>> Narrator: "TheCUBE" presents Ignite 22. Brought to you by Palo Alto Networks. >> Hey everyone. Welcome back to "TheCUBE's" live coverage of Palo Alto Network's Ignite 22 from the MGM Grand in beautiful Las Vegas. I am Lisa Martin here with Dave Vellante. Dave, we just had a great conversa- First of all, we got to hear the keynote, most of it. We also just had a great conversation with the CEO and chairman of Palo Alto Networks, Nikesh Arora. You know, this is a company that was founded back in 2005, he's been there four years, a lot has happened. A lot of growth, a lot of momentum in his tenure. You were saying in your breaking analysis, that they are on track to nearly double revenues from FY 20 to 23. Lots of momentum in this cloud security company. >> Yeah, I'd never met him before. I mean, I've been following a little bit. It's interesting, he came in as, sort of, a security outsider. You know, he joked today that he, the host, I forget the guy's name on the stage, what was his name? Hassan. Hassan, he said "He's the only guy in the room that knows less about security than I do." Because, normally, this is an industry that's steeped in deep expertise. He came in and I think is given a good compliment to the hardcore techies at Palo Alto Network. The company, it's really interesting. The company started out building their own data centers, they called it. Now they look back and call it cloud, but it was their own data centers, kind of like Salesforce did, it's kind of like ServiceNow. Because at the time, you really couldn't do it in the public cloud. The public cloud was a little too unknown. And so they needed that type of control. But Palo Alto's been amazing story since 2020, we wrote about this during the pandemic. So what they did, is they began to pivot to the the true cloud native public cloud, which is kind of immature still. They don't tell you that, but it's kind of still a little bit immature, but it's working. And when they were pivoting, it was around the same time, at Fortinet, who's a competitor there's like, I call 'em a poor man's Palo Alto, and Fortinet probably hates that, but it's kind of true. It's like a value play on a comprehensive platform, and you know Fortinet a little bit. And so, but what was happening is Fortinet was executing on its cloud strategy better than Palo Alto. And there was a real divergence in the valuations of these stocks. And we said at the time, we felt like Palo Alto, being the gold standard, would get through it. And they did. And what's happened is interesting, I wrote about this two weeks ago. If you go back to the pandemic, peak of the pandemic, or just before the peak, kind of in that tech bubble, if you will. Splunk's down 44% from that peak, Okta's down, sorry, not down 44%. 44% of the peak. Okta's 22% of their peak. CrowdStrike, 41%, Zscaler, 36%, Fortinet, 71%. Not so bad. Palo Altos maintained 93% of its peak value, right? So it's a combination of two things. One is, they didn't run up as much during the pandemic, and they're executing through their cloud strategy. And that's provided a sort of softer landing. And I think it's going to be interesting to see where they go from here. And you heard Nikesh, we're going to double, and then double again. So that's 7 billion, 14 billion, heading to 30 billion. >> Lisa: Yeah, yeah. He also talked about one of the things that he's done in his tenure here, as really a workforce transformation. And we talk all the time, it's not just technology and processes, it's people. They've also seemed to have done a pretty good job from a cultural transformation perspective, which is benefiting their customers. And they're also growing- The ecosystem, we talked a little bit about the ecosystem with Nikesh. We've got Google Cloud on, we've got AWS on the program today alone, talking about the partnerships. The ecosystem is expanding, as well. >> Have you ever met Nir Zuk? >> I have not, not yet. >> He's the founder and CTO. I haven't, we've never been on "theCUBE." He was supposed to come on one day down in New York City. Stu and I were going to interview him, and he cut out of the conference early, so we didn't interview him. But he's a very opinionated dude. And you're going to see, he's basically going to come on, and I mean, I hope he is as opinionated on "TheCUBE," but he'll talk about how the industry has screwed it up. And Nikesh sort of talked about that, it's a shiny new toy strategy. Oh, there's another one, here's another one. It's the best in that category. Okay, let's get, and that's how we've gotten to this point. I always use that Optive graphic, which shows the taxonomy, and shows hundreds and hundreds of suppliers in the industry. And again, it's true. Customers have 20, 30, sometimes 40 different tool sets. And so now it's going to be interesting to see. So I guess my point is, it starts at the top. The founder, he's an outspoken, smart, tough Israeli, who's like, "We're going to take this on." We're not afraid to be ambitious. And so, so to your point about people and the culture, it starts there. >> Absolutely. You know, one of the things that you've written about in your breaking analysis over the weekend, Nikesh talked about it, they want to be the consolidator. You see this as they're building out the security supercloud. Talk to me about that. What do you think? What is a security supercloud in your opinion? >> Yeah, so let me start with the consolidator. So Palo Alto obviously is executing on that strategy. CrowdStrike as well, wants to be a