(lively music) >> Welcome back to our coverage of Cloud Native Security Con. I'm Dave Vellante, here in our Boston studio. We're connecting today, throughout the day, with Palo Alto on the ground in Seattle. And right now I'm here with Michael Foster with Red Hat. He's on the ground in Seattle. We're going to discuss the trends and containers and security and everything that's going on at the show in Seattle. Michael, good to see you, thanks for coming on. >> Good to see you, thanks for having me on. >> Lot of market momentum for Red Hat. The IBM earnings call the other day, announced OpenShift is a billion-dollar ARR. So it's quite a milestone, and it's not often, you know. It's hard enough to become a billion-dollar software company and then to have actually a billion-dollar product alongside. So congratulations on that. And let's start with the event. What's the buzz at the event? People talking about shift left, obviously supply chain security is a big topic. We've heard a little bit about or quite a bit about AI. What are you hearing on the ground? >> Yeah, so the last event I was at that I got to see you at was three months ago, with CubeCon and the talk was supply chain security. Nothing has really changed on that front, although I do think that the conversation, let's say with the tech companies versus what customers are actually looking at, is slightly different just based on the market. And, like you said, thank you for the shout-out to a billion-dollar OpenShift, and ACS is certainly excited to be part of that. We are seeing more of a consolidation, I think, especially in security. The money's still flowing into security, but people want to know what they're running. We've allowed, had some tremendous growth in the last couple years and now it's okay. Let's get a hold of the containers, the clusters that we're running, let's make sure everything's configured. They want to start implementing policies effectively and really get a feel for what's going on across all their workloads, especially with the bigger companies. I think bigger companies allow some flexibility in the security applications that they can deploy. They can have different groups that manage different ones, but in the mid to low market, you're seeing a lot of consolidation, a lot of companies that want basically one security tool to manage them all, so to speak. And I think that the features need to somewhat accommodate that. We talk supply chain, I think most people continue to care about network security, vulnerability management, shifting left and enabling developers. That's the general trend I see. Still really need to get some hands on demos and see some people that I haven't seen in a while. >> So a couple things on, 'cause, I mean, we talk about the macroeconomic climate all the time. We do a lot of survey data with our partners at ETR, and their recent data shows that in terms of cost savings, for those who are actually cutting their budgets, they're looking to consolidate redundant vendors. So, that's one form of consolidation. The other theme, of course, is there's so many tools out in the security market that consolidating tools is something that can help simplify, but then at the same time, you see opportunities open up, like IOT security. And so, you have companies that are starting up to just do that. So, there's like these countervailing trends. I often wonder, Michael, will this ever end? It's like the universe growing and tooling, what are your thoughts? >> I mean, I completely agree. It's hard to balance trying to grow the company in a time like this, at the same time while trying to secure it all, right? So you're seeing the consolidation but some of these applications and platforms need to make some promises to say, "Hey, we're going to move into this space." Right, so when you have like Red Hat who wants to come out with edge devices and help manage the IOT devices, well then, you have a security platform that can help you do that, that's built in. Then the messaging's easy. When you're trying to do that across different cloud providers and move into IOT, it becomes a little bit more challenging. And so I think that, and don't take my word for this, some of those IOT startups, you might see some purchasing in the next couple years in order to facilitate those cloud platforms to be able to expand into that area. To me it makes sense, but I don't want to hypothesize too much from the start. >> But I do, we just did our predictions post and as a security we put up the chart of candidates, and there's like dozens, and dozens, and dozens. Some that are very well funded, but I mean, you've seen some down, I mean, down rounds everywhere, but these many companies have raised over a billion dollars and it's like uh-oh, okay, so they're probably okay, maybe. But a lot of smaller firms, I mean there's just, there's too many tools in the marketplace, but it seems like there is misalignment there, you know, kind of a mismatch between, you know, what customers would like to have happen and what actually happens in the marketplace. And that just underscores, I think, the complexities in security. So I guess my question is, you know, how do you look at Cloud Native Security, and what's different from traditional security approaches? >> Okay, I mean, that's a great question, and it's something that we've been talking to customers for the last five years about. And, really, it's just a change in mindset. Containers are supposed to unleash developer speed, and if you don't have a security tool to help do that, then you're basically going to inhibit developers in some form or another. I think managing that, while also giving your security teams the ability to tell the message of we are being more secure. You know, we're limiting vulnerabilities in our cluster. We are seeing progress because containers, you know, have a shorter life cycle and there is security and speed. Having that conversation with the C-suites is a little different, especially when how they might be used to virtual machines and managing it through that. I mean, if it works, it works from a developer's standpoint. You're not taking advantage of those containers and the developer's speed, so that's the difference. Now doing that and then first challenge is making that pitch. The second challenge is making that pitch to then scale it, so you can get onboard your developers and get your containers up and running, but then as you bring in new groups, as you move over to Kubernetes or you get into more container workloads, how do you onboard your teams? How do you scale? And I tend to see a general trend of a big investment needed for about two years to make that container shift. And then the security tools come in and really blossom because once that core separation of responsibilities happens in the organization, then the security tools are able to accelerate the developer workflow and not inhibit it. >> You know, I'm glad you mentioned, you know, separation of responsibilities. We go to a lot of shows, as you know, with theCUBE, and many of them are cloud shows. And in the one hand, Cloud has, you know, obviously made the world, you know, more interesting and better in so many different ways and even security, but it's like new layers are forming. You got the cloud, you got the shared responsibility model, so the cloud is like the first line of defense. And then you got the CISO who is relying heavily on devs to, you know, the whole shift left thing. So we're asking developers to do a lot and then you're kind of behind them. I guess you have audit is like the last line of defense, but my question to you is how can software developers really ensure that cloud native tools that they're using are secure? What steps can they take to improve security and specifically what's Red Hat doing in that area? >> Yeah, well I think there's, I would actually move away from that being the developer responsibility. I think the job is the operators' and the security people. The tools to give them the ability to see. The vulnerabilities they're introducing. Let's say signing their images, actually verifying that the images that's thrown in the cloud, are the ones that they built, that can all be done and it can be done open source. So we have a DevSecOps validated pattern that Red Hat's pushed out, and it's all open source tools in the cloud native space. And you can sign your builds and verify them at runtime and make sure that you're doing that all for free as one option. But in general, I would say that the hope is that you give the developer the information to make responsible choices and that there's a dialogue between your security and operations and developer teams but security, we should not be pushing that on developer. And so I think with ACS and our tool, the goal is to get in and say, "Let's set some reasonable policies, have a conversation, let's get a security liaison." Let's say in the developer team so that we can make some changes over time. And the more we can automate that and the more we can build and have that conversation, the better that you'll, I don't say the more security clusters but I think that the more you're on your path of securing your environment. >> How much talk is there at the event about kind of recent high profile incidents? We heard, you know, Log4j, of course, was mentioned in the Keynote. Somebody, you know, I think yelled out from the audience, "We're still dealing with that." But when you think about these, you know, incidents when looking back, what lessons do you think we've learned from these events? >> Oh, I mean, I think that I would say, if you have an approach where you're managing your containers, managing the age and using containers to accelerate, so let's say no images that are older than 90 days, for example, you're going to avoid a lot of these issues. And so I think people that are still dealing with that aspect haven't set up the proper, let's say, disclosure between teams and update strategy and so on. So I don't want to, I think the Log4j, if it's still around, you know, something's missing there but in general you want to be able to respond quickly and to do that and need the tools and policies to be able to tell people how to fix that issue. I mean, the Log4j fix was seven days after, so your developers should have been well aware of that. Your security team should have been sending the messages out. And I remember even fielding all the calls, all the fires that we had to put out when that happened. But yeah. >> I thought Brian Behlendorf's, you know, talk this morning was interesting 'cause he was making an attempt to say, "Hey, here's some things that you might not be thinking about that are likely to occur." And I wonder if you could, you know, comment on them and give us your thoughts as to how the industry generally, maybe Red Hat specifically, are thinking about dealing with them. He mentioned ChatGPT or other GPT to automate Spear phishing. He said the identity problem is still not fixed. Then he talked about free riders sniffing repos essentially for known vulnerabilities that are slow to fix. He talked about regulations that might restrict shipping code. So these are things that, you know, essentially, we can, they're on the radar, but you know, we're kind of putting out, you know, yesterday's fire. What are your thoughts on those sort of potential issues that we're facing and how are you guys thinking about it? >> Yeah, that's a great question, and I think it's twofold. One, it's brought up in front of a lot of security leaders in the space for them to be aware of it because security, it's a constant battle, constant war that's being fought. ChatGPT lowers the barrier of entry for a lot of them, say, would-be hackers or people like that to understand systems and create, let's say, simple manifests to leverage Kubernetes or leverage a misconfiguration. So as the barrier drops, we as a security team in security, let's say group organization, need to be able to respond and have our own tools to be able to combat that, and we do. So a lot of it is just making sure that we shore up our barriers and that people are aware of these threats. The harder part I think is educating the public and that's why you tend to see maybe the supply chain trend be a little bit ahead of the implementation. I think they're still, for example, like S-bombs and signing an attestation. I think that's still, you know, a year, two years, away from becoming, let's say commonplace, especially in something like a production environment. Again, so, you know, stay bleeding edge, and then make sure that you're aware of these issues and we'll be constantly coming to these calls and filling you in on what we're doing and make sure that we're up to speed. >> Yeah, so I'm hearing from folks like yourself that the, you know, you think of the future of Cloud Native Security. We're going to see continued emphasis on, you know, better integration of security into the DevSecOps. You're pointing out it's really, you know, the ops piece, that runtime that we really need to shore up. You can't just put it on the shoulders of the devs. And, you know, using security focused tools and best practices. Of course you hear a lot about that and the continued drive toward automation. My question is, you know, automation, machine learning, how, where are we in that maturity cycle? How much of that is being adopted? Sometimes folks are, you know, they embrace automation but it brings, you know, unknown, unintended consequences. Are folks embracing that heavily? Are there risks associated around that, or are we kind of through that knothole in your view? >> Yeah, that's a great question. I would compare it to something like a smart home. You know, we sort of hit a wall. You can automate so much, but it has to actually be useful to your teams. So when we're going and deploying ACS and using a cloud service, like one, you know, you want something that's a service that you can easily set up. And then the other thing is you want to start in inform mode. So you can't just automate everything, even if you're doing runtime enforcement, you need to make sure that's very, very targeted to exactly what you want and then you have to be checking it because people start new workloads and people get onboarded every week or month. So it's finding that balance between policies where you can inform the developer and the operations teams and that they give them the information to act. And that worst case you can step in as a security team to stop it, you know, during the onboarding of our ACS cloud service. We have an early access program and I get on-calls, and it's not even security team, it's the operations team. It starts with the security product, you know, and sometimes it's just, "Hey, how do I, you know, set this policy so my developers will find this vulnerability like a Log4Shell and I just want to send 'em an email, right?" And these are, you know, they have the tools and they can do that. And so it's nice to see the operations take on some security. They can automate it because maybe you have a NetSec security team that doesn't know Kubernetes or containers as well. So that shared responsibility is really useful. And then just again, making that automation targeted, even though runtime enforcement is a constant thing that we talk about, the amount that we see it in the wild where people are properly setting up admission controllers and it's acting. It's, again, very targeted. Databases, cubits x, things that are basically we all know is a no-go in production. >> Thank you for that. My last question, I want to go to the, you know, the hardest part and 'cause you're talking to customers all the time and you guys are working on the hardest problems in the world. What is the hardest aspect of securing, I'm going to come back to the software supply chain, hardest aspect of securing the software supply chain from the perspective of a security pro, software engineer, developer, DevSecOps Pro, and then this part b of that is, is how are you attacking that specifically as Red Hat? >> Sure, so as a developer, it's managing vulnerabilities with updates. As an operations team, it's keeping all the cluster, because you have a bunch of different teams working in the same environment, let's say, from a security team. It's getting people to listen to you because there are a lot of things that need to be secured. And just communicating that and getting it actionable data to the people to make the decisions as hard from a C-suite. It's getting the buy-in because it's really hard to justify the dollars and cents of security when security is constantly having to have these conversations with developers. So for ACS, you know, we want to be able to give the developer those tools. We also want to build the dashboards and reporting so that people can see their vulnerabilities drop down over time. And also that they're able to respond to it quickly because really that's where the dollars and cents are made in the product. It's that a Log4Shell comes out. You get immediately notified when the feeds are updated and you have a policy in action that you can respond to it. So I can go to my CISOs and say, "Hey look, we're limiting vulnerabilities." And when this came out, the developers stopped it in production and we were able to update it with the next release. Right, like that's your bread and butter. That's the story that you want to tell. Again, it's a harder story to tell, but it's easy when you have the information to be able to justify the money that you're spending on your security tools. Hopefully that answered your question. >> It does. That was awesome. I mean, you got data, you got communication, you got the people, obviously there's skillsets, you have of course, tooling and technology is a big part of that. Michael, really appreciate you coming on the program, sharing what's happening on the ground in Seattle and can't wait to have you back. >> Yeah. Awesome. Thanks again for having me. >> Yeah, our pleasure. All right. Thanks for watching our coverage of the Cloud Native Security Con. I'm Dave Vellante. I'm in our Boston studio. We're connecting to Palo Alto. We're connecting on the ground in Seattle. Keep it right there for more coverage. Be right back. (lively music)

>> Narrator: "TheCUBE" presents Ignite 22. Brought to you by Palo Alto Networks. >> Hey everyone. Welcome back to "TheCUBE's" live coverage of Palo Alto Network's Ignite 22 from the MGM Grand in beautiful Las Vegas. I am Lisa Martin here with Dave Vellante. Dave, we just had a great conversa- First of all, we got to hear the keynote, most of it. We also just had a great conversation with the CEO and chairman of Palo Alto Networks, Nikesh Arora. You know, this is a company that was founded back in 2005, he's been there four years, a lot has happened. A lot of growth, a lot of momentum in his tenure. You were saying in your breaking analysis, that they are on track to nearly double revenues from FY 20 to 23. Lots of momentum in this cloud security company. >> Yeah, I'd never met him before. I mean, I've been following a little bit. It's interesting, he came in as, sort of, a security outsider. You know, he joked today that he, the host, I forget the guy's name on the stage, what was his name? Hassan. Hassan, he said "He's the only guy in the room that knows less about security than I do." Because, normally, this is an industry that's steeped in deep expertise. He came in and I think is given a good compliment to the hardcore techies at Palo Alto Network. The company, it's really interesting. The company started out building their own data centers, they called it. Now they look back and call it cloud, but it was their own data centers, kind of like Salesforce did, it's kind of like ServiceNow. Because at the time, you really couldn't do it in the public cloud. The public cloud was a little too unknown. And so they needed that type of control. But Palo Alto's been amazing story since 2020, we wrote about this during the pandemic. So what they did, is they began to pivot to the the true cloud native public cloud, which is kind of immature still. They don't tell you that, but it's kind of still a little bit immature, but it's working. And when they were pivoting, it was around the same time, at Fortinet, who's a competitor there's like, I call 'em a poor man's Palo Alto, and Fortinet probably hates that, but it's kind of true. It's like a value play on a comprehensive platform, and you know Fortinet a little bit. And so, but what was happening is Fortinet was executing on its cloud strategy better than Palo Alto. And there was a real divergence in the valuations of these stocks. And we said at the time, we felt like Palo Alto, being the gold standard, would get through it. And they did. And what's happened is interesting, I wrote about this two weeks ago. If you go back to the pandemic, peak of the pandemic, or just before the peak, kind of in that tech bubble, if you will. Splunk's down 44% from that peak, Okta's down, sorry, not down 44%. 44% of the peak. Okta's 22% of their peak. CrowdStrike, 41%, Zscaler, 36%, Fortinet, 71%. Not so bad. Palo Altos maintained 93% of its peak value, right? So it's a combination of two things. One is, they didn't run up as much during the pandemic, and they're executing through their cloud strategy. And that's provided a sort of softer landing. And I think it's going to be interesting to see where they go from here. And you heard Nikesh, we're going to double, and then double again. So that's 7 billion, 14 billion, heading to 30 billion. >> Lisa: Yeah, yeah. He also talked about one of the things that he's done in his tenure here, as really a workforce transformation. And we talk all the time, it's not just technology and processes, it's people. They've also seemed to have done a pretty good job from a cultural transformation perspective, which is benefiting their customers. And they're also growing- The ecosystem, we talked a little bit about the ecosystem with Nikesh. We've got Google Cloud on, we've got AWS on the program today alone, talking about the partnerships. The ecosystem is expanding, as well. >> Have you ever met Nir Zuk? >> I have not, not yet. >> He's the founder and CTO. I haven't, we've never been on "theCUBE." He was supposed to come on one day down in New York City. Stu and I were going to interview him, and he cut out of the conference early, so we didn't interview him. But he's a very opinionated dude. And you're going to see, he's basically going to come on, and I mean, I hope he is as opinionated on "TheCUBE," but he'll talk about how the industry has screwed it up. And Nikesh sort of talked about that, it's a shiny new toy strategy. Oh, there's another one, here's another one. It's the best in that category. Okay, let's get, and that's how we've gotten to this point. I always use that Optive graphic, which shows the taxonomy, and shows hundreds and hundreds of suppliers in the industry. And again, it's true. Customers have 20, 30, sometimes 40 different tool sets. And so now it's going to be interesting to see. So I guess my point is, it starts at the top. The founder, he's an outspoken, smart, tough Israeli, who's like, "We're going to take this on." We're not afraid to be ambitious. And so, so to your point about people and the culture, it starts there. >> Absolutely. You know, one of the things that you've written about in your breaking analysis over the weekend, Nikesh talked about it, they want to be the consolidator. You see this as they're building out the security supercloud. Talk to me about that. What do you think? What is a security supercloud in your opinion? >> Yeah, so let me start with the consolidator. So Palo Alto obviously is executing on that strategy. CrowdStrike as well, wants to be a consolidator. I would say Zscaler wants to be a consolidator. I would say that Microsoft wants to be a consolidator, so does Cisco. So they're all coming at it from different angles. Cisco coming at it from network security, which is Palo Alto's wheelhouse, with their next gen firewalls, network security. What Palo Alto did was interesting, was they started out with kind of a hardware based firewall, but they didn't try to shove everything into it. They put the other function in there, their cloud. Zscaler. Zscaler is the one running around saying you don't need firewalls anymore. Just run everything through our cloud, our security cloud. I would think that as Zscaler expands its TAM, it's going to start to acquire, and do similar types of things. We'll see how that integrates. CrowdStrike is clearly executing on a similar portfolio strategy, but they're coming at it from endpoint, okay? They have to partner for network security. Cisco is this big and legacy, but they've done a really good job of acquiring and using services to hide some of that complexity. Microsoft is, you know, they probably hate me saying this, but it's the just good enough strategy. And that may have hurt CrowdStrike last quarter, because the SMB was a soft, we'll see. But to specifically answer your question, the opportunity, we think, is to build the security supercloud. What does that mean? That means to have a common security platform across all clouds. So irrespective of whether you're running an Amazon, whether you're running an on-prem, Google, or Azure, the security policies, and the edicts, and the way you secure your enterprise, look the same. There's a PaaS layer, super PaaS layer for developers, so that that the developers can secure their code in a common framework across cloud. So that essentially, Nikesh sort of balked at it, said, "No, no, no, we're not, we're not really building a super cloud." But essentially they kind of are headed in that direction, I think. Although, what I don't know, like CrowdStrike and Microsoft are big competitors. He mentioned AWS and Google. We run on AWS, Google, and in their own data centers. That sounds like they don't currently run a Microsoft. 