharing information and intelligence more than ever before. So partners like Mania and CrowdStrike, our Intel teams are working together on a daily basis to make sure that we're able to protect not only our clients, but certainly if we've got any information relevant that we can share that as well. And I think if there's any silver lining to an otherwise very awful situation, I think the fact that is has accelerated intelligence sharing is really positive. >>I was gonna ask you about this cause I think, you know, 10 or so years ago, there was a lot of talk about that, but the industry, you know, kind of kept things to themselves, you know, a a actually tried to monetize some of that private data. So that's changing is what I'm hearing from you >>More so than ever more, you know, I've, I mentioned I've been in the field for 20 years. You know, it, it's tough when you have a commercial business that relies on, you know, information to, in order to pay people's salaries, right? I think that has changed quite a lot. We see the benefit of just that continuous sharing. There are, you know, so many more walls broken down between these commercial competitors, but also the work on the public private partnership side has really increased some of those relationships. Made it easier. And you know, I have to give a whole lot of credit and mention sisa, like the fact that during log four J, like they had GitHub repositories, they were using Slack, they were using Twitter. So the government has really started pushing forward with a lot of the newer leadership that's in place to say, Hey, we're gonna use tools and technology that works to share and disseminate information as quickly as we can. Right? That's fantastic. That's helping everybody. >>We knew that every industry, no, nobody's spared of this. But did you notice in the last couple of years, any industries in particular that are more vulnerable? Like I think of healthcare with personal health information or financial services, any industries kind of jump out as being more susceptible than others? >>So I think those two are always gonna be at the forefront, right? Financial services and healthcare. But what's been really top of mind is critical infrastructure, just making sure right? That our water, our power, our fuel, so many other parts of right, the ecosystem that go into making sure that, you know, we're keeping, you know, houses heated during the winter, for example, that people have fresh water. Those are extremely critical. And so that is really a massive area of focus for the industry right now. >>Can I come back to public-private partnerships? My question is relates to regulations because the public policy tends to be behind tech, the technology industry as an understatement. So when you take something like GDPR is the obvious example, but there are many, many others, data sovereignty, you can't move the data. Are are, are, is there tension between your desire as our desire as an industry to share data and government's desire to keep data private and restrict that data sharing? How is that playing out? How do you resolve that? >>Well I think there have been great strides right in each of those areas. So in terms of regulation when it comes to breaches there, you know, has been a tendency in the past to do victim shaming, right? And for organizations to not want to come forward because they're concerned about the monetary funds, right? I think there's been tremendous acceleration. You're seeing that everywhere from the fbi, from cisa, to really working very closely with organizations to, to have a true impact. So one example would be a ransomware attack that occurred. This was for a client of ours within the United States and we had a very close relationship with the FBI at that local field office and made a phone call. This was 7:00 AM Eastern time. And this was an organization that had this breach gone public, would've made worldwide news. There would've been a very big impact because it would've taken a lot of their systems offline. >>Within the 30 minutes that local FBI office was on site said, we just saw this piece of malware last week, we have a decryptor for it from another organization who shared it with us. Here you go. And within 60 minutes, every system was back up and running. Our teams were able to respond and get that disseminated quickly. So efforts like that, I think the government has made a tremendous amount of headway into improving relationships. Is there always gonna be some tension between, you know, competing, you know, organizations? Sure. But I think that we're doing a whole lot to progress it, >>But governments will make exceptions in that case. Especially for something as critical as the example that you just gave and be able to, you know, do a reach around, if you will, on, on onerous regulations that, that ne aren't helpful in that situation, but certainly do a lot of good in terms of protecting privacy. >>Well, and I think there used to be exceptions made typically only for national security elements, right? And now you're seeing that expanding much more so, which I think is also positive. Right. >>Last question for you as we are wrapping up time here. What can organizations really do to stay ahead of the curve when it comes to, to threat actors? We've got internal external threats. What can they really do to just be ahead of that curve? Is that possible? >>Well, it is now, it's not an easy task so I'm not gonna, you know, trivialize it. But I think that one, having relationships with right organizations in advance always a good thing. That's a, everything from certainly a commercial relationships, but also your peers, right? There's all kinds of fantastic industry spec specific information sharing organizations. I think the biggest thing that impacts is having education across your executive team and testing regularly, right? Having a plan in place, testing it. And it's not just the security pieces of it, right? As security responders, we live these attacks every day, but it's making sure that your general counsel and your head of operations and your CEO knows what to do. Your board of directors, do they know what to do when they receive a phone call from Bloomberg, for example? Are they supposed supposed to answer? Do your employees know that those kind of communications in advance and training can be really critical and make or break a difference in an attack. >>That's a great point about the testing but also the communication that it really needs to be company wide. Everyone at every level needs to know how to react. Wendy, it's been so great having, >>Wait one last question. Sure. Do you have a favorite superhero growing up? >>Ooh, it's gotta be Wonder Woman. Yeah, >>Yeah, okay. Yeah, so cuz I'm always curious, there's not a lot of women in, in security in cyber. How'd you get into it? And many cyber pros like wanna save the world? >>Yeah, no, that's a great question. So I joined the Air Force, you know, I, I was a special agent doing computer crime investigations and that was a great job. And I learned about that from, we had an alumni day and all these alumni came in from the university and they were in flight suits and combat gear. And there was one woman who had long blonde flowing hair and a black suit and high heels and she was carrying a gun. What did she do? Because that's what I wanted do. >>Awesome. Love it. We >>Blonde >>Wonder Woman. >>Exactly. Wonder Woman. Wendy, it's been so great having you on the program. We, we will definitely be following unit 42 and all the great stuff that you guys are doing. Keep up the good >>Work. Thanks so much Lisa. Thank >>You. Day our pleasure. For our guest and Dave Valante, I'm Lisa Martin, live in Las Vegas at MGM Grand for Palo Alto Ignite, 22. You're watching the Cube, the leader in live enterprise and emerging tech coverage.

(upbeat music) >> Hello, welcome back to theCUBE's AWS RE:Invent 2022 Coverage. I'm John Furrier, host of theCUBE. Got a great lineup here, Itamar Ankorion SVP Technology Alliance at Qlik and Peter McDonald, vice President, cloud partnerships and business development Snowflake. We're going to talk about bringing SAP data to life, for joint Snowflake, Qlik and AWS Solution. Gentlemen, thanks for coming on theCUBE Really appreciate it. >> Thank you. >> Thank you, great meeting you John. >> Just to get started, introduce yourselves to the audience, then going to jump into what you guys are doing together, unique relationship here, really compelling solution in cloud. Big story about applications and scale this year. Let's introduce yourselves. Peter, we'll start with you. >> Great. I'm Peter MacDonald. I am vice president of Cloud Partners and business development here at Snowflake. On the Cloud Partner side, that means I manage AWS relationship along with Microsoft and Google Cloud. What we do together in terms of complimentary products, GTM, co-selling, things like that. Importantly, working with other third parties like Qlik for joint solutions. On business development, it's negotiating custom commercial partnerships, large companies like Salesforce and Dell, smaller companies at most for our venture portfolio. >> Thanks Peter and hi John. It's great to be back here. So I'm Itamar Ankorion and I'm the senior vice president responsible for technology alliances here at Qlik. With that, own strategic alliances, including our key partners in the cloud, including Snowflake and AWS. I've been in the data and analytics enterprise software market for 20 plus years, and my main focus is product management, marketing, alliances, and business development. I joined Qlik about three and a half years ago through the acquisition of Attunity, which is now the foundation for Qlik data integration. So again, we focus in my team on creating joint solution alignment with our key partners to provide more value to our customers. >> Great to have both you guys, senior executives in the industry on theCUBE here, talking about data, obviously bringing SAP data to life is the theme of this segment, but this reinvent, it's all about the data, big data end-to-end story, a lot about data being intrinsic as the CEO says on stage around in the organizations in all aspects. Take a minute to explain what you guys are doing as from a company standpoint. Snowflake and Qlik and the solutions, why here at AWS? Peter, we'll start with you at Snowflake, what you guys do as a company, your mission, your focus. >> That was great, John. Yeah, so here at Snowflake, we focus on the data platform and until recently, data platforms required expensive on-prem hardware appliances. And despite all that expense, customers had capacity constraints, inexpensive maintenance, and had limited functionality that all impeded these organizations from reaching their goals. Snowflake is a cloud native SaaS platform, and we've become so successful because we've addressed these pain points and have other new special features. For example, securely sharing data across both the organization and the value chain without copying the data, support for new data types such as JSON and structured data, and also advance in database data governance. Snowflake integrates with complimentary AWS services and other partner products. So we can enable holistic solutions that include, for example, here, both Qlik and AWS SageMaker, and comprehend and bring those to joint customers. Our customers want to convert data into insights along with advanced analytics platforms in AI. That is how they make holistic data-driven solutions that will give them competitive advantage. With Snowflake, our approach is to focus on customer solutions that leverage data from existing systems such as SAP, wherever they are in the cloud or on-premise. And to do this, we leverage partners like Qlik native US to help customers transform their businesses. We provide customers with a premier data analytics platform as a result. Itamar, why don't you talk about Qlik a little bit and then we can dive into the specific SAP solution here and some trends >> Sounds great, Peter. So Qlik provides modern data integration and analytics software used by over 38,000 customers worldwide. Our focus is to help our customers turn data into value and help them close the gap between data all the way through insight and action. We offer click data integration and click data analytics. Click data integration helps to automate the data pipelines to deliver data to where they want to use them in real-time and make the data ready for analytics and then Qlik data analytics is a robust platform for analytics and business intelligence has been a leader in the Gartner Magic Quadrant for over 11 years now in the market. And both of these come together into what we call Qlik Cloud, which is our SaaS based platform. So providing a more seamless way to consume all these services and accelerate time to value with customer solutions. In terms of partnerships, both Snowflake and AWS are very strategic to us here at Qlik, so we have very comprehensive investment to ensure strong joint value proposition to we can bring to our mutual customers, everything from aligning our roadmaps through optimizing and validating integrations, collaborating on best practices, packaging joint solutions like the one we'll talk about today. And with that investment, we are an elite level, top level partner with Snowflake. We fly that our technology is Snowflake-ready across the entire product set and we have hundreds of joint customers together and with AWS we've also partnered for a long time. We're here to reinvent. We've been here with the first reinvent since the inaugural one, so it kind of gives you an idea for how long we've been working with AWS. We provide very comprehensive integration with AWS data analytics services, and we have several competencies ranging from data analytics to migration and modernization. So that's our focus and again, we're excited about working with Snowflake and AWS to bring solutions together to market. >> Well, I'm looking forward to unpacking the solutions specifically, and congratulations on the continued success of both your companies. We've been following them obviously for a very long time and seeing the platform evolve beyond just SaaS and a lot more going on in cloud these days, kind of next generation emerging. You know, we're seeing a lot of macro trends that are going to be powering some of the things we're going to get into real quickly. But before we get into the solution, what are some of those power dynamics in the industry that you're seeing in trends specifically that are impacting your customers that are taking us down this road of getting more out of the data and specifically the SAP, but in general trends and dynamics. What are you hearing from your customers? Why do they care? Why are they going down this road? Peter, we'll start with you. >> Yeah, I'll go ahead and start. Thanks. Yeah, I'd say we continue to see customers being, being very eager to transform their businesses and they know they need to leverage technology and data to do so. They're also increasingly depending upon the cloud to bring that agility, that elasticity, new functionality necessary to react in real-time to every evolving customer needs. You look at what's happened over the last three years, and boy, the macro environment customers, it's all changing so fast. With our partnerships with AWS and Qlik, we've been able to bring to market innovative solutions like the one we're announcing today that spans all three companies. It provides a holistic solution and an integrated solution for our customer. >> Itamar let's get into it, you've been with theCUBE, you've seen the journey, you have your own journey, many, many years, you've seen the waves. What's going on now? I mean, what's the big wave? What's the dynamic powering this trend? >> Yeah, in a nutshell I'll call it, it's all about time. You know, it's time to value and it's about real-time data. I'll kind of talk about that a bit. So, I mean, you hear a lot about the data being the new oil, but it's definitely, we see more and more customers seeing data as their critical enabler for innovation and digital transformation. They look for ways to monetize data. They look as the data as the way in which they can innovate and bring different value to the customers. So we see customers want to use more data so to get more value from data. We definitely see them wanting to do it faster, right, than before. And we definitely see them looking for agility and automation as ways to accelerate time to value, and also reduce overall costs. I did mention real-time data, so we definitely see more and more customers, they want to be able to act and make decisions based on fresh data. So yesterday's data is just not good enough. >> John: Yeah. >> It's got to be down to the hour, down to the minutes and sometimes even lower than that. And then I think we're also seeing customers look to their core business systems where they have a lot of value, like the SAP, like mainframe and thinking, okay, our core data is there, how can we get more value from this data? So that's key things we see all the time with customers. >> Yeah, we did a big editorial segment this year on, we called data as code. Data as code is kind of a riff on infrastructure as code and you start to see data becoming proliferating into all aspects, fresh data. It's not just where you store it, it's how you share it, it's how you turn it into an application intrinsically involved in all aspects. This is the big theme this year and that's driving all the conversations here at RE:Invent. And I'm guaranteeing you, it's going to happen for another five and 10 years. It's not stopping. So I got to get into the solution, you guys mentioned SAP and you've announced the solution by Qlik, Snowflake and AWS for your customers using SAP. Can you share more about this solution? What's unique about it? Why is it important and why now? Peter, Itamar, we'll start with you first. >> Let me jump in, this is really, I'll jump because I'm excited. We're very excited about this solution and it's also a solution by the way and again, we've seen proven customer success with it. So to your point, it's ready to scale, it's starting, I think we're going to see a lot of companies doing this over the next few years. But before we jump to the solution, let me maybe take a few minutes just to clarify the need, why we're seeing, why we're seeing customers jump to do this. So customers that use SAP, they use it to manage the core of their business. So think order processing, management, finance, inventory, supply chain, and so much more. So if you're running SAP in your company, that data creates a great opportunity for you to drive innovation and modernization. So what we see customers want to do, they want to do more with their data and more means they want to take SAP with non-SAP data and use it together to drive new insights. They want to use real-time data to drive real-time analytics, which they couldn't do to date. They want to bring together descriptive with predictive analytics. So adding machine learning in AI to drive more value from the data. And naturally they want to do it faster. So find ways to iterate faster on their solutions, have freedom with the data and agility. And I think this is really where cloud data platforms like Snowflake and AWS, you know, bring that value to be able to drive that. Now to do that you need to unlock the SAP data, which is a lot of also where Qlik comes in because typical challenges these customers run into is the complexity, inherent in SAP data. Tens of thousands of tables, proprietary formats, complex data models, licensing restrictions, and more than, you have performance issues, they usually run into how do we handle the throughput, the volumes while maintaining lower latency and impact. Where do we find knowledge to really understand how to get all this done? So these are the things we've looked at when we came together to create a solution and make it unique. So when you think about its uniqueness, because we put together a lot, and I'll go through three, four key things that come together to make this unique. First is about data delivery. How do you have the SAP data delivery? So how do you get it from ECC, from HANA from S/4HANA, how do you deliver the data and the metadata and how that integration well into Snowflake. And what we've done is we've focused a lot on optimizing that process and the continuous ingestion, so the real-time ingestion of the data in a way that works really well with the Snowflake system, data cloud. Second thing is we looked at SAP data transformation, so once the data arrives at Snowflake, how do we turn it into being analytics ready? So that's where data transformation and data worth automation come in. And these are all elements of this solution. So creating derivative datasets, creating data marts, and all of that is done by again, creating an optimized integration that pushes down SQL based transformations, so they can be processed inside Snowflake, leveraging its powerful engine. And then the third element is bringing together data visualization analytics that can also take all the data now that in organizing inside Snowflake, bring other data in, bring machine learning from SageMaker, and then you go to create a seamless integration to bring analytic applications to life. So these are all things we put together in the solution. And maybe the last point is we actually took the next step with this and we created something we refer to as solution accelerators, which we're really, really keen about. Think about this as prepackaged templates for common business analytic needs like order to cash, finance, inventory. And we can either dig into that a little more later, but this gets the next level of value to the customers all built into this joint solution. >> Yeah, I want to get to the accelerators, but real quick, Peter, your reaction to the solution, what's unique about it? And obviously Snowflake, we've been seeing the progression data applications, more developers developing on top of Snowflake, data as code kind of implies developer ecosystem. This is kind of interesting. I mean, you got partnering with Qlik and AWS, it's kind of a developer-like thinking real solution. What's unique about this SAP solution that's, that's different than what customers can get anywhere else or not? >> Yeah, well listen, I think first of all, you have to start with the idea of the solution. This are three companies coming together to build a holistic solution that is all about, you know, creating a great opportunity to turn SAP data into value this is Itamar was talking about, that's really what we're talking about here and there's a lot of technology underneath it. I'll talk more about the Snowflake technology, what's involved here, and then cover some of the AWS pieces as well. But you know, we're focusing on getting that value out and accelerating time to value for our joint customers. As Itamar was saying, you know, there's a lot of complexity with the SAP data and a lot of value there. How can we manage that in a prepackaged way, bringing together best of breed solutions with proven capabilities and bringing this to market quickly for our joint customers. You know, Snowflake and AWS have been strong partners for a number of years now, and that's not only on how Snowflake runs on top of AWS, but also how we integrate with their complementary analytics and then all products. And so, you know, we want to be able to leverage those in addition to what Qlik is bringing in terms of the data transformations, bringing data out of SAP in the visualization as well. All very critical. And then we want to bring in the predictive analytics, AWS brings and what Sage brings. We'll talk about that a little bit later on. Some of the technologies that we're leveraging are some of our latest cutting edge technologies that really make things easier for both our partners and our customers. For example, Qlik leverages Snowflakes recently released Snowpark for Python functionality to push down those data transformations from clicking the Snowflake that Itamar's mentioning. And while we also leverage Snowpark for integrations with Amazon SageMaker, but there's a lot of great new technology that just makes this easy and compelling for customers. >> I think that's the big word, easy button here for what may look like a complex kind of integration, kind of turnkey, really, really compelling example of the modern era we're living in, as we always say in theCUBE. You mentioned accelerators, SAP accelerators. Can you give an example of how that works with the technology from the third party providers to deliver this business value Itamar, 'cause that was an interesting comment. What's the example? Give an example of this acceleration. >> Yes, certainly. I think this is something that really makes this truly, truly unique in the industry and again, a great opportunity for customers. So we kind talked earlier about there's a lot of things that need to be done with SP data to turn it to value. And these accelerator, as the name suggests, are designed to do just that, to kind of jumpstart the process and reduce the time and the risk involved in such project. So again, these are pre-packaged templates. We basically took a lot of knowledge, and a lot of configurations, best practices about to get things done and we put 'em together. So think about all the steps, it includes things like data extraction, so already knowing which tables, all the relevant tables that you need to get data from in the contexts of the solution you're looking for, say like order to cash, we'll get back to that one. How do you continuously deliver that data into Snowflake in an in efficient manner, handling things like data type mappings, metadata naming conventions and transformations. The data models you build all the way to data mart definitions and all the transformations that the data needs to go through moving through steps until it's fully analytics ready. And then on top of that, even adding a library of comprehensive analytic dashboards and integrations through machine learning and AI and put all of that in a way that's in pre-integrated and tested to work with Snowflake and AWS. So this is where again, you get this entire recipe that's ready. So take for example, I think I mentioned order to cash. So again, all these things I just talked about, I mean, for those who are not familiar, I mean order to cash is a critical business process for every organization. So especially if you're in retail, manufacturing, enterprise, it's a big... This is where, you know, starting with booking a sales order, following by fulfilling the order, billing the customer, then managing the accounts receivable when the customer actually pays, right? So this all process, you got sales order fulfillment and the billing impacts customer satisfaction, you got receivable payments, you know, the impact's working capital, cash liquidity. So again, as a result this order to cash process is a lifeblood for many businesses and it's critical to optimize and understand. So the solution accelerator we created specifically for order to cash takes care of understanding all these aspects and the data that needs to come with it. So everything we outline before to make the data available in Snowflake in a way that's really useful for downstream analytics, along with dashboards that are already common for that, for that use case. So again, this enables customers to gain real-time visibility into their sales orders, fulfillment, accounts receivable performance. That's what the Excel's are all about. And very similarly, we have another one for example, for finance analytics, right? So this will optimize financial data reporting, helps customers get insights into P&L, financial risk of stability or inventory analytics that helps with, you know, improve planning and inventory management, utilization, increased efficiencies, you know, so in supply chain. So again, these accelerators really help customers get a jumpstart and move faster with their solutions. >> Peter, this is the easy button we just talked about, getting things going, you know, get the ball rolling, get some acceleration. Big part of this are the three companies coming together doing this. >> Yeah, and to build on what Itamar just said that the SAP data obviously has tremendous value. Those sales orders, distribution data, financial data, bringing that into Snowflake makes it easily accessible, but also it enables it to be combined with other data too, is one of the things that Snowflake does so well. So you can get a full view of the end-to-end process and the business overall. You know, for example, I'll just take one, you know, one example that, that may not come to mind right away, but you know, looking at the impact of weather conditions on supply chain logistics is relevant and material and have interest to our customers. How do you bring those different data sets together in an easy way, bringing the data out of SAP, bringing maybe other data out of other systems through Qlik or through Snowflake, directly bringing data in from our data marketplace and bring that all together to make it work. You know, fundamentally organizational silos and the data fragmentation exist otherwise make it really difficult to drive modern analytics projects. And that in turn limits the value that our customers are getting from SAP data and these other data sets. We want to enable that and unleash. >> Yeah, time for value. This is great stuff. Itamar final question, you know, what are customers using this? What do you have? I'm sure you have customers examples already using the solution. Can you share kind of what these examples look like in the use cases and the value? >> Oh yeah, absolutely. Thank you. Happy to. We have customers across different, different sectors. You see manufacturing, retail, energy, oil and gas, CPG. So again, customers in those segments, typically sectors typically have SAP. So we have customers in all of them. A great example is like Siemens Energy. Siemens Energy is a global provider of gas par services. You know, over what, 28 billion, 30 billion in revenue. 90,000 employees. They operate globally in over 90 countries. So they've used SAP HANA as a core system, so it's running on premises, multiple locations around the world. And what they were looking for is a way to bring all these data together so they can innovate with it. And the thing is, Peter mentioned earlier, not just the SAP data, but also bring other data from other systems to bring it together for more value. That includes finance data, these logistics data, these customer CRM data. So they bring data from over 20 different SAP systems. Okay, with Qlik data integration, feeding that into Snowflake in under 20 minutes, 24/7, 365, you know, days a year. Okay, they get data from over 20,000 tables, you know, over million, hundreds of millions of records daily going in. So it is a great example of the type of scale, scalability, agility and speed that they can get to drive these kind of innovation. So that's a great example with Siemens. You know, another one comes to mind is a global manufacturer. Very similar scenario, but you know, they're using it for real-time executive reporting. So it's more like feasibility to the production data as well as for financial analytics. So think, think, think about everything from audit to texts to innovate financial intelligence because all the data's coming from SAP. >> It's a great time to be in the data business again. It keeps getting better and better. There's more data coming. It's not stopping, you know, it's growing so fast, it keeps coming. Every year, it's the same story, Peter. It's like, doesn't stop coming. As we wrap up here, let's just get customers some information on how to get started. I mean, obviously you're starting to see the accelerators, it's a great program there. What a great partnership between the two companies and AWS. How can customers get started to learn about the solution and take advantage of it, getting more out of their SAP data, Peter? >> Yeah, I think the first place to go to is talk to Snowflake, talk to AWS, talk to our account executives that are assigned to your account. Reach out to them and they will be able to educate you on the solution. We have packages up very nicely and can be deployed very, very quickly. >> Well gentlemen, thank you so much for coming on. Appreciate the conversation. Great overview of the partnership between, you know, Snowflake and Qlik and AWS on a joint solution. You know, getting more out of the SAP data. It's really kind of a key, key solution, bringing SAP data to life. Thanks for coming on theCUBE. Appreciate it. >> Thank you. >> Thank you John. >> Okay, this is theCUBE coverage here at RE:Invent 2022. I'm John Furrier, your host of theCUBE. Thanks for watching. (upbeat music)