consolidator. I would say Zscaler wants to be a consolidator. I would say that Microsoft wants to be a consolidator, so does Cisco. So they're all coming at it from different angles. Cisco coming at it from network security, which is Palo Alto's wheelhouse, with their next gen firewalls, network security. What Palo Alto did was interesting, was they started out with kind of a hardware based firewall, but they didn't try to shove everything into it. They put the other function in there, their cloud. Zscaler. Zscaler is the one running around saying you don't need firewalls anymore. Just run everything through our cloud, our security cloud. I would think that as Zscaler expands its TAM, it's going to start to acquire, and do similar types of things. We'll see how that integrates. CrowdStrike is clearly executing on a similar portfolio strategy, but they're coming at it from endpoint, okay? They have to partner for network security. Cisco is this big and legacy, but they've done a really good job of acquiring and using services to hide some of that complexity. Microsoft is, you know, they probably hate me saying this, but it's the just good enough strategy. And that may have hurt CrowdStrike last quarter, because the SMB was a soft, we'll see. But to specifically answer your question, the opportunity, we think, is to build the security supercloud. What does that mean? That means to have a common security platform across all clouds. So irrespective of whether you're running an Amazon, whether you're running an on-prem, Google, or Azure, the security policies, and the edicts, and the way you secure your enterprise, look the same. There's a PaaS layer, super PaaS layer for developers, so that that the developers can secure their code in a common framework across cloud. So that essentially, Nikesh sort of balked at it, said, "No, no, no, we're not, we're not really building a super cloud." But essentially they kind of are headed in that direction, I think. Although, what I don't know, like CrowdStrike and Microsoft are big competitors. He mentioned AWS and Google. We run on AWS, Google, and in their own data centers. That sounds like they don't currently run a Microsoft. 'Cause Microsoft is much more competitive with the security ecosystem. They got Identity, so they compete with Okta. They got Endpoint, so they compete with CrowdStrike, and Palo Alto. So Microsoft's at war with everybody. So can you build a super cloud on top of the clouds, the hyperscalers, and not do Microsoft? I would say no. >> Right. >> But there's nothing stopping Palo Alto from running in the Microsoft cloud. I don't know if that's a strategy, we should ask them. >> Yeah. They've done a great job in our last few minutes, of really expanding their TAM in the last few years, particularly under Nikesh's leadership. What are some of the things that you heard this morning that you think, really they've done a great job of expanding that TAM. He talked a little bit about, I didn't write the number down, but he talked a little bit about the market opportunity there. What do you see them doing as being best of breed for organizations that have 30 to 50 tools and need to consolidate that? >> Well the market opportunity's enormous. >> Lisa: It is. >> I mean, we're talking about, well north of a hundred billion dollars, I mean 150, 180, depending on whose numerator you use. Gartner, IDC. Dave's, whatever, it's big. Okay, and they've got... Okay, they're headed towards 7 billion out of 180 billion, whatever, again, number you use. So they started with network security, they put most of the network function in the cloud. They moved to Endpoint, Sassy for the edge. They've done acquisitions, the Cortex acquisition, to really bring automated threat intelligence. They just bought Cider Security, which is sort of the shift left, code security, developer, assistance, if you will. That whole shift left, protect right. And so I think a lot of opportunities to continue to acquire best of breed. I liked what Nikesh said. Keep the founders on board, sell them on the mission. Let them help with that integration and putting forth the cultural aspects. And then, sort of, integrate in. So big opportunities, do they get into Endpoint and compete with Okta? I think Okta's probably the one sort of outlier. They want to be the consolidator of identity, right? And they'll probably partner with Okta, just like Okta partners with CrowdStrike. So I think that's part of the challenge of being the consolidator. You're probably not going to be the consolidator for everything, but maybe someday you'll see some kind of mega merger of these companies. CrowdStrike and Okta, or Palo Alto and Okta, or to take on Microsoft, which would be kind of cool to watch. >> That would be. We have a great lineup, Dave. Today and tomorrow, full days, two full days of cube coverage. You mentioned Nir Zuk, we already had the CEO on, founder and CTO. We've got the chief product officer coming on next. We've got chief transformation officer of customers, partners. We're going to have great conversations, and really understand how this organization is helping customers ultimately achieve their SecOps transformation, their digital transformation. And really moved the needle forward to becoming secure data companies. So I'm looking forward to the next two days. >> Yeah, and Wendy Whitmore is coming on. She heads Unit 42, which is, from what I could tell, it's pretty much the competitor to Mandiant, which Google just bought. We had Kevin Mandia on at September