'Cause Microsoft is much more competitive with the security ecosystem. They got Identity, so they compete with Okta. They got Endpoint, so they compete with CrowdStrike, and Palo Alto. So Microsoft's at war with everybody. So can you build a super cloud on top of the clouds, the hyperscalers, and not do Microsoft? I would say no. >> Right. >> But there's nothing stopping Palo Alto from running in the Microsoft cloud. I don't know if that's a strategy, we should ask them. >> Yeah. They've done a great job in our last few minutes, of really expanding their TAM in the last few years, particularly under Nikesh's leadership. What are some of the things that you heard this morning that you think, really they've done a great job of expanding that TAM. He talked a little bit about, I didn't write the number down, but he talked a little bit about the market opportunity there. What do you see them doing as being best of breed for organizations that have 30 to 50 tools and need to consolidate that? >> Well the market opportunity's enormous. >> Lisa: It is. >> I mean, we're talking about, well north of a hundred billion dollars, I mean 150, 180, depending on whose numerator you use. Gartner, IDC. Dave's, whatever, it's big. Okay, and they've got... Okay, they're headed towards 7 billion out of 180 billion, whatever, again, number you use. So they started with network security, they put most of the network function in the cloud. They moved to Endpoint, Sassy for the edge. They've done acquisitions, the Cortex acquisition, to really bring automated threat intelligence. They just bought Cider Security, which is sort of the shift left, code security, developer, assistance, if you will. That whole shift left, protect right. And so I think a lot of opportunities to continue to acquire best of breed. I liked what Nikesh said. Keep the founders on board, sell them on the mission. Let them help with that integration and putting forth the cultural aspects. And then, sort of, integrate in. So big opportunities, do they get into Endpoint and compete with Okta? I think Okta's probably the one sort of outlier. They want to be the consolidator of identity, right? And they'll probably partner with Okta, just like Okta partners with CrowdStrike. So I think that's part of the challenge of being the consolidator. You're probably not going to be the consolidator for everything, but maybe someday you'll see some kind of mega merger of these companies. CrowdStrike and Okta, or Palo Alto and Okta, or to take on Microsoft, which would be kind of cool to watch. >> That would be. We have a great lineup, Dave. Today and tomorrow, full days, two full days of cube coverage. You mentioned Nir Zuk, we already had the CEO on, founder and CTO. We've got the chief product officer coming on next. We've got chief transformation officer of customers, partners. We're going to have great conversations, and really understand how this organization is helping customers ultimately achieve their SecOps transformation, their digital transformation. And really moved the needle forward to becoming secure data companies. So I'm looking forward to the next two days. >> Yeah, and Wendy Whitmore is coming on. She heads Unit 42, which is, from what I could tell, it's pretty much the competitor to Mandiant, which Google just bought. We had Kevin Mandia on at September at the CrowdStrike event. So that's interesting. That's who I was poking Nikesh a little bit on industry collaboration. You're tight with Google, and then he had an interesting answer. He said "Hey, you start sharing data, you don't know where it's going to go." I think Snowflake could help with that problem, actually. >> Interesting. >> Yeah, little Snowflake and some of the announcements ar Reinvent with the data clean rooms. Data sharing, you know, trusted data. That's one of the other things we didn't talk about, is the real tension in between security and regulation. So the regulators in public policy saying you can't move the data out of the country. And you have to prove to me that you have a chain of custody. That when you say you deleted something, you have to show me that you not only deleted the file, then the data, but also the metadata. That's a really hard problem. So to my point, something that Palo Alto might be able to solve. >> It might be. It'll be an interesting conversation with Unit 42. And like we said, we have a great lineup of guests today and tomorrow with you, so stick around. Lisa Martin and Dave Vellante are covering Palo Alto Networks Ignite 22 for you. We look forward to seeing you in our next segment. Stick around. (light music)

(bright upbeat music) >> Hello, wonderful Cloud community and welcome back to our wall-to-wall coverage of AWS re:Invent here in Las Vegas, Nevada. I'm Savannah Peterson, joined by the brilliant John Furrier. John, how you doing this afternoon? >> Doing great, feeling good. We've got day three here, another day tomorrow. Wall-to-wall coverage we're already over a hundred something videos, live getting up. >> You're holding up well. >> And then Cloud show is just popping. It's back to pre-pandemic levels. The audience is here, what recession? But there is one coming but apparently doesn't seem to be an unnoticed with the Cloud community. >> I think, we'll be talking a little bit about that in our next interview in the state of the union. Not just our union, but the the general global economy and the climate there with some fabulous guests from Software One. Please welcome Neil and Bernd, welcome to the show, guys. How you doing? >> Great, thank you. >> Really good. >> Yeah, like you said, just getting over the jet lag. >> Yeah, yeah. Pretty good today, yeah, (laughing loudly) glad we did it today. >> I love that Neil, set your smiling and I can feel your energy. Tell us a little bit about Software One and what you all do. >> Yeah, so Software One we're a software and Cloud solutions provider. We're in 90 countries. We have 65,000 customers. >> Savannah: Just a few. >> Yeah, and we really focus on being close to the customers and helping customers through their software and Cloud journey. So we transact, we sell software in Cloud, 10,000 different ISVs. And then on top of that we a lot of services around the spend optimization FinOps we'll talk about as well, and lots of other areas. But yeah, we're really a large scale partner in this space. >> That's awesome. FinOps, cost optimization, pretty much all we've been talking about here on the give. It's very much a hot topic. I'm actually excited about this and Bernd I'm going to throw this one to you first. We haven't actually done a proper definition of what FinOps is at the show yet. What is FinOps? >> Well, largely speaking it's Cloud cost optimization but for us it's a lot more than for others. That's our superpower. We do it all. We do the technology side but we also do the licensing side. So, we have a differentiated offering. If you would look at the six Rs of application migration we do it all, not even an Accenture as it all. And that is our differentiation. >> You know, yesterday Adams left was on the Keynote. He's like waving his hands around. It's like, "Hey, we got if you want to tighten your belt, come to the Cloud." I'm like, wait a minute. In 2008 when the last recession, Amazon wasn't a factor. They were small. Now they're massive, they're huge. They're a big part of the economic equation. What does belt tightening mean? Like what does that mean? Like do customers just go to the marketplace? Do they go, do you guys, so a lot of moving parts now on how they're buying software and they're fine tuning their Cloud too. It's not just eliminate budget, it's fine tune the machine if you will... >> 'make a smarter Cloud. >> Explain this phenomenon, how people are tackling this cost optimization, Cloud optimization. 'Cause they're not going to stop building. >> No. >> This is right sizing and tuning and cutting. >> Yeah, we see, of course with so many customers in so many countries, we have a lot of different views on maturity and we see customers taking the FinOps journey at different paces. But fundamentally what we see is that it's more of an afterthought and coming in at a panic stage rather than building it and engaging with it from the beginning and doing it continuously. And really that's the huge opportunity and AWS is a big believer in this of continued optimization of the Cloud is a confident Cloud. A confident Cloud means you'll do more with it. If you lose confidence in that bill in what how much it's costing you, you're going to retract. And so it's really about making sure all customers know exactly what's in there, how it's optimized, restocking, reformatting applications, getting more out of the microservices and getting more value out the Cloud and that will help them tighten that belt. >> So the euphoric enthusiasm of previous years of building water just fallen the pipes leaving the lights on when you go to bed. I mean that's kind of the mentality. People were not literally I won't say they weren't not paying attention but there was some just keep going we're all good now it's like whoa, whoa. We turn that service off and no one's using it or do automation. So there's a lot more of that mindset emerging. We're hearing that for the first time price performance being mindful of what's on and off common sense basically. >> Yeah, but it's not just that the lights are on and the faucets are open it's also the air condition is running. So the FinOps foundation is estimating that about a third of Cloud spend is waste and that's where FinOps comes in. We can help customers be more efficient in the Cloud and lower their Cloud spend while doing the same or more. >> So, let's dig in a little bit there. How do you apply FinOps when migrating to the Cloud? >> Well, you start with the business case and you're not just looking at infrastructure costs like most people do you ought look at software licensing costs. For example, if you run SQL on-premise you have an enterprise agreement. But if you move it to the Cloud you may actually take a different more favorable licensing agreement and save a lot of money. And these things are hidden. They're not to be seen but they need to be part of the business case. >> When you look at the modernization trend we had an analyst on our session with David Vellante and Zs (indistinct) from ZK Consulting. He had an interesting comment. He said, "Spend more in Cloud to save more." Which is a mindset that doesn't come across right. Wait a minute, spend more, save more. You can do bet right now with the Clouds kind of the the thesis of FinOps, you don't have to cut. Just kind of cut the waste out but still spend and build if you're smart, there's a lot more of that going on. What does that mean? >> I mean, yeah I've got a good example of this is, we're the largest Microsoft provider in the world. And when of course when you move Microsoft workloads to the Cloud, you don't... Maybe you don't want a server, you can go serverless, right? So you may not win a server. Bernd said SQL, right? So, it's not just about putting applications in the Cloud and workloads in the Cloud. It's about modernizing them and then really taking advantage of what you can really do in the Cloud. And I think that's where the customers are still pretty immature. They're still on that journey of throwing stuff in there and then realizing actually they can take way more advantage of what services are in there to reduce the amount and get even more in there. >> Yeah, and so the... You want to say, something? >> How much, just building on the stereotypical image of Cloud customer is the marketing person with a credit card, right? And there are many of them and they all buy their own Cloud and companies have a hard time consolidating the spend pulling it together, even within a country. But across countries across the globe, it's really, really hard. If you pull it all together, you get a better discount. You spend more to save more. >> Yeah, and also there's a human piece. We had an intern two summers ago playing with our Cloud. We're on a Cloud with our media plus stack left a service was playing around doing some tinkering and like, where's this bill? What is this extra $20,000 came from. It just, we left a service on... >> It's a really good point actually. It's something that we see almost every day right now which is customers also not understanding what they've put in the Cloud and what the implications of spikes are. And also therefore having really robust monitoring and processes and having a partner that can look after that for them. Otherwise we've got customers where they've been really shocked about not doing things the right way because they've empowered the business but also not with the maturity that the business needs to have that responsibility. >> And that's a great point. New people coming in and or people being platooned through new jobs are getting used to the Cloud. That's a great point. I got that brings up my security question 'cause this comes up a lot. So that's what's a lot of spend of people dialing up more security. Obviously people try everything with security, every tool, every platform, and throw everything at the problem. How does that impact the FinOps equation? 'Cause Dev SecOps is now part of everything. Okay, moving security at the CICD pipeline, that's cool. Check Cloud native applications, microservices event-based services check. But now you've got more security. How does that factor into the cost side? What you guys look at that can you share your thoughts on how your customers are managing their security posture without getting kind of over the barrel, if you will? >> Since we are at AWS re:Invent, right? We can talk about the well architected framework of AWS and there's six components to it. And there's reliability, there's security cost, performance quality, operational quality and sustainability. And so when we think about migrating apps to the Cloud or modernizing them in the Cloud security is always a table stakes. >> And it has to be, yeah, go ahead. >> I really like what AWS is doing with us on that. We partner very closely on that area. And to give you a parallel example of Microsoft I don't feel very good about that at the moment. We see a lot of customers right now that get hacked and normally it's... >> 'yeah that's such a topic. >> You mean on Azure? >> Yeah, and what happens is that they normally it's a crypto mining script that the customer comes in they come in as the customer get hacked and then they... We saw an incident the other day where we had 2,100 security incidents in a minute where it all like exploded on the customer side. And so that's also really important is that the customer's understanding that security element also who they're letting in and out of their organization and also the responsibility they have if things go bad. And that's also not aware, like when they get hacked, are they responsible for that? Are they not responsible? Is the provider... >> 'shared responsibility? >> Yeah. >> 'well that security data lake the open cybersecurity schema framework. That's going to be very interesting to see how that plays out to your point. >> Absolutely, absolutely. >> Yeah, it is fascinating and it does require a lot of collaboration. What other trends, what other big challenges are you seeing? You're obviously working with customers at incredible scale. What are some of the other problems you're helping them tackle? >> I think we work with customers from SMB all the way up to enterprise and public sector. But what we see is more in the enterprise space. So we see a lot of customers willing to commit a lot to the Cloud based on all the themes that we've set but not commit financially for all the PNLs that they run in all the business units of all the different companies that they may own in different countries. So it's like, how can I commit but not be responsible on the hook for the bill that comes in. And we see this all the time right now and we are working closely with AWS on this. And we see the ability for customers to commit centrally but decentralized billing, decentralized optimization and decentralized FinOps. So that's that educational layer within the business units who owns the PNL where they get that fitness and they own what they're spending but the company is alone can commit to AWS. And I think that's a big trend that we are seeing is centralized commitment but decentralized ownership in that model. >> And that's where the marketplaces kind of fit in as well. >> Absolutely. >> Yeah, yeah. Do you want to add some more on that? >> I mean the marketplace, if you're going to cut your bill you go to the marketplace right there you want single dashboard or your marketplace what's the customer going to do when they're going to tighten their belts? What do they do? What's their workflow, marketplace? What's the process? >> Well, on marketplaces, the larger companies will have a private marketplace with dedicated pricing managed service they can call off. But that's for the software of the shelf. They still have the data centers they still have all the legacy and they need to do the which ones are we going to keep which ones are we going to retire, we repurchase, we license, rehouse, relocate, all of those things. >> That's your wheelhouse. >> It's a three, yes is our wheelhouse. It's a three to five year process for most companies. >> This could be a tailwind for you guys. This is like a good time. >> I mean FinOps is super cool and super hot right now. >> Not that you're biased? (all laughing loudly) >> But look, it's great to see it because well we are the magic quadrant leader in software asset management, which is a pedigree of ours. But we always had to convince customers to do that because they're always worried, oh what you're going to find do I have an audit? Do I have to give Oracles some more money or SAP some more money? So there's always like, you know... >> 'don't, (indistinct). >> How compliant do I really want? >> Is anyone paying attention to this? >> Well FinOps it's all upside. Like it's all upside. And so it's completely flipped. And now we speak to most customers that are building FinOps internally and then they're like, hold on a minute I'm a bank. Why do I have hundred people doing FinOps? And so that's the trend that we've seen because they just get more and more value out of it all the time. >> Well also the key mindset is that the consumption based model of Cloud you mentioned Oracle 'cause they're stuck in that whoa, whoa, whoa, how many servers license and they're stuck in that extortion. And now they got Cloud once you're on a variable, what's the downside? >> Exactly and then you can look at all the applications, see where you can go serverless see where you can go native services all that sort of stuff is all upside. >> And for the major workloads like SAP and Oracle and Microsoft defined that customers save in the millions. >> Well just on that point, those VMware, SAP, these workloads they're being rolled and encapsulated into containers and Kubernetes run times moved into the Cloud, they're being refactored. So that's a whole nother ballgame. >> Yes. Lift and shift usually doesn't save you any money. So that's relocation with containers may save you money but in some cases you have to... >> 'it's more in the Cloud now than ever before. >> Yeah >> Yeah, yeah. >> Before we take him to the challenge portion we have a little quiz for you, or not a quiz, but a little prop for you in a second. I want to talk about your role. You have a very important role at the FinOps Foundation and why don't you tell me more about that? You, why don't you go. >> All right, so yeah I mean we are a founding member of the Finops organization. You can tell I'm super passionate about it as well. >> I wanted to keep that club like a poster boy for FinOps right now. It's great, I love the energy. >> You have some VA down that is going to go up on the table and dance, (all laughing loudly) >> We're ready for it. We're waiting for that performance here on theCUBE this week. I promise I would keep everyone up an alert... >> 'and it's on the post. And our value to the foundation is first of all the feedback we get from all our customers, right? We can bring that back as an organization to that also as one of the founding members. We're one of the only ones that really deliver services and platforms. So we'll work with Cloud health, Cloud ability our own platform as well, and we'll do that. And we have over 200 practitioners completely dedicated to FinOps as well. So, it's a great foundation, they're doing an amazing job and we're super proud to be part of that. >> Yeah, I love that you're contributing to the community as well as supporting it, looking after your customers. All right, so our new tradition here on theCUBE at re:Invent 'cause we're looking for your 32nd Instagram reel hot take sizzle of thought leadership on the number one takeaway most important theme of the show this year Bernd do you want to go first? >> Of the re:Invent show or whatever? >> You can interpret that however you want. We've gotten some unique interpretations throughout the week, so we're probing. >> Everybody's looking for the superpower to do more with less in the Cloud. That will be the theme of 2023. >> Perfect, I love that. 10 seconds, your mic very efficient. You're clearly providing an efficient solution based on that answer. >> I won't that much. That's... (laughing loudly) >> It's the quiz. And what about you Neil? Give us your, (indistinct) >> I'm going to steal your comment. It's exactly what I was thinking earlier. Tech is super resilient and tech is there for customers when they want to invest and modernize and do fun stuff and they're also there for when they want to save money. So we are always like a constant and you see that here. It's like this is... It's always happening here, always happening. >> It is always happening. It really can feel the energy. I hope that the show is just as energetic and fun for you guys. As the last few minutes here on theCUBE has been thank you both for joining us. >> Thanks. >> Thank you very much. >> And thank you all so much for tuning in. I hope you enjoyed this conversation about FinOps, Cloud confidence and all things AWS re:Invent. We're here in Las Vegas, Nevada with John Furrier, my name is Savannah Peterson. You're watching theCUBE, the leader in high tech coverage. (bright upbeat music)

(bright upbeat music) >> In 2011, early Facebook employee and Cloudera co-founder Jeff Hammerbacher famously said, "The best minds of my generation are thinking about how to get people to click on ads, and that sucks!" Let's face it. More than a decade later, organizations continue to be frustrated with how difficult it is to get value from data and build a truly agile and data-driven enterprise. What does that even mean, you ask? Well, it means that everyone in the organization has the data they need when they need it in a context that's relevant to advance the mission of an organization. Now, that could mean cutting costs, could mean increasing profits, driving productivity, saving lives, accelerating drug discovery, making better diagnoses, solving supply chain problems, predicting weather disasters, simplifying processes, and thousands of other examples where data can completely transform people's lives beyond manipulating internet users to behave a certain way. We've heard the prognostications about the possibilities of data before and in fairness we've made progress, but the hard truth is the original promises of master data management, enterprise data warehouses, data marts, data hubs, and yes even data lakes were broken and left us wanting for more. Welcome to The Data Doesn't Lie... Or Does It? A series of conversations produced by theCUBE and made possible by Starburst Data. I'm your host, Dave Vellante, and joining me today are three industry experts. Justin Borgman is the co-founder and CEO of Starburst, Richard Jarvis is the CTO at EMIS Health, and Teresa Tung is cloud first technologist at Accenture. Today, we're going to have a candid discussion that will expose the unfulfilled, and yes, broken promises of a data past. We'll expose data lies: big lies, little lies, white lies, and hidden truths. And we'll challenge, age old data conventions and bust some data myths. We're debating questions like is the demise of a single source of truth inevitable? Will the data warehouse ever have feature parity with the data lake or vice versa? Is the so-called modern data stack simply centralization in the cloud, AKA the old guards model in new cloud close? How can organizations rethink their data architectures and regimes to realize the true promises of data? Can and will an open ecosystem deliver on these promises in our lifetimes? We're spanning much of the Western world today. Richard is in the UK, Teresa is on the West Coast, and Justin is in Massachusetts with me. I'm in theCUBE studios, about 30 miles outside of Boston. Folks, welcome to the program. Thanks for coming on. >> Thanks for having us. >> Okay, let's get right into it. You're very welcome. Now, here's the first lie. The most effective data architecture is one that is centralized with a team of data specialists serving various lines of business. What do you think Justin? >> Yeah, definitely a lie. My first startup was a company called Hadapt, which was an early SQL engine for IDU that was acquired by Teradata. And when I got to Teradata, of course, Teradata is the pioneer of that central enterprise data warehouse model. One of the things that I found fascinating was that not one of their customers had actually lived up to that vision of centralizing all of their data into one place. They all had data silos. They all had data in different systems. They had data on prem, data in the cloud. Those companies were acquiring other companies and inheriting their data architecture. So despite being the industry leader for 40 years, not one of their customers truly had everything in one place. So I think definitely history has proven that to be a lie. >> So Richard, from a practitioner's point of view, what are your thoughts? I mean, there's a lot of pressure to cut cost, keep things centralized, serve the business as best as possible from that standpoint. What does your experience show? >> Yeah, I mean, I think I would echo Justin's experience really that we as a business have grown up through acquisition, through storing data in different places sometimes to do information governance in different ways to store data in a platform that's close to data experts people who really understand healthcare data from pharmacies or from doctors. And so, although if you were starting from a greenfield site and you were building something brand new, you might be able to centralize all the data and all of the tooling and teams in one place. The reality is that businesses just don't grow up like that. And it's just really impossible to get that academic perfection of storing everything in one place. >> Teresa, I