(upbeat music) >> Hello, welcome back to theCUBE's AWS RE:Invent 2022 Coverage. I'm John Furrier, host of theCUBE. Got a great lineup here, Itamar Ankorion SVP Technology Alliance at Qlik and Peter McDonald, vice President, cloud partnerships and business development Snowflake. We're going to talk about bringing SAP data to life, for joint Snowflake, Qlik and AWS Solution. Gentlemen, thanks for coming on theCUBE Really appreciate it. >> Thank you. >> Thank you, great meeting you John. >> Just to get started, introduce yourselves to the audience, then going to jump into what you guys are doing together, unique relationship here, really compelling solution in cloud. Big story about applications and scale this year. Let's introduce yourselves. Peter, we'll start with you. >> Great. I'm Peter MacDonald. I am vice president of Cloud Partners and business development here at Snowflake. On the Cloud Partner side, that means I manage AWS relationship along with Microsoft and Google Cloud. What we do together in terms of complimentary products, GTM, co-selling, things like that. Importantly, working with other third parties like Qlik for joint solutions. On business development, it's negotiating custom commercial partnerships, large companies like Salesforce and Dell, smaller companies at most for our venture portfolio. >> Thanks Peter and hi John. It's great to be back here. So I'm Itamar Ankorion and I'm the senior vice president responsible for technology alliances here at Qlik. With that, own strategic alliances, including our key partners in the cloud, including Snowflake and AWS. I've been in the data and analytics enterprise software market for 20 plus years, and my main focus is product management, marketing, alliances, and business development. I joined Qlik about three and a half years ago through the acquisition of Attunity, which is now the foundation for Qlik data integration. So again, we focus in my team on creating joint solution alignment with our key partners to provide more value to our customers. >> Great to have both you guys, senior executives in the industry on theCUBE here, talking about data, obviously bringing SAP data to life is the theme of this segment, but this reinvent, it's all about the data, big data end-to-end story, a lot about data being intrinsic as the CEO says on stage around in the organizations in all aspects. Take a minute to explain what you guys are doing as from a company standpoint. Snowflake and Qlik and the solutions, why here at AWS? Peter, we'll start with you at Snowflake, what you guys do as a company, your mission, your focus. >> That was great, John. Yeah, so here at Snowflake, we focus on the data platform and until recently, data platforms required expensive on-prem hardware appliances. And despite all that expense, customers had capacity constraints, inexpensive maintenance, and had limited functionality that all impeded these organizations from reaching their goals. Snowflake is a cloud native SaaS platform, and we've become so successful because we've addressed these pain points and have other new special features. For example, securely sharing data across both the organization and the value chain without copying the data, support for new data types such as JSON and structured data, and also advance in database data governance. Snowflake integrates with complimentary AWS services and other partner products. So we can enable holistic solutions that include, for example, here, both Qlik and AWS SageMaker, and comprehend and bring those to joint customers. Our customers want to convert data into insights along with advanced analytics platforms in AI. That is how they make holistic data-driven solutions that will give them competitive advantage. With Snowflake, our approach is to focus on customer solutions that leverage data from existing systems such as SAP, wherever they are in the cloud or on-premise. And to do this, we leverage partners like Qlik native US to help customers transform their businesses. We provide customers with a premier data analytics platform as a result. Itamar, why don't you talk about Qlik a little bit and then we can dive into the specific SAP solution here and some trends >> Sounds great, Peter. So Qlik provides modern data integration and analytics software used by over 38,000 customers worldwide. Our focus is to help our customers turn data into value and help them close the gap between data all the way through insight and action. We offer click data integration and click data analytics. Click data integration helps to automate the data pipelines to deliver data to where they want to use them in real-time and make the data ready for analytics and then Qlik data analytics is a robust platform for analytics and business intelligence has been a leader in the Gartner Magic Quadrant for over 11 years now in the market. And both of these come together into what we call Qlik Cloud, which is our SaaS based platform. So providing a more seamless way to consume all these services and accelerate time to value with customer solutions. In terms of partnerships, both Snowflake and AWS are very strategic to us here at Qlik, so we have very comprehensive investment to ensure strong joint value proposition to we can bring to our mutual customers, everything from aligning our roadmaps through optimizing and validating integrations, collaborating on best practices, packaging joint solutions like the one we'll talk about today. And with that investment, we are an elite level, top level partner with Snowflake. We fly that our technology is Snowflake-ready across the entire product set and we have hundreds of joint customers together and with AWS we've also partnered for a long time. We're here to reinvent. We've been here with the first reinvent since the inaugural one, so it kind of gives you an idea for how long we've been working with AWS. We provide very comprehensive integration with AWS data analytics services, and we have several competencies ranging from data analytics to migration and modernization. So that's our focus and again, we're excited about working with Snowflake and AWS to bring solutions together to market. >> Well, I'm looking forward to unpacking the solutions specifically, and congratulations on the continued success of both your companies. We've been following them obviously for a very long time and seeing the platform evolve beyond just SaaS and a lot more going on in cloud these days, kind of next generation emerging. You know, we're seeing a lot of macro trends that are going to be powering some of the things we're going to get into real quickly. But before we get into the solution, what are some of those power dynamics in the industry that you're seeing in trends specifically that are impacting your customers that are taking us down this road of getting more out of the data and specifically the SAP, but in general trends and dynamics. What are you hearing from your customers? Why do they care? Why are they going down this road? Peter, we'll start with you. >> Yeah, I'll go ahead and start. Thanks. Yeah, I'd say we continue to see customers being, being very eager to transform their businesses and they know they need to leverage technology and data to do so. They're also increasingly depending upon the cloud to bring that agility, that elasticity, new functionality necessary to react in real-time to every evolving customer needs. You look at what's happened over the last three years, and boy, the macro environment customers, it's all changing so fast. With our partnerships with AWS and Qlik, we've been able to bring to market innovative solutions like the one we're announcing today that spans all three companies. It provides a holistic solution and an integrated solution for our customer. >> Itamar let's get into it, you've been with theCUBE, you've seen the journey, you have your own journey, many, many years, you've seen the waves. What's going on now? I mean, what's the big wave? What's the dynamic powering this trend? >> Yeah, in a nutshell I'll call it, it's all about time. You know, it's time to value and it's about real-time data. I'll kind of talk about that a bit. So, I mean, you hear a lot about the data being the new oil, but it's definitely, we see more and more customers seeing data as their critical enabler for innovation and digital transformation. They look for ways to monetize data. They look as the data as the way in which they can innovate and bring different value to the customers. So we see customers want to use more data so to get more value from data. We definitely see them wanting to do it faster, right, than before. And we definitely see them looking for agility and automation as ways to accelerate time to value, and also reduce overall costs. I did mention real-time data, so we definitely see more and more customers, they want to be able to act and make decisions based on fresh data. So yesterday's data is just not good enough. >> John: Yeah. >> It's got to be down to the hour, down to the minutes and sometimes even lower than that. And then I think we're also seeing customers look to their core business systems where they have a lot of value, like the SAP, like mainframe and thinking, okay, our core data is there, how can we get more value from this data? So that's key things we see all the time with customers. >> Yeah, we did a big editorial segment this year on, we called data as code. Data as code is kind of a riff on infrastructure as code and you start to see data becoming proliferating into all aspects, fresh data. It's not just where you store it, it's how you share it, it's how you turn it into an application intrinsically involved in all aspects. This is the big theme this year and that's driving all the conversations here at RE:Invent. And I'm guaranteeing you, it's going to happen for another five and 10 years. It's not stopping. So I got to get into the solution, you guys mentioned SAP and you've announced the solution by Qlik, Snowflake and AWS for your customers using SAP. Can you share more about this solution? What's unique about it? Why is it important and why now? Peter, Itamar, we'll start with you first. >> Let me jump in, this is really, I'll jump because I'm excited. We're very excited about this solution and it's also a solution by the way and again, we've seen proven customer success with it. So to your point, it's ready to scale, it's starting, I think we're going to see a lot of companies doing this over the next few years. But before we jump to the solution, let me maybe take a few minutes just to clarify the need, why we're seeing, why we're seeing customers jump to do this. So customers that use SAP, they use it to manage the core of their business. So think order processing, management, finance, inventory, supply chain, and so much more. So if you're running SAP in your company, that data creates a great opportunity for you to drive innovation and modernization. So what we see customers want to do, they want to do more with their data and more means they want to take SAP with non-SAP data and use it together to drive new insights. They want to use real-time data to drive real-time analytics, which they couldn't do to date. They want to bring together descriptive with predictive analytics. So adding machine learning in AI to drive more value from the data. And naturally they want to do it faster. So find ways to iterate faster on their solutions, have freedom with the data and agility. And I think this is really where cloud data platforms like Snowflake and AWS, you know, bring that value to be able to drive that. Now to do that you need to unlock the SAP data, which is a lot of also where Qlik comes in because typical challenges these customers run into is the complexity, inherent in SAP data. Tens of thousands of tables, proprietary formats, complex data models, licensing restrictions, and more than, you have performance issues, they usually run into how do we handle the throughput, the volumes while maintaining lower latency and impact. Where do we find knowledge to really understand how to get all this done? So these are the things we've looked at when we came together to create a solution and make it unique. So when you think about its uniqueness, because we put together a lot, and I'll go through three, four key things that come together to make this unique. First is about data delivery. How do you have the SAP data delivery? So how do you get it from ECC, from HANA from S/4HANA, how do you deliver the data and the metadata and how that integration well into Snowflake. And what we've done is we've focused a lot on optimizing that process and the continuous ingestion, so the real-time ingestion of the data in a way that works really well with the Snowflake system, data cloud. Second thing is we looked at SAP data transformation, so once the data arrives at Snowflake, how do we turn it into being analytics ready? So that's where data transformation and data worth automation come in. And these are all elements of this solution. So creating derivative datasets, creating data marts, and all of that is done by again, creating an optimized integration that pushes down SQL based transformations, so they can be processed inside Snowflake, leveraging its powerful engine. And then the third element is bringing together data visualization analytics that can also take all the data now that in organizing inside Snowflake, bring other data in, bring machine learning from SageMaker, and then you go to create a seamless integration to bring analytic applications to life. So these are all things we put together in the solution. And maybe the last point is we actually took the next step with this and we created something we refer to as solution accelerators, which we're really, really keen about. Think about this as prepackaged templates for common business analytic needs like order to cash, finance, inventory. And we can either dig into that a little more later, but this gets the next level of value to the customers all built into this joint solution. >> Yeah, I want to get to the accelerators, but real quick, Peter, your reaction to the solution, what's unique about it? And obviously Snowflake, we've been seeing the progression data applications, more developers developing on top of Snowflake, data as code kind of implies developer ecosystem. This is kind of interesting. I mean, you got partnering with Qlik and AWS, it's kind of a developer-like thinking real solution. What's unique about this SAP solution that's, that's different than what customers can get anywhere else or not? >> Yeah, well listen, I think first of all, you have to start with the idea of the solution. This are three companies coming together to build a holistic solution that is all about, you know, creating a great opportunity to turn SAP data into value this is Itamar was talking about, that's really what we're talking about here and there's a lot of technology underneath it. I'll talk more about the Snowflake technology, what's involved here, and then cover some of the AWS pieces as well. But you know, we're focusing on getting that value out and accelerating time to value for our joint customers. As Itamar was saying, you know, there's a lot of complexity with the SAP data and a lot of value there. How can we manage that in a prepackaged way, bringing together best of breed solutions with proven capabilities and bringing this to market quickly for our joint customers. You know, Snowflake and AWS have been strong partners for a number of years now, and that's not only on how Snowflake runs on top of AWS, but also how we integrate with their complementary analytics and then all products. And so, you know, we want to be able to leverage those in addition to what Qlik is bringing in terms of the data transformations, bringing data out of SAP in the visualization as well. All very critical. And then we want to bring in the predictive analytics, AWS brings and what Sage brings. We'll talk about that a little bit later on. Some of the technologies that we're leveraging are some of our latest cutting edge technologies that really make things easier for both our partners and our customers. For example, Qlik leverages Snowflakes recently released Snowpark for Python functionality to push down those data transformations from clicking the Snowflake that Itamar's mentioning. And while we also leverage Snowpark for integrations with Amazon SageMaker, but there's a lot of great new technology that just makes this easy and compelling for customers. >> I think that's the big word, easy button here for what may look like a complex kind of integration, kind of turnkey, really, really compelling example of the modern era we're living in, as we always say in theCUBE. You mentioned accelerators, SAP accelerators. Can you give an example of how that works with the technology from the third party providers to deliver this business value Itamar, 'cause that was an interesting comment. What's the example? Give an example of this acceleration. >> Yes, certainly. I think this is something that really makes this truly, truly unique in the industry and again, a great opportunity for customers. So we kind talked earlier about there's a lot of things that need to be done with SP data to turn it to value. And these accelerator, as the name suggests, are designed to do just that, to kind of jumpstart the process and reduce the time and the risk involved in such project. So again, these are pre-packaged templates. We basically took a lot of knowledge, and a lot of configurations, best practices about to get things done and we put 'em together. So think about all the steps, it includes things like data extraction, so already knowing which tables, all the relevant tables that you need to get data from in the contexts of the solution you're looking for, say like order to cash, we'll get back to that one. How do you continuously deliver that data into Snowflake in an in efficient manner, handling things like data type mappings, metadata naming conventions and transformations. The data models you build all the way to data mart definitions and all the transformations that the data needs to go through moving through steps until it's fully analytics ready. And then on top of that, even adding a library of comprehensive analytic dashboards and integrations through machine learning and AI and put all of that in a way that's in pre-integrated and tested to work with Snowflake and AWS. So this is where again, you get this entire recipe that's ready. So take for example, I think I mentioned order to cash. So again, all these things I just talked about, I mean, for those who are not familiar, I mean order to cash is a critical business process for every organization. So especially if you're in retail, manufacturing, enterprise, it's a big... This is where, you know, starting with booking a sales order, following by fulfilling the order, billing the customer, then managing the accounts receivable when the customer actually pays, right? So this all process, you got sales order fulfillment and the billing impacts customer satisfaction, you got receivable payments, you know, the impact's working capital, cash liquidity. So again, as a result this order to cash process is a lifeblood for many businesses and it's critical to optimize and understand. So the solution accelerator we created specifically for order to cash takes care of understanding all these aspects and the data that needs to come with it. So everything we outline before to make the data available in Snowflake in a way that's really useful for downstream analytics, along with dashboards that are already common for that, for that use case. So again, this enables customers to gain real-time visibility into their sales orders, fulfillment, accounts receivable performance. That's what the Excel's are all about. And very similarly, we have another one for example, for finance analytics, right? So this will optimize financial data reporting, helps customers get insights into P&L, financial risk of stability or inventory analytics that helps with, you know, improve planning and inventory management, utilization, increased efficiencies, you know, so in supply chain. So again, these accelerators really help customers get a jumpstart and move faster with their solutions. >> Peter, this is the easy button we just talked about, getting things going, you know, get the ball rolling, get some acceleration. Big part of this are the three companies coming together doing this. >> Yeah, and to build on what Itamar just said that the SAP data obviously has tremendous value. Those sales orders, distribution data, financial data, bringing that into Snowflake makes it easily accessible, but also it enables it to be combined with other data too, is one of the things that Snowflake does so well. So you can get a full view of the end-to-end process and the business overall. You know, for example, I'll just take one, you know, one example that, that may not come to mind right away, but you know, looking at the impact of weather conditions on supply chain logistics is relevant and material and have interest to our customers. How do you bring those different data sets together in an easy way, bringing the data out of SAP, bringing maybe other data out of other systems through Qlik or through Snowflake, directly bringing data in from our data marketplace and bring that all together to make it work. You know, fundamentally organizational silos and the data fragmentation exist otherwise make it really difficult to drive modern analytics projects. And that in turn limits the value that our customers are getting from SAP data and these other data sets. We want to enable that and unleash. >> Yeah, time for value. This is great stuff. Itamar final question, you know, what are customers using this? What do you have? I'm sure you have customers examples already using the solution. Can you share kind of what these examples look like in the use cases and the value? >> Oh yeah, absolutely. Thank you. Happy to. We have customers across different, different sectors. You see manufacturing, retail, energy, oil and gas, CPG. So again, customers in those segments, typically sectors typically have SAP. So we have customers in all of them. A great example is like Siemens Energy. Siemens Energy is a global provider of gas par services. You know, over what, 28 billion, 30 billion in revenue. 90,000 employees. They operate globally in over 90 countries. So they've used SAP HANA as a core system, so it's running on premises, multiple locations around the world. And what they were looking for is a way to bring all these data together so they can innovate with it. And the thing is, Peter mentioned earlier, not just the SAP data, but also bring other data from other systems to bring it together for more value. That includes finance data, these logistics data, these customer CRM data. So they bring data from over 20 different SAP systems. Okay, with Qlik data integration, feeding that into Snowflake in under 20 minutes, 24/7, 365, you know, days a year. Okay, they get data from over 20,000 tables, you know, over million, hundreds of millions of records daily going in. So it is a great example of the type of scale, scalability, agility and speed that they can get to drive these kind of innovation. So that's a great example with Siemens. You know, another one comes to mind is a global manufacturer. Very similar scenario, but you know, they're using it for real-time executive reporting. So it's more like feasibility to the production data as well as for financial analytics. So think, think, think about everything from audit to texts to innovate financial intelligence because all the data's coming from SAP. >> It's a great time to be in the data business again. It keeps getting better and better. There's more data coming. It's not stopping, you know, it's growing so fast, it keeps coming. Every year, it's the same story, Peter. It's like, doesn't stop coming. As we wrap up here, let's just get customers some information on how to get started. I mean, obviously you're starting to see the accelerators, it's a great program there. What a great partnership between the two companies and AWS. How can customers get started to learn about the solution and take advantage of it, getting more out of their SAP data, Peter? >> Yeah, I think the first place to go to is talk to Snowflake, talk to AWS, talk to our account executives that are assigned to your account. Reach out to them and they will be able to educate you on the solution. We have packages up very nicely and can be deployed very, very quickly. >> Well gentlemen, thank you so much for coming on. Appreciate the conversation. Great overview of the partnership between, you know, Snowflake and Qlik and AWS on a joint solution. You know, getting more out of the SAP data. It's really kind of a key, key solution, bringing SAP data to life. Thanks for coming on theCUBE. Appreciate it. >> Thank you. >> Thank you John. >> Okay, this is theCUBE coverage here at RE:Invent 2022. I'm John Furrier, your host of theCUBE. Thanks for watching. (upbeat music)

(upbeat music) >> Hello, brilliant humans and welcome back to theCUBE. We're live from Detroit, Michigan. My name is Savannah Peterson. Joined here with John Furrier, John, so exciting, day three. >> Day three, cranking along, doing great, final day of KubeCon, it wraps up. This next segment's going to be great. It's about WebAssembly, the hottest trend here, at KubeCon that nobody knows about cause they just got some funding and it's got some great traction. Multiple players in here. People are really interested in this and they're really discovering it. They're digging into it. So, we're going to hear from one of the founders of the company that's involved. So, it'll be great. >> Yeah, I think we're right at the tip of the iceberg really. We started off the show with Scott from Docker talking about this, but we have a thought leader in this space. Please welcome Matt Butcher the CEO and co-founder of Fermyon Thank you for being here. Welcome. >> Yeah, thanks so much for having me. Favorite thing to talk about is WebAssembly after that is coffee but WebAssembly first. >> Hey, it's the morning. We can talk about both those on the show. (all chuckles) >> It might get confusing, but I'm willing to try. >> If you can use coffee as a metaphor to teach everyone about WebAssembly throughout the rest of the show. >> All right. That would be awesome. >> All right I'll keep that in mind. >> So when we were talking before we got on here I thought it was really fun because I think the hype is just starting in the WebAssembly space. Very excited about it. Where do you think we're at, set the stage? >> Honestly, we were really excited to come here and see that kind of first wave of hype. We came here expecting to have to answer the question you know, what is WebAssembly and why is anybody looking at it in the cloud space, and instead people have been coming up to us and saying, you know this WebAssembly thing, we're hearing about it. What are the problems it's solving? >> Savannah: Yeah. >> We're really excited to hear about it. So, people literally have been stopping us in restaurants and walking down the street, hey, "You're at KubeCon, you're the WebAssembly people. Tell us more about what's going on." >> You're like awesome celeb. I love this. >> Yeah, and I, >> This is great >> You know the, the description I used was I expected to come here shouting into the void. Hey, you know anybody, somebody, let me tell you about WebAssembly. Instead it's been people coming to us and saying "We've heard about it. Get us excited about it," and I think that's a great place to be. >> You know, one of the things that's exciting too is that this kind of big trend with this whole extraction layer conversation, multicloud, it reminds me of the old app server days where, you know there was a separation between the back end and front end, and then we're kind of seeing that now with this WebAssembly Wasm trend where the developers just want to have the apps run everywhere and the coding to kind of fall in, take a minute to explain what this is, why it's important, why are people jazzed about there's other companies like Cosmonic is in there. There's a lot of open source movement behind it. You guys are out there, >> Savannah: Docker. >> 20 million in fresh funding. Why is this important? What is it and why is it relevant right now? Why are people talking about it? >> I mean, we can't... There is no penasia in the tech world much for the good of all of us, right? To keep us employed. But WebAssembly seems to be that technology that just sort of arose at the right time to solve a number of problems that were really feeling intractable not very long ago. You know, at the core of what is WebAssembly? Well it's a binary format, right? But there's, you know, built on the same, strain of development that Java was built on in the 90's and then the .net run time. But with a couple of little fundamental changes that are what have made it compelling today. So when we think about the cloud world, we think about, okay well security's a big deal to us. Virtual machines are a way for us to run other people's untrusted operating systems on our hardware. Containers come along, they're a... The virtual machine is really the heavyweight class. This is the big thing. The workhorse of the cloud. Then along come Containers, they're a little slimmer. They're kind of the middleweight class. They provide us this great way to sort of package up just the application, not the entire operating system just the application and the bits we care about and then be able to execute those in a trusted environment. Well you know, serverless was the buzzword a few years ago. But one thing that serverless really identified for us is that we didn't actually have the kind of cloud side architecture that was the compute layer that was going to be able to fulfill the promise of serverless. >> Yeah. >> And you know, at that time I was at Microsoft we got to see behind the curtain and see how Azure operates and see the frustration with going, okay how do we get this faster? How do we get this startup time down from seconds to hundreds of milliseconds, WebAssembly comes along and we're able to execute these things in sub one millisecond, which means there is almost no cost to starting up one of these. >> Sub one millisecond. I just want to let everyone rest on that for a second. We've talked a lot about velocity and scale on the show. I mean everyone here is trying to do things faster >> Yep >> Obviously, but that is a real linchpin that makes a very