at the CrowdStrike event. So that's interesting. That's who I was poking Nikesh a little bit on industry collaboration. You're tight with Google, and then he had an interesting answer. He said "Hey, you start sharing data, you don't know where it's going to go." I think Snowflake could help with that problem, actually. >> Interesting. >> Yeah, little Snowflake and some of the announcements ar Reinvent with the data clean rooms. Data sharing, you know, trusted data. That's one of the other things we didn't talk about, is the real tension in between security and regulation. So the regulators in public policy saying you can't move the data out of the country. And you have to prove to me that you have a chain of custody. That when you say you deleted something, you have to show me that you not only deleted the file, then the data, but also the metadata. That's a really hard problem. So to my point, something that Palo Alto might be able to solve. >> It might be. It'll be an interesting conversation with Unit 42. And like we said, we have a great lineup of guests today and tomorrow with you, so stick around. Lisa Martin and Dave Vellante are covering Palo Alto Networks Ignite 22 for you. We look forward to seeing you in our next segment. Stick around. (light music)

>> From "theCube" Studios in Palo Alto in Boston bringing you data-driven insights from "theCube" and ETR. This is "Breaking Analysis" with Dave Vellante. >> As an independent pure play company, Palo Alto Networks has earned its status as the leader in security. You can measure this in a variety of ways. Revenue, market cap, execution, ethos, and most importantly, conversations with customers generally. In CISO specifically, who consistently affirm this position. The company's on track to double its revenues in fiscal year 23 relative to fiscal year 2020. Despite macro headwinds, which are likely to carry through next year, Palo Alto owes its position to a clarity of vision and strong execution on a TAM expansion strategy through acquisitions and integration into its cloud and SaaS offerings. Hello and welcome to this week's "Wikibon Cube Insights" powered by ETR and this breaking analysis and ahead of Palo Alto Ignite the company's user conference, we bring you the next chapter on top of the last week's cybersecurity update. We're going to dig into the ETR data on Palo Alto Networks as we promised and provide a glimpse of what we're going to look for at "Ignite" and posit what Palo Alto needs to do to stay on top of the hill. Now, the challenges for cybersecurity professionals. Dead simple to understand. Solving it, not so much. This is a taxonomic eye test, if you will, from Optiv. It's one of our favorite artifacts to make the point the cybersecurity landscape is a mosaic of stovepipes. Security professionals have to work with dozens of tools many legacy combined with shiny new toys to try and keep up with the relentless pace of innovation catalyzed by the incredibly capable well-funded and motivated adversaries. Cybersecurity is an anomalous market in that the leaders have low single digit market shares. Think about that. Cisco at one point held 60% market share in the networking business and it's still deep into the 40s. Oracle captures around 30% of database market revenue. EMC and storage at its peak had more than 30% of that market. Even Dell's PC market shares, you know, in the mid 20s or even over that from a revenue standpoint. So cybersecurity from a market share standpoint is even more fragmented perhaps than the software industry. Okay, you get the point. So despite its position as the number one player Palo Alto might have maybe three maybe 4% of the total market, depending on what you use as your denominator, but just a tiny slice. So how is it that we can sit here and declare Palo Alto as the undisputed leader? Well, we probably wouldn't go that far. They probably have quite a bit of competition. But this CISO from a recent ETR round table discussion with our friend Eric Bradley, summed up Palo Alto's allure. We thought pretty well. The question was why Palo Alto Networks? Here's the answer. Because of its completeness as a platform, its ability to integrate with its own products or they acquire, integrate then rebrand them as their own. We've looked at other vendors we just didn't think they were as mature and we already had implemented some of the Palo Alto tools like the firewalls and stuff and we thought why not go holistically with the vendor a single throat to choke, if you will, if stuff goes wrong. And I think that was probably the primary driver and familiarity with the tools and the resources that they provided. Now here's another stat from ETR's Eric Bradley. He gave us a glimpse of the January survey that's in the field now. The percent of IT buyers stating that they plan to consolidate redundant vendors, it went from 34% in the October survey and now stands at 44%. So we fo we feel this bodes well for consolidators like Palo Alto networks. And the same is true from Microsoft's kind of good enough approach. It should also be true for CrowdStrike although last quarter we saw softness reported on in their SMB market, whereas interestingly MongoDB actually saw consistent strength from its SMB and its self-serve. So that's something that we're watching very closely. Now, Palo Alto Networks has held up better than most of its peers in the stock market. So let's take a look at that real quick. This chart gives you a sense of how well. It's a one year comparison of Palo Alto with