feel like Sarbanes-Oxley have kind of saved the data warehouse, right? (laughs) You actually did have to have a single version of the truth for certain financial data, but really for some of those other use cases I mentioned, I do feel like the industry has kind of let us down. What's your take on this? Where does it make sense to have that sort of centralized approach versus where does it make sense to maybe decentralize? >> I think you got to have centralized governance, right? So from the central team, for things like Sarbanes-Oxley, for things like security, for certain very core data sets having a centralized set of roles, responsibilities to really QA, right? To serve as a design authority for your entire data estate, just like you might with security, but how it's implemented has to be distributed. Otherwise, you're not going to be able to scale, right? So being able to have different parts of the business really make the right data investments for their needs. And then ultimately, you're going to collaborate with your partners. So partners that are not within the company, right? External partners. We're going to see a lot more data sharing and model creation. And so you're definitely going to be decentralized. >> So Justin, you guys last, jeez, I think it was about a year ago, had a session on data mesh. It was a great program. You invited Zhamak Dehghani. Of course, she's the creator of the data mesh. One of our fundamental premises is that you've got this hyper specialized team that you've got to go through if you want anything. But at the same time, these individuals actually become a bottleneck, even though they're some of the most talented people in the organization. So I guess, a question for you Richard. How do you deal with that? Do you organize so that there are a few sort of rock stars that build cubes and the like or have you had any success in sort of decentralizing with your constituencies that data model? >> Yeah. So we absolutely have got rockstar data scientists and data guardians, if you like. People who understand what it means to use this data, particularly the data that we use at EMIS is very private, it's healthcare information. And some of the rules and regulations around using the data are very complex and strict. So we have to have people who understand the usage of the data, then people who understand how to build models, how to process the data effectively. And you can think of them like consultants to the wider business because a pharmacist might not understand how to structure a SQL query, but they do understand how they want to process medication information to improve patient lives. And so that becomes a consulting type experience from a set of rock stars to help a more decentralized business who needs to understand the data and to generate some valuable output. >> Justin, what do you say to a customer or prospect that says, "Look, Justin. I got a centralized team and that's the most cost effective way to serve the business. Otherwise, I got duplication." What do you say to that? >> Well, I would argue it's probably not the most cost effective, and the reason being really twofold. I think, first of all, when you are deploying a enterprise data warehouse model, the data warehouse itself is very expensive, generally speaking. And so you're putting all of your most valuable data in the hands of one vendor who now has tremendous leverage over you for many, many years to come. I think that's the story at Oracle or Teradata or other proprietary database systems. But the other aspect I think is that the reality is those central data warehouse teams, as much as they are experts in the technology, they don't necessarily understand the data itself. And this is one of the core tenets of data mesh that Zhamak writes about is this idea of the domain owners actually know the data the best. And so by not only acknowledging that data is generally decentralized, and to your earlier point about Sarbanes-Oxley, maybe saving the data warehouse, I would argue maybe GDPR and data sovereignty will destroy it because data has to be decentralized for those laws to be compliant. But I think the reality is the data mesh model basically says data's decentralized and we're going to turn that into an asset rather than a liability. And we're going to turn that into an asset by empowering the people that know the data the best to participate in the process of curating and creating data products for consumption. So I think when you think about it that way, you're going to get higher quality data and faster time to insight, which is ultimately going to drive more revenue for your business and reduce costs. So I think that that's the way I see the two models comparing and contrasting. >> So do you think the demise of the data warehouse is inevitable? Teresa, you work with a lot of clients. They're not just going to rip and replace their existing infrastructure. Maybe they're going to build on top of it, but what does that mean? Does that mean the EDW just becomes less and less valuable over time or it's maybe just isolated to specific use cases? What's your take on that? >> Listen, I still would love all my data within a data warehouse. I would love it mastered, would love it owned by a central team, right? I think that's still what I would love to have. That's just not the reality, right? The investment to actually migrate and keep that up to date, I would say it's a losing battle. Like we've been trying to do it for a long time. Nobody has the budgets and then data changes, right? There's going to be a new technology that's going to emerge that we're going to want to tap into. There's going to be not enough investment to bring all the legacy, but still very useful systems into that centralized view. So you keep the data warehouse. I think it's a very, very valuable, very high performance tool for what it's there for, but you could have this new mesh layer that still takes advantage of the things I mentioned: the data products in the systems that are meaningful today, and the data products that actually might span a number of systems. Maybe either those that either source systems with the domains that know it best, or the consumer-based systems or products that need to be packaged in a way that'd be really meaningful for that end user, right? Each of those are useful for a different part of the business and making sure that the mesh actually allows you to use all of them. >> So, Richard, let me ask you. Take Zhamak's principles back to those. You got the domain ownership and data as product. Okay, great. Sounds good. But it creates what I would argue are two challenges: self-serve infrastructure, let's park that for a second, and then in your industry, one of the most regulated, most sensitive, computational governance. How do you automate and ensure federated governance in that mesh model that Teresa was just talking about? >> Well, it absolutely depends on some of the tooling and processes that you put in place around those tools to centralize the security and the governance of the data. And I think although a data warehouse makes that very simple 'cause it's a single tool, it's not impossible with some of the data mesh technologies that are available. And so what we've done at EMIS is we have a single security layer that sits on top of our data mesh, which means that no matter which user is accessing which data source, we go through a well audited, well understood security layer. That means that we know exactly who's got access to which data field, which data tables. And then everything that they do is audited in a very kind of standard way regardless of the underlying data storage technology. So for me, although storing the data in one place might not be possible, understanding where your source of truth is and securing that in a common way is still a valuable approach, and you can do it without having to bring all that data into a single bucket so that it's all in one place. And so having done that and investing quite heavily in making that possible has paid dividends in terms of giving wider access to the platform, and ensuring that only data that's available under GDPR and other regulations is being used by the data users. >> Yeah. So Justin, we always talk about data democratization, and up until recently, they really haven't been line of sight as to how to get there, but do you have anything to add to this because you're essentially doing analytic queries with data that's all dispersed all over. How are you seeing your customers handle this challenge? >> Yeah, I mean, I think data products is a really interesting aspect of the answer to that. It allows you to, again, leverage the data domain owners, the people who know the data the best, to create data as a product ultimately to be consumed. And we try to represent that in our product as effectively, almost eCommerce like experience where you go and discover and look for the data products that have been created in your organization, and then you can start to consume them as you'd like. And so really trying to build on that notion of data democratization and self-service, and making it very easy to discover and start to use with whatever BI tool you may like or even just running SQL queries yourself. >> Okay guys, grab a sip of water. After the short break, we'll be back to debate whether proprietary or open platforms are the best path to the future of data excellence. Keep it right there. (bright upbeat music)

>>Hey everyone. Welcome back to the queue of Lisa Martin with Dave Valante and we're live in Vegas. This is snowflake summit, 22, their fourth annual event. A lot of people here, a lot of news, a lot to unpack so far, and this is only day, day one. We've got two guests here with us to talk about, uh, cyber security, a very important topic, please welcome Omar singer the head of cyber security strategy at snowflake and Julie Chilo VP of security at Guild education. Welcome. Thank >>You. Thank you >>For having all of >>Our favorite topics. Yeah. Oh >>One. It's not boring. >>You know this much and you have so much more to learn now. So here >>We go. Cybersecurity is, is not to say it's boring. Not boring is an understatement. Yeah. Omar, I wanna start with you so much news coming out today. Talk to us about what's new with cybersecurity. Workload is snowflakes. Flywheel of innovation just seems to be getting bigger and faster. >>Yeah. Yeah. Well, well, I'll tell you it's been a long road to get to where we are today. Um, my initial role at snowflake was to lead security engineering. So I've actually been using snowflake as the home for security data, basically from day one. And we saw that it worked, it worked really well. And we started hearing from customers that they were dealing with some of the same challenges that we faced as an internal security team. And we decided as snowflake that we wanna bring the benefits of the data cloud to cyber security teams at all of our customers. And that's what the workload is all about. >>Talk to us about the, the voice of the customer. Obviously we saw a lot of customer stories heard your customer. We're gonna be talking about Guild education in a minute, but in the voice of the customer, in terms of being influential, obviously you were an internal customer drinking that champagne like this tastes really good. This is better of the Flaco <laugh>, but how is the voice of the customer influential in terms of the, the cybersecurity workload, as we've seen the threat landscape change so much in the last two years alone? >>Sure, sure. And you know, security, it's a really hard problem. We like to think of it as a data problem. And when you start thinking about it, that way snowflake is re very relevant for it. But many security teams don't yet think about their challenge as a data challenge. And so they're struggling with a very fragmented data landscape. The facts are all over the place and they're not able to ask the kind of questions that they need to understand. Where are my risks? How are the bad guys gonna try to get into my network? And they can't reflect that to leadership to everybody that really cares about cyber security. This is a board level concern today without the unified data and without the analytics. Um, they really can't do any of that. And, and yeah, representing the customer is, is a big part of what I do. And we have great customers like, like Julie, who's been kind of with us on this journey. She's, she's a part of the movement. I mean, Julie, what, what has it been like, uh, for, for you? >>Oh, it's been, uh, it's been game changer for, for Guild for sure. When we first, uh, started, I didn't one, I didn't know this was a concept <laugh> so when I first started talking O me and, um, snowflake, uh, I had just heard through the grapevine that, that you could do, like, this was a thing you could use the data, you could get everything you needed in one place. And, um, it's been game changing for my team. Uh, we, we were in many different security tools. They were all isolated, siloed, and we're now able to move everything into one, uh, one area, uh, and get we're getting close to the one pane of glass, which I, um, I just heard was a mythical concept for >>Security for >>A long time. Yeah. For a long time. Um, so it's, uh, it's just been amazing and it's, uh, brought us closer to our data ops team. So I'm here this week, uh, with somebody from data ops, actually, that's awesome to help us out. >>So can you describe that further? I'm I'm, I'm, I'm amazed and skeptical the, the, the I'm imagining, you know, the Optiv chart that says eight, 8 million security tools on there, are you actually able, uh, describe how you're able to consolidate your tooling? >>So, one of, one of the biggest problem, one of the biggest problems we were facing initially was our SIM, um, the security incident and event management tool could not take anything from our DevSecOps tools. And so any security that we had in a developer pipeline was really isolated to that tool, and we could never get it into a SIM Sims just aren't meant they're not built to handle that they're built to handle, um, not, not really old school networks and, and data center traffic and everything I have is in the cloud. And so we were really, I, everything was isolated. So with snowflake, what we do is we, um, worked with our data ops team. We can move things from, um, like our, our scanning tools for, for the developer pipelines into snowflake. We can use then correlate different things such as, from like eight year ADP. Like if a, do you have somebody pushing code to production who's out on vacation, you can actually do that correlation with snowflake that was never available before. These are things we could never do before. And we're able to, um, just do correlations. You could not get in that you cannot get in a SIM. >>Why couldn't I just throw those into any old, you know, run of the mill cloud data warehouse? >>Well, you know, it's not just the scale, it's the complexity of the data. I think snowflake how we have the, the sche on read and then all of the kind of things that make snowflake really good for other departments turns out, works really well for security. And it's the ecosystem too. Nobody else has this ecosystem approach. You know, you heard on the keynote today that snowflake is the, this disrupting, um, the, the software application development, right? All, all that kind of focus. The tool consolidation doesn't need to mean that you only have one tool you can actually have best of breed, choose the tool you want. As long as the data's consolidated, you're not building more silos. And that's what our partners are doing. They're separating the application from the data. They're bringing the work to the data, and that's what you hear here. So Julie's team can still choose to use a variety of tools that get the job done, but all those tools are working off of the single source of truth. And that, that is unique to what snowflake >>Can enable. So we, we are Reiss. Uh, we should have asked you about Guild education, explain your, your, your organization. >>Oh, what does Guild do? Uh, so we're a late stage startup. Uh, we manage education as a benefit for, for large companies. So we, we house data from very large organizations with like their workforce and, and help students help, help their workforce go back to school. >>Okay. So unpacking some of the things you said, schema on Reed, but not necessarily no schema on, right. It's a little different, right. Because you're ingesting. Yeah. And then you're determining the scheme on read that's right. Right. Okay. So that makes it simple and fast for zoom, but you get data in and then you figure it out, bringing work to data. Can we just double click on that a little bit? Cuz I think when I think about that, we've heard terms like over the years bring compute to the data. That's what Hadoop was supposed to do. And it didn't, you know, it was like, everything was mm-hmm <affirmative> shoved. So what do you mean by that? How, how, what, what actually does that >>Mean? Yeah. So if you think about the traditional SAS solution, the vendor needed to invest in a data center and to have a data platform that would be scalable and robust because their service dependent on it and they couldn't trust that the customer would have that kind of data platform on the customer's side. What Snowflake's data cloud has done has democratized the data platform. So now you have startups to fortune 500 S the vendors, the customers, they're all uneven footing when it comes to the data platform. So now the vendors can say, bring your own snowflake. Why not? You know, and they can focus on building the best application to solve the real challenges that security teams have. But by the way, not only cybersecurity, we see this and for example, the, um, customer data space as well. So we're seeing more and more kind of SaaS industries seeing this approach and the applications are gonna come yeah. To the data platform of choice, uh, for the practitioner. >>Julie, can we talk about some of the outcomes that Guild education has achieved so far by working with this solution in terms of, we look at the threat landscape and how it's changed so much the last couple of years and how it's a matter of if, or sorry, when not, if I get hit with an attack, how, what are some of the key outcomes that a snowflake partnership and technology has enabled you to achieve? >>So the, the biggest one, again, it's around the Def sec ops program, um, where you see so many attacks these days happening in the code base. So you really have to be careful with your, your pipeline where the code's getting moved through, who has access, who can move code into production. Um, and these are so the, like if you're using GitHub or, um, like using a scanning tool called snake, they're, they're separate, like they're completely separate the only way that we can see who's moving code into production, or if there was a vulnerability or somebody turned off, the security tool is to move these logs, this data into snowflake, uh, and our engineering teams were already using snowflake. Uh, so that made it, that was an easy transition for us. I didn't have to go out and convince another team to support us somewhere else, but a great example where we were, we're seeing great, um, savings, not only in people time, but, but for security, um, we were having problems or the security or the <laugh>, the engineers were turning off our secure codes scanner. >>And we didn't find out until a little bit later. Uh, oh yeah. Yeah. So found out we, my team, we had a team, we spent about 160 hours going through a thousand pole requests manually. And I said, no, no more go find the go figure out where this data exists. We put it in a snowflake and we can create an automatic, uh, ping to the security team saying, Hey, they turned off the, the scanner, go check and see what, why did the scanner get turned off? So it's an immediate response from my team instead of finding out two months later. And this is just, isn't something you can do right now. That's you can't set it up. So, um, makes it so easy. Ping goes to slack. We can go to the, immediately to the engineering team and say, why did you >>Using using automation? >>Yeah. Did you, did you turn this off? Why did you turn it off? Get an exception in so one, it like helps with compliance, so we're not messing up our SOC two audit. Uh, and then two, from a security perspective, we are able to, to trust, but verify, um, which is a big part of the DevSecOps landscape, where they need code to move into production. They need a scan to run in under five minutes. My team can't be there to scan, you know, 10, like 10 times a day or a hundred times a day. So we have to automate all of that and then just get information as it comes in. >>Is it accurate to say that, um, you're not like shutting off your tools, you're just taking advantage of them and compressing the time to get value out of them or are you actually reducing the tool sets? >>No, we don't. Well, no, we, our goal wasn't to reduce the tool set. I mean, we did actually get rid of the SIM we were using. Uh, so we were partnering with one of, um, uh, snowflakes partners, um, >>Because yeah, but you still have a SIM, >>We still have it. It's just minimized what goes to the SIM, because most of what I care about, isn't actually going to a SIM. Yeah. It's all the other pieces that are in a cloud because we use all like, we're, we're a hundred percent in the cloud. I don't have servers, I don't have firewalls. We don't have routes routers or switches. So all the things I care about live in a cloud somewhere. And, and I want that information. And so a lot of times, um, especially when it comes to the engineering tools, they were already sending the information to snowflake or they're also interested. And so we're partnering like it's, we're doubling up on the use of the >>Data. Okay. And you couldn't get that outta your SIM. Maybe you're asking your SIM to do too much, or it just didn't deliver. >>No systems are built on search engines. You know, they don't, >>They, they can't do it. >>You kind of knew what you were looking for and you say, Hey, where did I see this? Where did I see that? Very different from data analytics and the kinds of question that security teams really want to ask. These are emergent properties. You need context, you need sequel, you need Python. That's how you ask the questions that security teams really want to ask the legacy Sims. They don't let you ask that kind of question. They weren't built with that in mind. And they're so expensive that by moving off of them, to this approach, you kind of pay for all these other solutions that, that then you can bring on. >>That seems to make the, what you just said. There was brilliant. It seems to make the customer conversation quite easy if they're saying, well, why should I replace my SIM? It's doing just fine. You just nailed it with, with what you said there. >>So, yeah. And we're, and we're seeing that happen extensively. And I'm excited that we have customers here at summit talking about their experience, moving off of a legacy SIM where the security team was off to the side, away from the rest of the company to a unified approach, the SIM and the other security solutions working on top of the snowflake and a collaboration between security and the data >>Team. So what does your security ecosystem look like? You've got SIM partners. Do you have identity access partners, endpoint partner. Absolutely. >>Describe that compliance automation ass. Yeah. We hear about companies really struggling to meet all the compliance requirements. Well, if all the data's already centralized, then I can kind of prove to my auditors and not just once a quarter, but once a day, I can make sure that all the environment is in compliance with whatever standard I have. So we see a lot of that cloud security is another big one because there's just 10 times more things happening in the cloud environment than in the data center. Everything is so heavily instrumented. And so we see cloud security solutions as significant as well. And the identity space, the list goes on and on. We do see the future being the entire security program uses connected applications with a single source of truth in the company's snowflake. And >>Would you say centralized, you, you it's logically centralized, right? I mean, it's virtually centralized, right? It's not, >>Well, that's >>Not shoved into one container, right? >>I mean, it's right. Well, that's the beauty of the data cloud, right? We, everybody that's on the data cloud is able to collaborate. And so whether it's in the same account or table or database, you know, that's really besides the point because all of the platform investments that snowflake is making on cross region, cross cloud collaboration means that once it's in snowflake, then it is unified and can be used together. But >>I think people misunderstand that sometimes. And BEWA made this point, uh, as the Christian about the global nature of, of snowflake and it's globally distributed, but it's logically a data cloud. >>Yeah. I like to call it one big database in the sky. You know, that's how I explain to security teams that are kind of new to the concept, but >>It's not, it's could be a lot of little databases, but it, but having the same framework, the same governance structure, the same security >>You're right. I think that's how it's achieved is what you're describing. You know, I think from the outcome, what the security team needs to know is that when there's some breach hitting the headline and they need to go to their leadership and say, I can assure you, we were not affected. They can be confident in that answer because they have access to the data, wherever it is in the world, they have access to ask you the questions they need to ask. >>And that confidence is critical. These days as that threat landscape just continues to change. Thank you both so much for joining us. Thank you. Talking about from a cyber security perspective, some of the things that are new, new at snowflake, what you guys are doing at Guild education and how you're really transforming the organization with the data cloud, we appreciate your insights. Thank you for having us. Thank you. Thanks you guys for our guests and Dave ante. I'm Lisa Martin. You're watching the queue live from Las Vegas on the show floor of snowflake summit 22. We'll be right back with our next guest.