big difference when we're talking about deploying things. Yeah. >> Yeah, and I mean when you think about the ecological and the cost impact of what we're building with the cloud. When we leave a bunch of things running in idle we're consuming electricity if nothing else. The electricity bill keeps going up and we're paying for it via cloud service charges. If you can start something in sub one millisecond then there's no reason you have to leave it running when nobody's using it. >> Savannah: Doesn't need to be in the background. >> That's right. >> So the lightweight is awesome. So, this new class comes up. So, like Java was a great metaphor there. This is kind of like that for the modern era of apps. >> Yeah. >> Where is this going to apply most, do you think? Where's it going to impact most? >> Well, you know, I think there are really four big categories. I think there's the kind of thing I was just talking about I think serverless and edge computing and kind of the server class of problem space. I think IOT is going to benefit, Amazon, Disney Plus, >> Savannah: Yes, edge. >> And PBS, sorry BBC, they all use WebAssembly for the players because they need to run the same player on thousands of different devices. >> I didn't even think about that use case. What a good example. >> It's a brilliant way to apply it. IOT is a hard space period and to be able to have that kind of layer of abstraction. So, that's another good use case >> Savannah: Yeah. >> And then I think this kind of plugin model is another one. You see it was Envoy proxy using this as a way to extend the core features. And I think that one's going to be very, very promising as well. I'm forgetting one, but you know. (all chuckles) I think you end up with these kind of discreet compartments where you can easily fit WebAssembly in here and it's solving a problem that we didn't have the technology that was really adequately solving it before. >> No, I love that. One of the things I thought was interesting we were all at dinner, we were together on Tuesday. I was chatting with Paris who runs Deliveroo at Apple and I can't say I've heard this about too many tools but when we were talking about WebAssembly she said "This is good for everybody" And, it's really nice when technologies come along that will raise the water level across the board. And I love that you're leading this. Speaking of you just announced a huge series aid, 20 million dollars just a few days ago. What does that mean for you and the team? >> I mean there's a little bit of economic uncertainty and it's always nice, >> Savannah: Just a little bit. >> Little bit. >> Savannah: It's come up on the show a little bit this week >> Just smidge. and it's nice to know that we're at a critical time developing this kind of infrastructure layer developing this kind of developer experience where they can go from, you know, blinking cursor to deployed application in two minutes or less. It would be a tragedy if that got forestalled merely because you can't achieve the velocity you need to carry it out. So, what's very exciting about being able to raise around like that at this critical time is that gives us the ability to grow strategically, be able to continue releasing products, building a community around WebAssembly as a whole and of course around our products at Fermyon is a little smaller circle in the bigger circle, and that's why we are so excited about having closed around, that's the perfect one to extend a runway like that. >> Well I'm super excited by this because one I love the concept. I think it's very relevant, like how you progress heavyweight, middleweight, maybe this is lightweight class. >> I know, I'm here for the analogy. No, it's great, its great. >> Maybe it's a lightweight class. >> And we're slimming, which not many of us can say in these times so that's awesome. >> Maybe it's more like the tractor trailer, the van, now you got the sports car. >> Matt: Yeah, I can go.. >> Now you're getting Detroit on us. >> I was trying for a coffee, when I just couldn't figure it out. (all chuckles) >> So, you got 20 million. I noticed the investors amplify very good technical VC and early stage firm. >> Amazing, yeah. >> Insight, they do early stage, big early stage like this. Also they're on the board of Docker. Docker was intent to put a tool out there. There's other competition out there. Cosmonic is out there. They're funded. So you got VC funded companies like yourselves and Cosmonic and others. What's that mean? Different tool chains, is it going to create fragmentation? Is there a common mission? How do you look at the competition as you get into the market >> When you see an ecosystem form. So, here we are at KubeCon, the cloud native ecosystem at this point I like to think of them as like concentric rings. You have the kind of core and then networking and storage and you build these rings out and the farther out you get then the easier it is to begin talking about competition and differentiation. But, when you're looking at that core piece everybody's got to be in there together working on the same stuff, because we want interoperability, we want standards based solutions. We want common ways of building things. More than anything, we want the developers and operators and users who come into the ecosystem to be able to like instantly feel like, okay I don't have to learn. Like you said, you know, 50 different tools for 50 different companies. "I see how this works", and they're doing this and they're doing this. >> Are you guys all contributing into the same open source? >> Yep, yeah, so... >> All the funding happens. >> Both CNCF and the ByteCode Alliance are organizations that are really kind of pushing forward that core technology. You know, you mentioned Cosmonic, Microsoft, SOSA, Red Hat, VMware, they're all in here too. All contributing and again, with all of us knowing this is that nascent stage where we got to execute it. >> How? >> Do it together. >> How are you guys differentiating? Because you know, open source is a great thing. Rising Tide floats all boats. This is a hot area. Is there a differentiation discussion or is it more let's see how it goes, kind of thing? >> Well for us, we came into it knowing very specifically what the problem was we wanted to solve. We wanted this serverless architecture that executed in sub one millisecond to solve, to really create a new wave of microservices. >> KubeCon loves performance. They want to run their stuff on the fastest platform possible. >> Yeah, and it shouldn't be a roadblock, you know, yeah. >> And you look at someone like SingleStore who's a database company and they're in it because they want to be able to run web assemblies close to the data. Instead of doing a sequel select and pulling it way out here and munging it and then pushing it back in. They move the code in there and it's executing in there. So everybody's kind of finding a neat little niche. You know, Cosmonic has really gone more for an enterprise play where they're able to provide a lot of high level security guarantees. Whereas we've been more interested in saying, "Hey, this your first foray into WebAssembly and you're interested in serverless we'll get you going in like a couple of minutes". >> I want to ask you because we had Scott Johnston on earlier opening keynote so we kind of chatted one-on-one and I went off form cause I really wanted to talk to him because Docker is one of the most important companies since their pivot, when they did their little reset after the first Docker kind of then they sold the enterprise off to Mirantis they've been doing really, really well. What's your relationship to Docker? He was very bullish with you guys. Insights, joint investor. Is there a relationship? You guys talk, what's going on there? >> I mean, I'm going to have to admit a little bit of hero worship on my part. I think Scott is brilliant. I just do, and having come from the Kubernetes world the Fermyon team, we've always kind of kept an eye on Docker communicated with a lot of them. We've known Justin Cormack for years. Chris Cornett. (indistinct) I mean yeah, and so it has been a very natural >> Probably have been accused of every Docker Con and we've did the last three years on the virtual side with them. So, we know them really well. >> You've always got your finger on the pulse for them. >> Do you have a relationship besides a formal relationship or is it more of pass shoot score together in the industry? >> Yeah. No, I think it is kind of the multi-level one. You come in knowing people. You've worked together before and you like working with each other and then it sort of naturally extends onto saying, "Hey, what can we do together?" And also how do we start building this ecosystem around us with Docker? They've done an excellent job of articulating why WebAssembly is a complimentary technology with Containers. Which is something I believe very wholeheartedly. You need all three of the heavyweight, middleweight, lightweight. You can't do all the with just one, and to have someone like that sort of with a voice profoundly be able to express, look we're going to start integrating it to show you how it works this way and prevent this sort of like needless drama where people are going, oh Dockers dead, now everything's WebAssembly, and that's been a great.. >> This fight that's been going on. I mean, Docker, Kubernetes, WebAssembly, Containers. >> Yeah. >> We've seen on the show and we both know this hybrid is the future. We're all going to be using a variety of different tools to achieve our goals and I think that you are obviously one of them. I'm curious because just as we were going on you mentioned that you have a PhD in philosophy. (Matt chuckles) >> Matt: Yeah. >> Which is a wild card. You're actually our second PhD in philosophy working in a very technical role on the show this week, which is kind of cool. So, how does that translate into the culture at Fermyon? What's it like on the team? >> Well, you know, a philosophy degree if nothing else teaches you to think in systems and both human systems and formal systems. So that helps and when you approach the process of building a company, you need to be thinking both in terms of how are we organizing this? How are we organizing the product? How do we organize the team? We have really learned that culture is a major deal and culture philosophy, >> Savannah: Why I'm bringing it up. >> We like that, you know, we've been very forward. We have our chip values, curiosity, humility inclusivity and passion, and those are kind of the four things that we feel like that each of us every day should strive to be exhibiting these kinds of things. Curiosity, because you can't push the envelope if you don't ask the hard questions. Humility, because you know, it's easy to get cocky and talk about things as if you knew all the answers. We know we don't and that means we can learn from Docker and Microsoft >> Savannah: That's why you're curious. >> And the person who stops by the booth that we've never met before and says, "hey" and inclusivity, of course, building a community if you don't execute on that well you can't build a good community. The diversity of the community is what makes it stronger than a singular.. >> You have to come in and be cohesive with the community. >> Matt: Yeah. >> The app focus is a really, I think, relevant right now. The timing of this is right online. I think Scott had a good answer I thought on the relationship and how he sees it. I think it's going to be a nice extension to not a extension that way, but like. >> It probably will be as well. >> Almost a pun there John, almost a pun. >> There actually might be an extension, but evolution what we're going to get to which I think is going to be pure application server, like. >> Yep, yep. Like performance for new class of developer. Then now the question comes up and we've been watching developer productivity. That is a big theme and our belief is that if you take digital transformation to its conclusion IT and developers aren't a department serving the business they are the business. That means the developer workflows will have to be radically rebuilt to handle the velocity and new tech for just coding. I call it architectural list. >> I like that. I might steal that. >> It's a pun, but it's also brings up the provocative question. You shouldn't have to need an architecture to code. I mean, Java was great for that reason in many ways. So, if that happens if the developers are running the business that means more apps. The apps is the business. You got to have tool chains and productivity. You can't have fragmentation. Some people are saying WebAssembly might, fork tool chains, might challenge the developer productivity. what's your answer to that? How would you address that objection? >> I mean the threat of forking is always lurking in the corner in open source. In a way it's probably a positive threat because it keeps us honest it keeps us wanting to be inclusive again and keep people involved. Honestly though, I'm not particularly worried about it. I know that the W-3 as a standards body, of course, one of the most respected standards bodies on the planet. They do html, they do cascading style sheets. WebAssembly is in that camp and those of us in the core are really very interested in saying, you know, come on in, let's build something that's going to be where the core is solid and you know what you got and then you can go into the resurgence of the application server. I mean, I wholeheartedly agree with you on that, and we can only get there if we say, all right, here are the common paradigms that we're all going to agree to use, now let's go build stuff. >> And as we've been saying, developers are setting, I think are going to set the standards and they're going to vote with their code and their feet, if you will. >> Savannah: A hundred percent. >> They will decide if you're not aligning with what they want to do. okay. On how they want to self-serve and or work, you'll figure that out. >> Yep, yep. >> You'll get instant feedback. >> Yeah. >> Well, you know, again, I tell you a huge fan of Docker. One of the things that Docker understood at the very outset, is that they had an infrastructure tool and developers were the way to get adoption, and if you look at how fast they got adoption versus many, many other technologies that are profoundly impacted. >> Savannah: Wild. >> Yeah. >> Savannah: It's a cool story. >> It's because they got the developers to go, "This is amazing, hey infrastructure folks, here's an infrastructure tool that we like" and the infrastructure folks are used to code being tossed over the wall are going, "Are you for real?" I mean, and that was a brilliant way to do it and I think that what.. >> John: Yeah, yeah. >> We want to replay in the WebAssembly world is making it developer friendly and you know the kind of infrastructure that we can actually operate. >> Well congratulations to the entire community. We're huge fans of the concept. I kind of see where it's going with connect the dots. You guys getting a lot of buzz. I have to ask you, my final question is the hype is beyond all recognition at this point. People are super pumped and enthusiastic about it and people are looking at it maybe some challenging it, but that's all good things. How do you get to the next level where people are confident that this is actually going to go the next step? Hype to confidence. We've seen great hype. Envoy was hyped up big time before it came in, then it became great. That was one of my favorite examples. Hype is okay, but now you got to put some meat on the bone. The sizzle on the stake so to speak. So what's going to be the stake for you guys as you see this going forward? What's the need? >> Yeah, you know, I talk about our first guiding story was, you know, blinking cursor to deployed application in two minutes. That's what you need to win developers initially. So, what's the next story after that? It's got to be, Fermyon can run real world applications that solve real world problems. That's where hype often fails. If you can build something that's neat but nobody's quite sure what to do with it, to use it, maybe somebody will discover a good use. But, if you take that gambling asset, >> Savannah: It's that ending answer that makes the difference. >> Yeah, yeah. So we say, all right, what are developers trying to build with our platform and then relentlessly focus on making that easier and solving the real world problem that way. That's the crucial thing that's going to drive us out of that sort of early hype stage into a well adopted technology and I talk from Fermyon point of view but really that's for all of us in the WebAssembly. >> John: Absolutely. >> Very well stated Matt, just to wrap us up when we're interviewing you here on theCUBE next year, what do you hope to be able to say then that you can't say today? >> All this stuff about coffee we didn't cover today, but also.. (all chuckles) >> Savannah: Here for the coffee show. Only analogies, that's a great analogy. >> I want to walk here and say, you know last time we talked about being able to achieve density in servers that was, you know, 10 times Kubernetes. Next year I want to say no, we're actually thousands of times beyond Kubernetes that we're lowering people's electricity bill by making these servers more efficient and the developers love it. >> That your commitment to the environment is something I want to do an entirely different show on. We learned that 7-8% of all the world's powers actually used on data centers through the show this week which is jarring quite frankly. >> Yeah, yeah. Tragic would be a better way of saying that. >> Yeah, I'm holding back so that we don't go over time here quite frankly. But anyways, Matt Butcher thank you so much for being here with us. >> Thank you so much for having me it was pleasure.. >> You are worth the hype you are getting. I am grateful to have you as our WebAssembly thought leader. In addition to Scott today from Docker earlier in the show. John Furrier, thanks for being my co-host and thank all of you for tuning into theCUBE here, live from Detroit. I'm Savannah Peterson and we'll be back with more soon. (ambient music)

>> From theCUBE Studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE and ETR, this is Breaking Analysis with Dave Vellante. >> This past week we saw two of the Big 3 cloud providers present the latest update on their respective cloud visions, their business progress, their announcements and innovations. The content at these events had many overlapping themes, including modern cloud infrastructure at global scale, applying advanced machine intelligence, AKA AI, end-to-end data platforms, collaboration software. They talked a lot about the future of work automation. And they gave us a little taste, each company of the Metaverse Web 3.0 and much more. Despite these striking similarities, the differences between these two cloud platforms and that of AWS remains significant. With Microsoft leveraging its massive application software footprint to dominate virtually all markets and Google doing everything in its power to keep up with the frenetic pace of today's cloud innovation, which was set into motion a decade and a half ago by AWS. Hello and welcome to this week's Wikibon CUBE Insights, powered by ETR. In this Breaking Analysis, we unpack the immense amount of content presented by the CEOs of Microsoft and Google Cloud at Microsoft Ignite and Google Cloud Next. We'll also quantify with ETR survey data the relative position of these two cloud giants in four key sectors: cloud IaaS, BI analytics, data platforms and collaboration software. Now one thing was clear this past week, hybrid events are the thing. Google Cloud Next took place live over a 24-hour period in six cities around the world, with the main gathering in New York City. Microsoft Ignite, which normally is attended by 30,000 people, had a smaller event in Seattle, in person with a virtual audience around the world. AWS re:Invent, of course, is much different. Yes, there's a virtual component at re:Invent, but it's all about a big live audience gathering the week after Thanksgiving, in the first week of December in Las Vegas. Regardless, Satya Nadella keynote address was prerecorded. It was highly produced and substantive. It was visionary, energetic with a strong message that Azure was a platform to allow customers to build their digital businesses. Doing more with less, which was a key theme of his. Nadella covered a lot of ground, starting with infrastructure from the compute, highlighting a collaboration with Arm-based, Ampere processors. New block storage, 60 regions, 175,000 miles of fiber cables around the world. He presented a meaningful multi-cloud message with Azure Arc to support on-prem and edge workloads, as well as of course the public cloud. And talked about confidential computing at the infrastructure level, a theme we hear from all cloud vendors. He then went deeper into the end-to-end data platform that Microsoft is building from the core data stores to analytics, to governance and the myriad tooling Microsoft offers. AI was next with a big focus on automation, AI, training models. He showed demos of machines coding and fixing code and machines automatically creating designs for creative workers and how Power Automate, Microsoft's RPA tooling, would combine with Microsoft Syntex to understand documents and provide standard ways for organizations to communicate with those documents. There was of course a big focus on Azure as developer cloud platform with GitHub Copilot as a linchpin using AI to assist coders in low-code and no-code innovations that are coming down the pipe. And another giant theme was a workforce transformation and how Microsoft is using its heritage and collaboration and productivity software to move beyond what Nadella called productivity paranoia, i.e., are remote workers doing their jobs? In a world where collaboration is built into intelligent workflows, and he even showed a glimpse of the future with AI-powered avatars and partnerships with Meta and Cisco with Teams of all firms. And finally, security with a bevy of tools from identity, endpoint, governance, et cetera, stressing a suite of tools from a single provider, i.e., Microsoft. So a couple points here. One, Microsoft is following in the footsteps of AWS with silicon advancements and didn't really emphasize that trend much except for the Ampere announcement. But it's building out cloud infrastructure at a massive scale, there is no debate about that. Its plan on data is to try and provide a somewhat more abstracted and simplified solutions, which differs a little bit from AWS's approach of the right database tool, for example, for the right job. Microsoft's automation play appears to provide simple individual productivity tools, kind of a ground up approach and make it really easy for users to drive these bottoms up initiatives. We heard from UiPath that forward five last month, a little bit of a different approach of horizontal automation, end-to-end across platforms. So quite a different play there. Microsoft's angle on workforce transformation is visionary and will continue to solidify in our view its dominant position with Teams and Microsoft 365, and it will drive cloud infrastructure consumption by default. On security as well as a cloud player, it has to have world-class security, and Azure does. There's not a lot of debate about that, but the knock on Microsoft is Patch Tuesday becomes Hack Wednesday because Microsoft releases so many patches, it's got so much Swiss cheese in its legacy estate and patching frequently, it becomes a roadmap and a trigger for hackers. Hey, patch Tuesday, these are all the exploits that you can go after so you can act before the patches are implemented. And so it's really become a problem for users. As well Microsoft is competing with many of the best-of-breed platforms like CrowdStrike and Okta, which have market momentum and appear to be more attractive horizontal plays for customers outside of just the Microsoft cloud. But again, it's Microsoft. They make it easy and very inexpensive to adopt. Now, despite the outstanding presentation by Satya Nadella, there are a couple of statements that should raise eyebrows. Here are two of them. First, as he said, Azure is the only cloud that supports all organizations and all workloads from enterprises to startups, to highly regulated industries. I had a conversation with Sarbjeet Johal about this, to make sure I wasn't just missing something and we were both surprised, somewhat, by this claim. I mean most certainly AWS supports more certifications for example, and we would think it has a reasonable case to dispute that claim. And the other statement, Nadella made, Azure is the only cloud provider enabling highly regulated industries to bring their most sensitive applications to the cloud. Now, reasonable people can debate whether AWS is there yet, but very clearly Oracle and IBM would have something to say about that statement. Now maybe it's not just, would say, "Oh, they're not real clouds, you know, they're just going to hosting in the cloud if you will." But still, when it comes to mission-critical applications, you would think Oracle is really the the leader there. Oh, and Satya also mentioned the claim that the Edge browser, the Microsoft Edge browser, no questions asked, he said, is the best browser for business. And we could see some people having some questions about that. Like isn't Edge based on Chrome? Anyway, so we just had to question these statements and challenge Microsoft to defend them because to us it's a little bit of BS and makes one wonder what else in such as awesome keynote and it was awesome, it was hyperbole. Okay, moving on to Google Cloud Next. The keynote started with Sundar Pichai doing a virtual session, he was remote, stressing the importance of Google Cloud. He mentioned that Google Cloud from its Q2 earnings was on a $25-billion annual run rate. What he didn't mention is that it's also on a 3.6 billion annual operating loss run rate based on its first half performance. Just saying. And we'll dig into that issue a little bit more later in this episode. He also stressed that the investments that Google has made to support its core business and search, like its global network of 22 subsea cables to support things like, YouTube video, great performance obviously that we all rely on, those innovations there. Innovations in BigQuery to support its search business and its threat analysis that it's always had and its AI, it's always been an AI-first company, he's stressed, that they're all leveraged by the Google Cloud Platform, GCP. This is all true by the way. Google has absolutely awesome tech and the talk, as well as his talk, Pichai, but also Kurian's was forward thinking and laid out a vision of the future. But it didn't address in our view, and I talked to Sarbjeet Johal about this as well, today's challenges to the degree that Microsoft did and we expect AWS will at re:Invent this year, it was more out there, more forward thinking, what's possible in the future, somewhat less about today's problem, so I think it's resonates less with today's enterprise players. Thomas Kurian then took over from Sundar Pichai and did a really good job of highlighting customers, and I think he has to, right? He has to say, "Look, we are in this game. We have customers, 9 out of the top 10 media firms use Google Cloud. 8 out of the top 10 manufacturers. 9 out of the top 10 retailers. Same for telecom, same for healthcare. 