the bug ETF. That's the cyber basket that we like to compare often CrowdStrike, Zscaler, and Okta. Now remember Palo Alto, they didn't run up as much as CrowdStrike, ZS and Okta during the pandemic but you can see it's now down unquote only 9% for the year. Whereas the cyber basket ETF is off 27% roughly in line with the NASDAQ. We're not showing that CrowdStrike down 44%, Zscaler down 61% and Okta off a whopping 72% in the past 12 months. Now as we've indicated, Palo Alto is making a strong case for consolidating point tools and we think it will have a much harder time getting customers to switch off of big platforms like Cisco who's another leader in network security. But based on the fragmentation in the market there's plenty of room to grow in our view. We asked breaking analysis contributor Chip Simington for his take on the technicals of the stock and he said that despite Palo Alto's leadership position it doesn't seem to make much difference these days. It's all about interest rates. And even though this name has performed better than its peers, it looks like the stock wants to keep testing its 52 week lows, but he thinks Palo Alto got oversold during the last big selloff. And the fact that the company's free cash flow is so strong probably keeps it at the one 50 level or above maybe bouncing around there for a while. If it breaks through that under to the downside it's ne next test is at that low of around one 40 level. So thanks for that, Chip. Now having get that out of the way as we said on the previous chart Palo Alto has strong opinions, it's founder and CTO, Nir Zuk, is extremely clear on that point of view. So let's take a look at how Palo Alto got to where it is today and how we think you should think about his future. The company was founded around 18 years ago as a network security company focused on what they called NextGen firewalls. Now, what Palo Alto did was different. They didn't try to stuff a bunch of functionality inside of a hardware box. Rather they layered network security functions on top of its firewalls and delivered value as a service through software running at the time in its own cloud. So pretty obvious today, but forward thinking for the time and now they've moved to a more true cloud native platform and much more activity in the public cloud. In February, 2020, right before the pandemic we reported on the divergence in market values between Palo Alto and Fort Net and we cited some challenges that Palo Alto was happening having transitioning to a cloud native model. And at the time we said we were confident that Palo Alto would make it through the knot hole. And you could see from the previous chart that it has. So the company's architectural approach was to do the heavy lifting in the cloud. And this eliminates the need for customers to deploy sensors on prem or proxies on prem or sandboxes on prem sandboxes, you know for instance are vulnerable to overwhelming attacks. Think about it, if you're a sandbox is on prem you're not going to be updating that every day. No way. You're probably not going to updated even every week or every month. And if the capacity of your sandbox is let's say 20,000 files an hour you know a hacker's just going to turn up the volume, it'll overwhelm you. They'll send a hundred thousand emails attachments into your sandbox and they'll choke you out and then they'll have the run of the house while you're trying to recover. Now the cloud doesn't completely prevent that but what it does, it definitely increases the hacker's cost. So they're going to probably hit some easier targets and that's kind of the objective of security firms. You know, increase the denominator on the ROI. All right, the next thing that Palo Alto did is start acquiring aggressively, I think we counted 17 or 18 acquisitions to expand the TAM beyond network security into endpoint CASB, PaaS security, IaaS security, container security, serverless security, incident response, SD WAN, CICD pipeline security, attack service management, supply chain security. Just recently with the acquisition of Cider Security and Palo Alto by all accounts takes the time to integrate into its cloud and SaaS platform called Prisma. Unlike many acquisitive companies in the past EMC was a really good example where you ended up with a kind of a Franken portfolio. Now all this leads us to believe that Palo Alto wants to be the consolidator and is in a good position to do so. But beyond that, as multi-cloud becomes more prevalent and more of a strategy customers tell us they want a consistent experience across clouds. And is going to be the same by the way with IoT. So of the next wave here. Customers don't want another stove pipe. So we think Palo Alto is in a good position to build what we call the security super cloud that layer above the clouds that brings a common experience for devs and operational teams. So of course the obvious question is this, can Palo Alto networks continue on this path of acquire and integrate and still maintain best of breed status? Can it? Will it? Does it even have to? As Holger Mueller of Constellation Research and I talk about all the time integrated suites seem to always beat best of breed in the long run. We'll come back to that. Now, this next graphic that we're going to show you underscores this question about portfolio. Here's a picture and I don't expect you to digest it all but it's a screen grab of Palo Alto's product and solutions portfolios, network cloud, network security rather, cloud security, Sassy, CNAP, endpoint