>> The cube presents, Dell technologies world, brought to you by Dell. >> Hey everyone. Welcome back to the Cube's live coverage of Dell technologies world 2022 from the Venetian in Las Vegas. Lisa Martin here with Dave Valante. Dave, this is our second day. Lots of conversations. We've been talking a lot about apex, multi-cloud, edge, resilience, cyber resilience. >> It is a number one topic actually. I mean, a lot of multi-cloud talk obviously, too. But I think security is the hot topic at the end. >> It is a hot topic and we've got two guests joining us from Dell technologies. We're going to unpack that and talk about some of the great new things they are enabling. Please welcome. One of our alumni, Mihir Maniar, vice president at Dell technologies and Arun Krishnamoorthy, global strategy, resiliency and security at Dell technologies. All right guys, welcome to the program. >> Pleasure, meeting you, Lisa and Dave. >> So ransomware, it's a household term. I'm pretty sure my mom even knows what ransomware is. >> Exactly. >> Legitimately. >> Yeah. >> But I mean, if you look at the numbers, a ransomware attack is happening once every 11 seconds. The numbers, the stats say, you know, an estimated 75% of organizations are going to face an attack, 75% by 2025, it's around the corner. So it's no longer a matter of, are we going to get hit? if we get hit, it's when? and that resiliency and that recovery is absolutely critical. Talk about some of the things there, Dell's comprehensive approach to helping organizations really build resiliency. >> That's a great point. So if you go to see, organizations are going to get hit, if not already, 75% already out there. And then we find that through research, a lot of our customers need a lot of help. They need help because security is really complex. I mean, they have a tough job, right? Because there's so many attacks happening at the same time. One single ransomware incident can cost them on an average 13 million dollars. They have to integrate 50 plus different security vendors to go and build a secured defense in depth, kind of a mechanism. They're liable to the board. At the same time, they have lines of business that are talking about, hey, can you provide me security, but make sure productivity doesn't get impacted. So it's a tough role for them. And that's where Dell services comes in, where our Dell managed security services. We have a full comprehensive suite of offers for our customers to help them, right. To remain secure. And we're focused on the services based on a NIST framework. So I can talk more about the NIST framework as hobby, go about doing. >> There's a lot of talk in the community about, should I pay the ransom? Should they not pay the ransom? And I suppose your advice would be well pay up front and avoid the ransom if you can. Right? >> Absolutely. >> Yeah. Yeah, Dave, what we've seen is the ransomware payment has been very unreliable. We know of many, many examples where either they paid the ransom and they were not able to recover data or they got the decryption keys and the recover process was too slow. So we are all about helping customers understand the risks that they have today and giving them some pragmatic technology solutions. >> Talk about that conversation, where is it, Arun, happening at the customer level as security is a board level conversation. >> Right. >> Are you still talking with the CIOs in lines of business? Who all is involved in really understanding, where all these vulnerabilities are within an organization? >> Yeah, so that's a great question. So we work with CIOs, we work with CSOs, a lot more and the CSOs actually are facing the skills shortage problem. >> Yes. >> That's where they need actually help from, vendors like Dell. And talking about ransomware, if you go to see a NIST framework, it goes all the way from identification of threats to prevention, creating prevention measures with different defense in depth. How do you detect and respond to threats in time. Because time is critical actually and the recovering from threats. So in that whole process, it's better for customers to have the full suite of security services installed, so that they don't end up paying the ransomware eventually, right. To provide their whole defense mechanism. >> So the adversary is very, they're motivated, they're well funded, incredibly sophisticated these days. Okay. So how do you not lose, if you're a customer. What's the playbook that you're helping your customers proceed with? >> Yeah, it's a great, so in the NIST framework, as I mentioned before, services are evolving around, how do you identify the threats that exist in the customer's network? So we provide advisory services and we provide assessment of the customer's vulnerability, that exist so we can detect those vulnerabilities. And then we can build the prevention mechanisms, once you detect those vulnerabilities. This is all about what you cannot see, you can't really defend against. So that's where the whole assessment comes in, where you can go and do a zero trust assessment for the customers, you know, entire infrastructure, and then figure out where those issues lie. So we can go and block those loopholes with the prevention mechanisms. And in prevention mechanisms, actually we have a whole zero trust prevention mechanism. So you can actually go and build out, end to end defense in depth kind of security. >> Arun, before the pandemic, the term zero trust, people would roll their eyes. It was kind of a buzzword and it's becoming sort of a mandate. >> Yeah. >> What does zero trust mean to your customers? How are you helping them achieve it? >> Yeah. So, great question, Dave. A lot of customers think zero trust is a product. It's not. It's a framework. It's a mindset. It helps customer think through what kind of access do I want to give my users, my third party, my customers? Where does my data sit in my environment? Have I configure the right network policies? Have I segmented my network? So it is a collection of different strategies that work across cloud, across data, across network, across applications that interact with each other and what we are helping customers with, understand what that zero trust actually means and how they can translate into actionable technology implementations. >> How do you help customers do that? When we know that, I mean, the average customer has what, seven different backup protection solutions, all alone. If we're talking about like data protection. How do you help them understand, what's in their environment now? If they're talking about protecting applications, users, data, network. What's that conversation? And what's that process like to simplify, their protection so that they really can achieve cyber resilience? >> That's correct. That's a great it question, Lisa. One of the big issues we see with customers is they don't know what they don't know. There's data across multi-cloud, which is great. It enables productivity, but it also is not within the four walls of a data center. So one of the first things we do is identify where customer's data is? Where is their application live? And then we look for blind spots. Are you protecting your SaaS workloads? Are you protecting your endpoints? And we give them a holistic strategy on data protection. And you bring up a great point, a lot of customers have had accidental growth over the years. They started off with one tool and then different business needs drove them to different tools. And maybe now is a good time to evaluate what is your tool set? Can we consolidate it? And reduce the risk in the environment. >> Yeah, I dunno if you guys are be probably familiar with that. I use it a lot, when I write, it's an optive, NSS eye test and it says, here's the security landscape, the taxonomy. It's got to be the most complicated of any, in the business. And so my question is ecosystem, right. You've got to have partners, right. But there's so many choices. How are you helping to solve that problem of consolidating choices and tools? >> That's a great point. So if you look at the zero trust framework, which Lisa, you talked about. In the zero trust framework, we have few things we look at, and that is through Dell's technologies and partner technologies. So we can provide things like secure access, context based, right. So which users can access which applications, identity based. The second one is, which applications can talk to which applications, for micro segmentation, again identity based. And then you have an encryption everywhere. Encryption with data in motion, data in rest. Because encryption is super important to prevent hacks. So, and then you have cloud workloads. We have cloud workload protection. So some of those things, we rely on our partners and some of them actually, we have technologies in the house, like Arun talked about the cyber resilience and the wall that we have in house. So we provide the end-to-end framework for our customers for zero trust, where we can go and identify. We can assess, we can go build it out for them. We can detect and respond with our excellent MDR service, that we came out with last, just last year. So that MDR service allows you to detect attacks and respond automatically using our AI enabled platform that reduces the signal from the noise and allows to prevent these attacks, right, from happening. >> Arun, question for you, as we've seen the proliferation of cyber attacks during the pandemic, we've seen the sophistication increasing, the personalization is increasing. Ransomware is as service is making it, there is no barrier to entry these days. >> Right. >> How has Dell technologies overall, cyber resilience strategy evolved in the last couple of years? I imagine that there's been some silver linings and some accelerations there. >> No, absolutely, Lisa. One of the things we recognized very early on with big cyber attacks going on five years ago, we knew that as much as customers had great technologies to prevent a cyber attack, it was a matter of when, not if, so we created the first purpose built solution to help customers respond and recover from a cyber attack. We created innovative technologies to isolate the data in a cyber wall. We have immutable technologies that lock the data. So they can't be tampered with. And we also build some great intelligence based on AIML. In fact, this is the first and only product in the world that looks it's backup data, does full content indexing and it's able to look for behaviors or patterns in your environment that you could normally not find with signature based detection systems. So it's very revolutionary and we want to help customers not only on the prevention side, which is proactive. We want them to be equally, have a sound strategy on how they would respond and recover from a cyber attack. >> Okay. So there's two pieces there, proactive, and then if and when you get hit, how do you react. And I think about moments in cyber, I mean, Stuxnet was obviously a huge turning point. And then of course the SolarWinds and you see that, the supply chain hacks, you see the island hopping and the living off the land and the stealth moves. So it's almost like, wow, some of these techniques have even been proactive. You're not going to catch them. Right. So you've got to have this, you talked about the NIST framework multilevel, but I mean, customers are aware, obviously everybody, customer you talk to. the SolarWinds, But it seems like, they're still sleeping with one eye open. Like they're really nervous. Right. >> Right. >> And like, we haven't figured it out as an industry yet. And so that's where solutions like this are so critical because you're almost resigning yourself to the fact that while, you may not find it being proactive. >> Yeah. Right. >> But you've got to have, you know, it's like putting tapes in a truck and driving them somewhere. Do you sense that it was a major milestone in the industry? Milestone, negative milestone. And that was a turning point and it was kind of a wake up call for the industry, a new wake up call. What's your sense of how the industry is responding? >> Yeah. I think that's a great point. So if you go to see the verbiage is that it's not, if you're going to get attacked, it's when you're going to get attacked. So the attacks are going to happen no matter what. So that's the reason why the defense in depth and the zero trust framework comes into play. The customers have to have an end-to-end holistic framework, so that they can have, not just the defensive mechanisms, but also detect and respond when the attacks happen. And then as you mentioned, some of them, you just can't catch all of them. So we have excellent incident response and recovery mechanisms. So if the attack happened, it will cause damage. We can do forensics analysis. And on top of that, we can go and recover, like the cyber recovery wall, we can recover that data, make them production again. >> Right. Ready. >> I guess. I'm sorry. What I was trying to ask is, do you think we've understand SolarWinds? Have the industry figured it out? >> Yeah. You know, great question. Right. I think this is where customers have to take a pragmatic approach, on how they do security. And we talk about concepts like intrinsic security. So in other words, you can do a certain activity in your environment and punt the ball to some other team to figure out security, part of what Dell does. You know, you asked the question, right. There's a lot of tools, where do customers start? One of the big values we bring to customers is the initial awareness and just educating customers. Hey, what happened in these watershed moment with these different attacks, right. Wannacry, stuxnet. And how did those customers respond and where did they fail? So let's do some lessons learned with past attacks and let's move forward with some pragmatic solutions. And we usually don't overwhelm our customers with a lot of tools. Let's have a road map. Let's do an incremental build of your security posture. And over time, let's get your entire organization to play with it. >> You talk about awareness, obviously that's critical, but one of the other things that's critical with the cyber threats and the what's going on today is, the biggest threat vector still is people. >> Exactly. >> So talk to me, about out some of the things that you help organizations do. When you're talking about, from an awareness perspective. It's training the people not to open certain links, if they look suspicious, that sort of thing. How involved is Dell technologies with your customers from a strategic perspective about really drilling this into the end users that they've got a lot of responsibility here. >> Yeah, if you go to see phishing is one of the most common attack vectors to go and infiltrate these attacks. So Dell has a whole employee education program that they rolled out. So we all are aware of the fact that clicking on links and phishing, is a risk factor. And we are trying to take that same message to our customers through an employee awareness training service. So we can actually provide education for the employees, from getting these phishing attacks happening. >> Yeah. That's really critical because as I mentioned, we talked about the sophistication, but the personalization, the social engineering is off the church these days. And it's so easy for someone to, especially with all this distractions that we have going on. >> Right. >> If you're working from home and you've got kids at home or dogs barking and whatnot. It's easy to be fooled into something that looks incredibly legitimate. >> Yeah, Yeah. >> You know, you bring another great point, right. You can keep telling people in your environment, don't do things, don't do it. You create a friction, right. We want people to be productive. We want them to use different access to different applications, both in house and in the cloud. So this is where technology comes into play. There are some modern malware defenses that will help customers, identify some of these email phishing, spear phishing. So they are in a better prepared position. And we don't want to curb productivity, but we want to also make a very secure environment where people can work. >> That's a great point is, that it has to be frictionless. >> I do have a question for you guys with respect to SaaS applications. I talk to a lot of customers, using certain SaaS applications who have this sort of, there's a dual responsibility model there, where the SaaS vendor's responsible for the application, protection. But Mr. And miss customer, you're responsible for the data. We are? >> Yeah. >> Are you finding that a lot of organizations are going help. We've got Google workspace, Microsoft 365, Salesforce and it's really incredibly business critical data. Dell technologies help us protect this because this is a vulnerability that we were not aware of. >> Absolutely. And that's why we have the backup service with apex. Where we can actually have SaaS data, which is backed up, using our apex solution for backup recovery. So, yes, that's very critical. We have the end-to-end portfolio for backing it up, having the vault, which is a air gap solution, recovering from it, when you have an attack. And I think the value prop that Dell brings to the table is, we have the client side and we have the data center side, right. With the multi-cloud. So we provide a completely hardened infrastructure where, all the way from supply chain to secure OS, secure bot and secure image. Everything is kind of harden with stick hardening on top of that. And then we have the services layer to go and make sure we can assess the risks. We can detect and respond. We can recover, right. So that we can keep our customers completely secure. That's the value prop that we bring to the table with unmatched scale of Dell services, right. In terms of the scale that we bring to the table, to our customers and help them out. >> Well, it's an interesting opportunity, and it's certainly, from a threats perspective, one that's going to persist, obviously we know that. Great that there's been such a focus from Dell on cyber resiliency for its customers, whether we're talking about multi-cloud, On-Prem, public cloud, SaaS applications, it's critical. It's a techno. It's a solution that every industry has to take advantage of. Guys, thank you so much for joining us. Wish we had more time. I could talk about this all day. >> Yes. >> Thank you. >> Great work going on there. Congratulations on what was going on with apex and the announcement. And I'm sure we'll be hearing more from you in the future. >> Excellent. Thank you, Lisa. >> Thank you very much. >> We are super excited about Dell services and what we can bring for manual security services for our customers. >> Great. >> Excellent. >> Appreciate it. >> Thanks, guys. >> Thank you. >> For our guests and for Dave Valante. I'm Lisa Martin. And You're watching the cube, live from day two of our coverage of Dell technologies world, live from Las Vegas. Dave and I will be right back with our last guest of the day. (upbeat music)

>> The CUBE presents Dell technologies world brought to you by Dell. >> Hey everyone. Welcome back to theCube's live coverage of Dell technologies World 2022 from the Venetian in Las Vegas. Lisa Martin here with Dave Vellante, Dave this is our second day, lots of conversations. We've been talking a lot about APEX, Multi-cloud, edge, resilience, cyber resilience. >> I guess the number one topic actually. I mean, a lot of Multi-cloud talk obviously too, but I think security is the hot topic at the event. >> It is a hot topic, and we've got two guests joining us from Dell technologies. We're going to unpack that and talk about some of the great new things they are enabling. Please welcome. One of our alumni, Mihir Maniar our vice president at Dell technologies and Aaron Krishnmoorthy, global strategy resiliency and security at Dell technologies. Guys, welcome to the program. >> Pleasure meeting you Lisa and Dave. >> So ransomware, it's a household term. I'm pretty sure my mom even knows what ransomware is. >> Exactly. >> Legitimately. But I mean, if you look at the numbers, a ransomware attack is happening once every 11 seconds, the numbers, the stats say, an estimated 75% of organizations are going to face an attack, 75%, by 2025, it's around the corner. So it's no longer a matter of are we going to get hit? If we get hit? It's when? And that resiliency, and that recovery is absolutely critical. Talk about some of the things there, Dell's comprehensive approach to helping organizations really build resiliency. >> That's a great point. So if you go to see organizations are going to get hit, if not already 75% already out there. And then we find that through research, a lot of our customers need a lot of help. They need help because security is really complex. I mean, they have a tough job, because there's so many attacks happening at the same time. One single ransomware incident can cost them on an average $13 million. They have to integrate 50 plus different security vendors to go and build a secured defense in depth, kind of for mechanism, they're liable to the board, at the same time they have lines of business that are talking about, hey, can you provide me, you know, security, but make sure productivity doesn't get impacted. So it's a tough role for them, And that's where Dell services comes in, where our Dell Managed Security Services. We have a full comprehensive suite of offers for our customers to help them to remain secure. And we have focused on the services based on a NEST framework, so I can talk more about the NEST framework as a hobby about, go about doing that. >> There's a lot of talk in the community about should I pay the ransom? Should they not pay the ransom? And I suppose your advice would be, well pay up front and avoid the ransom if you can. >> Absolutely. Yeah. Dave, what we've seen is the ransomware payment has been very unreliable. We know of many, many examples where either they paid the ransom and they were not able to recover data, or they got the decryption keys and the recover process was too slow. So we are all about helping customers understand the risks that they have today, and giving them some pragmatic technology solutions. >> Talk about that conversation. Where is it happening at the customer level, as security is a board level conversation. Are you still talking with the CIOs lines of business, who else is involved in really understanding where all these vulnerabilities are within an organization? >> Yeah. So that's a great question. So we work with CIOs, we work with CSOs a lot more and the CSOs actually are facing the skills shortage problem. >> Yes. >> That's where they need actually help from vendors like Dell. And talking about ransomware, if you go to see a NEST framework, it goes all the way from identification of threats to prevention, creating measures with defense in depth. How do you detect and respond to threats in time? Because time is critical actually. And recovering from threats. So in that whole process, it's better for customers to have the full suite of security services installed, so that they don't end up paying the ransomware eventually. To provide the whole defense mechanism. >> So the adversary is, very, they're motivated. They're well funded, incredibly sophisticated these days. So how do you not lose if you're a customer? What's the playbook that you're helping your customers proceed with? >> Yeah, it's a great, so in the NEST framework as I mentioned before, services are evolving around, how do you identify the threats that exist in the customer's network? So we provide advisory services and we provide assessment of the customer's vulnerabilities that exist, so we can detect those vulnerabilities, and then we can build the prevention mechanisms once we detect those vulnerabilities. It's all about what you cannot see, you can't really defend against. So that's where the whole assessment comes in, where you can go and do a zero trust assessment for the customers entire infrastructure, and then figure out where those issues lie. So we can go and block those loopholes, with the prevention mechanisms. In the prevention mechanisms, actually we have a whole zero trust prevention mechanism. So you can actually go and build out, end to end defense in depth, kind of security. >> Arun, before the pandemic, the term zero trust people would roll their eyes. It was kind of a buzzword, and it's becoming sort of a mandate. What does zero trust mean to your customers? How are you helping them achieve it? >> Yeah. So great question, Dave. A lot of customers think zero trust is a product. It's not, it's a framework, it's a mindset. It helps customer think through, what kind of access do I want to give my users, my third party, my customers? Where does my data sit in my environment? Have I configured the right network policies? Have I segmented my network? So it is a collection of different strategies that work across cloud, across data, across network, across applications that interact with each other and what we are helping customers with understand what that zero trust actually means and how they can translate into actionable technology implementations. >> What do you help customers do that when we know that, I mean, the average customer has what? Seven different backup protection solutions alone, if we're talking about like data protection. How do you help them understand what's in their environment now? If they're talking about protecting applications, users, data, network, what's that conversation? And what's that process like to simplify their protection so that they really can achieve cyber resilience? >> That's correct. That's a great question, Lisa. One of the big issues we see with customers, is they don't know what they don't know. There's data across multi-cloud, which is great, it enables productivity, but it also is not within the four walls of a data center. So one of the first things we do is identify where customer's data is, where is their application live? And then we look for blind spots. Are you protecting your SaaS workloads? Are you protecting your endpoints? And we give them a holistic strategy on data protection and you bring up a great point. A lot of customers have had accidental growth over the years. They started off with one tool and then different business needs drove them to different tools. Maybe now is a good time to evaluate what is your tool set, can we consolidate it and reduce the risk in the environment. >> Yeah, I dunno if you guys are probably familiar with that. I use it a lot when I write, it's an Optive chart and it's this eye test and it says here's this security landscape that taxonomy it's got to be the most complicated of any in the business. And so my question is ecosystem, you've got to have partners. But there's so many choices, how are you helping to solve that problem of consolidating choices and tools? >> That's a great point. So if you look at the zero trust framework which Lisa you talked about, in the zero trust framework, we have few things we look at, that is through Dell's technologies and partner technologies. So we can provide things like secure access, context based. So which users can access which applications. Identity based, the second one is which applications can talk to which applications for micro segmentation. Again, identity based. And then you have encryption everywhere, encryption with data and motion data and rest. Encryption is super important to prevent hacks. So, and then you have cloud workloads, we have cloud workload protection. So some of those things, we rely on our partners and some of them actually we have technologies in house I was like Arun talked about the cyber resilience and the world that we have in house. So we provide the end-to-end framework for our customer for zero trust, where we can go and identify, we can assess, we can go build it out for them. We can detect and respond with our excellent MDR service that we came out with last, just last year. So that MDR service allows you to detect attacks and respond automatically using our AI and ML platform, that reduces the signal from the noise and allows to prevent these attacks from happening. >> Arun, question for you as we've seen the proliferation of cyber attacks during the pandemic, we've seen the sophistication increasing, the personalization is increasing. Ransomware as a service is making it, there is no barrier to entry these days. How has Dell technologies overall cyber resilience strategy evolved in the last couple of years? I imagine that there's been some silver linings and some accelerations there. >> Yeah, absolutely Lisa. One of the things we recognized very early on when big cyber attacks going on five years ago, we knew that at as much as customers had great technologies to prevent a cyber attack, it was a matter of when, not if. So we created the first purpose built solution to help customers respond and recover from a cyber attack. We created innovative technologies to isolate the data in a cyber wall. We have imutable technologies that lock the data, so they can't be tampered with. And we also build some great intelligence based on IML. In fact, this is the first and only product in the world that looks at backup data, does full content indexing, and it's able to look for behaviors or patterns in your environment that you could normally not find with signature based detection systems. So it's very revolutionary and we want to help customers not only on the prevention side, which is proactive. We want them to be equally, have a sound strategy on how they would respond and recover from a cyber attack. >> So there's two pieces there, proactive, and then if, and when you get hit, how do you react? And I think about moments in cyber, I mean Stuxnet was obviously a huge turning point. And then of course the solar winds. And you see that the supply chain hacks, you see the island hopping and the living off the land and the stealth moves. So, it's almost like wow, some of these techniques have even being proactive, you're not going to catch 'em. So you've got to have this, you talked about the NEST framework multi-level, but I mean customers are aware, obviously everybody customer you talk to the solar winds, blah, blah. But it seems like they're still sleeping with one eye open. Like they're really nervous. And like we haven't figured it out as an industry yet. And so that's where solutions like this are so critical because you're almost resigning yourself to the fact that, well, you may not find it being proactive. >> Yeah, right. >> But you've got to have, the last, it's like putting tapes in a truck and driving them somewhere. What do you? Do you sense that it was a major milestone in the industry, milestone, negative milestone and that was a turning point and it was kind of a wake up call for the industry, a new wake up call. What's your sense of how the industry is responding? >> Yeah, I think that's a great point. So if you go to see the verbiages that it's not, if you're going to get attacked, it's when you're going to get attacked. So the attacks are going to happen no matter what. So that's the reason why the defense in depth and the zero test framework comes into play, where customers have to have an end-to-end holistic framework, so that they can have not just an defensive mechanisms, but also detect and respond when the attacks happen. And then as you mentioned, some of them, you just can't catch all of them. So we have excellent incident response and recovery mechanisms. So if the attack happened, it will cause damage. We can do forensics analysis. And on top of that, we can go and recover like the cyber recovery wall. We can recover that data and them production again, ready. >> I guess, I'm sorry. What I was trying to ask is, do you think we've understand solar winds, have the industry figured it out? >> Yeah, great question. I think this is where customers have to take a pragmatic approach on how they do security. And we talk about concepts like intrinsic security. So in other words, you can do a certain activity in your environment and punt the ball to some other team to figure out security. Part of what Dell does, you asked the question, there's a lot of tools, where do customers start? One of the big values we bring to customers is the initial awareness and just educating customers. Hey, what happened