8 out of the top 10 retail banks." He and Sundar specifically referenced a number of companies, customers, including Avery Dennison, Groupe Renault, H&M, John Hopkins, Prudential, Minna Bank out of Japan, ANZ bank and many, many others during the session. So you know, they had some proof points and you got to give 'em props for that. Now like Microsoft, Google talked about infrastructure, they referenced training processors and regions and compute optionality and storage and how new workloads were emerging, particularly data-driven workloads in AI that required new infrastructure. He explicitly highlighted partnerships within Nvidia and Intel. I didn't see anything on Arm, which somewhat surprised me 'cause I believe Google's working on that or at least has come following in AWS's suit if you will, but maybe that's why they're not mentioning it or maybe I got to do more research there, but let's park that for a minute. But again, as we've extensively discussed in Breaking Analysis in our view when it comes to compute, AWS via its Annapurna acquisition is well ahead of the pack in this area. Arm is making its way into the enterprise, but all three companies are heavily investing in infrastructure, which is great news for customers and the ecosystem. We'll come back to that. Data and AI go hand in hand, and there was no shortage of data talk. Google didn't mention Snowflake or Databricks specifically, but it did mention, by the way, it mentioned Mongo a couple of times, but it did mention Google's, quote, Open Data cloud. Now maybe Google has used that term before, but Snowflake has been marketing the data cloud concept for a couple of years now. So that struck as a shot across the bow to one of its partners and obviously competitor, Snowflake. At BigQuery is a main centerpiece of Google's data strategy. Kurian talked about how they can take any data from any source in any format from any cloud provider with BigQuery Omni and aggregate and understand it. And with the support of Apache Iceberg and Delta and Hudi coming in the future and its open Data Cloud Alliance, they talked a lot about that. So without specifically mentioning Snowflake or Databricks, Kurian co-opted a lot of messaging from these two players, such as life and tech. Kurian also talked about Google Workspace and how it's now at 8 million users up from 6 million just two years ago. There's a lot of discussion on developer optionality and several details on tools supported and the open mantra of Google. And finally on security, Google brought out Kevin Mandian, he's a CUBE alum, extremely impressive individual who's CEO of Mandiant, a leading security service provider and consultancy that Google recently acquired for around 5.3 billion. They talked about moving from a shared responsibility model to a shared fate model, which is again, it's kind of a shot across AWS's bow, kind of shared responsibility model. It's unclear that Google will pay the same penalty if a customer doesn't live up to its portion of the shared responsibility, but we can probably assume that the customer is still going to bear the brunt of the pain, nonetheless. Mandiant is really interesting because it's a services play and Google has stated that it is not a services company, it's going to give partners in the channel plenty of room to play. So we'll see what it does with Mandiant. But Mandiant is a very strong enterprise capability and in the single most important area security. So interesting acquisition by Google. Now as well, unlike Microsoft, Google is not competing with security leaders like Okta and CrowdStrike. Rather, it's partnering aggressively with those firms and prominently putting them forth. All right. Let's get into the ETR survey data and see how Microsoft and Google are positioned in four key markets that we've mentioned before, IaaS, BI analytics, database data platforms and collaboration software. First, let's look at the IaaS cloud. ETR is just about to release its October survey, so I cannot share the that data yet. I can only show July data, but we're going to give you some directional hints throughout this conversation. This chart shows net score or spending momentum on the vertical axis and overlap or presence in the data, i.e., how pervasive the platform is. That's on the horizontal axis. And we've inserted the Wikibon estimates of IaaS revenue for the companies, the Big 3. Actually the Big 4, we included Alibaba. So a couple of points in this somewhat busy data chart. First, Microsoft and AWS as always are dominant on both axes. The red dotted line there at 40% on the vertical axis. That represents a highly elevated spending velocity and all of the Big 3 are above the line. Now at the same time, GCP is well behind the two leaders on the horizontal axis and you can see that in the table insert as well in our revenue estimates. Now why is Azure bigger in the ETR survey when AWS is larger according to the Wikibon revenue estimates? And the answer is because Microsoft with products like 365 and Teams will often be considered by respondents in the survey as cloud by customers, so they fit into that ETR category. But in the insert data we're stripping out applications and SaaS from Microsoft and Google and we're only isolating on IaaS. The other point is when you take a look at the early October returns, you see downward pressure as signified by those dotted arrows on every name. The only exception was Dell, or Dell and IBM, which showing slightly improved momentum. So the survey data generally confirms what we know that AWS and Azure have a massive lead and strong momentum in the marketplace. But the real story is below the line. Unlike Google Cloud, which is on pace to lose well over 3 billion on an operating basis this year, AWS's operating profit is around $20 billion annually. Microsoft's Intelligent Cloud generated more than $30 billion in operating income last fiscal year. Let that sink in for a moment. Now again, that's not to say Google doesn't have traction, it does and Kurian gave some nice proof points and customer examples in his keynote presentation, but the data underscores the lead that Microsoft and AWS have on Google in cloud. And here's a breakdown of ETR's proprietary net score methodology, that vertical axis that we showed you in the previous chart. It asks customers, are you adopting the platform new? That's that lime green. Are you spending 6% or more? That's the forest green. Is you're spending flat? That's the gray. Is you're spending down 6% or worse? That's the pinkest color. Or are you replacing the platform, defecting? That's the bright red. You subtract the reds from the greens and you get a net score. Now one caveat here, which actually is really favorable from Microsoft, the Microsoft data that we're showing here is across the entire Microsoft portfolio. The other point is, this is July data, we'll have an update for you once ETR releases its October results. But we're talking about meaningful samples here, the ends. 620 for AWS over a thousand from Microsoft in more than 450 respondents in the survey for Google. So the real tell is replacements, that bright red. There is virtually no churn for AWS and Microsoft, but Google's churn is 5x, those two in the survey. Now 5% churn is not high, but you'd like to see three things for Google given it's smaller size. One is less churn, two is much, much higher adoption rates in the lime green. Three is a higher percentage of those spending more, the forest green. And four is a lower percentage of those spending less. And none of these conditions really applies here for Google. GCP is still not growing fast enough in our opinion, and doesn't have nearly the traction of the two leaders and that shows up in the survey data. All right, let's look at the next sector, BI analytics. Here we have that same XY dimension. Again, Microsoft dominating the picture. AWS very strong also in both axes. Tableau, very popular and respectable of course acquired by Salesforce on the vertical axis, still looking pretty good there. And again on the horizontal axis, big presence there for Tableau. And Google with Looker and its other platforms is also respectable, but it again, has some work to do. Now notice Streamlit, that's a recent Snowflake acquisition. It's strong in the vertical axis and because of Snowflake's go-to-market (indistinct), it's likely going to move to the right overtime. Grafana is also prominent in the Y axis, but a glimpse at the most recent survey data shows them slightly declining while Looker actually improves a bit. As does Cloudera, which we'll move up slightly. Again, Microsoft just blows you away, doesn't it? All right, now let's get into database and data platform. Same X Y dimensions, but now database and data warehouse. Snowflake as usual takes the top spot on the vertical axis and it is actually keeps moving to the right as well with again, Microsoft and AWS is dominant in the market, as is Oracle on the X axis, albeit it's got less spending velocity, but of course it's the database king. Google is well behind on the X axis but solidly above the 40% line on the vertical axis. Note that virtually all platforms will see pressure in the next survey due to the macro environment. Microsoft might even dip below the 40% line for the first time in a while. Lastly, let's look at the collaboration and productivity software market. This is such an important area for both Microsoft and Google. And just look at Microsoft with 365 and Teams up into the right. I mean just so impressive in ubiquitous. And we've highlighted Google. It's in the pack. It certainly is a nice base with 174 N, which I can tell you that N will rise in the next survey, which is an indication that more people are adopting. But given the investment and the tech behind it and all the AI and Google's resources, you'd really like to see Google in this space above the 40% line, given the importance of this market, of this collaboration area to Google's success and the degree to which they emphasize it in their pitch. And look, this brings up something that we've talked about before on Breaking Analysis. Google doesn't have a tech problem. This is a go-to-market and marketing challenge that Google faces and it's up against two go-to-market champs and Microsoft and AWS. And Google doesn't have the enterprise sales culture. It's trying, it's making progress, but it's like that racehorse that has all the potential in the world, but it's just missing some kind of key ingredient to put it over at the top. It's always coming in third, (chuckles) but we're watching and Google's obviously, making some investments as we shared with earlier. All right. Some final thoughts on what we learned this week and in this research: customers and partners should be thrilled that both Microsoft and Google along with AWS are spending so much money on innovation and building out global platforms. This is a gift to the industry and we should be thankful frankly because it's good for business, it's good for competitiveness and future innovation as a platform that can be built upon. Now we didn't talk much about multi-cloud, we haven't even mentioned supercloud, but both Microsoft and Google have a story that resonates with customers in cross cloud capabilities, unlike AWS at this time. But we never say never when it comes to AWS. They sometimes and oftentimes surprise you. One of the other things that Sarbjeet Johal and John Furrier and I have discussed is that each of the Big 3 is positioning to their respective strengths. AWS is the best IaaS. Microsoft is building out the kind of, quote, we-make-it-easy-for-you cloud, and Google is trying to be the open data cloud with its open-source chops and excellent tech. And that puts added pressure on Snowflake, doesn't it? You know, Thomas Kurian made some comments according to CRN, something to the effect that, we are the only company that can do the data cloud thing across clouds, which again, if I'm being honest is not really accurate. Now I haven't clarified these statements with Google and often things get misquoted, but there's little question that, as AWS has done in the past with Redshift, Google is taking a page out of Snowflake, Databricks as well. A big difference in the Big 3 is that AWS doesn't have this big emphasis on the up-the-stack collaboration software that both Microsoft and Google have, and that for Microsoft and Google will drive captive IaaS consumption. AWS obviously does some of that in database, a lot of that in database, but ISVs that compete with Microsoft and Google should have a greater affinity, one would think, to AWS for competitive reasons. and the same thing could be said in security, we would think because, as I mentioned before, Microsoft competes very directly with CrowdStrike and Okta and others. One of the big thing that Sarbjeet mentioned that I want to call out here, I'd love to have your opinion. AWS specifically, but also Microsoft with Azure have successfully created what Sarbjeet calls brand distance. AWS from the Amazon Retail, and even though AWS all the time talks about Amazon X and Amazon Y is in their product portfolio, but you don't really consider it part of the retail organization 'cause it's not. Azure, same thing, has created its own identity. And it seems that Google still struggles to do that. It's still very highly linked to the sort of core of Google. Now, maybe that's by design, but for enterprise customers, there's still some potential confusion with Google, what's its intentions? How long will they continue to lose money and invest? Are they going to pull the plug like they do on so many other tools? So you know, maybe some rethinking of the marketing there and the positioning. Now we didn't talk much about ecosystem, but it's vital for any cloud player, and Google again has some work to do relative to the leaders. Which brings us to supercloud. The ecosystem and end customers are now in a position this decade to digitally transform. And we're talking here about building out their own clouds, not by putting in and building data centers and installing racks of servers and storage devices, no. Rather to build value on top of the hyperscaler gift that has been presented. And that is a mega trend that we're watching closely in theCUBE community. While there's debate about the supercloud name and so forth, there little question in our minds that the next decade of cloud will not be like the last. All right, we're going to leave it there today. Many thanks to Sarbjeet Johal, and my business partner, John Furrier, for their input to today's episode. Thanks to Alex Myerson who's on production and manages the podcast and Ken Schiffman as well. Kristen Martin and Cheryl Knight helped get the word out on social media and in our newsletters. And Rob Hof is our editor in chief over at SiliconANGLE, who does some wonderful editing. And check out SiliconANGLE, a lot of coverage on Google Cloud Next and Microsoft Ignite. Remember, all these episodes are available as podcast wherever you listen. Just search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com. And you can always get in touch with me via email, david.vellante@siliconangle.com or you can DM me at dvellante or comment on my LinkedIn posts. And please do check out etr.ai, the best survey data in the enterprise tech business. This is Dave Vellante for the CUBE Insights, powered by ETR. Thanks for watching and we'll see you next time on Breaking Analysis. (gentle music)

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

>>We're back with the cube at Falcon 2022, Dave ante and Dave Nicholson. We're at the aria. We do of course, a lot of events in Las Vegas. It's the, it's the place to do events. Dave, I think is my sixth or seventh time here this year. At least. I don't know. I lose track. Jeff Swain is here. He's the vice president of global programs store and tech alliances at CrowdStrike. Jeff. Good to see you again. We saw each other at reinvent in July in Boston. >>Yes. Yeah, it was great to see you again, Dave, thank >>Very much. And we talked about making this happen so thrilled to be here at, at, at CrowdStrike Falcon. We're gonna talk today about the CrowdStrike XDR Alliance partners. First of all, what's XDR >>Well, I hope you were paying attention to George's George's keynote this morning. I guess. You know, the one thing we know is that if you ask 10, five people, what XDR is you'll get 10 answers. >>I like this answer a holistic approach to endpoint security. I, that was, >>It was good. Simple. >>That was a good one at black hat. So, but tell us about the XDR Alliance partners program. Give us the update there. >>Yeah, so I mean, we spoke about it reinforced, you know, the XDR program is really predicated on having a robust ecosystem of partners to help us share that telemetry across all of the different parts of our customers' environment. So we've done a lot of work over the last few weeks and trying to bolster that environment specifically, putting a lot of focus on firewall. You'll see that Cisco and fortunate have both joined the XD XDR Alliance. So we're working on that right now. A lot of customer demand for firewall data into the telemetry set. You know, obviously it's a very rich data environment. There's a lot of logs on firewalls. And so it drives a lot of, of, of information that we can, we can leverage. So we're continuing to grow that. And what we're doing is building out different content packs that support different use cases. So firewall is one CAS B is another emails another and we're building, building out the, the partner set right across the board. So it's, it's, it's been a, a great set of >>Activity. So it's it's partners that have data. Yep. There's probably some, you know, Joe Tuchi year old boss used to say that that overlap is better than gaps. So there's sometimes there's competition, but that's from a customer standpoint, overlap is, is better than gaps. So as gonna mention Cisco forte and there are a number of others, they've got data. Yes. And they're gonna pump it into your system, our platform, and you've got the, your platform. You've got the ability to ingest. You've got the cloud native architecture, you've got the analytics and you've got the near real time analysis capability. Right, right. >>Augmented by people as well, which is a really important part of our value proposition. You know, we, it's not just relying purely on AI, but we have a human, a human aspect to it as well to make sure we're getting extremely accurate responses. And then there's the final phase is the response phase. So being able to take action on a CASB, for example, when we have a known bad actor operating in the cloud is a really important, easy action for our customer to take. That's highly valuable. You're >>Talking about your threat hunting capability, right? >>So it's threat hunting and our Intel capability as well. We use all of that information as well as the telemetry to make sure we're making good, actionable >>Decisions, Intel being machine intelligence or, or human and machine >>Human and human and machine intelligence that we have. We have a whole business that's out there gathering Intel. I believe you think to Adam Myers who runs that business. And you know, that Intel is critical to making good decisions for our customers. >>So the X and XDR is extended, correct. Extending to things like firewalls. That's pretty obvious in the security space. Are there some less obvious data sources that you look to extend to at some point? >>Yeah, I think we're gonna continually go with where the customer demand is. And firewalls is one of the first and is very significant. Other one, you'll see that we're announcing support for Microsoft 365 as well as part of this, this announcement, but then we'll still grow out into the other areas. NDR is, you know, a specific area where we've already got a number of partners in that, in that space. And, and we'll grow that as we go. I think one of the really exciting additional elements is the, the OCS F announcement that we made at at, at, at, at reinforced, which also is a shared data scheme across a number of vendors as well. So talking to Mike's point, Microsoft ST's point this morning in his keynote, it's really about the industry getting together to do better job for our customers. And XDR is the platform to do that. And crowd strikes it way of doing it is the only really true, visible way for a customer to get their hands on all that information, make the decision, see the good from the bad and take the action. So I feel like we're really well placed to help our customers in >>That space. Well, Kevin mania referenced this too today, basically saying the industry's doing a better job of collaborations. I mean, sometimes I'm skeptical because we've certainly seen people try to, you know, commercialize private information, private reports. Yeah. But, but, but you're talking about, you know, some of your quasi competitors cooperatives, you know, actually partnering with you now. So that's a, that's a good indicator. Yeah. I want to step back a little bit, talk about the macro, the big conversation on wall street. Everybody wants to talk about the macro of course, for obvious reasons, we just published our breaking analysis, talking about you guys potentially being a generational company and sort of digging into that a little bit. We've seen, you know, cyber investments hold up a little bit better, both in terms of customer spending and of course the stock market better than tech broadly. Yeah. So in that case it would, it would suggest that cyber investments are somewhat non-discretionary. So, but that is my question are cyber investments non-discretionary if, if so, how, >>You know, I think George George calls that out directly in our analyst reports as well that, you know, we believe that cyber is a non-discretionary spend, but I, I actually think it's more than that. I think in this current macro or economic environment where CIOs and CSOs are being asked to sweat their assets for significantly longer period of time, that actually creates vulnerabilities because they have older kit, that's running for a longer period that they normally, you know, round out or churn out of their environment. They're not getting the investment to replace those laptops. They're not getting the, I placement to replace those servers. We have to sweat them for a little bit longer, longer, which means they need to be on top of the security posture of those devices. So that means that we need the best possible telemetry that we can get to protect those in the best possible way. So I actually think not only is it makes it non-discretionary, it actually increases the, the business case for, for, for taking on a, a cyber project. >>And I buy that. I buy that the business case is better potentially for cyber business case. And cyber is about, about risk reduction, right? It's about, it's about reducing expected loss. I, I, I, I, but the same time CISOs don't have an open wallet. They have to compete with other P and L managers. I also think the advantage for CrowdStrike I'm, I'm getting deeper into the architecture and beginning to understand the power of a lightweight agent that can do handle. I think you're up to 22 modules now, correct? Yes. I've got questions on how you keep that lightweight, but, but nonetheless, if you can consolidate the point tools, which is, you know, one of the biggest challenges that, that SecOps teams face that strengthens the ROI as well. >>Absolutely. And if you look at what George was saying this morning in the keynote, the combination of being able to provide tools, not only to the SecOps team, but the it ops team as well, being able to give the it ops team visibility on how many assets they have. I mean, these simple, these are simple questions that we should be able to answer. But often when we ask, you know, an operations leader, can you answer it? It sometimes it's hard for them. We actually have a lot of that information. So we are able to bring that into the platform. We're able to show them, we're able to show them where the assets are, where the vulnerabilities are against those assets and help it ops do a better job as well as SecOps. So the, the strength, the case strengthens, as you said, the CSO can also be talking to the it ops budget. >>The edge is getting more real. We're certainly hearing a lot about it now we're seeing a lot more and you kind of got the, the near edge, like the home Depot and the lows, you know, stores. Yeah. Okay. That I, I can get a better handle on, okay. How do I secure that? I've got some standards, but that's the far edge. It's, it's the, the OT yes. Piece of it. That's sort of the brave new world. What are you seeing there? How do you protect those far flowing estates? >>I think this gets back to the question of what's what's new or what's coming and where do we see the, the next set of workloads that we have to tackle? You know, when we came along first instance, we were really doing a lot of the on-prem on-prem and, and, and known cloud infrastructure suites. Then we started really tackling the broader crowd market with tools and technology to give visibility and control of the overall cloud environment. OT represents that next big addressable market for us, because there are so many questions around devices where they are, how old they are, what they're running. So visibility into the OT network is extremely, extremely important. And, you know, the, the wall that has existed again between the CISO and the OT environments coming down, we're seeing that's closer, closer alignment between the security on both those worlds. So the announcement that we've made around extending our Falcon discover product, to be able to receive and understand device information from the OT network and bring it into the same console as the, the it and the OT in the same console to give one cohesive picture of, of visibility of all of our devices is a major step forward for our customers and for, for the industry as well. >>And we see that being, being able to get the visibility will then lead us to a place of being able to build our AI models, build our response frameworks. So then we can go to a full EDR and then beyond that, there's, you know, all the other things that CrowdStrike do so well, but this is the first step to really the first step on control is visibility. And >>The OT guys are engineers. So they're obviously conscious of this stuff. It's, it's more it's again, you're extending that culture, isn't >>It? Yeah, yeah, yeah. Now when you're looking at threats, great, you want to do things to protect against those threats, but how much, how much of CrowdStrike's time is spent thinking about the friction that's involved in transactions? If I wanna go to the grocery store, think of me as an end point. If I wanna go to the grocery store, if I had to drive through three DUI checkpoints or car safety inspections. Yeah. Every time I went to the grocery store, I wouldn't be happy as an end point as an end user in this whole thing. Ideally, we'd be able just to be authenticated and then not have to worry about anything moving forward. Do you see that as your role, reducing friction 1%, >>That's again, one of the core tenants of, of, of why George founded the company. I mean, he tells the story of sitting on an airplane and seeing an executive who was also on the airplane, trying to boot their machine up and try and get an email out before the plane took off and watching the scanning happen, you know, old school virus scanning happening on the laptop and, and that executive not making it because, and he is like in this day and age, how can we be holding people back with that much friction in their day to day life? So that's one of the, again, founding principles of what we do at CrowdStrike was the security itself needs to support business growth, support, user growth, and actually get out of the way of how people do things. And we've seen progression along that lines. I think the zero trust work that we're doing right now really helps with that as well. >>Our integrations into other companies that play within the zero trust space makes that frictionless experience for the user, because yeah, we, we, we want to be there. We want to know everything that's happening, but we don't wanna see where we always want control points, but that's the value of the telemetry we take. We're taking all the data so we can see everything. And then we pick what we want to review rather than having to do the, the checkpoint approach of stop here. Now, let me see your credentials. Stop here. Let me see your credentials because we have a full field of, of knowledge and information on what the device is doing and what the user is doing. We're able to then do the trust with verify style approach. >>So coming back to the, to the edge in IOT, you know, bringing that zero trust concept to the, to the edge you've got, you've got it. And OT. Okay. So that's a new constituency, but you're consolidating that view. Your job gets harder. Doesn't it? So, so, so talk about how you resolve that. Do do the, do the concepts that you apply to traditional it endpoints apply at the edge. >>So first things we have to do is gain the visibility. And, and so the way in which we're doing that is effectively drawing information out from the OT environment at, by, by having a collector that's sitting there and bringing that into our console, which then will give us the ability to run our AI models and our other, you know, indications of attack or our indicators of misconfiguration into the model. So we can see whether something's good or bad whilst we're doing that. Obviously we're also working on building specific senses that will then sit in OT devices down, you know, one layer down from rather being collected and pulled and brought into the platform, being collected at the individual sensor level when we have that completed. And that requires a whole different ecosystem for us, it means that we have to engage with organizations like Rockwell and Siemens and Schneider, because they're the people who own the equipment, right? Yeah. And we have to certify with them to make sure that when we put technology onto their equipment, we're not going to cause any kind of critical failure that, you know, that could have genuine real world physical disastrous consequences. So we have to be super careful with how we build that, which we're we're in the process of >>Doing are the IOA signatures indicator as a tax. So I don't have to throw a dollar in the jar. Are the IOA signatures substantially similar at, at the edge, or >>I think we learn as we go, you know, first we have to gain the information and understand what good and bad looks like, what the kind of behaviors are there. But what we will see is that, you know, as someone's trying to, there's an actor, you know, making an attack, you know, will be able to see how they're affecting each of those endpoints individually, whether they're trying to take some form of control, whether they're switching them on and off in the edge and the far edge, it's a little bit more binary in terms of the kind of function of the device. It is the valve open or is the valve closed? It's is the production line running or is the production not line running, not running. So we need to be able to see that it's more about protecting the outcomes there as well. But again, you know, it's about first, we have to get the information. That's what this product will help us do, get it into the platform, get our teams over the top of it, learn more about what's going on there and then be able to take action. >>But the key point is the architecture will scale. And that's where the cloud native things comes >>Into. Yeah, it'll, it'll it'll scale. But to your, to your point about the lack of investment and infrastructure means older stuff means potentially wider gaps, bigger security holes, more opportunity for the security sector. Yep. I buy that. That makes sense. I think if it's a valid argument, when you, when you, when you know, we, we loosely talk about internet of things, edge, a lot of those things on the edge, there's probably a trillion dollars worth of a hundred year old garbage, and I'm only slightly exaggerating on the trillion and the a hundred years old, a lot of those critical devices that need to be sensed that are controlling our, our, our, our electrical grid. For example, a lot of those things need to be updated. So, so as you're pushing into that frontier, are you, you know, are, are you extending out developer kits and APIs to those people as they're developing those new things? Well, because some of the old stuff will never work. >>And that's what we're we're seeing is that there is a movement within the industrial control side of things to actually start, you know, doing this. Some, some simple things like removing the air gap from certain systems because you, now we can build a system around it. That's trustable and supportable. So now we can get access there over, over and over a network over the internet to, to, to kind of control a valve set that's down a pipeline or something like that. So there is, there is, there is willingness within the ecosystem, the, the IOT provider ecosystem to give us access to some of those, those controls, which, which wasn't there, which has led to some of some of these issues. Are we gonna be able to get to all of them? No, we're gonna have to make decisions based on customer demand, based on where the big, the big rock lie. And, and so we will continue to do that based on customer feedback on again, on what we see >>And the legacy air gaps in the OT worlds were by design for security reasons, or just sort of >>Mostly because there was no way to, to do before. Right. So it was, was like black >>Connectivity is >>So, so, so it was, people felt more comfortable sending an engineer route to the field truck roll. Yeah, yeah, yeah. To do it rather than expensive, rather. And, and exactly that, again, going back to our macro economic situation, you know, it's a very expensive way of managing and maintaining your fleet if you have to send someone to it every time. So there is a lot of there's, there's a lot of customer demand for change, and we're engaging in that change. And we want, we see a huge opportunity there >>Coming back to the X XDR Alliance, cuz that's kind of where we started. Where do you wanna see that go? What's your vision for that? >>So the Alliance itself has been fundamental in terms of now where we go with the overall platform. We are always constantly looking for customer feedback on where we go next on what additional elements to add that the Alliance members have been this fantastic time and effort in terms of engaging with us so that we can build in responses to their platforms, into, you know, into, into what we do. And they're seeing the value of it. I, I feel that over the next, you know, over the next two year period, we're gonna see those, our XDR Alliance and other XDR alliances growing out to get to each other and they will they'll touch each other. We will have to do it like the OSF project at AWS. And as that occurs, we're gonna be able to focus on customer outcomes, which is, you know, again, if you listen to George, you listen to Mike protecting the customers, the mission of CrowdStrike. So I think that's core to that, to, to that story. What we will see now is it's a great vehicle for us to give a structured approach to partnership. So we'll continue to invest in that. We've, we've got, we've got a pipeline of literally hundreds of, of partners who want to join. We've just gotta do that in a way that's consumable for us and consumable for the customer. >>Jeff Swain. Thanks so much for coming back in the cube. It's great to have you. Yeah. Thanks guys. Thank you. Okay. And thank you for watching Dave Nicholson and Dave ante. We'll be back right after this short break. You're watching the cube from Falcon 22 in Las Vegas, right back.