unit 42 which is their threat intelligence platform and every imaginable security service and solution for customers. Well, maybe not every, I'm sure there's more to come like supply chain with the recent Cider acquisition and maybe more IoT beyond ZingBox and earlier acquisition but we're sure there will be more in the future both organic and inorganic. Okay, let's bring in more of the ETR survey data. For those of you who don't know ETR, they are the number one enterprise data platform surveying thousands of end customers every quarter with additional drill down surveys and customer round tables just an awesome SaaS enabled platform. And here's a view that shows net score or spending momentum on the vertical axis in provision or presence within the ETR data set on the horizontal axis. You see that red dotted line at 40%. Anything at or over that indicates a highly elevated net score. And as you can see Palo Alto is right on that line just under. And I'll give you another glimpse it looks like Palo Alto despite the macro may even just edge up a bit in the next survey based on the glimpse that Eric gave us. Now those colored bars in the bottom right corner they show the breakdown of Palo Alto's net score and underscore the methodology that ETR uses. The lime green is new customer adoptions, that's 7%. The forest green at 38% represents the percent of customers that are spending 6% or more on Palo Alto solutions. The gray is at that 40 or 8% that's flat spending plus or minus 5%. The pinkish at 5% is spending is down on Palo Alto network products by 6% or worse. And the bright red at only 2% is churn or defections. Very low single digit numbers for Palo Alto, that's a real positive. What you do is you subtract the red from the green and you get a net score of 38% which is very good for a company of Palo Alto size. And we'll note this is based on just under 400 responses in the ETR survey that are Palo Alto customers out of around 1300 in the total survey. It's a really good representation of Palo Alto. And you can see the other leading companies like CrowdStrike, Okta, Zscaler, Forte, Cisco they loom large with similar aspirations. Well maybe not so much Okta. They don't necessarily rule want to rule the world. They want to rule identity and of course the ever ubiquitous Microsoft in the upper right. Now drilling deeper into the ETR data, let's look at how Palo Alto has progressed over the last three surveys in terms of market presence in the survey. This view of the data shows provision in the data going back to October, 2021, that's the gray bars. The blue is July 22 and the yellow is the latest survey from October, 2022. Remember, the January survey is currently in the field. Now the leftmost set of data there show size a company. The middle set of data shows the industry for a select number of industries in the right most shows, geographic region. Notice anything, yes, Palo Alto up across the board relative to both this past summer and last fall. So that's pretty impressive. Palo Alto network CEO, Nikesh Aurora, stressed on the last earnings call that the company is seeing somewhat elongated deal approvals and sometimes splitting up size of deals. He's stressed that certain industries like energy, government and financial services continue to spend. But we would expect even a pullback there as companies get more conservative. But the point is that Nikesh talked about how they're hiring more sales pros to work the pipeline because they understand that they have to work harder to pull deals forward 'cause they got to get more approvals and they got to increase the volume that's coming through the pipeline to account for the possibility that certain companies are going to split up the deals, you know, large deals they want to split into to smaller bite size chunks. So they're really going hard after they go to market expansion to account for that. All right, so we're going to wrap by sharing what we expect and what we're going to probe for at Palo Alto Ignite next week, Lisa Martin and I will be hosting "theCube" and here's what we'll be looking for. First, it's a four day event at the MGM with the meat of the program on days two and three. That's day two was the big keynote. That's when we'll start our broadcasting, we're going for two days. Now our understanding is we've never done Palo Alto Ignite before but our understanding it's a pretty technically oriented crowd that's going to be eager to hear what CTO and founder Nir Zuk has to say. And as well CEO Nikesh Aurora and as in addition to longtime friend of "theCube" and current president, BJ Jenkins, he's going to be speaking. Wendy Whitmore runs Unit 42 and is going to be several other high profile Palo Alto execs, as well, Thomas Kurian from Google is a featured speaker. Lee Claridge, who is Palo Alto's, chief product officer we think is going to be giving the audience heavy doses of Prisma Cloud and Cortex enhancements. Now, Cortex, you might remember, came from an acquisition and does threat detection and attack surface management. And we're going to hear a lot about we think about security automation. So we'll be listening for how Cortex has been integrated and what kind of uptake that it's getting. We've done some, you know, modeling in from the ETR. Guys have done some modeling of cortex, you know looks like it's got a lot of upside and through the Palo Alto go to market machine, you know could really pick up momentum. That's something that we'll be probing for. Now, one of the other things that