in these water-shed moment, in with these different attacks. Wannacry, Stuxnet, and how did those customers respond and where did they fail? So let's do some lessons learned with past attacks and let's move forward with some pragmatic solutions. And, we usually don't overwhelm our customers with a lot of tools. Let's have a roadmap, let's do an incremental build of your security posture. And over time, let's get your enter organization to play with it. >> You talk about awareness, obviously that's critical, but one of the other things that's critical with the cyber threats and the what's going on today is the biggest threat venture still is people. >> Exactly. >> So talk to us about some of the things that you help organizations do. When you're talking about the from an awareness perspective, it's training the people not to open certain links if they look suspicious, that sort of thing. How involved is Dell technologies with your customers from a strategic perspective about really drilling this into the end users that they've got a lot of responsibility here? >> Yeah, if you go to see phishing is one of the most common attack vectors to go and infiltrate these attacks. So Dell has a whole employee education program that they rolled out. So we all are aware of the fact, that clicking on links and phishing is a risk factor. And we are trying to take that same message to our customers through an employee awareness training service. So we can actually provide education for the employees from getting these phishing attacks happening. >> Yeah, that's really critical because as I mentioned, we talked about the sophistication, but the personalization, the social engineering is off the charts these days. And it's so easy for someone to, especially with with all this distractions that we have going on, if you're working from home and you've got kids at home or dogs barking and whatnot, it's easy to be fooled into something that looks incredibly legitimate. >> You bring another great point. You can keep tell people in your environment don't do things, don't do it. You create a friction. We want people to be productive. We want them to use different access to different applications, both inhouse and in the cloud. So this is where technology comes into play. There are some modern malware defenses that will help customers identify some of these email phishing, spear phishing. So they are in a better prepared position. And we don't want to curb productivity, but we want to also make, a very secure environment where people can. >> That's a great point is it has to be frictionless. I do have a question for you guys with respect to SaaS applications. I talk to a lot of customers using certain SaaS applications who have this sort of, there's a, a dual responsibility model there, where the SaaS vendors responsible for the application protection. But Mr. and Miss customer, you're responsible for the data, we are. Are you finding that a lot of organizations are going help. We've got, Google workspace, Microsoft 365, Salesforce, that, and it's really incredibly business critical to data. Dell technologies help us protect this, because this is on vulnerability that we were not aware of. >> Absolutely, and that's why we have the backup service with APEX, where we can actually have stats, data which is backed up using IEX solution for backup recovery. So, yes, that's very critical. We have the end to end portfolio for backing it up, having the vault, which is a air gap solution, recovering from it when you have an attack. And I think the value prop that Dell brings to the table is we have the client side and we have the data center side, With the Multi-cloud. So we provide a completely hardened infrastructure, where we all the way from supply chain to secure OS, secure boot and secure image. Everything is kind of hardened with stick hardening on top of that. And then we have the services layer to go and make sure we can assess the risks, we can detect and respond, we can recover. So that we can keep our customers completely secure. That's the value prop that we bring to the table with unmatched scale of Dell services. In terms of the scale that we bring to the table to our customers and help them out. >> It's an interesting opportunity. And it's certainly from a threats perspective, one that's going to persist. Obviously we know that, great that there's been such a focus from Dell on cyber resiliency for its customers, whether we're talking about multi-cloud OnPrem, public cloud, SaaS applications, it's critical. It's a techno, it's a solution that every industry has to take advantage of guys. Thank you so much for joining us. I wish we had more time. I could talk about this all day. >> Thank you. >> Great work going on there. Congratulations on what was going on with APEX and the announcement, and I'm sure we'll be hearing more from you in the future. >> Excellent. Thank you, Lisa. We are super excited about Dell services and what we can bring for managed security services for our customers. >> Excellent. >> Appreciate it. >> Thanks guys. >> Thank you. >> For our guests and for Dave Vellante. I'm Lisa Martin, you're watching theCube live from day two of our coverage of Dell technologies World, live from Las Vegas. Dave and I will be right back with our last guest of the day. (gentle music)

(calm music)- Hello, and welcome to this CUBE conversation here in Palo Alto, California in theCUBE Studios, I'm John Furrier, host of theCUBE. We are here with the hot startup really working on some real, super important security technology for the cloud, great company, Orca Security, Avi Shua, CEO, and co founder. Avi, thank you for coming on theCUBE and share your story >> Thanks for having me. >> So one of the biggest problems that enterprises and large scale, people who are going to the cloud and are in the cloud and are evolving with cloud native, have realized that the pace of change and the scale is a benefit to the organizations for the security teams, and getting that security equation, right, is always challenging, and it's changing. You guys have a solution for that, I really want to hear what you guys are doing. I like what you're talking about. I like what you're thinking about, and you have some potentially new technologies. Let's get into it. So before we get started, talk about what is Orca Security, what do you guys do? What problem do you solve? >> So what we invented in Orca, is a unique technology called site scanning, that essentially enables us to connect to any cloud environment in a way which is as simple as installing a smartphone application and getting a full stack visibility of your security posture, meaning seeing all of the risk, whether it's vulnerability, misconfiguration, lateral movement risk, work that already been compromised, and more and more, literally in minutes without deploying any agent, without running any network scanners, literally with no change. And while it sounds to many of us like it can't happen, it's snake oil, it's simply because we are so used to on premise environment where it simply wasn't possible in physical server, but it is possible in the cloud. >> Yeah, and you know, we've had many (indistinct) on theCUBE over the years. One (indistinct) told us that, and this is a direct quote, I'll find the clip and share it on Twitter, but he said, "The cloud is more secure than on premise, because it's more changes going on." And I asked him, "Okay, how'd you do?" He says, "It's hard, you got to stay on top of it." A lot of people go to the cloud, and they see some security benefits with the scale. But there are gaps. You guys are building something that solves those gaps, those blind spots, because of things are always changing, you're adding more services, sometimes you're integrating, you now have containers that could have, for instance, you know, malware on it, gets introduced into a cluster, all kinds of things can go on in a cloud environment, that was fine yesterday, you could have a production cluster that's infected. So you have all of these new things. How do you figure out the gaps and the blind spots? That's what you guys do, I believe, what are the gaps in cloud security? Share with us. >> So definitely, you're completely correct. You know, I totally agree the cloud can be dramatically more secluded on-prem. At the end of the day, unlike an on-prem data center, where someone can can plug a new firewall, plug a new switch, change things. And if you don't instrument, it won't see what's inside. This is not possible in the cloud. In the cloud it's all code. It's all running on one infrastructure that can be used for the instrumentation. On the other hand, the cloud enabled businesses to act dramatically faster, by say dramatically, we're talking about order of magnitude faster, you can create new networks in matter of minutes, workloads can come and go within seconds. And this creates a lot of changes that simply haven't happened before. And it involves a lot of challenges, also from security instrumentation point of view. And you cannot use the same methodologies that you used for the on-prem because if you use them, you're going to lose, they were a compromise, that worked for certain physics, certain set of constraints that no longer apply. And our thesis is that essentially, you need to use the capabilities of the cloud itself, for the instrumentation of everything that can runs on the cloud. And when you do that, by definition, you have full coverage, because if it's run on the cloud, it can be instrumented on cloud, this essentially what Docker does. And you're able to have this full visibility for all of the risks and the importance because all of them, essentially filter workload, which we're able to analyze. >> What are some of the blind spots in the public cloud, for instance. I mean, that you guys are seeing that you guys point out or see with the software and the services that you guys have. >> So the most common ones are the things that we have seen in the last decades. I don't think they are materially different simply on steroids. We see things, services that are launched, nobody maintained for years, using things like improper segmentation, that everyone have permission to access everything. And therefore if one environment is breached, everything is breached. We see organization where something goes dramatically hardened. So people find a way to a very common thing is that, and now ever talks about CIM and the tightening their permission and making sure that every workload have only the capabilities that they need. But sometimes developers are a bit lazy. So they'll walk by that, but also have keys that are stored that can bypass the entire mechanism that, again, everyone can do everything on any environment. So at the end of the day, I think that the most common thing is the standard aging issues, making sure that your environment is patched, it's finger tightened, there is no alternative ways to go to the environment, at scale, because the end of the day, they are destined for security professional, you need to secure everything that they can just need to find one thing that was missed. >> And you guys provide that visibility into the cloud. So to identify those. >> Exactly. I think one of the top reasons that we implemented Orca using (indistinct) technology that I've invented, is essentially because it guarantees coverage. For the first time, we can guarantee you that if you scan it, that way, we'll see every instance, every workload, every container, because of its running, is a native workload, whether it's a Kubernetes, whether it's a service function, we see it all because we don't rely on any (indistinct) integration, we don't rely on friction within the organization. So many times in my career, I've been in discussion with customer that has been breached. And when we get to the core of the issue, it was, you couldn't, you haven't installed that agent, you haven't configured that firewall, the IPS was not up to date. So the protections weren't applied. So this is technically true, but it doesn't solve the customer problem, which is, I need the security to be applied to all of my environment, and I can't rely on people to do manual processes, because they will fail. >> Yeah, yeah. I mean, it's you can't get everything now and the velocity, the volume of activity. So let me just get this right, you guys are scanning container. So the risk I hear a lot is, you know, with Kubernetes, in containers is, a fully secure cluster could have a container come in with malware, and penetrate. And even if it's air gapped, it's still there. So problematic, you would scan that? Is that how it would work? >> So yes, but so for nothing but we are not scanning only containers, the essence of Orca is scanning the cloud environment holistically. We scan your cloud configuration, we scan your Kubernetes configuration, we scan your Dockers, the containers that run on top of them, we scan the images that are installed and we scan the permission that these images are one, and most importantly, we combined these data points. So it's not like you buy one solution that look to AWS configuration, is different solution that locate your virtual machines at one cluster, another one that looks at your cluster configuration. Another one that look at a web server and one that look at identity. And then you have resolved from five different tools that each one of them claims that this is the most important issue. But in fact, you need to infuse the data and understand yourself what is the most important items or they're correlated. We do it in an holistic way. And at the end of the day, security is more about thinking case graphs is vectors, rather than list. So it is to tell you something like this is a container, which is vulnerable, it has permission to access your sensitive data, it's running on a pod that is indirectly connected to the internet to this load balancer, which is exposed. So this is an attack vector that can be utilized, which is just a tool that to say you have a vulnerable containers, but you might have hundreds, where 99% of them are not exposed. >> Got it, so it's really more logical, common sense vectoring versus the old way, which was based on perimeter based control points, right? So is that what I get? is that right is that you're looking at it like okay, a whole new view of it. Not necessarily old way. Is that right? >> Yes, it is right, we are looking at as one problem that is entered in one tool that have one unified data model. And on top of that, one scanning technology that can provide all the necessary data. We are not a tool that say install vulnerability scanner, install identity access management tools and infuse all of the data to Orca will make sense, and if you haven't installed the tools to you, it's not our problem. We are scanning your environment, all of your containers, virtual machine serverless function, cloud configuration using guard technology. When standard risk we put them in a graph and essentially what is the attack vectors that matter for you? >> The sounds like a very promising value proposition. if I've workloads, production workloads, certainly in the cloud and someone comes to me and says you could have essentially a holistic view of your security posture at any given point in that state of operations. I'm going to look at it. So I'm compelled by it. Now tell me how it works. Is there overhead involved? What's the cost to, (indistinct) Australian dollars, but you can (indistinct) share the price to would be great. But like, I'm more thinking of me as a customer. What do I have to do? What operational things, what set up? What's my cost operationally, and is there overhead to performance? >> You won't believe me, but it's almost zero. Deploying Orca is literally three clicks, you just go log into the application, you give it the permission to read only permission to the environment. And it does the rest, it doesn't run a single awkward in the environment, it doesn't send a single packet. It doesn't create any overhead we have within our public customer list companies with a very critical workloads, which are time sensitive, I can quote some names companies like Databricks, Robinhood, Unity, SiteSense, Lemonade, and many others that have critical workloads that have deployed it for all of the environment in a very quick manner with zero interruption to the business continuity. And then focusing on that, because at the end of the day, in large organization, friction is the number one thing that kills security. You want to deploy your security tool, you need to talk with the team, the team says, okay, we need to check it doesn't affect the environment, let's schedule it in six months, in six months is something more urgent then times flybys and think of security team in a large enterprise that needs to coordinate with 500 teams, and make sure it's deployed, it can't work, Because we can guarantee, we do it because we leverage the native cloud capabilities, there will be zero impact. This allows to have the coverage and find these really weak spot nobody's been looking at. >> Yeah, I mean, this having the technology you have is also good, but the security teams are burning out. And this is brings up the cultural issue we were talking before we came on camera around the cultural impact of the security assessment kind of roles and responsibilities inside companies. Could you share your thoughts on this because this is a real dynamic, the people involved as a people process technology, the classic, you know, things that are impacted with digital transformation. But really the cultural impact of how developers push code, the business drivers, how the security teams get involved. And sometimes it's about the security teams are not under the CIO or under these different groups, all kinds of impacts to how the security team behaves in context to how code gets shipped. What's your vision and view on the cultural impact of security in the cloud. >> So, in fact, many times when people say that the cloud is not secure, I say that the culture that came with the cloud, sometimes drive us to non secure processes, or less secure processes. If you think about that, only a decade ago, if an organization could deliver a new service in a year, it would be an amazing achievement, from design to deliver. Now, if an organization cannot ship it, within weeks, it's considered a failure. And this is natural, something that was enabled by the cloud and by the technologies that came with the cloud. But it also created a situation where security teams that used to be some kind of a checkpoint in the way are no longer in that position. They're in one end responsible to audit and make sure that things are acting as they should. But on the other end, things happen without involvement. And this is a very, very tough place to be, nobody wants to be the one that tells the business you can't move as fast as you want. Because the business want to move fast. So this is essentially the friction that exists whether can we move fast? And how can we move fast without breaking things, and without breaking critical security requirements. So I believe that security is always about a triode, of educate, there's nothing better than educate about putting the guardrails to make sure that people cannot make mistakes, but also verify an audit because there will be failures in even if you educate, even if you put guardrails, things won't work as needed. And essentially, our position within this, triode is to audit, to verify to empower the security teams to see exactly what's happening, and this is an enabler for a discussion. Because if you see what are the risks, the fact that you have, you know, you have this environment that hasn't been patched for a decade with the password one to six, it's a different case, then I need you to look at this environment because I'm concerned that I haven't reviewed it in a year. >> That's exactly a great comment. You mentioned friction kills innovation earlier. This is one friction point that mismatch off cadence between ownership of process, business owners goals of shipping fast, security teams wanting to be secure. And developers just want to write code faster too. So productivity, burnout, innovation all are a factor in cloud security. What can a company do to get involved? You mentioned easy to deploy. How do I work with Orca? You guys are just, is it a freemium? What is the business model? How do I engage with you if I'm interested in deploying? >> So one thing that I really love about the way that we work is that you don't need to trust a single word I said, you can get a free trial of Orca at website orca.security, one a scan on your cloud environment, and see for yourself, whether there are critical ways that were overlooked, whether everything is said and there is no need for a tool or whether they some areas that are neglected and can be acted at any given moment (indistinct) been breached. We are not a freemium but we offer free trials. And I'm also a big believer in simplicity and pricing, we just price by the average number workload that you have, you don't need to read a long formula to understand the pricing. >> Reducing friction, it's a very ethos sounds like you guys have a good vision on making things easy and frictionless and sets that what we want. So maybe I should ask you a question. So I want to get your thoughts because a lot of conversations in the industry around shifting left. And that's certainly makes a lot of sense. Which controls insecurity do you want to shift left and which ones you want to shift right? >> So let me put it at, I've been in this industry for more than two decades. And like any industry every one's involved, there is a trend and of something which is super valuable. But some people believe that this is the only thing that you need to do. And if you know Gartner Hype Cycle, at the beginning, every technology is (indistinct) of that. And we believe that this can do everything and then it reaches (indistinct) productivity of the area of the value that it provides. Now, I believe that shifting left is similar to that, of course, you want to shift left as much as possible, you want things to be secure as they go out of the production line. This doesn't mean that you don't need to audit what's actually warning, because everything you know, I can quote, Amazon CTO, Werner Vogels about everything that can take will break, everything fails all the time. You need to assume that everything will fail all the time, including all of the controls that you baked in. So you need to bake as much as possible early on, and audit what's actually happening in your environment to find the gaps, because this is the responsibility of security teams. Now, just checking everything after the fact, of course, it's a bad idea. But only investing in shifting left and education have no controls of what's actually happening is a bad idea as well. >> A lot of people, first of all, great call out there. I totally agree, shift left as much as possible, but also get the infrastructure and your foundational data strategies, right and when you're watching and auditing. I have to ask you the next question on the context of the data, right, because you could audit all day long, all night long. But you're going to have a pile of needles looking for haystack of needles, as they say, and you got to have context. And you got to understand when things can be jumped on. You can have alert fatigue, for instance, you don't know what to look at, you can have too much data. So how do you manage the difference between making the developers productive in the shift left more with the shift right auditing? What's the context and (indistinct)? How do you guys talk about that? Because I can imagine, yeah, it makes sense. But I want to get the right alert at the right time when it matters the most. >> We look at risk as a combination of three things. Risk is not only how pickable the lock is. If I'll come to your office and will tell you that you have security issue, is that they cleaning, (indistinct) that lock can be easily picked. You'll laugh at me, technically, it might be the most pickable lock in your environment. But you don't care because the exposure is limited, you need to get to the office, and there's nothing valuable inside. So I believe that we always need to take, to look at risk as the exposure, who can reach that lock, how easily pickable this lock is, and what's inside, is at your critical plan tools, is it keys that can open another lock that includes this plan tools or just nothing. And when you take this into context, and the one wonderful thing about the cloud, is that for the first time in the history of computing, the data that is necessary to understand the exposure and the impact is in the same place where you can understand also the risk of the locks. You can make a very concise decision of easily (indistinct) that makes sense. That is a critical attack vector, that is a (indistinct) critical vulnerability that is exposed, it is an exposed service and the service have keys that can download all of my data, or maybe it's an internal service, but the port is blocked, and it just have a default web server behind it. And when you take that, you can literally quantize 0.1% of the alert, even less than that, that can be actually exploited versus device that might have the same severity scores or sound is critical, but don't have a risk in terms of exposure or business impact. >> So this is why context matters. I want to just connect what you said earlier and see if I get this right. What you just said about the lock being picked, what's behind the door can be more keys. I mean, they're all there and the thieves know, (indistinct) bad guys know exactly what these vectors are. And they're attacking them. But the context is critical. But now that's what you were getting at before by saying there's no friction or overhead, because the old way was, you know, send probes out there, send people out in the network, send packers to go look at things which actually will clutter the traffic up or, you know, look for patterns, that's reliant on footsteps or whatever metaphor you want to use. You don't do that, because you just wire up the map. And then you put context to things that have weights, I'm imagining graph technologies involved or machine learning. Is that right? Am I getting that kind of conceptually, right, that you guys are laying it out holistically and saying, that's a lock that can be picked, but no one really cares. So no one's going to pick and if they do, there's no consequence, therefore move on and focus energy. Is that kind of getting it right? Can you correct me where I got that off or wrong? >> So you got it completely right. On one end, we do the agentless deep assessment to understand your workloads, your virtual machine or container, your apps and service that exists with them. And using the site scanning technology that some people you know, call the MRI for the cloud. And we build the map to understand what are connected to the security groups, the load balancer, the keys that they hold, what these keys open, and we use this graph to essentially understand the risk. Now we have a graph that includes risk and exposure and trust. And we use this graph to prioritize detect vectors that matters to you. So you might have thousands upon thousands of vulnerabilities on servers that are simply internal and these cannot be manifested, that will be (indistinct) and 0.1% of them, that can be exploited indirectly to a load balancer, and we'll be able to highlight these one. And this is the way to solve alert fatigue. We've been in large organizations that use other tools that they had million critical alerts, using the tools before Orca. We ran our scanner, we found 30. And you can manage 30 alerts if you're a large organization, no one can manage a million alerts. >> Well, I got to say, I love the value proposition. I think you're bringing a smart view of this. I see you have the experience there, Avi and team, congratulations, and it makes sense of the cloud is a benefit, it can be leveraged. And I think security being rethought this way, is smart. And I think it's being validated. Now, I did check the news, you guys have raised significant traction as valuation certainly raised around the funding of (indistinct) 10 million, I believe, a (indistinct) Funding over a billion dollar valuation, pushes a unicorn status. I'm sure that's a reflection of your customer interaction. Could you share customer success that you're having? What's the adoption look like? What are some of the things customers are saying? Why do they like your product? Why is this happening? I mean, I can connect the dots myself, but I want to hear what your customers think. >> So definitely, we're seeing huge traction. We grew by thousands of percent year over year, literally where times during late last year, where our sales team, literally you had to wait two or three weeks till you managed to speak to a seller to work with Orca. And we see the reasons as organization have the same problems that we were in, and that we are focusing. They have cloud environments, they don't know their security posture, they need to own it. And they need to own it now in a way which guarantees coverage guarantees that they'll see the important items and there was no other solution that could do that before Orca. And this is the fact. We literally reduce deployment (indistinct) it takes months to minutes. And this makes it something that can happen rather than being on the roadmap and waiting for the next guy to come and do that. So this is what we hear from our customers and the basic value proposition for Orca haven't changed. We're providing literally Cloud security that actually works that is providing full coverage, comprehensive and contextual, in a seamless manner. >> So talk about the benefits to customers, I'll give you an example. Let's just say theCUBE, we have our own cloud. It's growing like crazy. And we have a DevOps team, very small team, and we start working with big companies, they all want to know what our security posture is. I have to go hire a bunch of security people, do I just work with Orca, because that's the more the trend is integration. I just was talking to another CEO of a hot startup and the platform engineering conversations about people are integrating in the cloud and across clouds and on premises. So integration is all about posture, as well, too I want to know, people want to know who they're working with. How does that, does that factor into anything? Because I think, that's a table stakes for companies to have almost a posture report, almost like an MRI you said, or a clean (indistinct) health. >> So definitely, we are both providing the prioritized risk assessment. So let's say that your cloud team want to check their security, the cloud security risk, they'll will connect Orca, they'll see the (indistinct) in a very, very clear way, what's been compromised (indistinct) zero, what's in an imminent compromise meaning the attacker can utilize today. And you probably want to fix it as soon as possible and things that are hazardous in terms that they are very risky, but there is no clear attack vectors that can utilize them today, there might be things that combining other changes will become imminent compromise. But on top of that, when standard people also have compliance requirements, people are subject to a regulation like PCI CCPA (indistinct) and others. So we also show the results in the lens of these compliance frameworks. So you can essentially export a report showing, okay, we were scanned by Orca, and we comply with all of these requirements of SOC 2, etc. And this is another value proposition of essentially not only showing it in a risk lens, but also from the compliance lens. >> You got to be always on with security and cloud. Avi, great conversation. Thank you for sharing nice knowledge and going deep on some of the solution and appreciate your conversation. Thanks for coming on. >> Thanks for having me. >> Obviously, you are CEO and co founder of Orca Security, hot startup, taking on security in the cloud and getting it right. I'm John Furrier with theCUBE. Thanks for watching. (calm music)