(intro music) >> Hi everybody. Dave Vellante, back with Day Two coverage, we're live at the ARIA Hotel in Las Vegas for fal.con '22. Several thousand people here today. The keynote was, it was a little light. I think people were out late last night, but the keynote was outstanding and it's still going on. We had to break early because we have to strike early today, but we're really excited to have Stephan Goldberg here, Vice President of Technology Alliances at Claroty. And we're going to talk about an extremely important topic, which is the internet of things, the edge, we talk about it a lot. We haven't covered securing the edge here at theCUBE this week. And so Stephan really excited to have you on. >> Thank you for having me. >> You're very welcome. Tell us more about Claroty, C-L-A-R-O-T-Y, a very interesting spelling, but what's it all about? >> Claroty is cybersecurity company that specializes in cyber physical systems, also known as operational technology systems and the extended internet of things. The difference between the traditional IoT and what what everyone calls an IoT in the cyber physical system is that an IoT device has anything connected on the network that traditionally cannot carry an agent, a security camera, a card reader. A cyber physical system is a system that has influence and operates in the physical world but is controlled from the cyberspace. An example would be a controller, a turbine, a robotic arm, or an MRI machine. >> Yeah, so those are really high-end systems, run, are looked after by engineers, not necessarily consumers. So what's what's happening in that world? I mean, we've talked a lot on theCUBE about the schism between OT and IT, they haven't really talked a lot, but in the last several years, they've started to talk more. You look at the ecosystem of IoT providers. I mean, it's companies like Hitachi and PTC and Siemens. I mean, it's the different names than we're used to in IT. What are the big trends that you're seeing the macro? >> So, first of all, traditionally, most manufacturers and environments that were heavy on operations, operational technology, they had the networks air-gapped, completely separated. You had your IT network for business administration, you had the OT network to actually build stuff. Today with emerging technologies and even modern switching architecture everything is being converged. You have the same physical infrastructure in terms of networking, that carries both networks. Sometimes a human error, sometimes a business logic that needs to interconnect these networks to transmit data from the OT side of the house, to the IT side of the house, exposes the OT environment to cyber threats. >> Was that air-gap by design or was it just that there wasn't connectivity? >> It was air-gap by design, due to security and operational reasons, and also ownership in these organizations. The IT-managed space was completely separate from the OT-managed space. So whoever built a network for the controllers to build a car, for example, was an automation engineer and the vendors, that have built these networks, were automation vendors, unlike the traditional Ciscos of the world, that we're specializing in IT. Today we're seeing the IT vendors on the OT side, and the OT vendors, they're worried about the IT side. >> But I mean, tradition, I mean, engineers are control freaks. No offense, but, I'm glad they are, I'm thankful for that. So there must have been some initial reticence to them connecting up these air-gap systems. They went wanted to make sure that they were secure, that they did it right, and presumably that's where you guys come in. What are the exposures and risks of these, of this critical infrastructure that we should be aware of? >> So you're completely right. And from an operational perspective let let's call it change control is very rigorous. So they did not want to go on the internet and just, we're seeing it with adoption of cloud technologies, for example. Cloud as in industry four ago, five ago, cloud as in cyber security. We all heard Amol's keynote from this morning talking about critical infrastructures and we'll touch upon our partnership in a second, but CrowdStrike, CrowdStrike being considered and deployed within these environments is a new thing. It's a new thing because the OT operation managers and the chief information security officers, they understand that air-gap is no longer a valid strategy. From a business perspective, these networks are already connected. We're seeing the trends of cyber attacks, IT cyber attacks, like not Patreon, I'm not talking about the Stoxnet, the targeted OT. I'm talking about WannaCry, EternalBlue, IT vulnerabilities that did not target OT, but due to the outdated and the specification of OT posture on the networks, they hit healthcare, they hit OT much harder than they did IT. >> Was Log4J, did that sleep into OT, or any IT that. >> So, absolutely. >> So Log4J right, which was so pervasive, like so many of these malwares. >> All these vulnerabilities that, it's a windows vulnerability, it has nothing to do with OT. But then when you stop and you say, hold on, my human machine interface workstation, although it has some proprietary software by Rockwell or Siemens running on it, what is the underlying operating system? Oh, hold on, it's Windows. We haven't updated that for like eight years. We were focused on updating the software but not the underlying operating system. The vulnerabilities exist to a greater extent on the OT side of the house because of the same characteristic of operational technology environments. >> So the brute force air-gap approach was no longer viable because the business imperative came in and said, no, we have to connect these systems to digitally transform, or advance our business, there's opportunities to monetize, whatever it was. The business laid that out as an imperative. So now OT engineers have to rethink how they secure it. So what are the steps that they're taking and how does Claroty help? Is there a sort of a playbook, a sequential playbook? >> Absolutely, so before we discussed the maturity curve of adopting an CPS security, or OT security technology, let's touch upon the characteristic of the space and what it led vendors like Claroty to build. So you have the rigorous chain control. You have the security in mind, operations, lowered the risk state of mind. That led vendors, likes of Claroty, to build a solution. And I'm talking about seven, eight years ago, to be passive, mostly passive or passive only to inspect network and to analyze network and focus on detection rather than taking action like response or preventative maintenance. >> Um-hmm. >> It made vendors to build on-prem solutions because of the cloud-averse state of mind of this industry. And because OT is very specific, it led vendors to focus only on OT devices, overlooking what we discussed as IoT, Unfortunately, besides HMI and PLC, the controller in the plant, you also have the security camera. So when you install an OT security solution I'm talking about the traditional ones, they traditionally overlook the security camera or anything that is not considered traditional OT. These three observations, although they were necessary in the beginning, you understand the shortcomings of it today. >> Um-hmm. >> So cloud-averse led to on-prem which leads to war security. It's like comparing CrowdStrike and one of its traditional competitors in the antivirus space. What CrowdStrike innovated is the SaaS first, cloud-native solution that is continuously being updated and provide the best in cloud security, right? And that is very much like what Claroty's building. We decided to go SaaS first and cloud-native solution. >> So, because of cloud-aversion, the industry shows somewhat outdated deployment models, on-prem, which limited scale and created greater diversity, more stovepipes, all the problems that we always talk about. Okay, and so is the answer to that, just becoming more cloud, having more of an affinity to cloud? That was a starting point, right. >> This is exactly it. Air-gap is perceived as secured, but you don't get updates and you don't really know what's going on in your network. If you have a Claroty or a crosswork installer, you have much higher probability detecting fast and responding fast. If you don't have it, you are just blind. You will be bridged, that's the. >> I was going to say, plus, air-gap, it's true, but people can get through air-gaps, too. I mean, it's harder, but Stoxnet. Yeah, look at Stoxnet right, oh, it's mopping the floor, boom, or however it happened, but so yeah. >> Correct. >> So, but the point being, you know, assume that breach, even though I know CrowdStrike thinks that the unstoppable breach is a myth, but you know, you talk to people like Kevin Mandia, it's like, we assume you're going to get breached, right? Let's make that assumption. Yeah, okay, and so that means you've got to have visibility into the network. So what are those steps that you would, what's that maturity model that you referenced before? >> So on top of these underlying principles, which is cloud-native, comprehensive, not OT only, but XIoT, and then bring that the verticalization and OT specificity. On top of that, you're exactly right. There is a maturity curve. You cannot boil the ocean, deploy protections, and change the environment within one day. It starts with discovering everything that is connected to your network. Everything from the traditional workstations to the cameras, and of course ending up with the cyber physical systems on the network. That discovery cannot be only a high level profile, it needs to be in depth to the level you need to know application versions of these devices. If you cannot tell the application version you cannot correlate it to a vulnerability, right? Just knowing that's an HMI or that's a PLC by Siemens is insufficient. You need to know the app version, then you can correlate to vulnerability, then you can correlate to risk. This is the next step, risk assessment. You need to put up a score basically, on each one of these devices. A vulnerability score, risk score, in order to prioritize action. >> Um-hmm. >> These two steps are discovery and thinking about the environment. The next two steps are taking action. After we have the prioritized devices discovered on your network, our approach is that you need to ladle in and deploy protections from a preventative perspective. Claroty delivers recommended policies in the form of access control lists or rules. >> Right. >> That can leverage existing infrastructure without touching a device without patching it, just to protect it. The next step would be detection and response. Once you have these policies deployed you also can leverage them to spot policy deviations. >> And that's where CrowdStrike comes in. So talk about how you guys partner with CrowdStrike, what that integration looks like and what the differentiation is. >> So actually the integration with CrowdStrike crosses the the entire customer journey. It starts with visibility. CrowdStrike and us exchange data on the asset level. With the announcement during FalCon, with Falcon Discover for IoT, we are really, really proud working on that with CrowdStrike. Traditionally CrowdStrike discovered and provided data about the IT assets. And we did the same thing with CPS and OT. Today with Falcon Discover for IoT, and us expanding to the XIoT space, both of us look at all devices but we can discover different things. When you merge these data sets you have an unparalleled visibility into any environment, and specifically OT. The integrations continue, and maybe the second spotlight I'll put, but without diminishing the other ones, is detection and response. It's the XDR Alliance. Claroty is very proud to be one of the first partners, XDR Alliance partners, for CrowdStrike, fitting in to the XDR, to CrowdStrike's XDR, the data that is needed to mitigate and respond and get more context about breaches in these OT environments, but also take action. Also trigger action, via Claroty and leverage Claroty's network-centric capabilities to respond. >> We hear a lot. We heard a lot in today's keynote note about the data, the importance of data, of the graph database. How unique is this Stephan, in the industry, in your view? >> The uniqueness of what exactly? >> Of this joint solution, if you will, this capability. >> I told my counterparts from CrowdStrike yesterday, the go-to market ones and the product management ones. If we are successful with Falcon Discover for IoT, and that product matures, as we plan for it to mature, it will change the industry, the OT security industry, for all of us. Not only for Claroty, for all players in this space. And this is why it's so important for us to stay coordinated and support this amazing company to enter this space and provide better security to organizations that really support our lives. >> We got to leave it there, but this is such an important topic. We're seeing in the war in Ukraine, there's a cyber component in the future of war. >> Yes. >> Today. And what do they do? They go after critical infrastructure. So protecting that critical infrastructure is so important, especially for a country like the United States, which has so much critical infrastructure and a lot to lose. So Stephan, thanks so much. >> Thank you. >> For the work that you're doing. It was great to have you on theCUBE. >> Thank you. >> All right, keep it right there. Dave Vellante for theCUBE. We'll be right back from fal.con '22. We're live from the ARIA in Las Vegas. (techno music)

>>Hi, we're back. We're watching, you're watching the cube coverage of Falcon 2022 live from the aria in Las Vegas, Dave Valante with Dave Nicholson and we, yes, folks, there are females in the cyber security industry. Amanda Adams is here. So the vice president of America Alliance at CrowdStrike. Thanks for coming on. >>Thank you so much for having me. >>We it's, it's fantastic to, to actually, as I was starting to wonder, but we >>Do have females in leadership. >>Wait, I'm just kidding. There are plenty of females here, but this cybersecurity industry in general, maybe if we have time, we can talk about that, but I wanna talk about the, the Alliance program, but before I do, yeah. You know, you, you got a nice career here at CrowdStrike, right? You've kind of seen the ascendancy, the rocket ship you've been on it for five years. Yep. So what's that been like? And if you had to put on the binoculars and look five years forward, what can you tell us in that 10 year span? Oh >>My goodness. What a journey it's been over the last five, six years. I've been with CrowdStrike almost six years and really starting with our first core group of partners and building out the alliances, seen obviously the transformation with our sales organization. And as we scaled, I think of our, of our technology. We started with, I think, two products at that time, we were focused on reinventing how our customers thought about NextGen AB but also endpoint detection response. From there, the evolution is really driving towards that cloud security platform, right? How our partners fit into that. And, and how we've evolved is it's not just resell. It's not just focusing on the margin and transactions. We really have focused on building the strategic relationships with our partners, but also our customers and fitting them in that better together story with that CrowdStrike platform. It's been the biggest shift. Yeah. >>And you've got that. The platform chops for that. It's just, I think you're up to 22 modules now. So you're not a point product. You guys make that, that, that point lot now in terms of the, the partners and the ecosystem, you know, it's, it's, it's good here. I mean, it's, this it's buzzing. I've said it's like service. I've said, number of times, it's like service. Now back in 2013, I was there now. They didn't have the down market, the SMB that you have that's right. And I think you you're gonna have an order. You got 20,000 customers. That's right. I predict CrowdStrike's gonna have 200,000. I, I'm not gonna predict when I need to think about that. But, but in thinking about the, the, the co your colleagues and the partners and the skill sets that have evolved, what's critical today. And, and, and what do you see as critical in the future? >>So from a skill set standpoint, if I'm a partner and engaging with CrowdStrike and our customers, if you think about, again, evolving away from just resell, we have eight routes to market. So while that may sound complicated, the way that I like to think about it is that we truly flex to our partners, go to market their business models of what works best for their organization, but also their customers. The way that they've changed, I think from a skillset standpoint is looking beyond just the technology from a platform, building a better together story with our tech Alliance partners or store, if thinking about the XDR Alliance, which we are focusing on, there's so much great value in bringing that to our customers from a skillset standpoint, beyond those services services, we've talked about every day. I know that this is gonna be a top topic for the week yesterday through our partner summit, George, our CEO, as well as Jim Cidel, that's really the opportunity as we expand in new modules. If you think about humo or log scale identity, and then cloud our partners play a critical role when it comes into the cloud migration deployment integration services, really, we're not gonna get bigger from a services organization. And that's where we need our partners to step in. >>Yeah. And, you know, we we've talked a lot about XDR yeah. Already in day one here. Yeah. With, with the X extending into other areas. That's right. I think that services be, would become even more critical at that point, you know, as you spread out into the, really the internet of things that's right. Especially all of the old things that are out there that maybe should be on the internet, but aren't yet. Yeah. But once they are security is important. So what are you doing in that arena from a services perspective to, to bolster that capability? Is it, is it, is it internally, or is it through partners generally? >>It's definitely, I think we look to our partners to extend beyond the core of what we do. We do endpoint really well, right? Our services is one of the best in the business. When you look at instant response, our proactive services, supporting our customers. If you think to XDR of integration, building out those connect air packs with our customers, building the alliances, we really do work with our partners to drive that successful outcome with our customers. But also too, I think about it with our tech alliances of building out the integration that takes a lot of effort and work. We have a great team internally, which will help guide those services to be, to be built. Right. You have to have support when you're building the integrations, which is great, but really from like a tech Alliance and store standpoint, looking to add use cases, add value to more store apps for our customers, that's where we're headed. Right. >>What about developers? Do you see that as a component of the ecosystem in the future? Yeah, >>Without a doubt. I mean, I think that as our partner program evolves right now working with our, our developers, I mean, there's different personas that we work with with our customer standpoint, but from a partner working with them to build our new codes, the integration that's gonna be pretty important. >>So we were, we sort of tongue in cheek at the beginning of this interview yeah. With women in tech. And it's a, it's a topic that, on the cube that we've been very passionate about since day one yep. On the cube. So how'd you get in to this business? H how did your, your career progress, how did you get to where you are? >>You know, I have been incredibly fortunate to have connections, and I think it's who, you know, and your network, not necessarily what, you know, to a certain extent, you have to be smart to make it long term. Right. You have to have integrity. Do what you're saying. You're gonna do. I first started at Cisco and I had a connection of, it was actually a parent of somebody I grew up with. And they're like, you would fit in very nicely to Cisco. And I started with their channel marketing team, learned a ton about the business, how to structure, how to support. And that was the first step into technology. If you would've asked me 20 years ago, what did I wanna do? I actually wanted to be a GM of an organization. And I was coming outta I come on, which is great, which I'm, it really is right up. >>If you knew me, you're like, that actually makes a lot of sense. But coming outta college, I had an opportunity. I was interviewing with the golden state warriors in California, and I was interviewing with Cisco and that I had two ops and I was living in San Jose at the time. The golden state warriors of course paid less. It was a better opportunity in sales, but it was obviously where I wanted to go from athletics. And I grew up in athletics, playing volleyball. Cisco paid me more, and it was in San Jose. And really the, the golden state warriors seemed that I was having that conversation. They said, one year community is gonna be awful. It's awful from San Jose to Oakland, but also too, like you have more money on the table. Go take that. And so I could have very much ended up in athletics, most likely in the back office, somewhere. Like I would love that. And then from there, I went from Cisco. I actually worked for a reseller for quite some time, looking at, or selling into Manhattan when I moved from California to Manhattan, went to tenable. And that was when I shifted really into channel management. I love relationships, getting snow people, building partnerships, seeing that long term, that's really where I thrive. And then from there came to CrowdStrike, which in itself has been an incredible journey. I bet. Yeah. >>Yeah. I think there's an important thread there to pull on. And that is, we, we put a lot of emphasis on stem, which people, some sometimes translate into one thing, writing code that's right. There are, but would you agree? There are many, many, many opportunities in tech that aren't just coding. >>Absolutely. >>And I think I, as a father of three daughters, it's, it's a message that I have shared with them. Yeah. They are not interested in the coding part of things, but still, they need to know that there are so many opportunities and, and it's always, sometimes it's happenstance in terms of finding the opportunity in your case, it was, you know, cosmic connection that's right. But, but that's, you know, that's something that we can foster is that idea that it's not just about the hardcore engineering and coding aspect, it's business >>That's right. So if, if there was one thing that I can walk away from today is I say that all the time, right? If you look at CrowdStrike in our mission, we really don't have a mission statement. We stop breaches every single day. When I come to work and I support our partners, I'm not super technical. I obviously know our technology and I, I enable and train our partners, but I'm not coding. Right. And I make an impact to our business, our partners, more importantly, our customers, every single day, we have folks that you can come from a marketing operations. There is legal, there's finance. I deal with folks all across the business that aren't super technical, but are making a huge impact. And I, I don't think that we talk about the opportunities outside of engineering with the broader groups. We talk about stem a lot, but within college, and I look to see like getting those early in career folks, either through an intern program could be sales, but too, if they don't like, like sales, then they shift into marketing or operations. It's a great way to get into the industry. >>Yeah. But I still think you gotta like tech to be in the tech business. Oh, you >>Do? Yeah. You do. I'm >>Not saying it's like deep down is like, not all of us, but a lot of us are kind of just, you know, well, at least you, >>At least you can't hate it. >>Right. Okay. But so women, 50% of the population, I think the stat is 17% in the technology. Yeah. Industry, maybe it's changed a little bit, but you know, 20% or, or less, why do you think that is? >>I, you know, I always go back to within technology, people hire from their network and people that they know, and usually your network are people that are very like-minded or similar to you. I have referred females into CrowdStrike. It's a priority of mine. I also have a circle that is also men, but also too, if you look at the folks that are hired into CrowdStrike, but also other technology companies, that's the first thing that I go to also too. I think it's a little bit intimidating. Right. I have a very strong personality and I'm very direct, but also too, like I can keep up with our industry when it comes to that stereotypes essentially. And some people maybe are introverted and they're not quite sure where they fit in. Right. Whether it's marketing operations, et cetera. So they, they're not sure of the opportunities or even aware of where to get started. You know what I mean? >>Yeah. I mean, I think there is a, a, a stereotype today, but I'm not sure why it's, is it unique to the, to the technology industry? No. Is it not? Right? It happens >>Thinking, I mean, there's so many industries where healthcare, >>Maybe not so much. Right. Because you know, >>You have nurses versus doctors. I feel like that is flipped. >>Yeah. That's true. Nurses versus doctors. Right. Well, I, I know a lot of women doctors though, but >>Yeah. That's kind of flipped. It's better. >>Yeah. Says >>Flipped over. Yeah. I think it's more women in medical school now, but than than men. But, >>And, and I do think in our industry, you know, when you look at companies like IBM, HPE, Cisco, Dell, and, and, and many others. Yeah. They are making a concerted effort for on round diversity. They typically have somebody who's in charge of diversity. They report, you know, maybe not directly to the CEO, but they certainly have a seat at the table. That's right. And you know, maybe you call it, oh, it's quotas. Maybe the, the old white guys feel, you know, a little slighted, whatever. It's like, nobody's crying for us. I mean, it's not like we got screwed. >>See, I know problema we can do this in Spanish. Oh, oh, >>Oh, you're not a old white guy. Sorry. We can do >>This in Spanish if you want. >>Okay. Here we go. So, no, but, but, but I, so I do think that, that the industry in general, I talked to John Chambers about this recently and he was like, look, we gotta do way better. And I don't disagree with that. But I think that, I think the industry is doing better, but I wonder if like a rocket ship company, like CrowdStrike who has so many other things going on, you know, maybe they gotta get you a certain size. I mean, you've reached escape velocity. You're doing obviously a lot of corporate, you know, good. Yeah. You know, and, and, and, and we just had earlier on we, you know, motor motor guides was very cool. Yeah. So maybe it's a maturity thing. Maybe these larger companies with you crowd size $40 billion market cap, but maybe the, the hundred plus billion dollar market cap companies. I don't know. I don't know. You guys got a bigger market cap than Dell. So >>I, I don't think it's necessarily related to market cap. I think it's the size of the organization of how many roles are open that we currently write. So we're at just over 6,000 employees. If you look at Cisco, how many thousands of employees they have there's >>Right. Maybe a hundred thousand employees. >>That's right. There's >>More opportunities. How many, what's a headcount of crowd strike >>Just over 6,000, >>6,000. So, okay. But >>If you think about the, the areas of opportunity for advancement, and we were talking about this earlier, when you look at early and career or entry level, it's actually quite, even right across the Americas of, we do have a great female population. And then as progression happens, that's where it, it tees off from a, a female in leadership. And we're doing, we're focusing on that, right? Under JC Herrera's leadership, as well as with George. One of the things that I always think is important though, is that you're mindful as, as the female within the organization and that you're out seeking somebody, who's not only a mentor, but is a direct champion for you when you're not in the room. Right. This is true of CrowdStrike. It's true of every organization. You're not gonna be aware of the opportunities as the roles are being created. And really, as the roles are being created, they probably have somebody in mind. Right. And so if you have somebody that's in that room says, you know what, Amanda Adams would be perfect for that. Let's go talk to her about it. You have to have somebody who's your champion. Yeah. >>There there's, there's, there's a saying that 80% of the most important moments in your life happen in your absence. Yeah. And that's exactly right. You know, when they're, when someone needs to be there to champion, you, >>Did that happen for you? >>Yes. I have a very strong champion. >>So I mean, I, my observation is if, if you are a woman in tech and you're in a senior leadership position, like you are, or you're a, you're a general manager or a P and L manager or a CEO, you have to be so incredibly talented because all things being equal, maybe it's changing somewhat in some of those companies I talked about, but for the last 30 years, all takes be equal. A, a, a woman is gonna lose out to a man who is as qualified. And, and I think that's maybe slowly changing. Maybe you agree with that, maybe you don't. And maybe that's, some people think that's unfair, but you know, think about people of color. Right. They, they, they, they grew up with less op opportunities for education. And this is just the statistics that's right. Right. So should society overcompensate for that? I personally think, yes, the, the answer is just, they should, there should still be some type of meritocracy that's right. You know, but society has a responsibility to, you know, rise up all ships. >>I think there's a couple ways that you can address that through Falcon funds, scholarship programs, absolutely. Looking at supporting folks that are coming outta school, our internship program, providing those opportunities, but then just being mindful right. Of whether or not you publish the stats or not. We do have somebody who's responsible for D I, within CrowdStrike. They are looking at that and at least taking that step to understand what can we do to support the advancement across minorities. But also women is really, really important. >>Did you not have a good educational opportunity when you were growing up where you're like you had to me? Yeah, no, seriously, >>No. Seriously. I went to pretty scary schools. Right. >>Okay. So you could have gone down a really bad path. >>I, a lot of people that I grew up with went down really, really bad paths. I think the inflection point at, at least for me what the inflection point was becoming aware of this entire universe. Yeah. I was, I was headed down a path where I wasn't aware that any of this existed, when I got out of college, they were advertising in the newspaper for Cisco sales engineers, $150,000 a year. We will train. I'm a smart guy. I had no idea what that meant. Right. I could have easily gone and gotten one of those jobs. It was seven or eight years before I intersected with the tech world again. And so, you know, kind of parallel with your experience with you had someone randomly, it's like, you'd be great at Cisco. Yeah. But if, if you're not around that, and so you take people in different communities who are just, this might as well be a different planet. Yes. Yeah. The idea of eating in a restaurant where someone is serving you, food is uncomfortable, right? The idea of checking into a hotel, the idea of flying somewhere on an airplane, we talk about imposter syndrome. That's right. There are deep seated discomfort levels that people have because they just, this is completely foreign, but >>You're saying you could have foreign, you could have gone down a path where selling drugs or jacking cars was, was, was lucrative. >>I had, I had, yeah. I mean, we're getting, we're getting like deep into societal things. I was, I was very lucky. My parents were very, very young, but they're still together to this day. I had loving parents. We were very, very poor. We were surrounded by really, really, really bad stuff. So. >>Okay. So, so, okay. So this, >>I, I don't, I don't compare my situation to others. >>White woman. That's I guess this is my point. Yeah. The dynamic is different than, than a kid who grew up in the inner city. Yes. Right. And, and, and they're both important to address, but yeah. I think you gotta address them in different ways. >>Yes. But if they're, but if they're both completely ignorant of this, >>They don't know it. So it's lack of >>A, they'll never be here. >>You >>Never be here. And it's such a huge, this is such a huge difference from the rest of the world and from the rest, from the rest of our economy. >>So what would you tell a young girl? My daughters, aren't interested in tech. They want to go into fashion or healthcare, whatever Dave's daughters maybe would be a young girl, preteen, maybe teen interested in, not sure which path, why tech, what would advice would you give? >>I think just understanding what you enjoy about life, right? Like which skills are you great at? What characteristics about roles and not really focusing on a specific product. Definitely not cybersecurity versus like the broader network. I mean, literally what do you enjoy doing? And then the roles of, you know, from the skillset that's needed, whether that be marketing, and then you can start to dive into, do I wanna support marketing for a corporate environment for retail, for technology like that will come and follow your passion, which I know is so easy to say, right? But if you're passionate about certain things, I love relationships. I think that holding myself from integrity standpoint, leading with integrity, but building strong relationships on trust, that's something I take really pride in and what I get enjoyment with. It's >>Obviously your superpower. >>It, >>It is. >>But >>Then it will go back to OST too, just being authentic in the process of building those relationships, being direct to the transparency of understanding, like again, knowing what you're good at and then where you can fit into an organization, awareness of technology opportunities, I think will all lend that to. But I also wouldn't worry, like when I was 17 year old, I, I thought I would be playing volleyball in college and then going to work for a professional sports team. You know, life works out very differently. Yeah. >>Right. And then, and for those of you out there, so I love that. Thank you for that great interview. Really appreciate letting us go far field for those of you might say, well, I don't know, man. I don't know what my passion is. I'll give you a line from my daughter, Alicia, you don't learn a lot for your kids. She said, well, if you don't know what your passion is, follow your curiosity. That's great. There you go. Amanda Adams. Thanks so much. It was great to have you on. Okay. Thank you. Keep it right there. We're back with George Kurtz. We're to the short break. Dave ante, Dave Nicholson. You watching the cube from Falcon 22 in Las Vegas.