we'll be watching is pricing. We want to talk to customers about their spend optimization, their spending patterns, their vendor consolidation strategies. Look, Palo Alto is a premium offering. It charges for value. It's expensive. So we also want to understand what kind of switching costs are customers willing to absorb and how onerous they are and what's the business case look like? How are they thinking about that business case. We also want to understand and really probe on how will Palo Alto maintain best of breed as it continues to acquire and integrate to expand its TAM and appeal as that one-stop shop. You know, can it do that as we talked about before. And will it do that? There's also an interesting tension going on sort of changing subjects here in security. There's a guy named Edward Hellekey who's been in "theCube" before. He hasn't been in "theCube" in a while but he's a security pro who has educated us on the nuances of protecting data privacy, public policy, how it varies by region and how complicated it is relative to security. Because securities you technically you have to show a chain of custody that proves unequivocally, for example that data has been deleted or scrubbed or that metadata does. It doesn't include any residual private data that violates the laws, the local laws. And the tension is this, you need good data and lots of it to have good security, really the more the better. But government policy is often at odds in a major blocker to sharing data and it's getting more so. So we want to understand this tension and how companies like Palo Alto are dealing with it. Our customers testing public policy in courts we think not quite yet, our government's making exceptions and policies like GDPR that favor security over data privacy. What are the trade-offs there? And finally, one theme of this breaking analysis is what does Palo Alto have to do to stay on top? And we would sum it up with three words. Ecosystem, ecosystem, ecosystem. And we said this at CrowdStrike Falcon in September that the one concern we had was the pace of ecosystem development for CrowdStrike. Is collaboration possible with competitors? Is being adopted aggressively? Is Palo Alto being adopted aggressively by global system integrators? What's the uptake there? What about developers? Look, the hallmark of a cloud company which Palo Alto is a cloud security company is a thriving ecosystem that has entries into and exits from its platform. So we'll be looking at what that ecosystem looks like how vibrant and inclusive it is where the public clouds fit and whether Palo Alto Networks can really become the security super cloud. Okay, that's a wrap stop by next week. If you're in Vegas, say hello to "theCube" team. We have an unbelievable lineup on the program. Now if you're not there, check out our coverage on theCube.net. I want to thank Eric Bradley for sharing a glimpse on short notice of the upcoming survey from ETR and his thoughts. And as always, thanks to Chip Symington for his sharp comments. Want to thank Alex Morrison, who's on production and manages the podcast Ken Schiffman as well in our Boston studio, Kristen Martin and Cheryl Knight they help get the word out on social and of course in our newsletters, Rob Hoof, is our editor in chief over at Silicon Angle who does some awesome editing, thank you to all. Remember all these episodes they're available as podcasts. Wherever you listen, all you got to do is search "Breaking Analysis" podcasts. I publish each week on wikibon.com and silicon angle.com where you can email me at david.valante@siliconangle.com or dm me at D Valante or comment on our LinkedIn post. And please do check out etr.ai. They've got the best survey data in the enterprise tech business. This is Dave Valante for "theCube" Insights powered by ETR. Thanks for watching. We'll see you next week on "Ignite" or next time on "Breaking Analysis". (upbeat music)

(upbeat music) >> From theCube Studios in Palo Alto in Boston, bringing you data driven insights from theCube and ETR. This is Breaking Analysis with Dave Vellante. >> While by no means a safe haven, the cybersecurity sector has outpaced the broader tech market by a meaningful margin, that is up until very recently. Cybersecurity remains the number one technology priority for the C-suite, but as we've previously reported the CISO's budget has constraints just like other technology investments. Recent trends show that economic headwinds have elongated sales cycles, pushed deals into future quarters, and just like other tech initiatives, are pacing cybersecurity investments and breaking them into smaller chunks. Hello and welcome to this week's Wikibon Cube Insights powered by ETR. In this Breaking Analysis we explain how cybersecurity trends are reverting to the mean and tracking more closely with other technology investments. We'll make a couple of valuation comparisons to show the magnitude of the challenge and which cyber firms are feeling the heat, which aren't. There are some exceptions. We'll then show the latest survey data from ETR to quantify the contraction in spending momentum and close with a glimpse of the landscape of emerging cybersecurity companies, the private companies that could be ripe for acquisition, consolidation, or disruptive to the broader market. First, let's take a look at the recent patterns for cyber stocks relative to the broader tech market as a benchmark, as an indicator. Here's a year to date comparison of the bug ETF, which comprises a basket of cyber security