>> Live, from Las Vegas, it's theCUBE covering UiPath Forward Americas 2019. Brought to you by UiPath. >> Welcome back to the Bellagio in Las Vegas, everybody. You're watching theCUBE, the leader in live tech coverage. My name is Dave Vellante. Day one of UiPath Forward III, hashtag UiPathForward. Elena Christopher is here. She's the senior vice president at HFS Research, and Elena, I'm going to recruit you to be my co-host here. >> Co-host! >> On this power panel. Jean Youngers here, CUBE alum, VP, a Six Sigma Leader at Security Benefit. Great to see you again. >> Thank you. >> Dave: And Amy Chandler, who is the Assistant Vice President and Director of Internal Controls, also from Security Benefit. >> Hello. >> Dave: Thanks for coming on theCUBE. >> Thank you. >> Alright Elena, let's start off with you. You follow this market, you have for some time, you know HFS is sort of anointed as formulating this market place, right? >> Elena: We like to think of ourselves as the voice-- >> You guys were early on. >> The voice of the automation industry. >> So, what are you seeing? I mean, process automation has been around forever, RPA is a hot recent trend, but what are you seeing the last year or two? What are the big trends and rip currents that you see in the market place? >> I mean, I think one of the big trends that's out there, I mean, RPA's come on to the scene. I like how you phrase it Dave, because you refer to it as, rightly so, automation is not new, and so we sort of say the big question out there is, "Is RPA just flavor of the month?" RPA is definitely not, and I come from a firm, we put out a blog earlier this year called "RPA is dead. Long live automation." And that's because, when we look at RPA, and when we think about what it's impact is in the market place, to us the whole point of automation in any form, regardless of whether it's RPA, whether it be good old old school BPM, whatever it may be, it's mission is to drive transformation, and so the HFS perspective, and what all of our research shows and sort of justifies that the goal is, what everyone is striving towards, is to get to that transformation. And so, the reason we put out that piece, the "RPA is dead. Long live integrated automation platforms" is to make the point that if you're not- 'cause what does RPA allow? It affords an opportunity for change to drive transformation so, if you're not actually looking at your processes within your company and taking this opportunity to say, "What can I change, what processes are just bad, "and we've been doing them, I'm not even sure why, "for so long. What can we transform, "what can we optimize, what can we invent?" If you're not taking that opportunity as an enterprise to truly embrace the change and move towards transformation, that's a missed opportunity. So I always say, RPA, you can kind of couch it as one of many technologies, but what RPA has really done for the market place today, it's given business users and business leaders the realization that they can have a role in their own transformation. And that's one of the reasons why it's actually become very important, but a single tool in it's own right will never be the holistic answer. >> So Jean, Elena's bringing up a point about transformation. We, Stew Bennett and I interviewed you last year and we've played those clips a number of times, where you sort of were explaining to us that it didn't make sense before RPA to try to drive Six Sigma into business processes; you couldn't get the return. >> Jean: Right. >> Now you can do it very cheaply. And for Six Sigma or better, is what you use for airplane engines, right? >> Right. >> So, now you're bringing up the business process. So, you're a year in, how's it going? What kind of results are you seeing? Is it meeting your expectations? >> It's been wonderful. It has been the best, it's been probably the most fun I've had in the last fifteen years of work. I have enjoyed, partly because I get to work with this great person here, and she's my COE, and helps stand up the whole RPA solution, but you know, we have gone from finance into investment operations, into operations, you know we've got one sitting right now that we're going to be looking at statements that it's going to be fourteen thousand hours out of both time out as well as staff hours saved, and it's going to touch our customer directly, that they're not going to get a bad statement anymore. And so, you know, it has just been an incredible journey for us over the past year, it really has. >> And so okay Amy, your role is, you're the hardcore practitioner here right? >> Amy: That's right. >> You run the COE. Tell us more about your role, and I'm really interested in how you're bringing it out, RPA to the organization. Is that led by your team, or is it kind of this top-down approach? >> Yeah, this last year, we spent a lot of time trying to educate the lower levels and go from a bottom-up perspective. Pretty much, we implemented our infrastructure, we had a nice solid change management process, we built in logical access, we built in good processes around that so that we'd be able to scale easily over this last year, which kind of sets us up for next year, and everything that we want to accomplish then. >> So Elena, we were talking earlier on theCUBE about you know, RPA, in many ways, I called it cleaning up the crime scene, where stuff is kind of really sort of a mass and huge opportunities to improve. So, my question to you is, it seems like RPA is, in some regards, successful because you can drop it into existing processes, you're not changing things, but in a way, this concerns that, oh well, I'm just kind of paving the cow path. So how much process reinvention should have to occur in order to take advantage of RPA? >> I love that you use that phrase, "paving the cow path." As a New Englander, as you know the roads in Boston are in fact paved cow paths, so we know that can lead to some dodgy roads, and that's part of, and I say it because that's part of what the answer is, because the reinvention, and honestly the optimization has to be part of what the answer is. I said it just a little bit earlier in my comments, you're missing an opportunity with RPA and broader automation if you don't take that step to actually look at your processes and figure out if there's just essentially deadwood that you need to get rid of, things that need to be improved. One of the sort of guidelines, because not all processes are created equal, because you don't want to spend the time and effort, and you guys should chime in on this, you don't want to spend the time and effort to optimize a process if it's not critical to your business, if you're not going to get lift from it, or from some ROI. It's a bit of a continuum, so one of the things that I always encourage enterprises to think about, is this idea of, well what's the, obviously, what business problem are you trying to solve? But as you're going through the process optimization, what kind of user experience do you want out of this? And your users, by the way, you tend to think of your user as, it could be your end customer, it could be your employee, it could even be your partner, but trying to figure out what the experience is that you actually want to have, and then you can actually then look at the process and figure out, do we need to do something different? Do we need to do something completely new to actually optimize that? And then again, line it with what you're trying to solve and what kind of lift you want to get from it. But I'd love to, I mean, hopping over to you guys, you live and breathe this, right? And so I think you have a slightly different opinion than me, but-- >> We do live and breathe it, and every process we look at, we take into consideration. But you've also got to, you have a continuum right? If it's a simple process and we can put it up very quickly, we do, but we've also got ones where one process'll come into us, and a perfect example is our rate changes. >> Amy: Rate changes. >> It came in and there was one process at the very end and they ended up, we did a wing to wing of the whole thing, followed the data all the way back through the process, and I think it hit, what, seven or eight-- >> Yeah. >> Different areas-- >> Areas. >> Of the business, and once we got done with that whole wing to wing to see what we could optimize, it turned into what, sixty? >> Amy: Yeah, sixty plus. Yeah. >> Dave: Sixty plus what? >> Bot processes from one entry. >> Yeah. >> And so, right now, we've got 189 to 200 processes in the back log. And so if you take that, and exponentially increase it, we know that there's probably actually 1,000 to 2,000 more processes, at minimum, that we can hit for the company, and we need to look at those. >> Yeah, and I will say, the wing to wing approach is very important because you're following the data as it's moving along. So if you don't do that, if you only focus on a small little piece of it, you don't what's happening to the data before it gets to you and you don't know what's going to happen to it when it leaves you, so you really do have to take that wing to wing approach. >> So, internal controls is in your title, so talking about scale, it's a big theme here at UiPath, and these days, things scale really fast, and boo-boos can happen really fast. So how are you ensuring, you know that the edicts of the organization are met, whether it's security, compliance, governance? Is that part of your role? >> Yeah, we've actually kept internal audit and internal controls, and in fact, our external auditors, EY. We've kept them all at the table when we've gone through processes, when we've built out our change management process, our logical access. When we built our whole process from beginning to end they kind of sat at the table with us and kind of went over everything to make sure that we were hitting all the controls that we needed to do. >> And actually, I'd like to piggyback on that comment, because just that inclusion of the various roles, that's what we found as an emerging best practice, and in all of our research and all of the qualitative conversations that we have with enterprises and service providers, is because if you do things, I mean it applies on multiple levels, because if you do things in a silo, you'll have siloed impact. If you bring the appropriate constituents to the table, you're going to understand their perspective, but it's going to have broader reach. So it helps alleviate the silos but it also supports the point that you just made Amy, about looking at the processes end to end, because you've got the necessary constituents involved so you know the context, and then, I believe, I mean I think you guys shared this with me, that particularly when audit's involved, you're perhaps helping cultivate an understanding of how even their processes can improve as well. >> Right. >> That is true, and from an overall standpoint with controls, I think a lot of people don't realize that a huge benefit is your controls, cause if you're automating your controls, from an internal standpoint, you're not going to have to test as much, just from an associate process owner paying attention to their process to the internal auditors, they're not going to have to test as much either, and then your external auditors, which that's revenue. I mean, that's savings. >> You lower your auditing bill? >> Yeah. Yeah. >> Well we'll see right? >> Yeah. (laughter) >> That's always the hope. >> Don't tell EY. (laughter) So I got to ask you, so you're in a little over a year So I don't know if you golf, but you know a mulligan in golf. If you had a mulligan, a do over, what would you do over? >> The first process we put in place. At least for me, it breaks a lot, and we did it because at the time, we were going through decoupling and trying to just get something up to make sure that what we stood up was going to work and everything, and so we kind of slammed it in, and we pay for that every quarter, and so actually it's on our list to redo. >> Yeah, we automated a bad process. >> Yeah, we automated a bad process. >> That's a really good point. >> So we pay for it in maintenance every quarter, we pay for it, cause it breaks inevitably. >> Yes. >> Okay so what has to happen? You have to reinvent the process, to Elena's? >> Yes, you know, we relied on a process that somebody else had put in place, and in looking at it, it was kind of a up and down and through the hoop and around this way to get what they needed, and you know there's much easier ways to get the data now. And that's what we're doing. In fact, we've built our own, we call it a bot mart. That's where all our data goes, they won't let us touch the other data marts and so forth so they created us a bot mart, and anything that we need data for, they dump in there for us and then that's where our bot can hit, and our bot can hit it at anytime of the day or night when we need the data, and so it's worked out really well for us, and so the bot mart kind of came out of that project of there's got to be a better way. How can we do this better instead of relying on these systems that change and upgrade and then we run the bot and its working one day and the next day, somebody has gone in and tweaked something, and when all's I really need out of that system is data, that's all I need. I don't need, you know, a report. I don't need anything like that, cause the reports change and they get messed up. I just want the raw data, and so that's what we're starting to do. >> How do you ensure that the data is synchronized with your other marts and warehouses, is that a problem? >> Not yet. >> No not yet! (laughter) >> I'm wondering cause I was thinking the exact same question Dave, because on one hand its a nice I think step from a governance standpoint. You have what you need, perhaps IT or whomever your data curators are, they're not going to have a heart attack that you're touching stuff that they don't want you to, but then there is that potential for synchronization issues, cause that whole concept of golden source implies one copy if you will. >> Well, and it is. It's all coming through, we have a central data repository that the data's going to come through, and it's all sitting there, and then it'll move over, and to me, what I most worry about, like I mentioned on the statement once, okay, I get my data in, is it the same data that got used to create those statements? And as we're doing the testing and as we're looking at going live, that's one of our huge test cases. We need to understand what time that data comes in, when will it be into our bot mart, so when can I run those bots? You know, cause they're all going to be unattended on those, so you know, the timing is critical, and so that's why I said not yet. >> Dave: (chuckle) >> But you want to know what, we can build the bot to do that compare of the data for us. >> Haha all right. I love that. >> I saw a stat the other day. I don't know where it was, on Twitter or maybe it was your data, that more money by whatever, 2023 is going to be spent on chat bots than mobile development. >> Jean: I can imagine, yes. >> What are you doing with chat bots? And how are you using them? >> Do you want to answer that one or do you want me to? >> Go ahead. >> Okay so, part of the reason I'm so enthralled by the chat bot or personal assistant or anything, is because the unattended robots that we have, we have problems making sure that people are doing what they're supposed to be doing in prep. We have some in finance, and you know, finance you have a very fine line of what you can automate and what you need the user to still understand what they're doing, right? And so we felt like we had a really good, you know, combination of that, but in some instances, they forget to do things, so things aren't there and we get the phone call the bot broke, right? So part of the thing I'd like to do is I'd like to move that back to an unattended bot, and I'm going to put a chat bot in front of it, and then all's they have to do is type in "run my bot" and it'll come up if they have more than one bot, it'll say "which one do you want to run?" They'll click it and it'll go. Instead of having to go out on their machine, figure out where to go, figure out which button to do, and in the chat I can also send them a little message, "Did you run your other reports? Did you do this?" You know, so, I can use it for the end user, to make that experience for them better. And plus, we've got a lot of IT, we've got a lot of HR stuff that can fold into that, and then RPA all in behind it, kind of the engine on a lot of it. >> I mean you've child proofed the bot. >> Exactly! There you go. There you go. >> Exactly. Exactly. And it also provides a means to be able to answer those commonly asked questions for HR for example. You know, how much vacation time do I have? When can I change my benefits? Examples of those that they answer frequently every day. So that provides another avenue for utilization of the chat bot. >> And if I may, Dave, it supports a concept that I know we were talking about yesterday. At HFS it's our "Triple-A Trifecta", but it's taking the baseline of automation, it intersects with components of AI, and then potentially with analytics. This is starting to touch on some of the opportunities to look at other technologies. You say chat bots. At HFS we don't use the term chat bot, just because we like to focus and emphasize the cognitive capability if you will. But in any case, you guys essentially are saying, well RPA is doing great for what we're using RPA for, but we need a little bit of extension of functionality, so we're layering in the chat bot or cognitive assistant. So it's a nice example of some of that extension of really seeing how it's, I always call it the power of and if you will. Are you going to layer these things in to get what you need out of it? What best solves your business problems? Just a very practical approach I think. >> So Elena, Guy has a session tomorrow on predictions. So we're going to end with some predictions. So our RPA is dead, (chuckle) will it be resuscitated? What's the future of RPA look like? Will it live up to the hype? I mean so many initiatives in our industry haven't. I always criticize enterprise data warehousing and ETL and big data is not living up to the hype. Will RPA? >> It's got a hell of a lot of hype to live up to, I'll tell you that. So, back to some of our causality about why we even said it's dead. As a discrete software category, RPA is clearly not dead at all. But unless it's helping to drive forward with transformation, and even some of the strategies that these fine ladies from Security Benefit are utilizing, which is layering in additional technology. That's part of the path there. But honestly, the biggest challenge that you have to go through to get there and cannot be underestimated, is the change that your organization has to go through. Cause think about it, if we look at the grand big vision of where RPA and broader intelligent automation takes us, the concept of creating a hybrid workforce, right? So what's a hybrid workforce? It's literally our humans complemented by digital workers. So it still sounds like science fiction. To think that any enterprise could try and achieve some version of that and that it would be A, fast or B, not take a lot of change management, is absolutely ludicrous. So it's just a very practical approach to be eyes wide open, recognize that you're solving problems but you have to want to drive change. So to me, and sort of the HFS perspective, continues to be that if RPA is not going to die a terrible death, it needs to really support that vision of transformation. And I mean honestly, we're here at a UiPath event, they had many announcements today that they're doing a couple of things. Supporting core functionality of RPA, literally adding in process discovery and mining capabilities, adding in analytics to help enterprises actually track what your benefit is. >> Jean: Yes. >> These are very practical cases that help RPA live another day. But they're also extending functionality, adding in their whole announcement around AI fabric, adding in some of the cognitive capability to extend the functionality. And so prediction-wise, RPA as we know it three years from now is not going to look like RPA at all. I'm not going to call it AI, but it's going to become a hybrid, and it's honestly going to look a lot like that Triple-A Trifecta I mentioned. >> Well, and UiPath, and I presume other suppliers as well, are expanding their markets. They're reaching, you hear about citizens developers and 100% of the workforce. Obviously you guys are excited and you see a long-run way for RPA. >> Jean: Yeah, we do. >> I'll give you the last word. >> It's been a wonderful journey thus far. After this morning's event where they showed us everything, I saw a sneak peek yesterday during the CAB, and I had a list of things I wanted to talk to her about already when I came out of there. And then she saw more of 'em today, and I've got a pocketful of notes of stuff that we're going to take back and do. I really, truly believe this is the future and we can do so much. Six Sigma has kind of gotten a rebirth. You go in and look at your processes and we can get those to perfect. I mean, that's what's so cool. It is so cool that you can actually tell somebody, I can do something perfect for you. And how many people get to do that? >> It's back to the user experience, right? We can make this wildly functional to meet the need. >> Right, right. And I don't think RPA is the end all solution, I think it's just a great tool to add to your toolkit and utilize moving forward. >> Right. All right we'll have to leave it there. Thanks ladies for coming on, it was a great segment. Really appreciate your time. >> Thanks. >> Thank you. >> Thank you for watching, everybody. This is Dave Vellante with theCUBE. We'll be right back from UiPath Forward III from Las Vegas, right after this short break. (technical music)

>> Live, from Las Vegas, it's theCUBE covering UiPath Forward Americas 2019. Brought to you by UiPath. >> Welcome back to the Bellagio in Las Vegas, everybody. You're watching theCUBE, the leader in live tech coverage. My name is Dave Vellante. Day one of UiPath Forward III, hashtag UiPathForward. Elena Christopher is here. She's the senior vice president at HFS Research, and Elena, I'm going to recruit you to be my co-host here. >> Co-host! >> On this power panel. Jean Youngers here, CUBE alum, VP, a Six Sigma Leader at Security Benefit. Great to see you again. >> Thank you. >> Dave: And Amy Chandler, who is the Assistant Vice President and Director of Internal Controls, also from Security Benefit. >> Hello. >> Dave: Thanks for coming on theCUBE. >> Thank you. >> Alright Elena, let's start off with you. You follow this market, you have for some time, you know HFS is sort of anointed as formulating this market place, right? >> Elena: We like to think of ourselves as the voice-- >> You guys were early on. >> The voice of the automation industry. >> So, what are you seeing? I mean, process automation has been around forever, RPA is a hot recent trend, but what are you seeing the last year or two? What are the big trends and rip currents that you see in the market place? >> I mean, I think one of the big trends that's out there, I mean, RPA's come on to the scene. I like how you phrase it Dave, because you refer to it as, rightly so, automation is not new, and so we sort of say the big question out there is, "Is RPA just flavor of the month?" RPA is definitely not, and I come from a firm, we put out a blog earlier this year called "RPA is dead. Long live automation." And that's because, when we look at RPA, and when we think about what it's impact is in the market place, to us the whole point of automation in any form, regardless of whether it's RPA, whether it be good old old school BPM, whatever it may be, it's mission is to drive transformation, and so the HFS perspective, and what all of our research shows and sort of justifies that the goal is, what everyone is striving towards, is to get to that transformation. And so, the reason we put out that piece, the "RPA is dead. Long live integrated automation platforms" is to make the point that if you're not- 'cause what does RPA allow? It affords an opportunity for change to drive transformation so, if you're not actually looking at your processes within your company and taking this opportunity to say, "What can I change, what processes are just bad, "and we've been doing them, I'm not even sure why, "for so long. What can we transform, "what can we optimize, what can we invent?" If you're not taking that opportunity as an enterprise to truly embrace the change and move towards transformation, that's a missed opportunity. So I always say, RPA, you can kind of couch it as one of many technologies, but what RPA has really done for the market place today, it's given business users and business leaders the realization that they can have a role in their own transformation. And that's one of the reasons why it's actually become very important, but a single tool in it's own right will never be the holistic answer. >> So Jean, Elena's bringing up a point about transformation. We, Stew Bennett and I interviewed you last year and we've played those clips a number of times, where you sort of were explaining to us that it didn't make sense before RPA to try to drive Six Sigma into business processes; you couldn't get the return. >> Jean: Right. >> Now you can do it very cheaply. And for Six Sigma or better, is what you use for airplane engines, right? >> Right. >> So, now you're bringing up the business process. So, you're a year in, how's it going? What kind of results are you seeing? Is it meeting your expectations? >> It's been wonderful. It has been the best, it's been probably the most fun I've had in the last fifteen years of work. I have enjoyed, partly because I get to work with this great person here, and she's my COE, and helps stand up the whole RPA solution, but you know, we have gone from finance into investment operations, into operations, you know we've got one sitting right now that we're going to be looking at statements that it's going to be fourteen thousand hours out of both time out as well as staff hours saved, and it's going to touch our customer directly, that they're not going to get a bad statement anymore. And so, you know, it has just been an incredible journey for us over the past year, it really has. >> And so okay Amy, your role is, you're the hardcore practitioner here right? >> Amy: That's right. >> You run the COE. Tell us more about your role, and I'm really interested in how you're bringing it out, RPA to the organization. Is that led by your team, or is it kind of this top-down approach? >> Yeah, this last year, we spent a lot of time trying to educate the lower levels and go from a bottom-up perspective. Pretty much, we implemented our infrastructure, we had a nice solid change management process, we built in logical access, we built in good processes around that so that we'd be able to scale easily over this last year, which kind of sets us up for next year, and everything that we want to accomplish then. >> So Elena, we were talking earlier on theCUBE about you know, RPA, in many ways, I called it cleaning up the crime scene, where stuff is kind of really sort of a mass and huge opportunities to improve. So, my question to you is, it seems like RPA is, in some regards, successful because you can drop it into existing processes, you're not changing things, but in a way, this concerns that, oh well, I'm just kind of paving the cow path. So how much process reinvention should have to occur in order to take advantage of RPA? >> I love that you use that phrase, "paving the cow path." As a New Englander, as you know the roads in Boston are in fact paved cow paths, so we know that can lead to some dodgy roads, and that's part of, and I say it because that's part of what the answer is, because the reinvention, and honestly the optimization has to be part of what the answer is. I said it just a little bit earlier in my comments, you're missing an opportunity with RPA and broader automation if you don't take that step to actually look at your processes and figure out if there's just essentially deadwood that you need to get rid of, things that need to be improved. One of the sort of guidelines, because not all processes are created equal, because you don't want to spend the time and effort, and you guys should chime in on this, you don't want to spend the time and effort to optimize a process if it's not critical to your business, if you're not going to get lift from it, or from some ROI. It's a bit of a continuum, so one of the things that I always encourage enterprises to think about, is this idea of, well what's the, obviously, what business problem are you trying to solve? But as you're going through the process optimization, what kind of user experience do you want out of this? And your users, by the way, you tend to think of your user as, it could be your end customer, it could be your employee, it could even be your partner, but trying to figure out what the experience is that you actually want to have, and then you can actually then look at the process and figure out, do we need to do something different? Do we need to do something completely new to actually optimize that? And then again, line it with what you're trying to solve and what kind of lift you want to get from it. But I'd love to, I mean, hopping over to you guys, you live and breathe this, right? And so I think you have a slightly different opinion than me, but-- >> We do live and breathe it, and every process we look at, we take into consideration. But you've also got to, you have a continuum right? If it's a simple process and we can put it up very quickly, we do, but we've also got ones where one process'll come into us, and a perfect example is our rate changes. >> Amy: Rate changes. >> It came in and there was one process at the very end and they ended up, we did a wing to wing of the whole thing, followed the data all the way back through the process, and I think it hit, what, seven or eight-- >> Yeah. >> Different areas-- >> Areas. >> Of the business, and once we got done with that whole wing to wing to see what we could optimize, it turned into what, sixty? >> Amy: Yeah, sixty plus. Yeah. >> Dave: Sixty plus what? >> Bot processes from one entry. >> Yeah. >> And so, right now, we've got 189 to 200 processes in the back log. And so if you take that, and exponentially increase it, we know that there's probably actually 1,000 to 2,000 more processes, at minimum, that we can hit for the company, and we need to look at those. >> Yeah, and I will say, the wing to wing approach is very important because you're following the data as it's moving along. So if you don't do that, if you only focus on a small little piece of it, you don't what's happening to the data before it gets to you and you don't know what's going to happen to it when it leaves you, so you really do have to take that wing to wing approach. >> So, internal controls is in your title, so talking about scale, it's a big theme here at UiPath, and these days, things scale really fast, and boo-boos can happen really fast. So how are you ensuring, you know that the edicts of the organization are met, whether it's security, compliance, governance? Is that part of your role? >> Yeah, we've actually kept internal audit and internal controls, and in fact, our external auditors, EY. We've kept them all at the table when we've gone through processes, when we've built out our change management process, our logical access. When we built our whole process from beginning to end they kind of sat at the table with us and kind of went over everything to make sure that we were hitting all the controls that we needed to do. >> And actually, I'd like to piggyback on that comment, because just that inclusion of the various roles, that's what we found as an emerging best practice, and in all of our research and all of the qualitative conversations that we have with enterprises and service providers, is because if you do things, I mean it applies on multiple levels, because if you do things in a silo, you'll have siloed impact. If you bring the appropriate constituents to the table, you're going to understand their perspective, but it's going to have broader reach. So it helps alleviate the silos but it also supports the point that you just made Amy, about looking at the