foreign okay we're back at Falcon 2022 crowdstrike's big user conference first time in a couple of years obviously because of kova this is thecube's coverage Dave vellante and Dave Nicholson wall-to-wall coverage two days in a row Michael Rogers the series the newly minted vice president of global alliances at crowdstrike Michael first of all congratulations on the new appointment and welcome to the cube thank you very much it's an honor to be here so dial back just a bit like think about your first hundred days in this new role what was it like who'd you talk to what'd you learn wow well the first hundred days were filled with uh excitement uh I would say 18 plus hours a day getting to know the team across the globe a wonderful team across all of the partner types that we cover and um just digging in and spending time with people and understanding uh what the partner needs were and and and and it was just a it was a blur but a blast I agree with any common patterns that you heard that you could sort of coalesce around yeah I mean I think that uh really what a common thing that we hear at crowdstrike whether it's internal is extra external is getting to the market as fast as possible there's so much opportunity and every time we open a door the resource investment we need we continue to invest in resources and that was an area that we identified and quickly pivoted and started making some of those new investments in a structure of the organization how we cover Partners uh how we optimize uh the different routes to Market with our partners and yeah just a just a it's been a wonderful experience and in my 25 years of cyber security uh actually 24 and a half as of Saturday uh I can tell you that I have never felt and had a better experience in terms of culture people and a greater mission for our customers and our partners you'll Max funny a lot of times Dave we talk about this is we you know we learned a lot from Amazon AWS with the cloud you know taking something you did internally pointing it externally to Pizza teams there's shared responsibility model we talk about that and and one of the things is blockers you know Amazon uses that term blocker so were there any blockers that you identified that you're you're sort of working with the partner ecosystem to knock down to accelerate that go to market well I mean if I think about what we had put in place prior and I had the benefit of being vice president of America's prior to the appointment um and had the pleasure of succeeding my dear friend and Mentor Matthew Pauley um a lot of that groundwork was put in place and we work collectively as a leadership team to knock down a lot of those blockers and I think it really as I came into the opportunity and we made new Investments going into the fiscal year it's really getting to Market as fast as possible it's a massive Target addressable market and identifying the right routes and how to how to harness that power of we to drive the most value to the marketplace yeah what is it what does that look like in terms of alliances alliances can take a lot of shape we've we've talked to uh service providers today as an example um our Global Systems integrators in that group also what what is what does the range look like yeah I mean alliances at crowdstrike and it's a great question because a lot of times people think alliances and they only think of Technology alliances and for us it spans really any and all routes to Market it could be your traditional solution providers which might be regionally focused it could be nationally focused larger solution providers or Lars as you noted service providers and telcos global system integrators mssps iot Partners OEM Partners um and store crouchstrike store Partners so you look across that broad spectrum and we cover it all so the mssps we heard a lot about that on the recent earnings call we've heard this is a consistent theme we've interviewed a couple here today what's driving that I mean is it the fact that csos are just you know drowning for talent um and why crowdstrike why is there such an affinity between mssps and crowdstrike yeah a great question we um and you noted that uh succinctly that csos today are faced with the number one challenge is lack of resources and cyber security the last that I heard was you know in the hundreds of thousands like 350 000 and that's an old stat so I would venture to Guess that the open positions in cyber security are north of a half a million uh as we sit here today and um service providers and mssps are focused on providing service to those customers that are understaffed and have that Personnel need and they are harnessing the crowdstrike platform to bring a cloud native best of breed solution to their customers to augment and enhance the services that they bring to those customers so partner survey what tell us about the I love surveys I love data you know this what was the Genesis of the survey who took it give us the breakdown yeah that's a great question no uh nothing is more important than the feedback that we get from our partners so every single year we do a partner survey it reaches all partner types in the uh in the ecosystem and we use the net promoter score model and so we look at ourselves in terms of how we how we uh rate against other SAS solution providers and then we look at how we did last year and in the next year and so I'm happy to say that we increased our net promoter score by 16 percent year over year but my philosophy is there's always room for improvement so the feedback from our partners on the positive side they love the Falcon platform they love the crowdstrike technology they love the people that they work with at crowdstrike and they like our enablement programs the areas that they like us to see more investment in is the partner program uh better and enhanced enablement making it easier to work with crowdstrike and more opportunities to offer services enhance services to their customers dramatic differences between the types of Partners and and if so you know why do you think those were I mean like you mentioned you know iot Partners that's kind of a new area you know so maybe maybe there was less awareness there were there any sort of differences that you noticed by type of partner I would say that you know the areas or the part the partners that identified areas for improvement were the partners that that uh either were new to crowdstrike or they're areas that we're just investing in uh as as we expand as a company and a demand from the market is you know pull this thing into these new routes to Market um not not one in particular I mean iot is something that we're looking to really blow up in the next uh 12 to 18 months um but no no Common Thread uh consistent feedback across the partner base speaking of iot he brought it up before it's is it in a you see it as an adjacency to i-team it seems like it and OT used to never talk to each other and now they're increasingly doing so but they're still it still seems like different worlds what have you found and learned in that iot partner space yeah I mean I think the key and we the way we look at the journey is it starts with um Discovery discovering the assets that are in the OT environment um it then uh transitions to uh detection and response and really prevention and once you can solve that and you build that trust through certifications in the industry um you know it really is a game changer anytime you have Global in your job title first word that comes to mind for me anyway is sovereignty issues is that something that you deal with in this space uh in terms of partners that you're working with uh focusing on Partners in certain regions so that they can comply with any governance or sovereignty yeah that's that's a great question Dave I mean we have a fantastic and deep bench on our compliance team and there are certain uh you know parameters and processes that have been put in place to make sure that we have a solid understanding in all markets in terms of sovereignty and and uh where we're able to play and how that were you North America before or Americas uh Americas America so you're familiar with the sovereignty issue yeah a little already Latin America is certainly uh exposed me plenty of plenty of that yes 100 so you mentioned uh uh Tam before I think it was total available Market you had a different word for the t uh total addressable Mark still addressable Market okay fine so I'm hearing Global that's a tam expansion opportunity iot is definitely you know the OT piece and then just working better um you know better Groove swing with the partners for higher velocity when you think about the total available total addressable market and and accelerating penetration and growing your Tam I've seen the the charts in your investor presentation and you know starts out small and then grows to you know I think it could be 100 billion I do a lot of Tam analysis but just my back a napkin had you guys approaching 100 billion anyway how do you think about the Tam and what role do Partners play in terms of uh increasing your team yeah that's a great question I mean if you think about it today uh George announced on the day after our 11th anniversary as a company uh 20 000 customers and and if you look at that addressable Market just in the SMB space it's north of 50 million companies that are running on Legacy on-prem Solutions and it really provides us an opportunity to provide those customers with uh Next Generation uh threat protection and and detection and and response partners are the route to get there there is no doubt that we cannot cover 50 50 million companies requires a span of of uh of of of a number of service providers and mssps to get to that market and that's where we're making our bets what what's an SMB that is a candidate for crowdstrike like employee size or how do you look at that like what's the sort of minimum range yeah the way we segment out the SMB space it's 250 seats or endpoints and below 250 endpoints yes right and so it's going to be fairly significant so math changes with xdr with the X and xdr being extended the greater number of endpoints means that a customer today when you talk about total addressable Market that market can expand even without expanding the number of net new customers is that a fair yeah Fair assessment yep yeah you got that way in that way but but map that to like company size can you roughly what's the what's the smallest s that would do business with crowdstrike yeah I mean we have uh companies as small as five employees that will leverage crowd strike yeah 100 and they've got hundreds of endpoints oh no I'm sorry five uh five endpoints is oh okay so it's kind of 250 endpoints as well like the app that's the sweets that's it's that's kind of the Top Line we look at and then we focus oh okay when we Define SMB it's below so five to 250 endpoints right yes and so roughly so you're talking to companies with less than 100 employees right yeah yeah so I mean this is what I was talking about before I say I look around the the ecosystem myself it kind of reminds me of service now in 2013 but servicenow never had a SMB play right and and you know very kind of proprietary closed platform not that you don't have a lot of propriety in your platform you do but you they were never going to get down Market there and their Tam is not as big in my view but I mean your team is when you start bringing an iot it's it's mind-boggling it's endless how large it could be yeah all right so what's your vision for the Elevate program partner program well I I look at uh a couple things that we've we've have in place today one is um one is we've we've established for the first time ever at crowdstrike the Alliance program management office apmo and that team is focused on building out our next Generation partner program and that's you know processes it's you know uh it's it's ring fencing but it's most important importantly identifying capabilities for partners to expand to reduce friction and uh grow their business together with crowdstrike we also look at uh what we call program Harmony and that's taking all of the partner types or the majority of the partner types and starting to look at it with the customer in the middle and so multiple partners can play a role on the journey to bringing a customer on board initially to supporting that customer going forward and they can all participate and be rewarded for their contribution to that opportunity so it's really a key area for us going forward Hub and spoke model with the center of the that model is the customer you're saying that's good okay so you're not like necessarily fighting each other for for a sort of ownership of that model but uh cool Michael Rogers thanks so much for coming on thecube it was great to have you my pleasure thank you for having me you're welcome all right keep it right there Dave Nicholson and Dave vellante we'll be right back to Falcon 22 from the Aria in Las Vegas you're watching thecube foreign [Music]

>>We're back with the cube at Falcon 2022, Dave ante and Dave Nicholson. We're at the aria. We do obvious of course, a lot of events in Las Vegas. It's the, it's the place to do events. Dave, I think is my sixth or seventh time here this year. At least. I don't know. I lose track. Jeff Swayne is here. He's the vice president of global programs store and tech alliances at CrowdStrike. Jeff. Good to see again. We saw each other at reinvent in July in Boston. >>Yes. Have it's great to see you again, Dave. Thank you very >>Much. And we talked about making this happen, so it's thrilled to be here at, at, at CrowdStrike Falcon. We're gonna talk today about the CrowdStrike XDR Alliance partners. First of all, what's XDR >>Well, I hope you were paying attention to George's George's keynote this morning. I guess. You know, the one thing we know is that if you ask 10, five people, what XDR is you'll get 10 answers. >>I like this answer a holistic approach to endpoint security. I, that was a, >>It was good. Simple. That >>Was a good one at black hat. So, but tell us about the XDR Alliance partners program. Give us the update there. >>Yeah, so I mean, we spoke about it reinforced, you know, the XDR program is really predicated on having a robust ecosystem of partners to help us share that telemetry across all of the different parts of our customers' environment. So we've done a lot of work over the last few weeks and trying to bolster that environment, specifically, putting a, a lot of focus on firewall. You'll see that Cisco and fortunate have both joined the XD XDR Alliance. So we're working on that right now. A lot of customer demand for firewall data into the telemetry set. You know, obviously it's a very rich data environment. There's a lot of logs on firewalls. And so it drives a lot of, of, of information that we can, we can leverage. So we're continuing to grow that. And what we're doing is building out different content packs that support different use cases. So firewall is one CAS B is another emails another and we're building, building out the, the partner set right across the board. So it's, it's, it's been a, a great set of >>Activity. So it's it's partners that have data. Yep. There's probably some, you know, Joe, Tuchi your old boss used to say that that overlap is better than gaps. So there's sometimes there's competition, but that's from a customer standpoint, overlap is, is better than gaps. So you gonna mention Cisco forte and there are a number of others. They've got data. Yes. And they're gonna pump it into your system, our platform, and you've got the, your platform. You've got the ability to ingest. You've got the cloud native architecture, you've got the analytics and you've got the near real time analysis capability, right. >>Augmented by people as well, which is a really important part of our value proposition. You know, we, it's not just relying purely on AI, but we have a human, a human aspect to it as well to make sure we're getting extremely accurate responses. And then there's the final phase is the response phase. So being able to take action on a CASB, for example, when we have a known bad actor operating in the cloud is a really important, easy action for our customer to take. That's highly valuable. You're >>Talking about your threat hunting capability, right? >>So threat hunting and our Intel capability as well. We use all of that information as well as the telemetry to make sure we're making good, actionable >>Decisions, Intel being machine intelligence or, or human in >>Machine human and human and machine intelligence that we have. We have a whole business that's out there gathering Intel. I believe you're thinking to Adam Myers who runs that business. And you know, that Intel is critical to making good decisions for our customers. >>So the X and XDR is extended, correct. Extending to things like firewalls. That's pretty obvious in the security space. Are there some less obvious data sources that you look to extend to at some point? >>Yeah, I think we're gonna continually go with where the customer demand is. Firewalls is one of the first and email is very significant. Other one, you'll see that we're announcing support for Microsoft 365 as well as part of this, this announcement, but then we'll still grow out into the other areas. NDR is, you know, a specific area where we've already got a number of partners in that, in that space. And, and we'll grow that as we go. I think one of the really exciting additional elements is the, the OCS F announcement that we made at at, at, at, at reinforced, which also is a shared data scheme across a number of vendors as well. So talking to Mike's point Microsoft's point this morning in his keynote, it's really about the industry getting together to do better job for our customers. And XDR is the platform to do that. And crowd strikes it way of doing it is the only really true, visible way for a customer to get their hands on all that information, make the decision, see the good from the bad and take the action. So I feel like we're really well placed to help our customers in >>That space. Well, Kevin, Mandy referenced this too today, basically saying the industry's doing a better job of collaboration. I mean, sometimes I'm skeptical because we've certainly seen people try to, you know, commercialize private information, private reports. Yeah. But, but, but you're talking about, you know, some of your quasi competitors cooperatives, you know, actually partnering with you now. So that's a, that's a good indicator. Yeah. I want to step back a little bit, talk about the macro, the big conversation on wall street. Everybody wants to talk about the macro of course, for obvious reasons, we just published our breaking analysis, talking about you guys potentially being a generational company and sort of digging into that a little bit. We've seen, you know, cyber investments hold up a little bit better, both in terms of customer spending and of course the stock market better than tech broadly. Yeah. So in that case it would, it would suggest that cyber investments are somewhat non-discretionary. So, but that's is my question are cyber investments non-discretionary if so, how, >>You know, I think George George calls that out directly in our analyst reports as well that, you know, we believe that cyber is a non-discretionary spend, but I, I actually think it's more than that. I think in this current macro of economic environment where CIOs and CSOs are being asked to sweat their assets for a significantly longer period of time, that actually creates vulnerabilities because they have older kit, that's running for a longer period that they normally, you know, round out or churn out of their environment. They're not getting the investment to replace those laptops. They're not getting the investment to replace those servers. We have to sweat them for a little bit longer, longer, which means they need to be on top of the security posture of those devices. So that means that we need the best possible telemetry that we can get to protect those in the best possible way. So I actually think not only is it makes it non-discretionary, it actually increases the, the business case for, for, for taking on a, a cyber project. >>And I buy that. I buy that the business case is better potentially for cyber business case. And cyber is about, about risk reduction, right? It's about, it's about reducing expected loss. I, I, I, I, but the same time CISOs don't have an open wallet. They have to compete with other P and L managers. I also think the advantage for CrowdStrike I'm, I'm getting deeper into the architecture and beginning to understand the power of a lightweight agent that can do handle. I think you're up to 22 modules now, correct? Yes. I've got questions on how you keep that lightweight, but, but nonetheless, if you can consolidate the point tools, which is, you know, one of the biggest challenges that, that SecOps teams face that strengthens the ROI as well. >>Absolutely. And if you look at what George was saying this morning in the keynote, the combination of being able to provide tools, not only to the SecOps team, but the it ops team as well, being able to give the it ops team visibility on how many assets they have. I mean, these simple, these are simple questions that we should be able to answer. But often when we ask, you know, an operations leader, can you answer it? It sometimes it's hard for them. We actually have a lot of that information. So we are able to bring that into the platform. We're able to show them, we're able to show them where the assets are, where the vulnerabilities are against those assets and help it ops do a better job as well as SecOps. So the, the strength, the case strengths, as you said, the CSO can also be talking to the it ops budget. >>The edge is getting more real. We're certainly hearing a lot about it. Now we're seeing a lot more and you kind of got the, the near edge. It's like the home Depot and the lows, you know, stores okay. That I, I can get a better handle on, okay. How do I secure that? I've got some standards, but that's the far edge. It's, it's the, the OT yes. Piece of it. That's sort of the brave new world. What are you seeing there? How do you protect those far flung estates? >>I think this gets back to the question of what's what's new what's coming and where do we see the, the next set of workloads that we have to tackle? You know, when we came along first instance, we were really doing a lot of the on-prem on-prem and, and, and known cloud infrastructure suites. Then we started really tackling the broader cloud market with tools and technology to give visibility and control of the overall cloud environment. OT represents that next big addressable market for us, because there are so many questions around devices where they are, how old they are, what they're running. So visibility into the OT network is extremely, extremely important. And, you know, the, the wall that has existed again between the CISO and the OT environments coming down, we're seeing that's closer, closer alignment between the security on both those worlds. So the announcement that we've made around extending our Falcon discover product, to be able to receive and understand device information from the OT network and bring it into the same console as the, the it and the OT in the same console to give one cohesive picture of, of visibility of all of our devices is a major step forward for our customers and for, for the industry as well. >>And we see that being, being able to get the visibility will then lead us to a place of being able to build our AI models, build our response frameworks. So then we can go to a full EDR and then beyond that, there's, you know, all the other things that CrowdStrike do so well, but this is the first step to really the first step on control is visibility. And >>The OT guys are engineers. So they're obviously conscious of this stuff. It's, it's more it's again, you're extending that culture, isn't it? >>Yeah, yeah, yeah. Now when you're looking at threats, great, you want to do things to protect against those threats, but how much, how much of CrowdStrike's time is spent thinking about the friction that's involved in transactions? If I wanna go to the grocery store, think of me as an end point. If I wanna go to the grocery store, if I had to drive through three DUI checkpoints or car safety inspections, every time I went to the grocery store, I wouldn't be happy as an end point as an end user in this whole thing. Ideally, we'd be able just to be authenticated and then not have to worry about anything moving forward. Do you see that as your role, reducing friction >>100%, that's again, one of the core tenants of, of, of why George founded the company. I mean, he tells the story of sitting on an airplane and seeing an executive who was also on the airplane, trying to boot their machine up and trying, and get an email out before the plane took off and watching the scanning happen, you know, old school virus scanning happening on the laptop and, and that executive not making it because, and he is like in this day and age, how can we be holding people back with that much friction in their day to day life? So that's one of the, again, founding principles of what we do at CrowdStrike was the security itself needs to support business growth, support, user growth, and actually get out of the way of how people do things. And we've seen progression along that lines. I think the zero trust work that we're doing right now really helps with that as well. >>Our integrations into other companies that play within the zero trust space makes that frictionless experience for the user, because yeah, we, we, we want to be there. We want to know everything that's happening, but we don't want to see where we always want control points, but that's the value of the telemetry we take. We're taking all the data so that we can see everything. And then we pick what we want to review rather than having to do the, the checkpoint approach of stop here. Now, let me see your credentials stop here. And let me see your credentials because we have a full field of, of knowledge and information on what the device is doing and what the user is doing. We're able to then do the trust with verify style approach. >>So coming back to the, to the edge and IOT, you know, bringing that zero trust concept to the, to the edge you've got, you've got it and OT. Okay. So that's a new constituency, but you're consolidating that view. Your job gets harder. Doesn't it? So, so, so talk about how you resolve that. Do do the, do the concepts that you apply to traditional it endpoints apply at the edge. >>So first things we have to do is gain the visibility. And, and so the way in which we're doing that is effectively drawing information out from the OT environment at, by, by having a collector that's sitting there and bringing that into our console, which then will give us the ability to run our AI models and our other, you know, indications of attack or our indications of misconfiguration into the model. So we can see whether something's good or bad whilst we're doing that. Obviously we're also working on building specific sensors that will then sit in OT devices down, you know, one layer down from rather being collected and pulled and brought into the platform, being collected at the individual sensor level when we have that completed. And that requires a whole different ecosystem for us, it means that we have to engage with organizations like Rockwell and Siemens and Schneider, because they're the people who own the equipment, right? Yeah. And we have to certify with them to make sure that when we put technology onto their equipment, we're not going to cause any kind of critical failure that, you know, that could have genuine real world physical disastrous consequences. So we have to be super careful with how we build that, which we're we're in the process of doing >>Are the IOA signatures indicator as a tax. So I don't have to throw a dollar in the jar, are the IOA signatures substantially similar at, at the edge? I think >>We learn as we go, you know, first we have to gain the information and understand what good and bad looks like, what the kind of behaviors are there. But what we will see is that, you know, as someone's trying to make, if there's an actor, you know, making an attack, you know, we'll be able to see how they're affecting each of those end points individually, whether they're trying to take some form of control, whether they're switching them on and off in the edge and the far edge, it's a little bit more binary in terms of