names, and we compare that with the tech heavy NASDAQ composite. Notice that on April 13th of this year the cyber ETF was actually in positive territory while the NAS was down nearly 14%. Now by August 16th, the green turned red for cyber stocks but they still meaningfully outpaced the broader tech market by more than 950 basis points as of December 2nd that Delta had contracted. As you can see, the cyber ETF is now down nearly 25%, year to date, while the NASDAQ is down 27% and change. Now take a look at just how far a few of the high profile cybersecurity names have fallen. Here are six security firms that we've been tracking closely since before the pandemic. We've been, you know, tracking dozens but let's just take a look at this data and the subset. We show for comparison the S&P 500 and the NASDAQ, again, just for reference, they're both up since right before the pandemic. They're up relative to right before the pandemic, and then during the pandemic the S&P shot up more than 40%, relative to its pre pandemic level, around February is what we're using for the pre pandemic level, and the NASDAQ peaked at around 65% higher than that February level. They're now down 85% and 71% of their previous. So they're at 85% and 71% respectively from their pandemic highs. You compare that to these six companies, Splunk, which was and still is working through a transition is well below its pre pandemic market value and 44, it's 44% of its pre pandemic high as of last Friday. Palo Alto Networks is the most interesting here, in that it had been facing challenges prior to the pandemic related to a pivot to the Cloud which we reported on at the time. But as we said at that time we believe the company would sort out its Cloud transition, and its go to market challenges, and sales compensation issues, which it did as you can see. And its valuation jumped from 24 billion prior to Covid to 56 billion, and it's holding 93% of its peak value. Its revenue run rate is now over 6 billion with a healthy growth rate of 24% expected for the next quarter. Similarly, Fortinet has done relatively well holding 71% of its peak Covid value, with a healthy 34% revenue guide for the coming quarter. Now, Okta has been the biggest disappointment, a darling of the pandemic Okta's communication snafu, with what was actually a pretty benign hack combined with difficulty absorbing its 7 billion off zero acquisition, knocked the company off track. Its valuation has dropped by 35 billion since its peak during the pandemic, and that's after a nice beat and bounce back quarter just announced by Okta. Now, in our view Okta remains a viable long-term leader in identity. However, its recent fiscal 24 revenue guide was exceedingly conservative at around 16% growth. So either the company is sandbagging, or has such poor visibility that it wants to be like super cautious or maybe it's actually seeing a dramatic slowdown in its business momentum. After all, this is a company that not long ago was putting up 50% plus revenue growth rates. So it's one that bears close watching. CrowdStrike is another big name that we've been talking about on Breaking Analysis for quite some time. It like Okta has led the industry in a key ETR performance indicator that measures customer spending momentum. Just last week, CrowdStrike announced revenue increased more than 50% but new ARR was soft and the company guided conservatively. Not surprisingly, the stock got absolutely crushed as CrowdStrike blamed tepid demand from smaller and midsize firms. Many analysts believe that competition from Microsoft was one factor along with cautious spending amongst those midsize and smaller customers. Notably, large customers remain active. So we'll see if this is a longer term trend or an anomaly. Zscaler is another company in the space that we've reported having great customer spending momentum from the ETR data. But even though the company beat expectations for its recent quarter, like other companies its Outlook was conservative. So other than Palo Alto, and to a lesser extent Fortinet, these companies and others that we're not showing here are feeling the economic pinch and it shows in the compression of value. CrowdStrike, for example, had a 70 billion valuation at one point during the pandemic Zscaler top 50 billion, Okta 45 billion. Now, having said that Palo Alto Networks, Fortinet, CrowdStrike, and Zscaler are all still trading well above their pre pandemic levels that we tracked back in February of 2020. All right, let's go now back to ETR'S January survey and take a look at how much things have changed since the beginning of the year. Remember, this is obviously pre Ukraine, and pre all the concerns about the economic headwinds but here's an X Y graph that shows a net score, or spending momentum on the y-axis, and market presence on the x-axis. The red dotted line at 40% on the vertical indicates a highly elevated net score. Anything above that we think is, you know, super elevated. Now, we filtered the data here to show only those companies with more than 50 responses in the ETR survey. Still really crowded. Note that there were around 20 companies above that red 40% mark, which is a very, you know, high number. It's a, it's a crowded market, but lots of companies with, you know, positive momentum. Now let's jump ahead to the most recent October survey and take a look at what, what's happening. Same graphic plotting, spending momentum, and market presence, and look at the number of companies above that red line and how it's