processes end to end, because you've got the necessary constituents involved so you know the context, and then, I believe, I mean I think you guys shared this with me, that particularly when audit's involved, you're perhaps helping cultivate an understanding of how even their processes can improve as well. >> Right. >> That is true, and from an overall standpoint with controls, I think a lot of people don't realize that a huge benefit is your controls, cause if you're automating your controls, from an internal standpoint, you're not going to have to test as much, just from an associate process owner paying attention to their process to the internal auditors, they're not going to have to test as much either, and then your external auditors, which that's revenue. I mean, that's savings. >> You lower your auditing bill? >> Yeah. Yeah. >> Well we'll see right? >> Yeah. (laughter) >> That's always the hope. >> Don't tell EY. (laughter) So I got to ask you, so you're in a little over a year So I don't know if you golf, but you know a mulligan in golf. If you had a mulligan, a do over, what would you do over? >> The first process we put in place. At least for me, it breaks a lot, and we did it because at the time, we were going through decoupling and trying to just get something up to make sure that what we stood up was going to work and everything, and so we kind of slammed it in, and we pay for that every quarter, and so actually it's on our list to redo. >> Yeah, we automated a bad process. >> Yeah, we automated a bad process. >> That's a really good point. >> So we pay for it in maintenance every quarter, we pay for it, cause it breaks inevitably. >> Yes. >> Okay so what has to happen? You have to reinvent the process, to Elena's? >> Yes, you know, we relied on a process that somebody else had put in place, and in looking at it, it was kind of a up and down and through the hoop and around this way to get what they needed, and you know there's much easier ways to get the data now. And that's what we're doing. In fact, we've built our own, we call it a bot mart. That's where all our data goes, they won't let us touch the other data marts and so forth so they created us a bot mart, and anything that we need data for, they dump in there for us and then that's where our bot can hit, and our bot can hit it at anytime of the day or night when we need the data, and so it's worked out really well for us, and so the bot mart kind of came out of that project of there's got to be a better way. How can we do this better instead of relying on these systems that change and upgrade and then we run the bot and its working one day and the next day, somebody has gone in and tweaked something, and when all's I really need out of that system is data, that's all I need. I don't need, you know, a report. I don't need anything like that, cause the reports change and they get messed up. I just want the raw data, and so that's what we're starting to do. >> How do you ensure that the data is synchronized with your other marts and warehouses, is that a problem? >> Not yet. >> No not yet! (laughter) >> I'm wondering cause I was thinking the exact same question Dave, because on one hand its a nice I think step from a governance standpoint. You have what you need, perhaps IT or whomever your data curators are, they're not going to have a heart attack that you're touching stuff that they don't want you to, but then there is that potential for synchronization issues, cause that whole concept of golden source implies one copy if you will. >> Well, and it is. It's all coming through, we have a central data repository that the data's going to come through, and it's all sitting there, and then it'll move over, and to me, what I most worry about, like I mentioned on the statement once, okay, I get my data in, is it the same data that got used to create those statements? And as we're doing the testing and as we're looking at going live, that's one of our huge test cases. We need to understand what time that data comes in, when will it be into our bot mart, so when can I run those bots? You know, cause they're all going to be unattended on those, so you know, the timing is critical, and so that's why I said not yet. >> Dave: (chuckle) >> But you want to know what, we can build the bot to do that compare of the data for us. >> Haha all right. I love that. >> I saw a stat the other day. I don't know where it was, on Twitter or maybe it was your data, that more money by whatever, 2023 is going to be spent on chat bots than mobile development. >> Jean: I can imagine, yes. >> What are you doing with chat bots? And how are you using them? >> Do you want to answer that one or do you want me to? >> Go ahead. >> Okay so, part of the reason I'm so enthralled by the chat bot or personal assistant or anything, is because the unattended robots that we have, we have problems making sure that people are doing what they're supposed to be doing in prep. We have some in finance, and you know, finance you have a very fine line of what you can automate and what you need the user to still understand what they're doing, right? And so we felt like we had a really good, you know, combination of that, but in some instances, they forget to do things, so things aren't there and we get the phone call the bot broke, right? So part of the thing I'd like to do is I'd like to move that back to an unattended bot, and I'm going to put a chat bot in front of it, and then all's they have to do is type in "run my bot" and it'll come up if they have more than one bot, it'll say "which one do you want to run?" They'll click it and it'll go. Instead of having to go out on their machine, figure out where to go, figure out which button to do, and in the chat I can also send them a little message, "Did you run your other reports? Did you do this?" You know, so, I can use it for the end user, to make that experience for them better. And plus, we've got a lot of IT, we've got a lot of HR stuff that can fold into that, and then RPA all in behind it, kind of the engine on a lot of it. >> I mean you've child proofed the bot. >> Exactly! There you go. There you go. >> Exactly. Exactly. And it also provides a means to be able to answer those commonly asked questions for HR for example. You know, how much vacation time do I have? When can I change my benefits? Examples of those that they answer frequently every day. So that provides another avenue for utilization of the chat bot. >> And if I may, Dave, it supports a concept that I know we were talking about yesterday. At HFS it's our "Triple-A Trifecta", but it's taking the baseline of automation, it intersects with components of AI, and then potentially with analytics. This is starting to touch on some of the opportunities to look at other technologies. You say chat bots. At HFS we don't use the term chat bot, just because we like to focus and emphasize the cognitive capability if you will. But in any case, you guys essentially are saying, well RPA is doing great for what we're using RPA for, but we need a little bit of extension of functionality, so we're layering in the chat bot or cognitive assistant. So it's a nice example of some of that extension of really seeing how it's, I always call it the power of and if you will. Are you going to layer these things in to get what you need out of it? What best solves your business problems? Just a very practical approach I think. >> So Elena, Guy has a session tomorrow on predictions. So we're going to end with some predictions. So our RPA is dead, (chuckle) will it be resuscitated? What's the future of RPA look like? Will it live up to the hype? I mean so many initiatives in our industry haven't. I always criticize enterprise data warehousing and ETL and big data is not living up to the hype. Will RPA? >> It's got a hell of a lot of hype to live up to, I'll tell you that. So, back to some of our causality about why we even said it's dead. As a discrete software category, RPA is clearly not dead at all. But unless it's helping to drive forward with transformation, and even some of the strategies that these fine ladies from Security Benefit are utilizing, which is layering in additional technology. That's part of the path there. But honestly, the biggest challenge that you have to go through to get there and cannot be underestimated, is the change that your organization has to go through. Cause think about it, if we look at the grand big vision of where RPA and broader intelligent automation takes us, the concept of creating a hybrid workforce, right? So what's a hybrid workforce? It's literally our humans complemented by digital workers. So it still sounds like science fiction. To think that any enterprise could try and achieve some version of that and that it would be A, fast or B, not take a lot of change management, is absolutely ludicrous. So it's just a very practical approach to be eyes wide open, recognize that you're solving problems but you have to want to drive change. So to me, and sort of the HFS perspective, continues to be that if RPA is not going to die a terrible death, it needs to really support that vision of transformation. And I mean honestly, we're here at a UiPath event, they had many announcements today that they're doing a couple of things. Supporting core functionality of RPA, literally adding in process discovery and mining capabilities, adding in analytics to help enterprises actually track what your benefit is. >> Jean: Yes. >> These are very practical cases that help RPA live another day. But they're also extending functionality, adding in their whole announcement around AI fabric, adding in some of the cognitive capability to extend the functionality. And so prediction-wise, RPA as we know it three years from now is not going to look like RPA at all. I'm not going to call it AI, but it's going to become a hybrid, and it's honestly going to look a lot like that Triple-A Trifecta I mentioned. >> Well, and UiPath, and I presume other suppliers as well, are expanding their markets. They're reaching, you hear about citizens developers and 100% of the workforce. Obviously you guys are excited and you see a long-run way for RPA. >> Jean: Yeah, we do. >> I'll give you the last word. >> It's been a wonderful journey thus far. After this morning's event where they showed us everything, I saw a sneak peek yesterday during the CAB, and I had a list of things I wanted to talk to her about already when I came out of there. And then she saw more of 'em today, and I've got a pocketful of notes of stuff that we're going to take back and do. I really, truly believe this is the future and we can do so much. Six Sigma has kind of gotten a rebirth. You go in and look at your processes and we can get those to perfect. I mean, that's what's so cool. It is so cool that you can actually tell somebody, I can do something perfect for you. And how many people get to do that? >> It's back to the user experience, right? We can make this wildly functional to meet the need. >> Right, right. And I don't think RPA is the end all solution, I think it's just a great tool to add to your toolkit and utilize moving forward. >> Right. All right we'll have to leave it there. Thanks ladies for coming on, it was a great segment. Really appreciate your time. >> Thanks. >> Thank you. >> Thank you for watching, everybody. This is Dave Vellante with theCUBE. We'll be right back from UiPath Forward III from Las Vegas, right after this short break. (technical music)

>>from Miami Beach, Florida It's the key. You covering a Cronus Global Cyber Summit 2019. Brought to you by a Cronus. >>Hello, everyone. Welcome to the Cube coverage here in Miami Beach Front and Blue Hotel with Cronus Global Cyber Summit 2019 2 days of coverage. Where here, Getting all the action. What's going on in cyber tools and platforms are developing a new model of cybersecurity. Cronus Leader, Fast growing, rapidly growing back in here in the United States and globally. We're here. William Toll, head of product marketing Cronus. Thanks for coming. I appreciate it. >>Thanks, John. I'm excited. You're >>here so way were briefed on kind of the news. But you guys had more news here. First great key notes on then special guest Shark tank on as well. That's a great, great event. But you had some news slip by me. You guys were holding it back. >>So we've opened our A p I, and that's enabling a whole ecosystem to build on top of our cyber protection solutions. >>You guys have a platform infrastructure platform and sweet asserts from backup all the way through protection. All that good stuff as well. Partners. That's not a channel action platforms are the MoD has been rapidly growing. That's 19 plus years. >>And now, with the opening of our AP, eyes were opening the possibility for even Maur innovation from third parties from Eyes V's from managed service providers from developers that want to build on our platform and deliver their solutions to our ecosystem. >>You guys were very technical company and very impressed with people. Actually, cyber, you gotta have the chops, you can't fake it. Cyber. You guys do a great job, have a track record, get the P I. C B Also sdk variety, different layers. So the FBI is gonna bring out more goodness for developers. You guys, I heard a rumor. Is it true that you guys were launching a developer network? >>That's right. So the Cronus developer network actually launches today here in the show, and we're inviting developed officials. That's official. Okay. And they can go to developers that Cronus dot com and when they go in there, they will find a whole platform where they can gain access to forums, documentation and logs, and all of our software development kids as well as a sandbox, so developers can get access to the platform. Start developing within minutes. >>So what's the attraction for Iess fees and developers? I mean, you guys are here again. Technical. What is your pitch developers? Why would they be attracted to your AP eyes? And developer Resource is >>sure it's simple. Our ecosystem way have over 50,000 I t channel partners and they're active in small businesses. Over 500,000 business customers and five million and customers all benefit from solutions that they bring to our cyber cloud solutions >>portal. What type of solutions are available in the platform today? >>So their solutions that integrate P s a tools professional service is automation are mm tools tools for managing cloud tools for managing SAS applications. For example, one of our partners manages office 3 65 accounts. And if you put yourselves in the shoes of a system administrator who's managing multiple SAS applications now, they can all be managed in the Cronus platform. Leverage our user experience. You I s t k and have a seamless experience for that administrator to manage everything to have the same group policies across all of this >>depression. That success with these channel a channel on Channel General, but I s freeze and managed service ROMs. Peace. What's the dynamic between Iess, freeze and peace? You unpack that? >>Sure. So a lot of m s peace depend on certain solutions. One of our partners is Connectwise Connectwise here they're exhibiting one sponsors at at this show and their leader in providing managed to lose management solutions for M s. He's to manage all of their customers, right? And then all the end points. >>So if I participate in the developer network, is that where I get my the FBI's someone get the access to these AP eyes? >>So you visits developer data cronies dot com. You come in, you gain access to all the AP eyes. Documentation way Have libraries that'll be supporting six languages, including C sharp Python, java. Come in, gain access to those documentation and start building. There's a sandbox where they could test their code. There's SD K's. There's examples that are pre built and documentation and guides on how to use those s >>So customer the end. You're in customers or your channel customers customer. Do they get the benefits of the highest stuff in there? So in other words, that was the developer network have a marketplace where speed push their their solutions in there. >>Also launching. Today we have the Cronus Cyber Cloud Solutions portal and inside there there's already 30 integrations that we worked over the years to build using that same set of AP eyes and SD case. >>Okay, so just get this hard news straight. Opening up the AP eyes. That's right. Cronus Developer Network launched today and Cloud Solutions Portal. >>That's right, Cyber Cloud Solutions Portal Inside there there's documentation on all the different solutions that are available today. >>What's been the feedback so far? Those >>It's been great. You know, if we think about all the solutions that we've already integrated, we have hundreds of manage service providers using just one solution that we've already integrated. >>William, we're talking before we came on camera about the old days in this business for a long time just a cube. We've been documenting the i t transformation with clouds in 10 years. I've been in this in 30 years. Ways have come and gone and we talked to see cells all the time now and number one constant pattern that emerges is they don't want another tour. They want a solid date looking for Jules. Don't get me wrong, the exact work fit. But they're looking for a cohesive platform, one that's horizontally scaled that enables them to either take advantage of a suite of service. Is boy a few? That's right. This is a trend. Do you agree with that? What you're saying? I totally agree >>with that, right? It makes it much easier to deal with provisioning, user management and billing, right? Think about a man of service provider and all of their customers. They need that one tool makes their lives so much easier. >>And, of course, on event would not be the same. We didn't have some sort of machine learning involved. How much his machine learning been focused for you guys and what's been some of the the innovations that come from from the machine. I mean, you guys have done >>artificial intelligence is critical today, right? It's, uh, how we're able to offer some really top rated ransomware protection anti malware protection. We could not do that without artificial intelligence. >>Final question for you. What's the top story shows week If you have to kind of boil it down high order bit for the folks that couldn't make it. Watching the show. What's the top story they should pay attention to? >>Top story is that Cronus is leading the effort in cyber protection. And it's a revolution, right? We're taking data protection with cyber security to create cyber protection. Bring that all together. Really? Democratize is a lot of enterprise. I t. And makes it accessible to a wider market. >>You know, we've always said on the Q. Go back and look at the tapes. It's a date. A problem that's right. Needed protection. Cyber protection. Working him, >>Cronus. Everything we do is about data. We protect data from loss. We protect data from theft and we protect data from manipulation. It's so critical >>how many customers you guys have you? I saw some stats out there. Founded in 2003 in Singapore. Second headquarters Whistle in 2000 a global company, 1400 employees of 32 offices. Nice nice origination story. They're not a Johnny come lately has been around for a while. What's the number? >>So five million? Any customers? 500,000 business customers. 50,000 channel partners. >>Congratulations. Thanks. Thanks for having us here in Miami Beach. Thanks. Not a bad venue. As I said on Twitter just a minute ago place. Thanks for Thanks. All right, John. Just a cube coverage here. Miami Beach at the front in Blue Hotel for the Cyber Global Cyber Security Summit here with Cronus on John Kerry back with more coverage after this short break.

>> live from San Francisco, celebrating 10 years of high tech coverage. It's the Cube covering Veum, World 2019 brought to you by IBM Wear and its ecosystem partners. >> And welcome back here, San Francisco Moscow Centre, North John Walls along with John Troyer. We're live here on the Cuban Veum World 2019 and right now we're joined by Christmas. Reynolds, who's a product in court product management and Clyde on data service, is for Centurylink. It's good to see you, sir. Good to be here. Thank you. And And he's gonna tell us today why Milliseconds matter, right? You are. >> That is the goal. Your >> your subject of ah, coming presentation. Just about 45 minutes or so. But we'll get to that a little bit. First off, let's just paint the picture of centurylink your presence here quite obvious. But you know what your portfolio includes? There what you're up to, and maybe starting to hint a little bit about why milliseconds matter to you. >> Makes it so. Where a technology company, global in nature. A lot of our roots started with fiber connectivity. Basic networking service is I. P Service is. But over the years we've become far more of a nightie service company. So there was an acquisition of Savvas a long time ago that brought a lot of those capabilities to our company. And we've made more fold in acquisitions that have also bolster those capabilities. We have invested heavily in Security Service's recently and about two weeks ago we had an announcement that said, We're investing heavily an edge compute getting workloads closer to end users. And that's really where milliseconds matters. You want the performance of those applications to consumers or machinery or whatever it may be toe work effectively and work well. And sometimes that requires that those workloads air in close proximity to the end users. >> Would you bring up ej compute? We were just having this discussion before we started, John asked of you. Okay, What? How do you define the because of there A lot of different slices of that, right? Different interpretations, different definitions. So with that being said, how do you define and or at least in your mind, how do you separate edge or what's true edge? Yeah, >> good questions. I think he was John question, not mine. I chuckled time, so because there is no perfect answer. Uh, the broadest definition I've seen is that you have core, and you can think eight of us Azure. You can think where the big core cloud nodes are that are pretty central, maybe 50 milliseconds away from the end users. There's two intermediate edges, if you will, and this is where there are varying opinions. To me, there's really only one if you're within five milliseconds of where your end users are, I consider that to be a market edge. Some people say there's a closer edge that's in within a millisecond of the end users, but I just I personally have not seen the use cases come out yet that require that low of a late unsee that don't actually reside where the end users are so >> going. Well, that's, um, so that's, um, modules at a at a warehouse or ah, manufacturing facility. Is that what? Is that what you consider like an edge? Uh, media marketed? >> Yeah, in >> theirs. It's interesting if you have 10 manufacturing plants in a geographic area, or maybe a better example is if you're a logistics company and you have sorting and distribution centers, you have multiple of those in an area that can all use the same compute as long as it's within five milliseconds, you can do the sorting lines and keep the machinery working. You can get routed into the rate vehicles for distribution. That's a good market edge. When you get all the way to that, the deep edge or on premise they think of an autonomous vehicle is a good example. There are certain things you're not gonna want to transmit and make driving decisions that don't reside on that vehicle. You don't want to crash into anyone. You need almost instantaneous decisions. And that would be the edge that intermediate one millisecond that sits between the two of those. I think it pushes one direction or the other. >> So Chris, here in the emerald 2019 obviously a lot of talking about cloud, but very specifics. This year. We have a lot of specifics around what Veum, where is doing Hybrid Cloud Israel and of course, hybrid cloud implies the network. And so one of the latest announcement from Centurylink is that you're providing via more cloud on AWS you're managing. You are able to help manage provide that as a managed service. I know you already do. Manage service is where you managing stuff in your data centers. But you could, I guess you can also manage workloads on prim and talk a little bit about that portfolio and how adding Veum VMC on AWS few more cloud nebulas adds to that. And then maybe we'll slide into the networking peace and how important that is. >> So we have AH, tool called Cloud Application Manager that has been built over the past handful of years that allows customers to deploy workloads to AWS toe azure and now to be emcee on AWS as well as private cloud environment. So maybe customers want to host those workloads on premise. Maybe it's regulatory compliance or whatever the reason may be. So we have a lot of experience of helping customers deploy those workloads, and then a lot of customers come to us and want to manage. I want us to manage the life cycle of those workloads, those air, the core capabilities. I think the reason that VMC on AWS is so compelling to customers is a lot of customers may not want to deal with the hardware refresh cycles that they do when it's their own private cloud environment or their own hardware stack. This gives them the opportunity to migrate those workloads and a relatively seamless fashion into an environment that is sitting in Maur of, ah, public cloud type model where it's it's Op X versus the Catholics in the headache. >> Go ahead. John was good, just in terms of so and so. Part of why you would work with Centurylink is you are experienced manage service provider. But also you have ah lot of the networking set up to do that efficiently, right? So maybe you talk about some of the workload is that you see going up there and some of the tools and, uh, performance folks can expect, >> Yeah, that's near the core part of my products that so near and dear to me for sure. We've developed a lot of capabilities over the last year and 1/2 around dynamic networking. So if you have your existing VM wear environment in your own data center, or maybe it's a private cloud that's managed by century link, we now have the ability for customers to go in and create net new connections, private network connections that have better Leighton see have better through putting performance between those environments and AWS or, in this case, VMC on AWS. And it allows customers to do a couple of things if they have their own environment and they're happy with it today. But it's not scaling, and they need to add more capacity. They could do that in the hybrid fashion in VMC on eight of us. If they're done with their existing environment hardware stack and they just want a forklift and move that into VMC on eight of us, they can create a big, large connection, push a ton of data over a few weeks, shut it down, and our building models and hourly billing models such that we're only charging them for as long as it's necessary. This gives them flexibility to manage where their workloads air sitting between those two locations as they see fit over time. >> So you're talking about all these new flexibilities new capabilities, much more agile systems being, I guess, interconnected with each other, right? But whether it's hybrid or whether it's multi cloud, whatever the case is, >> how you how to get >> everybody or everything that talk to each other in a way that works and provides, You know, the addresses, the Leighton see challenge, because to me, I'm again outside looking in. That's Ah, that's a big hurdle. As new capabilities get developed, new possibilities exists, but we gotta make it fast way, and we have to make sure they're they're speaking the same language. >> Yeah, it's a great question, and it is very challenging, and it is not all automated today as much as we would like. We have great integration to deploy workloads between environments. We've spent a ton of time from a networking standpoint of integrating with different cloud providers, and they each have their loan little nuances and to make it common between all of them takes a lot of time and effort. Where a lot of our focus is going in the next 12 months is how do you take those application, migration and management capabilities we have in one tool set? How do you marry that? With all of the dynamic networking capabilities and standardization across the cloud providers, we've done so the now it's not only are you moving network workloads, you're also creating the right underlying network to support those workloads in that multi cloud fashion well to capabilities we have. We just need to marry him up a little more clearly. >> I mean, what are you saying out there in the market with your customers? Multi Cloud Bright is perhaps another overused word like EJ. Are you seeing multi cloud portfolios? Are you seeing applications? Talk, actually use have data in one place, and and the and the computer and another. And obviously network becomes increasingly important if that's a reality today. But is that is that real, or is that still science fiction? >> It's becoming more riel so that there are a lot of customers. My pain, A lot of enterprises really bet big on one cloud provider because you have to build up the competency of capabilities inside your own shop and you become really good with working in Azure. Eight of us or Google or of'em were on the hunt. BP BMC Oh, the companies that are doing true multi cloud and using multiple cloud providers. Well, our companies that probably reside around here, so I won't say any of these specifically or doing this mutt. Companies like uber companies like Spotify companies that are born in the cloud that started with those core competencies will take the best of multiple cloud providers. So maybe the Big Data Analytics sitting in Google is most intriguing to them. But they love the tale of the storage cost. Price points on eight of us, and they love this. Ask spit in azure. They'll piece together components since they built it in a containerized fashion. And they take the best of what each cloud has to offer and into your point. The cloud providers air coming to centurylink and saying We need a better way to stitch together all of these different cloud environments because people, the cutting edge developers are pushing us in that direction. Now >> what about the the application network relationship? Um, changing is, you know, you see a shift there of some kind of as, uh, we're talking about, obviously a lot of new opportunities, a lot of developments, and so does that alter the dynamics of that relationship in any way >> It does, and it's the same conversations I just mentioned. Actually, that's driving it. I think today it is network engineers and network infrastructure. People reacting to applications not performing well are reacting to a software developers requested toe add this Google region or that VM wear on on AWS region over time. What's gonna happen, I believe, is their service mesh orchestration capabilities like SDO is a good example is the one Google is pushing hard and it would it allows people to do is from a rules driven perspective. I want my application to have these Leighton see requirements and you can't find me a network solution that is any worse than that. Or if you're seeing packet loss greater than 80% I want you to add more capacity to the network. It won't be humans the network engineers doing that. It's going to be application saying here are my criteria for me to work well, networks Let me see all the options I have out there now. I'm gonna go pick the best one and change it if I need you to make make myself work the way I need to. As an application. >> I love that that I've never connected Is Theo down as as an at, sir, as an APP service layer down to the network. Thank you. I just have a new I got a new thought. Eureka another reason >> why milliseconds matter. That's right. Hey, Chris. Thanks for the time. We appreciate that. I know this is a very busy time for you on. You do have a speaking engagements. We're gonna cut you loose for that. But thanks for spending time with us. And good luck. It centurylink appreciate it. Enjoyed it. Looking forward, Thio. More success. Back with more for Vimal. World 2019 after this short break right here on the Q.