the kind of function of the device. It is the valve open or is the valve closed? It's is the production line running or is the production not line running, not running. So we need to be able to see that it's more about protecting the outcomes there as well. But again, you know, it's about first, we have to get the information. That's what this product will help us do. Get it into the platform, get our teams over the top of it, learn more about what's going on there and then be able to take action. >>But the key point is the architecture will scale. That's where the cloud native things >>Comes into. Yeah, it'll, it'll it'll scale. But to your, to your point about the lack of investment and infrastructure means older stuff means potentially wider gaps, bigger security holes, more opportunity for the security sector. Yep. I buy that. That makes sense. I think if it's a valid argument, when you, when you, when you know, we, we loosely talk about internet of things, edge, a lot of those things on the edge, there's probably a trillion dollars worth of a hundred year old garbage, and I'm only slightly exaggerating on the trillion and the a hundred years old, a lot of those critical devices that need to be sensed that are controlling our, our, our, our electrical grid. For example, a lot of those things need to be updated. So, so as you're pushing into that frontier, are you, you know, are, are you extending out developer kits and APIs to those people as they're developing those new things, right? Because some of the old stuff will never work. >>And that's what we're we're seeing is that there is a movement within the industrial control side of things to actually start, you know, doing this. Some, some simple things like removing the air gap from certain systems, because now we can build a system around it, that's trustable and supportable. So now we can get access there over, over and over a network over the internet to, to, to kind of control a valve set that's down a pipeline or something like that. So there is a, there is, there is willingness within the ecosystem, the, the IOT provider ecosystem to give us access to some of those, those controls, which, which wasn't there, which has led to some of some of these issues. Are we gonna be able to get to all of them? No, we're gonna have to make decisions based on customer demand, based on where the big, the big rock lie. And, and so we will continue to do that based on customer feedback on again, on what we see >>And the legacy air gaps in the OT worlds were by design for security reasons, or just sort of, >>I see. Because there was no way to, to do before. Right. So it was, was like >>Lack connectivity is, >>Yeah. So, so, so it was, people felt more comfortable sending an engineer route to the field truck roll. Yeah, yeah, yeah. To do it rather than expensive, rather. And, and exactly that, again, going back to our macro economic situation, you know, it's a very expensive way of managing and maintaining your fleet if you have to send someone to it every time. So there is a lot of there's, there's a lot of customer demand for change, and we're engaging in that change. And we want to see a huge opportunity there >>Coming back to the XDR Alliance, cuz that's kind of where we started. Where do you wanna see that go? What's your vision for that? >>So the Alliance itself has been fundamental in terms of now where we go with the overall platform. We are always constantly looking for customer feedback on where we go next on what additional elements to add. The, the Alliance members have video this fantastic time and effort in terms of engaging with us so that we can build in responses to their platforms, into, you know, into, into what we do. And they're seeing the value of it. I, I feel that over the next, you know, over the next two year period, we're gonna see those, our XDR Alliance and other XDR alliances growing out to get to each other and they will they'll touch each other. We will have to do it like this O project at AWS. And as that occurs, we're gonna be able to focus on customer outcomes, which is, you know, again, if you listen to George, you listen to Mike protecting the customers, the mission of CrowdStrike. So I think that's core to that, to, to that story. What we will see now is it's a great vehicle for us to give a structured approach to partnership. So we'll continue to invest in that. We've, we've got, we've got a pipeline of literally hundreds of, of partners who want to join. We've just gotta do that in a way that's consumable for us and consumable for the customer. >>Jeff Swain. Thanks so much for coming back in the cube. It's great to have you. Yeah. Thanks guys. Thank you. Okay. And thank you for watching Dave Nicholson and Dave ante. We'll be back right to this short break. You're watching the cube from Falcon 22 in Las Vegas, right back.

(upbeat music) >> Welcome back to Boston. The CUBE's coverage of AWS Re-inforce 2022. This is our second live Re-inforce. We did two in the middle that were all digital. Aaron Brown is here as US AWS cyber leader for Deloitte and Ryan Orsi the cloud foundation leader for partners for Amazon Web Services. Jen, welcome to The CUBE. >> Thanks for having us. >> Thanks. >> Nice to see you. Tell us about the story of Deloitte in cyber and then we'll get it to Deloitte cyber on AWS, or maybe even start there. >> Yeah, sure. I mean, obviously Deloitte, one of the largest cyber consultancies in the world, we've been working with AWS for a very long time. 2013, I was involved with, you know, the first Alliance agreement with them. And then we've been in cloud managed services about five years delivering workloads for clients. We have over 200 clients on that platform and then about a year and a half ago or so, the MSSP program came and it made a ton of sense to us, right? To really level the playing field and gave us a chance to really come out and demonstrate, you know, our capability around MSSP. >> The MSSP program, I saw a slide yesterday in keynote and in the analyst program was, you know, there's technology partners, there's MSSP partners. Explain the MSSP partner. >> Sure, sure. So at the Database Partner Network, we break it down. The program is called the level one MSSP Competency Program. And it is for both those companies that are sort of more of a software company with a managed service and those that are more of a pure service company, it's for both, but it's the general concept, it hosts the community of partners like Deloitte with a concentrated talent pool around 24 by 7 monitoring and response of AWS security events. >> So what is Deloitte? Deloitte's not a pure software play. It's not a pure services play anymore. It's sort of a mixture. >> Yeah, you know, asset enabled services, right? It's the way that we look at it. So, yeah, we're definitely not trying to compete with software companies out there, but we do have assets, right? So we do everything as infrastructure as code and that allows us to deploy our solutions into client environments really quickly. So where you might spend months on third party tool integrations, we leverage all native AWS tools in our standard offering and we can deploy into a client and get those services up and running in a couple of weeks. >> So you sell your software as an integrated service, is that correct? You don't- >> It's service, it's really is service. We sell a metered service. >> You don't sell your software separately? >> No. >> I should say it differently. You include your software as part of the service, is that right? >> Yeah, it is. But actually there's another element. There are obviously some clients who don't want to be in a managed service in perpetuity. And so those same assets that I talked about that we use for MSSP, you know, for the right clients, we don't just give away everything to anybody but for the right clients, for the right engagement, we will work with clients to help them build the capability that they need to run it themselves. And our solution is built in a way where they can do that. Right? We have a base component and a variable component to the solution and we will impart those assets to a client, you know, if the situation is right. >> Okay. So you'll actually transfer the software, but would you charge for that? >> Yeah, certainly, but there's obviously a big service component that goes into it. Right? >> And that's really where your expertise is. >> Yeah, we don't have like a standard, you know, list price but we'll work with clients to basically help them build out that capability because frankly the the market moves so fast that you need a constant capability and engine to update that solution. It's not something that, you know, you're going to sell and someone's just going to use that out of the box for the next five years. >> But a lot of the value that seems that Deloitte brings is you don't run from customization. You welcome that. You, you know, if a client says, hey, I need this special and that special, or whatever it is you'll go attack. You have the staff, the talent to attack that problem. And you use software in areas where you can have repeatability and it helps you scale and be more productive. Is that a fair way to think about it? >> Yeah, that's right. I mean, I guess one of the phrases that we use is we like big hairy problems, right? That's sort of our sweet spot. The, you know, the very simple, hey, I need a couple of guys to do a couple of things, typically, we're not the right firm for that. So, yes, we use the assets cause we realize like, hey, you know, out of everything that needs to be done, there's a significant portion of this that everybody needs more or less the same way. And then we build that, we build the automation to get it in and then we have that variable component working with clients to say, hey, let's make this work in your environment. We use a combination of AWS Native services, but then, you know, some clients have investments in third party tools and we can work with that. >> So it's a perfect match for AWS cause you guys are all about providing tools for builders and here's some primitives, some APIs and Go, we don't want that highly customized snowflake for every single client. >> Exactly. I mean, that's what I feel like the partnership with Deloitte is really bringing to the table for everybody and our mutual customers and builders out there that we both work with is again, they don't run from complexity or customization that security can be complex. It can be hard, Deloitte's helping making it much easier. The AWS partner network is helping kind of bring the ecosystem together and of software service, architectures that AWS recommend for like a security best practice around what to monitor, how to respond, what kind of enriched data should be added to that security finding and kind of pushing that out through our partnerships with it such as Deloitte. >> One of the things that, I mean, certainly big takeaway from this event, the security tracks that reinvent, previous Re-inforce events is AWS imparting, educating its customers on best practice and how tos and things that they should be thinking about, you know, do this, don't do that. In 2019, it was a lot about, hey guys, there's this shared responsibility model and kind of explaining that, we're way, way beyond that now, should we think about Deloitte sort of as an extension of that best practice AWS expertise that can be applied at your clients? I'll go to Deloitte because I don't have the talent to deal with that. I mean, I got talented people, but I just don't have enough of them. >> Exactly. Yeah. Yeah. And that's really, you know, our offerings tend to be comprehensive across all the domains. And like I said, the full life cycle of security operations all the way from, you know, identify the issue to resolve it and recover from it. And, you know, when we look at the shared responsibility model, you know, we like to say, hey, we will take you really far up that stack, that customer responsibility area, you know, for our service, we cover a significant portion of that landscape on our client's behalf cause, you know, what do they care about? Deploying workloads, getting the application running, right? Security is just another one of those important, necessary things, but it just sort of standing between you and the business value of your workload. >> And your ideal target customer would be a large medium up to a large enterprise or is all exclusively large or? >> Definitely not exclusively large. You know, the fact that we have all the automation that we do, we have a significant portion of our security operations folks are offshore allows us to be really competitive. And so we're able to serve clients that maybe, you know, in years past wouldn't have been what you'd think of as traditional. So like clients leveraging the marketplace, you know, we're able to serve that market segment. >> So billion dollar up kind of revenue? Odes that sound about right? >> Yeah. Even south of that a bit. >> Okay. So maybe half a billion or 500 million up. >> Yeah. >> Okay. So thinking about that ideal sort of profile, if you don't know, you don't know, I'm going to ask you to guess. >> Yeah. >> What percent of those target companies, enterprises, have a SOC? Is it 100%, 50%, you know, or are you- >> 75, 75% most so. >> Okay. So let's say 3/4. >> Yeah. >> So you compliment the SOC, right? You're not the SOC, but you may be in some cases? >> Depending, now we're talking about it's a function of what their IT enterprise landscape looks like. If they're 100% AWS, yeah. If you're born in the cloud startup and, you know, you don't do anything else and we have, you know, we have a few of those. Right. And they want to give us everything. They're like, you know, our security guys just going to kind of understand what you guys are doing and feel good about it. Yeah. We do that. But for the most, there is an existing SOC. Right. And so what we do is we leverage, you know, an ITSM software to e-bond with our clients service management functions so that when we're generating tickets, they have full visibility to what's going on. We're still resolving things on their behalf, we need to communicate with some clients, right? Cause a lot of security issues that need to get resolved require engagement with the asset owner. So we're not just a black box. So we do have to talk to folks on the ground at the client to resolve issues. >> And that's actually one thing that really impressed me to getting to know Aaron and his team more and more throughout this journey together in the partnership is they're not throwing alerts over the fence to the customers SOC team saying, well, here's some recommended remediation steps, they're actually rolling up their sleeves and doing some remediation themselves and informing the customer. This was taken care of for you. I think that's really unique. >> Yeah. In addition to, you know, our solution obviously has a bunch of auto-remediations, you know, that we do as part of the solution. >> So what's the engagement like? What's the conversation like when people come to you? Say I have a problem, it's blank, right? What are the typical blank- >> You know, a lot of it has been organizations where there's either a business unit that has kind of maybe off run and doing their own thing. And, you know, it's only sort of come to light with the compliance and security organization inside the client that like, hey, these guys maybe need some help. And boy, we're really strapped. We don't have the people cause talent's so tight to go help these guys and make them get it right. We're going to go ahead and keep them kind of off to the side. And you know, we'll do this managed service to help get that addressed. And then another typical scenario is when companies are acquired. So, you know, organization buys a company and they've got a preexisting. Again, they look under the covers and they're like, oh, these guys really need some help because of the way that we deploy everything as infrastructure as code really very quickly, it's a great way to just kind of get it sorted. It's a metered service. So it's not some massive investment that they have to make. We could just get it sorted out until maybe they get a chance to process and actually onboard that new entity into their enterprise structure. So as part of the MSSP program within AWS, you got to be really good at understanding how to utilize the AWS portfolio of cyber security services natively. So you do that, does that check the box on everything you need or do clients typically say, no, no, you got to integrate with all this other mess that I have there. Can you sweep that mess aside and say, hey, I can do this all in the cloud or what's that dynamic like? >> The answer is, yes, both. Right? So, you know, typically clients will have significant investments in existing third party tools and then either politically because of the investment or from a practical standpoint it makes sense to integrate those. Now that does slow down, you know, the deployment and the customization a bit, but, you know, and a lot of times that makes sense for the client. >> Well, it gets hairy. Like you said, you love these kind of hairy problems, right? >> Yeah, that's right. >> You run towards that. >> That's right. We run towards fire >> And, Ryan, your focus on partners is all partners or is it really the MSSPs or? >> All partners, all kinds of partners in the security space, right? >> Right, right. Yeah. Of course. >> Software companies, professional services, managed services. And we're focused on trying to make the security easier for both of our mutual customers here. Right? So that what you mentioned about best practices and, you know, how do you tell what best practices are per AWS service or third party software that's operating in an AWS environment? That's part of what our team does is we create these partner programs. There's a very detailed, very prescriptive technical checklist that out internal security experts are going through with Deloitte folks, for example, as a part of their membership and the level one MSSP program to make sure that, right? Those best practices which could be fresh off the AWS documentation truck are built into their services. And the reason those best practices exist is for a for a good reason. They're built, tried and tested, you know, in our own environments before they reach the documentation website. But all of that is incorporated into that whole kind of validated checklist that we do together. So it's a great way to make sure that operations from partners like Deloitte, software delivered, customization delivered, aligns with what we're able to see from just our Amazon culture of being so customer obsessed and really listening to all of those very specific challenges they might have that the customer will have at different points in their cloud journey. Those challenges are baked directly into key technical requirement criteria that Deloitte's teamed up with us to go achieve. >> What are you seeing at the macro, Aaron? When we talked to practitioners where we'll survey, we have a survey partner called ETR and they'll do spending surveys coming into the year of CIOs and IT buyers, we're expecting 8%, eight to 8 1/2% budget growth, post Ukraine, inflation, Fed tightening, you know, the tech lash, all that. It's dialed down a bit, it's still pretty robust it's 6% and security still remains the number one priority. And we've seen a little bit of momentum deceleration even in security spend across the board, but not anything, you know, tragic. Are you seeing the same or are you seeing security budgets kind of where they were expected to be at the beginning of the year? >> Yeah, you know, I haven't seen it decline. I mean, I think the fact of the matter is for all the things that we talked about before, right? Basically the skill shortages and just the coordination with other cloud programs, there's a tremendous backlog of stuff that needs to be done. And, you know, enterprises have more appreciation now for the need for all, you know, all the various, you know, ransomware things that have happened and others that, hey, they need to get a handle on the security and their environment. And so I think a lot of what's been going on in the last year, the reason it hasn't been faster, hasn't been for a lack of appetite. It's just been a lack of skills and process to do it. >> Has the business case changed? And the variables maybe the same, but it used to be, hey, if you don't do this, you're exposed. Okay. Here's the fear of getting, you know, infiltrated and then it's going to became if you want to quantify it, it's like, okay, what's the expected loss with, and without, you know, the kind of think of insurance terms. Is the business case shifting with digital toward this is a fundamental component of monetization in order to be able to monetize, you have to ensure this level security. Are we there yet? >> Yeah, I think so. I don't think anyone's arguing whether it's, you know, needed or not. Right. So now it's a question of, hey, and I think CJ Moses had a good slide in the opening yesterday where he was saying, you know, was it, make the secure path, the path of least resistance. Right? And so that's a big part of, you know, how we deliver our solution. We really want to make it easy for the enterprise to absorb the security services that we have. Right? And that's really critical. I think that's where the focus is, is make it easier to do security because the value comes right along with it. >> All right. I'll give you each the final word, Ryan, you go first then Aaron kind of put a bumper sticker on Re-inforce 2022. >> It's not slowing down. It's only picking up in terms of innovation, software tools, operational processes, and some of the unique ways that all these tools are tied together. Third party, Native AWS, consulting, the way these services come together, it's only accelerating. It's been pretty exciting to see some of the innovation here this time at this Re-inforce. >> Right, Aaron, what do you say? >> Yeah, I would agree. I mean, just the breadth of capabilities, the new announcements by AWS of the capabilities in their solution stack. I mean, for me, you know, I just kind of wonder like when does it narrow or when does it settle down and I know that that's not now. >> Keep waiting. >> Yeah. >> But, yeah, I think, you know, we will continue to see you know, just rapid acceleration and new features and services that... >> I often say the next decade at cloud ain't going to to be like the last. So gentlemen, thanks for coming on The CUBE. It's great to see you. >> Thanks for having us. Thank you everything. >> All right, thank you for watching. Keep it right there. This is Dave Vellante for The CUBE. We'll be back right after this short break from Boston AWS Re-inforce 2022. (soft music)

(introductory riff) >> Hey everyone. Welcome to theCUBE's presentation of the "AWS Startup Showcase." This is Season 2, Episode 3 of our ongoing series that features great partners in the massive AWS partner ecosystem. This series is focused on, "MarTech, Emerging Cloud-Scale Customer Experiences." I'm Lisa Martin, and I've got two guests here with me to talk about this. Please welcome Daisy Urfer, Cloud Alliance Sales Director at Algolia, and Jason Lang, the Head of Product for Apply Digital. These folks are here to talk with us today about how Algolia's Search and Discovery enables customers to create dynamic realtime user experiences for those oh so demanding customers. Daisy and Jason, it's great to have you on the program. >> Great to be here. >> Thanks for having us. >> Daisy, we're going to go ahead and start with you. Give the audience an overview of Algolia, what you guys do, when you were founded, what some of the gaps were in the market that your founders saw and fixed? >> Sure. It's actually a really fun story. We were founded in 2012. We are an API first SaaS solution for Search and Discovery, but our founders actually started off with a search tool for mobile platforms, so just for your phone and it quickly expanded, we recognize the need across the market. It's been a really fun place to grow the business. And we have 11,000 customers today and growing every day, with 30 billion searches a week. So we do a lot of business, it's fun. >> Lisa: 30 billion searches a week and I saw some great customer brands, Locost, NBC Universal, you mentioned over 11,000. Talk to me a little bit about some of the technologies, I see that you have a search product, you have a recommendation product. What are some of those key capabilities that the products deliver? 'Cause as we know, as users, when we're searching for something, we expect it to be incredibly fast. >> Sure. Yeah. What's fun about Algolia is we are actually the second largest search engine on the internet today to Google. So we are right below the guy who's made search of their verb. So we really provide an overall search strategy. We provide a dashboard for our end users so they can provide the best results to their customers and what their customers see. Customers want to see everything from Recommend, which is our recommended engine. So when you search for that dress, it shows you the frequently bought together shoes that match, things like that, to things like promoted items and what's missing in the search results. So we do that with a different algorithm today. Most in the industry rank and they'll stack what you would want to see. We do kind of a pair for pair ranking system. So we really compare what you're looking for and it gives a much better result. >> And that's incredibly critical for users these days who want results in milliseconds. Jason, you, Apply Digital as a partner of Algolia, talk to us about Apply Digital, what it is that you guys do, and then give us a little bit of insight on that partnership. >> Sure. So Apply Digital was originally founded in 2016 in Vancouver, Canada. And we have offices in Vancouver, Toronto, New York, LA, San Francisco, Mexico city, Sao Paulo and Amsterdam. And we are a digital experiences agency. So brands and companies, and startups, and all the way from startups to major global conglomerates who have this desire to truly create these amazing digital experiences, it could be a website, it could be an app, it could be a full blown marketing platform, just whatever it is. And they lack either the experience or the internal resources, or what have you, then they come to us. And and we are end-to-end, we strategy, design, product, development, all the way through the execution side. And to help us out, we partner with organizations like Algolia to offer certain solutions, like an Algolia's case, like search recommendation, things like that, to our various clients and customers who are like, "Hey, I want to create this experience and it's going to require search, or it's going to require some sort of recommendation." And we're like, "Well, we highly recommend that you use Algolia. They're a partner of ours, they've been absolutely amazing over the time that we've had the partnership. And that's what we do." And honestly, for digital experiences, search is the essence of the internet, it just is. So, I cannot think of a single digital experience that doesn't require some sort of search or recommendation engine attached to it. So, and Algolia has just knocked it out of the park with their experience, not only from a customer experience, but also from a development experience. So that's why they're just an amazing, amazing partner to have. >> Sounds like a great partnership. Daisy, let's point it back over to you. Talk about some of those main challenges, Jason alluded to them, that businesses are facing, whether it's e-commerce, SaaS, a startup or whatnot, where search and recommendations are concerned. 'Cause we all, I think I've had that experience, where we're searching for something, and Daisy, you were describing how the recommendation engine works. And when we are searching for something, if I've already bought a tent, don't show me more tent, show me things that would go with it. What are some of those main challenges that Algolia solution just eliminates? >> Sure. So I think, one of the main challenges we have to focus on is, most of our customers are fighting against the big guides out there that have hundreds of engineers on staff, custom building a search solution. And our consumers expect that response. You expect the same search response that you get when you're streaming video content looking for a movie, from your big retailer shopping experiences. So what we want to provide is the ability to deliver that result with much less work and hassle and have it all show up. And we do that by really focusing on the results that the customers need and what that view needs to look like. We see a lot of our customers just experiencing a huge loss in revenue by only providing basic search. And because as Jason put it, search is so fundamental to the internet, we all think it's easy, we all think it's just basic. And when you provide basic, you don't get the shoes with the dress, you get just the text response results back. And so we want to make sure that we're providing that back to our customers. What we see average is even, and everybody's going mobile. A lot of times I know I do all my shopping on my phone a lot of the time, and 40%-50% better relevancy results for our customers for mobile users. That's a huge impact to their use case. >> That is huge. And when we talked about patients wearing quite thin the last couple of years. But we have this expectation in our consumer lives and in our business lives if we're looking for SaaS or software, or whatnot, that we're going to be able to find what we want that's relevant to what we're looking for. And you mentioned revenue impact, customer churn, brand reputation, those are all things that if search isn't done well, to your point, Daisy, if it's done in a basic fashion, those are some of the things that customers are going to experience. Jason, talk to us about why Algolia, what was it specifically about that technology that really led Apply Digital to say, "This is the right partner to help eliminate some of those challenges that our customers could face?" >> Sure. So I'm in the product world. So I have the wonderful advantage of not worrying about how something's built, that is left, unfortunately, to the poor, poor engineers that have to work with us, mad scientist, product people, who are like, "I want, make it do this. I don't know how, but make it do this." And one of the big things is, with Algolia is the lift to implement is really, really light. Working closely with our engineering team, and even with our customers/users and everything like that, you kind of alluded to it a little earlier, it's like, at the end of the day, if it's bad search, it's bad search. It just is. It's terrible. And people's attention span can now be measured in nanoseconds, but they don't care how it works, they just want it to work. I push a button, I want something to happen, period. There's an entire universe that is behind that button, and that's what Algolia has really focused on, that universe behind that button. So there's two ways that we use them, on a web experience, there's the embedded Search widget, which is really, really easy to implement, documentation, and I cannot speak high enough about documentation, is amazing. And then from the web aspect, I'm sorry, from the mobile aspect, it's very API fort. And any type of API implementation where you can customize the UI, which obviously you can imagine our clients are like, "No we want to have our own front end. We want to have our own custom experience." We use Algolia as that engine. Again, the documentation and the light lift of implementation is huge. That is a massive, massive bonus for why we partnered with them. Before product, I was an engineer a very long time ago. I've seen bad documentation. And it's like, (Lisa laughing) "I don't know how to imple-- I don't know what this is. I don't know how to implement this, I don't even know what I'm looking at." But with Algolia and everything, it's so simple. And I know I can just hear the Apply Digital technology team, just grinding sometimes, "Why is a product guy saying that (mumbles)? He should do it." But it is, it just the lift, it's the documentation, it's the support. And it's a full blown partnership. And that's why we went with it, and that's what we tell our clients. It's like, listen, this is why we chose Algolia, because eventually this experience we're creating for them is theirs, ultimately it's theirs. And then they are going to have to pick it up after a certain amount of time once it's theirs. And having that transition of, "Look this is how easy it is to implement, here is all the documentation, here's all the support that you get." It just makes that transition from us to them beautifully seamless. >> And that's huge. We often talk about hard metrics, but ease of use, ease of implementation, the documentation, the support, those are all absolutely business critical for the organization who's implementing the software, the fastest time to value they can get, can be table stakes, and it can be on also a massive competitive differentiator. Daisy, I want to go back to you in terms of hard numbers. Algolia has a recent force or Total Economic Impact, or TEI study that really has some compelling stats. Can you share some of those insights with us? >> Yeah. Absolutely. I think that this is the one of the most fun numbers to share. We have a recent report that came out, it shared that there's a 382% Return on Investment across three years by implementing Algolia. So that's increase to revenue, increased conversion rate, increased time on your site, 382% Return on Investment for the purchase. So we know our pricing's right, we know we're providing for our customers. We know that we're giving them the results that we need. I've been in the search industry for long enough to know that those are some amazing stats, and I'm really proud to work for them and be behind them. >> That can be transformative for a business. I think we've all had that experience of trying to search on a website and not finding anything of relevance. And sometimes I scratch my head, "Why is this experience still like this? If I could churn, I would." So having that ability to easily implement, have the documentation that makes sense, and get such high ROI in a short time period is hugely differentiated for businesses. And I think we all know, as Jason said, we measure response time in nanoseconds, that's how much patience and tolerance we all have on the business side, on the consumer side. So having that, not just this fast search, but the contextual search is table stakes for organizations these days. I'd love for you guys, and on either one of you can take this, to share a customer example or two, that really shows the value of the Algolia product, and then also maybe the partnership. >> So I'll go. We have a couple of partners in two vastly different industries, but both use Algolia as a solution for search. One of them is a, best way to put this, multinational biotech health company that has this-- We built for them this internal portal for all of their healthcare practitioners, their HCPs, so that they could access information, data, reports, wikis, the whole thing. And it's basically, almost their version of Wikipedia, but it's all internal, and you can imagine the level of of data security that it has to be, because this is biotech and healthcare. So we implemented Algolia as an internal search engine for them. And the three main reasons why we recommended Algolia, and we implemented Algolia was one, HIPAA compliance. That's the first one, it's like, if that's a no, we're not playing. So HIPAA compliance, again, the ease of search, the whole contextual search, and then the recommendations and things like that. It was a true, it didn't-- It wasn't just like a a halfhearted implementation of an internal search engine to look for files thing, it is a full blown search engine, specifically for the data that they want. And I think we're averaging, if I remember the numbers correctly, it's north of 200,000 searches a month, just on this internal portal specifically for their employees in their company. And it's amazing, it's absolutely amazing. And then conversely, we work with a pretty high level adventure clothing brand, standard, traditional e-commerce, stable mobile application, Lisa, what you were saying earlier. It's like, "I buy everything on my phone," thing. And so that's what we did. We built and we support their mobile application. And they wanted to use for search, they wanted to do a couple of things which was really interesting. They wanted do traditional search, search catalog, search skews, recommendations, so forth and so on, but they also wanted to do a store finder, which was kind of interesting. So, we'd said, all right, we're going to be implementing Algolia because the lift is going to be so much easier than trying to do everything like that. And we did, and they're using it, and massively successful. They are so happy with it, where it's like, they've got this really contextual experience where it's like, I'm looking for a store near me. "Hey, I've been looking for these items. You know, I've been looking for this puffy vest, and I'm looking for a store near me." It's like, "Well, there's a store near me but it doesn't have it, but there's a store closer to me and it does have it." And all of that wraps around what it is. And all of it was, again, using Algolia, because like I said earlier, it's like, if I'm searching for something, I want it to be correct. And I don't just want it to be correct, I want it to be relevant. >> Lisa: Yes. >> And I want it to feel personalized. >> Yes. >> I'm asking to find something, give me something that I am looking for. So yeah. >> Yeah. That personalization and that relevance is critical. I keep saying that word "critical," I'm overusing it, but it is, we have that expectation that whether it's an internal portal, as you talked about Jason, or it's an adventure clothing brand, or a grocery store, or an e-commerce site, that what they're going to be showing me is exactly what I'm looking for, that magic behind there that's almost border lines on creepy, but we want it. We want it to be able to make our lives easier whether we are on the consumer side, whether we on the business side. And I do wonder what the Go To Market is. Daisy, can you talk a little bit about, where do customers go that are saying, "Oh, I need to Algolia, and I want to be able to do that." Now, what's the GTM between both of these companies? >> So where to find us, you can find us on AWS Marketplace which another favorite place. You can quickly click through and find, but you can connect us through Apply Digital as well. I think, we try to be pretty available and meet our customers where they are. So we're open to any options, and we love exploring with them. I think, what is fun and I'd love to talk about as well, in the customer cases, is not just the e-commerce space, but also the content space. We have a lot of content customers, things about news, organizations, things like that. And since that's a struggle to deliver results on, it's really a challenge. And also you want it to be relevant, so up-to-date content. So it's not just about e-commerce, it's about all of your solution overall, but we hope that you'll find us on AWS Marketplace or anywhere else. >> Got it. And that's a great point, that it's not just e-commerce, it's content. And that's really critical for some industry, businesses across industries. Jason and Daisy, thank you so much for joining me talking about Algolia, Apply Digital, what you guys are doing together, and the huge impact that you're making to the customer user experience that we all appreciate and know, and come to expect these days is going to be awesome. We appreciate your insights. >> Thank you. >> Thank you >> For Daisy and Jason, I'm Lisa Martin. You're watching "theCUBE," our "AWS Startup Showcase, MarTech Emerging Cloud-Scale Customer Experiences." Keep it right here on "theCUBE" for more great content. We're the leader in live tech coverage. (ending riff)

>>Okay, welcome back. Everyone. Live cube coverage here in Las Vegas for Amazon re Mars hot event, machine learning, automation, robotics, and space. Two days of live coverage. We're talking to all the hot technologists. We got all the action startups and segment on sustainability and F pan hero for vet global lead, Amazon sustainability data initiative. Thanks for coming on the cube. Can I get that right? Can >>You, you, you did. >>Absolutely. Okay, great. <laugh> thank >>You. >>Great to see you. We met at the analyst, um, mixer and, um, blown away by the story going on at Amazon around sustainability data initiative, because we were joking. Everything's a data problem now, cuz that's cliche. But in this case you're using data in your program and it's really kind of got a bigger picture. Take a minute to explain what your project is, scope of it on the sustainability. >>Yeah, absolutely. And thank you for the opportunity to be here. Yeah. Um, okay. So, um, I, I lead this program that we launched several years back in 2018 more specifically, and it's a tech for good program. And when I say the tech for good, what that means is that we're trying to bring our technology and our infrastructure and lend that to the world specifically to solve the problems related to sustainability. And as you said, sustainability, uh, inherently needs data. You need, we need data to understand the baseline of where we are and also to understand the progress that we are making towards our goals. Right? But one of the big challenges that the data that we need is spread everywhere. Some of it is too large for most people to be able to, um, access and analyze. And so, uh, what we're trying to tackle is really the data problem in the sustainability space. >>Um, what we do more specifically is focus on Democrat democratizing access to data. So we work with a broader community and we try to understand what are those foundational data sets that most people need to use in the space to solve problems like climate change or food security or think about sustainable development goals, right? Yeah. Yeah. Like all the broad space. Um, and, and we basically then work with the data providers, bring the data to the cloud, make it free and open to everybody in the world. Um, I don't know how deep you want me to go into it. There's many other layers into that. So >>The perspective is zooming out. You're, you're, you're looking at creating a system where the democratizing data means making it freely available so that practitioners or citizens, data, Wrangler, people interested in helping the world could get access to it and then maybe collaborate with people around the world. Is that right? >>Absolutely. So one of the advantages of using the cloud for this kind of, uh, effort is that, you know, cloud is virtually accessible from anywhere where you have, you know, internet or bandwidth, right? So, uh, when, when you put data in the cloud in a centralized place next to compute, it really, uh, removes the, the need for everybody to have their own copy. Right. And to bring it into that, the traditional way is that you bring the data next to your compute. And so we have this multiple copies of data. Some of them are on the petabyte scale. There's obviously the, the carbon footprint associated with the storage, but there's also the complexity that not everybody's able to actually analyze and have that kind of storage. So by putting it in the cloud, now anyone in the world independent of where of their computer capabilities can have access to the same type of data to solve >>The problems. You don't remember doing a report on this in 2018 or 2017. I forget what year it was, but it was around public sector where it was a movement with universities and academia, where they were doing some really deep compute where Amazon had big customers. And there was a movement towards a open commons of data, almost like a national data set like a national park kind of vibe that seems to be getting momentum. In fact, this kind of sounds like what you're doing some similar where it's open to everybody. It's kinda like open source meets data. >>Uh, exactly. And, and the truth is that these data, the majority of it's and we primarily work with what we call authoritative data providers. So think of like NASA Noah, you came me office organizations whose mission is to create the data. So they, their mandate is actually to make the data public. Right. But in practice, that's not really the case. Right. A lot of the data is stored like in servers or tapes or not accessible. Um, so yes, you bring the data to the cloud. And in this model that we use, Amazon never actually touches the data and that's very intentional so that we preserve the integrity of the data. The data provider owns the data in the cloud. We cover all the costs, but they commit to making it public in free to anybody. Um, and obviously the computer is next to it. So that's, uh, evaluated. >>Okay. Anna. So give me some examples of, um, some successes. You've had some of the challenges and opportunities you've overcome, take me through some of the activities because, um, this is really needed, right? And we gotta, sustainability is top line conversation, even here at the conference, re Mars, they're talking about saving climate change with space mm-hmm <affirmative>, which is legitimate. And they're talking about all these new things. So it's only gonna get bigger. Yeah. This data, what are some of the things you're working on right now that you can share? >>Yeah. So what, for me, honestly, the most exciting part of all of this is, is when I see the impact that's creating on customers and the community in general, uh, and those are the stories that really bring it home, the value of opening access to data. And, and I would just say, um, the program actually offers in addition to the data, um, access to free compute, which is very important as well. Right? You put the data in the cloud. It's great. But then if you wanna analyze that, there's the cost and we want to offset that. So we have a, basically an open call for proposals. Anybody can apply and we subsidize that. But so what we see by putting the data in the cloud, making it free and putting the compute accessible is that like we see a lot, for instance, startups, startups jump on it very easily because they're very nimble. They, we basically remove all the cost of investing in the acquisition and storage of the data. The data is connected directly to the source and they don't have to do anything. So they easily build their applications on top of it and workloads and turn it on and off if you know, >>So they don't have to pay for it. >>They have to pay, they basically just pay for the computes whenever they need it. Right. So all the data is covered. So that makes it very visible for, for a lot of startups. And then we see anything like from academia and nonprofits and governments working extensively on the data, what >>Are some of the coolest things you've seen come out of the woodwork in terms of, you know, things that built on top of the, the data, the builders out there are creative, all that heavy, lifting's gone, they're being creative. I'm sure there's been some surprises, um, or obvious verticals that jump healthcare jumps out at me. I'm not sure if FinTech has a lot of data in there, but it's healthcare. I can see, uh, a big air vertical, obviously, you know, um, oil and gas, probably concern. Um, >>So we see it all over the space, honestly. But for instance, one of the things that is very, uh, common for people to use this, uh, Noah data like weather data, because no, basically weather impacts almost anything we do, right? So you have this forecast of data coming into the cloud directly streamed from Noah. And, um, a lot of applications are built on top of that. Like, um, forecasting radiation, for instance, for the solar industry or helping with navigation. But I would say some of the stories I love to mention because are very impactful are when we take data to remote places that traditionally did not have access to any data. Yeah. And for instance, we collaborate with a, with a program, a nonprofit called digital earth Africa where they, this is a basically philanthropically supported program to bring earth observations to the African continents in making it available to communities and governments and things like illegal mining fighting, illegal mining are the forestation, you know, for mangroves to deep forest. Um, it's really amazing what they are doing. And, uh, they are managing >>The low cost nature of it makes it a great use case there >>Yes. Cloud. So it makes it feasible for them to actually do this work. >>Yeah. You mentioned the Noah data making me think of the sale drone. Mm-hmm <affirmative> my favorite, um, use case. Yes. Those sales drones go around many them twice on the queue at reinvent over the years. Yeah. Um, really good innovation. That vibe is here too at the show at Remar this week at the robotics showcases you have startups and growing companies in the ML AI areas. And you have that convergence of not obvious to many, but here, this culture is like, Hey, we have, it's all coming together. Mm-hmm <affirmative>, you know, physical, industrial space is a function of the new O T landscape. Mm-hmm <affirmative>. I mean, there's no edge in space as they say, right. So the it's unlimited edge. So this kind of points to the major trend. It's not stopping this innovation, but sustainability has limits on earth. We have issues. >>We do have issues. And, uh, and I, I think that's one of my hopes is that when we come to the table with the resources and the skills we have and others do as well, we try to remove some of these big barriers, um, that make it things harder for us to move forward as fast as we need to. Right. We don't have time to spend that. Uh, you know, I've been accounted that 80% of the effort to generate new knowledge is spent on finding the data you need and cleaning it. Uh, we, we don't have time for that. Right. So can we remove that UN differentiated, heavy lifting and allow people to start at a different place and generate knowledge and insights faster. >>So that's key, that's the key point having them innovate on top of it, right. What are some things that you wanna see happen over the next year or two, as you look out, um, hopes, dreams, KPIs, performance metrics, what are you, what are you driving to? What's your north star? What are some of those milestones? >>Yeah, so some, we are investing heavily in some areas. Uh, we support, um, you know, we support broadly sustainability, which as, you know, it's like, it's all over, <laugh> the space, but, uh, there's an area that is, uh, becoming more and more critical, which is climate risk. Um, climate risk, you know, for obvious reasons we are experienced, but also there's more regulatory pressures on, uh, business and companies in general to disclose their risks, not only the physical, but also to transition risks. And that's a very, uh, data heavy and compute heavy space. Right. And so we are very focusing in trying to bring the right data and the right services to support that kind of, of activity. >>What kind of break was you looking for? >>Um, so I think, again, it goes back to this concept that there's all that effort that needs to be done equally by so many people that we are all repeating the effort. So I'll put a plug here actually for a project we are supporting, which is called OS climates. Um, I don't know if you're familiar with it, but it's the Linux foundation effort to create an open source platform for climate risk. And so they, they bought the SMP global Airbus, you know, Alliance all these big companies together. And we are one of the funding partners to basically do that basic line work. What are the data that is needed? What are the basic tools let's put it there and do the pre-competitive work. So then you can do the build the, the, the competitive part on top of it. So >>It's kinda like a data clean room. >>It kind of is right. But we need to do those things, right. So >>Are they worried about comp competitive data or is it more anonymized out? How do you, >>It has both actually. So we are primarily contributing, contributing with the open data part, but there's a lot of proprietary data that needs to be behind the whole, the walls. So, yeah, >>You're on the cutting edge of data engineering because, you know, web and ad tech technologies used to be where all that data sharing was done. Mm-hmm <affirmative> for the commercial reasons, you know, the best minds in our industry quoted by a cube alumni are working on how to place ads better. Yeah. Jeff Acker, founder of Cloudera said that on the cube. Okay. And he was like embarrassed, but the best minds are working on how to make ads get more efficient. Right. But that tech is coming to problem solving and you're dealing with data exchange data analysis from different sources, third parties. This is a hard problem. >>Well, it is a hard problem. And I'll, I'll my perspective is that the hardest problem with sustainability is that it goes across all kinds of domains. Right. We traditionally been very comfortable working in our little, you know, swimming lanes yeah. Where we don't need to deal with interoperability and, uh, extracting knowledge. But sustainability, you, you know, you touch the economic side, it touches this social or the environmental, it's all connected. Right. And you cannot just work in the little space and then go sets the impact in the other one. So it's going to force us to work in a different way. Right. It's, uh, big data complex data yeah. From different domains. And we need to somehow make sense of all of it. And there's the potential of AI and ML and things like that that can really help us right. To go beyond the, the modeling approaches we've been done so >>Far. And trust is a huge factor in all this trust. >>Absolutely. And, and just going back to what I said before, that's one of the main reasons why, when we bring data to the cloud, we don't touch it. We wanna make sure that anybody can trust that the data is nowhere data or NASA data, but not Amazon data. >>Yes. Like we always say in the cube, you should own your data plane. Don't give it up. <laugh> well, that's cool. Great. Great. To hear the update. Is there any other projects that you're working on you think might be cool for people that are watching that you wanna plug or point out because this is an area people are, are leaning into yeah. And learning more young, younger talents coming in. Um, I, whether it's university students to people on side hustles want to play with data, >>So we have plenty of data. So we have, uh, we have over a hundred data sets, uh, petabytes and petabytes of data all free. You don't even need an AWS account to access the data and take it out if you want to. Uh, but I, I would say a few things that are exciting that are happening at Mars. One is that we are actually got integrated into ADX. So the AWS that exchange and what that means is that now you can find the open data, free data from a STI in the same searching capability and service as the paid data, right. License data. So hopefully we'll make it easier if I, if you wanna play with data, we have actually something great. We just announced a hackathon this week, uh, in partnership with UNESCO, uh, focus on sustainable development goals, uh, a hundred K in prices and, uh, so much data <laugh> you >>Too years, they get the world is your oyster to go check that out at URL at website, I'll see it's on Amazon. It use our website or a project that can join, or how do people get in touch with you? >>Yeah. So, uh, Amazon SDI, like for Amazon sustainability, that initiative, so Amazon sdi.com and you'll find, um, all the data, a lot of examples of customer stories that are using the data for impactful solutions, um, and much more >>So, and these are, there's a, there's a, a new kind of hustle going out there, seeing entrepreneurs do this. And very successfully, they pick a narrow domain and they, they own it. Something really obscure that could be off the big player's reservation. Mm-hmm <affirmative> and they just become fluent in the data. And it's a big white space for them, right. This market opportunities. And at the minimum you're playing with data. So this is becoming kind of like a long tail domain expertise, data opportunity. Yeah, absolutely. This really hot. So yes. Yeah. Go play around with the data, check it outs for good cause too. And it's free. >>It's all free. >>Almost free. It's not always free. Is it >>Always free? Well, if you, a friend of mine said is only free if your time is worth nothing. <laugh>. Yeah, >>Exactly. Well, Anna, great to have you on the cube. Thanks for sharing the stories. Sustainability is super important. Thanks for coming on. Thank you for the opportunity. Okay. Cube coverage here in Las Vegas. I'm Sean. Furier, we've be back with more day one. After this short break.