>> live from Boston, Massachusetts. It's the Cube covering A W s reinforce 2019 brought to you by Amazon Web service is and its ecosystem partners. >> Okay, welcome back. Everyone keeps live coverage here in Boston. Messages of AWS reinforce That's Amazon. Webster's his first inaugural commerce around cloud security on John Kerry with David Lantz. One of the top stories here, the announced being announced here reinforced is the VPC traffic nearing and we wanted to bring in alumni and friend Mike Banner was the VP of marketing at a Vectra who specializes in networking. Welcome to the Q. We go way back. HP networking got a hot start up here so wanted to really bring you in to help unpack this VPC traffic mirroring product is probably medias announcement of everything on stage. That other stuff was general availability of security have which is great great product, Absolutely. And guard guard duty. Well, all this other stuff have it. But the VPC traffic nearing is a killer feature for a lot of reasons, absolutely. But it brings some challenges and some opportunities that might be downstream. I don't get the thoughts on what is your take on the BBC traffic nearing >> a tte. The highest level brings a lot of value because it allows you get visibility and something that's really opaque, which is the traffic within the cloud. And in the past, the way people were solving this was they had to put an agent on the workload, and nobody wants that one. It's hard to manage. You don't want dozens to hundreds or thousands of agents, and also it's going to slow things down. On third, it could be subverted. You get the advanced attacker in there. He knows how to get below that level and operated on in a way where he can hide his communication and and his behavior isn't seen. With traffic nearing that, we're getting a copy of the packet from below. The hyper visor cannot be subverted, and so we're seeing everything, and we're also not slowing down the traffic in the virtual private cloud. So it allows us to extract just the right data for a security application, which is our case, metadata and enrich it with information that's necessary for detecting threats and also of performing an investigation. >> Yeah, it was definitely the announcement that everybody has been talking about has the buzz. So from a from a partner perspective, how do you guys tie into that? What do you do? Was the value that you bring to the customer, >> So the value that we're bringing really stems from what you can do with our platform. There's two things everybody is looking to do with him at the highest level, which is detect threats and respond to threats. On the detection side, we could take the metadata that we've extracted and we've enriched. We're running through machine learning algorithms, and from there we not only get a detection, but we can correlated to the workers we're seeing it on. And so we could present much more of an incident report rather than just a security alert, saying, Hey, something bad happened over there. It's not just something bad happened, but these four bad things happen and they happen in this time sequence over this period of time, and it involved these other work looks. We can give you a sense of what the attack campaign looks like. So you get a sense of like with cancer, such as you have bad cells in your liver, but they've metastasized to these other places. Way also will keep that metadata in something we call cognito recall, which is in AWS. And it has pre built analytics and save searches so that once you get that early warning signal from cognito detect, you know exactly where to start looking for. You can peel back all the unrelated metadata, and you can look specifically at what's happened during the time of that incident. In order, perform your threat investigation and respond rapidly to that threat. >> So you guys do have a lot of machine intelligence. OK, ay, ay chops. How close are we to be able to use that guy to really identify? Detect, but begin to automate responses? We there yet eyes. It's something that people want don't want. >> We're getting close to being there. It's answer your first question, and people are sure that they want it yet. And here's some of the rationale behind it. You know, like we generally say that Aria is pretty smart, but security operations people are still the brains of the operation. There's so much human intelligence, so much contextual knowledge that a security operations person can apply to the threats that we detect. They can look at something and say, Oh, yeah, I see the user account. The service is being turned on from, you know, this particular workload. I know exactly what's happening with that. They add so much value. So we look at what we're doing is augmenting the security operations team. We're reducing their workload by taking all the mundane work and automating that and putting the right details at their fingertips so they could take action. Now there's some things that are highly repeatable that they do like to use playbooks for So we partner with companies like Phantom, which got bought by spunk, and to Mr which Palazzo Networks acquired. They've built some really good playbooks for some of those well defying situations. And there was a couple presentations on the floor that talked about those use >> cases. Fan of fan was pretty good. Solid product was built in the security hub. Suit helps nice product, but I'll get back to the VPC traffic, not smearing. It makes so much sense. It's about time. Yes, Finally they got it done. This make any sense? It wasn't done before, but I gotta ask first with the analytics, you and you said on the Q. Before network doesn't lie, >> the network is no line >> they were doesn't lie with subversion pieces of key piece. It's better be the lowest level possible. That's a great spot for the data. So totally agree. Where do you guys create Valley? Because now that everyone's got available BBC traffic mirroring How do you guys take advantage of that? What's next for you guys is that Where's the differentiation come from? Where's the value go next? >> Yeah, there's really three things that I tend to focus on. One is we enrich the metadata that we're extracting with a lot of important data that makes it. It really accelerates the threat investigation. So things like directionality, things like building a notion of what's the identity of the workload or when you're running us on prem. The device, because I P addresses changed. There's dynamic things in there, so having a sense of of consistency over a period of time is extremely valuable for performing a threat investigation so that information gets put in tow. Recall for the metadata store. If people have a data leak that they wanna have ascended to, whether it's elastic or spawn, Kafka then that is included in what we send to them and Zeke formatting use. Others eat tooling so they're not wasting any money there. And in the second piece is around the way that we build analytics. There's always, ah, a pairing of somebody from security research with the data scientist. This is the security researcher explains the tools, the tactics, the techniques of the attacker. So that way, the data scientist isn't being completely random about what features do they want to find in the network traffic. They're being really specific to what features are gonna actually pair to that tool, tactic and technique. So that way, the efficacy of the algorithm is better. We've been doing this for five plus years, and history speaks for something because some of the learning we've had is all right. In the beginning, there were maybe a couple different supervised techniques to apply. Well, now we're applying those supervised techniques with some deep learning techniques. So that way, the performance of the algorithm is actually 90% more effective than it was five years ago. >> Appreciating with software. Get the data extract the data, which the metadata, Yes, you're doing. Anyway. Now, It's more efficient, correct, low speed, No, no problems with informants in the agents you mentioned earlier. Now it's better data impact the customers. What's the What's the revelation here For the end of the day, your customer and Amazons customers through you? What do they get out of it? What's the benefit to them? >> So it's all about reducing the time to detect in the time to respond. Way had one of our fortune to 50 customers present last week at the Gardener Security Summit. Still on stage. Gentlemen from Parker Hannifin talked about how they had an incident that they got an urgent alert from from Cognito. It told him about an attack campaign. He was immediately alerted the 45 different machines that were sending data to the cloud. He automatically knew about what were the patterns of data, the volume of data. They immediately know exactly what the service is that were being used with in the cloud. They were able to respond to this and get it all under control. Listen 24 hours, but it's because they had the right data at their fingertips to make rapid decisions before there was any risk. You know what they ended up finding was it was actually a new application, but somebody had actually not followed the procedures of the organization that keeps them compliant with so many of their end users. In the end, it's saved tremendous time and money, and if that was a real breach, it would have actually prevented them from losing proprietary information. >> Well, historically, it would take 250 days to even find out that there was a breach, right? And then by then who knows what What's been exfiltrate ID? >> Yeah, we had a couple. We had a couple of firms that run Red team exercises for a living come by and they said, I said to them, Do you know who we are? And they said, Of course we know where you are. There's one tool out there, then finds us. It's victory. That's >> a That's a kind of historical on Prem. So what do you do for on Pramuk? This is all running any ws. Is it cloud only? >> It's actually both, so we know that there's a lot of companies that come here that have never owned a server, and everything's been in AWS from day one and for I t. Exactly. And for them waken run everything. We have the sensor attached to the VPC traffic nearing in AWS. We could have the brain of the cognitive platform in eight of us, you know. So for them they don't need anything on prime. There's a lot of people that are in the lift and shift mode. It can be on Prem and in eight of us, eh? So they can choose where they want the brain. And they could have sensors in both places. And we have people that are coming to this event that their hybrid cloud, they've got I t infrastructure in Azure. But they have production in eight of us and they have stuff that's on Prem. And we could meet that need to because we work with the V Top from Azure and so that we're not religious about that. It's all about giving the right data right place, reducing the time to detective respond, >> Mike, Thanks for coming and sharing the insights on the VP. Your perspective on the vpc traffic mirror appreciated. Give a quick plug for the company. What you guys working on? What's the key focus? You hiring. Just got some big funding news. Take a minute to get the plug in for electric. >> Yeah, So we've gone through several years of consecutive more than doubling in. Not in a recurring revenue. I've been really fortunate to have to be earning a lot of customer business from the largest enterprises in the world. Recently had funding $100,000,000 led by T C V out of Menlo Park. Total capitalization is over to 22 right now on the path to continue that doubling. But, you know, we've been really focusing on moving where the you know already being where the puck is going to by working with Amazon. Advance on the traffic nearing. And, you know, we know that today people are using containers in the V M environment. We know that you know where they want to go. Is more serverless on, you know, leveraging containers more. You know, we're already going in that direction. So >> great to see congratulates we've known each other for many, many years is our 10th anniversary of the Q. You were on year one. Great to know you. And congratulations. Successive victor and great announcement. Amazon gives you a tailwind. >> Thanks a lot. It's great to see your growth as well. Congratulations. >> Thanks, Mike. Mike Banning unpacking the relevance of the VPC traffic mirroring feature. >> This is kind >> of conversation we're having here. Deep conversation around stuff that matters around security and cloud security. Of course, the cubes bring any coverage from the inaugural event it reinforced for me. Ws will be right back after this short break.

>> from our studios in the heart of Silicon Valley. HOLLOWAY ALTO, California It is a cube conversation. >> Hi, and welcome to the Cube studios for another cube conversation where we go in depth with thought leaders driving innovation across the tech industry. I'm your host today, Peter Boris. One of the biggest challenges that every enterprise faces is how best to focus attention on the most important assets that are driving or facilitating that drive the digital business and digital business transformation. There's been a lot of emphasis over the last 50 years in tech on the hardware assets, but increasingly we need to look at the elements of it that are actually creating net new value within a business now, maybe the people, the services and the data that make digital business possible. And that requires that we rethink our approach is to how we actually manage, conceive of and monitor those key assets and is likely to lead to some very interesting unification Tze over the next few years, especially in SEC ups and neck cops now and have that conversation got a great guest today. Sanjay Moon. She is the vice president, product management, that net scout Technologies. Sanjay, welcome to the >> Cube. Thank you, Peter. Thank you. >> So, Sanjay, I said a lot upfront. But before we get into that, tell us a little bit about Net Scout. >> Thank you, Peter, for the introduction. Net Scout is a smart data company. Net Scout has three decades of leadership and innovation in troubleshooting monitoring and securing it based networks. We are deployed in 90% off the Fortune 500 companies and 90% off the top communication service providers. World White. We have 50% market teacher In each of the three segments that we playing. Where is the next biggest competitor? We have has less than 5%. Those three areas are number one network and application performance monitoring for hybrid cloud infrastructure for enterprises, D does and on security for enterprise and service providers and service assurance for service providers, which includes mobile operators, cable providers as well as I speak. Today we operate in 50 plus countries worldwide. We have 25 100 plus employees and 500 plus pattern store credit. >> Impressive story. Let's get right to the issue, though, and how Net scout is actually participating in some of these crucial transformations. I mentioned upfront that one of the biggest challenges that every enterprise has is to focus Maura their attention on those digital assets that are actually driving change and new sources of value named of the data, the services and the devices and the people, the applications or people that use those. So one >> of >> the challenges that we've had is that, ah, focus on devices leads to a focus on certain classes of data that are mainly improved or focus on improving the productivity of devices. Give us a background and how that's what that means. >> Let me in to do the concept of smart data that's that's born out ofthe nets, calibrated with smart data. Next called Pioneer. The leverage off Wired ate our package data three decades back that drives over ingenious portfolio that drives net ops and cloud tops. S i r. Adapt to service intelligence. This is a smart data that comes out ofthe packets with S I smart data. We uniquely converge application and network performance monitoring you are customers Toro visibility across application tears and two and networks and diverse data center locations. >> So just toe pick up on that moving away from a log focus, which is again mainly, Let's improve the productivity of the device. We're moving in a sigh, which is focus on Let's improve the productivity of the connection in the application. >> Absolutely absolute. And we'll talk a little bit more about long. Let's talk about Log and Net flew other sources of data that folks have gravitated towards, which is not there, not there, not authority to by any means. Let's say log data, for example, this log data, you know, as soon as a threat actor, for example, gets access to your systems. The first thing the protector will do is to turn off flogging are doing verse changed the log days, change the cyst, log messaging itself. Let's take a look at net flow data. For example, Net flow data number one Problem is, it's not Doesn't have layers. Seven. Intelligence, innit? Number two. It's not generated by all the devices in the network. For example, the Coyote devices do not generate any kind of flow data, so only data that authoritative and that comes with high fidelity is packet or wire data. That's one element off of smart data that we have the other element of smart data comes from our arbor portfolio. Arbor products are deployed in 400 plus tier one operators, mobile operators and service providers worldwide. And as such, we see 1/3 of the Internet traffic to our strategically located. Sensors in the service provider corps were able to generate another type of smart data that we call Atlas Intelligence feed R A F in sharp air for it. Plus intelligence Feed essentially tracks cyber reputation across domains across joe locations and across user identities. The combination of the A S I smart data that is generated from the core of the hybrid cloud infrastructure. Let's call it intranet and F Smart data that is generated from the Internet Corps gives Net Scout a unique data set combination that's unparalleled in the marketplace and makes us perhaps Lee, one of the food vendors who can drive a consolidated visibility architectures across net ops, cloud ups and second >> Okay, So let's turn that into against very practical things for folks, because what it has historically done is by focusing on individual devices or classes of devices and the data that those devices generate, they end up with a panoply Ah, wide arrangement of security tools that are each good at optimizing those devices with those, he said, they may not necessarily be a forte tive, but it's difficult to weave that into a consolidated, unified SEC ops Net ops overall, not just architecture but platform for performing the work crucial work of sustaining your digital business infrastructure. How does smart data translate into unified operation >> is appoint Peter? Thank you. That's a very good point. So let me give an example and talk about the customers that we have deployed our smart data, our hybrid cloud infrastructure. This is a typical Fortune 500 where we are deployed. Next card is deployed as the hybrid cloud monitoring infrastructure, and the networks in the club cloud upside. Typically, you will see this type of organization has one tool to cover the entire hybrid cloud monitoring infrastructure across their entire portfolio, whether it is on Prem, whether it's in the cloud, whether it's in the core location facility. But when you look at the SEC locks and the security side, the story is completely different. The same organization, the same Enterprise customer, has 25 to 30 different disparate display tools As a matter of fact, analysts are saying today that a typical Fortune 500 the US has 70 disparate security tools. Why is that the case? Why is it that on the net tops and cloud upside, they need 11 tool net scout, for example? But in the second up there, 70 different products. The reason is not only smart data but also smart architecture. So what? We have seen what we have done over the past three decades, We have designed this two tier architecture that generates Margarita. The dear one is our distributed instrumentation of sense of framework, which we call in Finnish Stream or the Stream. This is the distributor sensor framework that is deployed in the hybrid cloud infrastructure that generates the smart data. And then we had the centralized Analytics layer, which is our ingenious platform that essentially correlates data across the hybrid cloud infrastructure and provide customers complete visibility across the portfolio off the data centers. On the second upside, security side security is roughly 1 10 to 15 years old. Security tried to emulate the studio model as well, but the security industry failed. In doing that, nobody could design this distributed sensor instrumentation cost effectively tto make violate our feasible for analytics with the result they migrated to. As you said, this subpar sources of data like CeCe log like net flow. And today they put all the emphasis on the analytics layer with the result. They need one tool for use case or one vendor per use case on the second offside. And that's why you see the two proliferation because they don't have this distributed sensor framework that will make violate our package data feasible for the analytics lately. >> And I want I want to build on something you're saying because, uh, the it's a It's a misperception that all resources and all work of digital business and technology is going to end up in a central crowd location. The cloud really is an architecture form or broad distribution of data and work, which means, ultimately, that if we don't deal with this proliferation security tools now we're going tow. Probably have an even greater explosion in the number of security tools, which will mohr radically diminish or ability to establish new classes of options and digital business. >> Very good point. As a matter of fact, just a couple of years back, the average number of tools was 40 in in a SEC cops portfolio on enterprise has in the U. S. To date 70 it could go 200. But if you look at the risk profile, well, this profile has stayed the same, are in and make mint. Many cases deteriorated, right? What we found is the tool that a number of tools is going up. The cost of breaches going up the third. The number of breaches are going up, and at the same time, the number of analysts is always and Earth. So in short, high investments on the security side failed to reduce risk. So the risk and investment factor both are going in the north bound go, both are going up. So how do you control that? How do you make them come down? The only way? Smart data on a smart platform on a smart analytics later. >> Yeah. Again, let me emphasize this crucial point because it's one of things that we've seen in our conversation with clients is, ah, proliferation of tools. Proliferation of data leads to a proliferation of tasks and response responsibilities within a business, and you end up with more human failures of consequence. So by bringing all these things together, you end up with smarter data, smarter platform, simpler operations, more unified operations and get greater leverage. So so, let's talk then about ultimately, how should a business What's the road map? What's the next two or three things that an enterprise needs to do to start bringing these to start unifying these resources and generating the simplicity so that you open up greater strategic options for how you configure your digital business? >> That's a very good point. So >> two things we talked about already one is smart data relying on smart data, which comes from wide ate our package data. And the second is smart, smart architecture, which comprises of this two tier architecture with distributed instrumentation and centralized analytics. What happens when you do that is the first thing is early warning detection. What we have realized, Peter, is that if you look at the traditional kill chain in Lockheed Martin's kill chain, our miter mortal that people are using now traditional reconnaissance weaponization shin as well as ex filtration, we have seen that if you rely, if you generate analytics based on packet date are smart data, which we do as a net scow. You can detect these phases much earlier than if you rely on device data. Net floor, sis log. So what I call day minus not day zero, but day minus so leveraging the smart data and smart architecture. Er, we're able tto detect these threats or compromises much earlier than a traditional kill chain more than lot of miter models, >> but But again, the reason why is because we're looking at patterns in the traffic. >> We're looking at behavioral patterns in the traffic. That's correct. Let me go little bit more technical, if you will, were looking at transactions at the DNA's level, transactions at the CP level or at the active directly level that happened much earlier than when electoral movement or a reconnaissance is detected. This happens much earlier because we have the smart data, the wide ADA that enables us to do this early warning detection, >> get more visibility to source as opposed to the target. >> That's correct. The second thing that happens with US smart architecture, the two tier architecture is the consolidation of fuse case. We talked about it a little bit, so today if you want in our in our hybrid cloud scenario that we the next card is deployed in Fortune five hundreds. Over the past 23 decades, our customers have moved from private cloud infrastructure. First they had the core righty. Then they moved Private cloud. You know, I am Francisco. Then they moved echolocation clinics and others. And then they moved also to public cloud. All the workloads are migrating and everywhere we did not make any change to our instrumentation there. Can you believe it? No changes You only changes we made was in the analytics layer to take care of the news cases. So with the result, we could consolidate multiple whose case is in the cloud monitoring in tow. One platform, the smart platform that smart data. Now we're building that value into security with the smart platform and smart data that we talked about. So the consolidation of use cases on the security side is the second advantage other than the early warning detection that we talked about. >> So this has got to improve. Detection has got intrude. Management's gonna improve. Forensics. If I got that right, >> made a good point. And forensics we should talk about a little bit more. Perhaps the second set of things that we're doing is we have done is consolidate in the SEC upside forensics and detection. So let me explain that a little bit more. If you look at a typical enterprise today, they use Seymour security information and even management platforms to correlate data from multiple sources. So in the event off a seam alert, off alert generated best SIM platform forensics teams need to determine what happened and what systems were impacted. Essentially the what when, how, where off, the off the alert or the compromise that has been detected today. As we said, security teams are not using packet data at all but foreign. 16. In orderto validate that alert, they need toe access sessions. They need to access packets belonging to that Ellen, but they cannot today because none of the devices none of the security platforms is using violator in the first place. So what the security teams are doing? Forensic analysts. They're leveraging devices like via shark and tracking investigations with spreadsheets. This is delaying the investigation time. As you know today, it's well known that this cause is alert, fatigue and 50% of the alerts that are going to the seam today are disregarded by the security analysts. With the result, the real threats are getting unabated, and enterprises come to know about a security breach from the media rather than from their own IT department. >> Sanjay. So we've had a great conversation talking about how smart data smart platform is going to lead to greater unification of tasks, people, responsibilities and set ups and net tops and some of the it impacts on eh enterprises Overall response stance both from a detection, management and forensic standpoint. So what's going on? Thank you very much for being on the cue. Sanjay Moon. She Thank you. Thank you. And thanks again for joining us for the Cube conversation. We've been Sanjay Moon, she of Net scout technology. I'm Peter Burke's. See you next time