been squashed. It's really compressing, it's still a crowded market, it's still, you know, plenty of green, but the number of companies above 40% that, that key mark has gone from around 20 firms down to about five or six. And it speaks to that compression and IT spending, and of course the elongated sales cycles pushing deals out, taking them in smaller chunks. I can't tell you how many conversations with customers I had, at last week at Reinvent underscoring this exact same trend. The buyers are getting pressure from their CFOs to slow things down, do more with less and, and, and prioritize projects to those that absolutely are critical to driving revenue or cutting costs. And that's rippling through all sectors, including cyber. Now, let's do a bit more playing around with the ETR data and take a look at those companies with more than a hundred citations in the survey this quarter. So N, greater than or equal to a hundred. Now remember the followers of Breaking Analysis know that each quarter we take a look at those, what we call four star security firms. That is, those are the, that are in, that hit the top 10 for both spending momentum, net score, and the N, the mentions in the survey, the presence, the pervasiveness in the survey, and that's what we show here. The left most chart is sorted by spending momentum or net score, and the right hand chart by shared N, or the number of mentions in the survey, that pervasiveness metric. that solid red line denotes the cutoff point at the top 10. And you'll note we've actually cut it off at 11 to account for Auth 0, which is now part of Okta, and is going through a go to market transition, you know, with the company, they're kind of restructuring sales so they can take advantage of that. So starting on the left with spending momentum, again, net score, Microsoft leads all vendors, typical Microsoft, very prominent, although it hadn't always done so, it, for a while, CrowdStrike and Okta were, were taking the top spot, now it's Microsoft. CrowdStrike, still always near the top, but note that CyberArk and Cloudflare have cracked the top five in Okta, which as I just said was consistently at the top, has dropped well off its previous highs. You'll notice that Palo Alto Network Palo Alto Networks with a 38% net score, just below that magic 40% number, is healthy, especially as you look over to the right hand chart. Take a look at Palo Alto with an N of 395. It is the largest of the independent pure play security firms, and has a very healthy net score, although one caution is that net score has dropped considerably since the beginning of the year, which is the case for most of the top 10 names. The only exception is Fortinet, they're the only ones that saw an increase since January in spending momentum as ETR measures it. Now this brings us to the four star security firms, that is those that hit the top 10 in both net score on the left hand side and market presence on the right hand side. So it's Microsoft, Palo Alto, CrowdStrike, Okta, still there even not accounting for a Auth 0, just Okta on its own. If you put in Auth 0, it's, it's even stronger. Adding then in Fortinet and Zscaler. So Microsoft, Palo Alto, CrowdStrike, Okta, Fortinet, and Zscaler. And as we've mentioned since January, only Fortinet has shown an increase in net score since, since that time, again, since the January survey. Now again, this talks to the compression in spending. Now one of the big themes we hear constantly in cybersecurity is the market is overcrowded. Everybody talks about that, me included. The implication there, is there's a lot of room for consolidation and that consolidation can come in the form of M&A, or it can come in the form of people consolidating onto a single platform, and retiring some other vendors, and getting rid of duplicate vendors. We're hearing that as a big theme as well. Now, as we saw in the previous, previous chart, this is a very crowded market and we've seen lots of consolidation in 2022, in the form of M&A. Literally hundreds of M&A deals, with some of the largest companies going private. SailPoint, KnowBe4, Barracuda, Mandiant, Fedora, these are multi billion dollar acquisitions, or at least billion dollars and up, and many of them multi-billion, for these companies, and hundreds more acquisitions in the cyberspace, now less you think the pond is overfished, here's a chart from ETR of emerging tech companies in the cyber security industry. This data comes from ETR's Emerging Technologies Survey, ETS, which is this diamond in a rough that I found a couple quarters ago, and it's ripe with companies that are candidates for M&A. Many would've liked, many of these companies would've liked to, gotten to the public markets during the pandemic, but they, you know, couldn't get there. They weren't ready. So the graph, you know, similar to the previous one, but different, it shows net sentiment on the vertical axis and that's a measurement of, of, of intent to adopt against a mind share on the X axis, which measures, measures the awareness of the vendor in the community. So this is specifically a survey that ETR goes out and, and, and fields only to track those emerging tech companies that are private companies. Now, some of the standouts in Mindshare, are OneTrust, BeyondTrust, Tanium and Endpoint, Net Scope, which we've talked about in previous Breaking Analysis. 1Password, which has been acquisitive on its own. In identity, the managed security service provider, Arctic Wolf Network, a company we've also covered, we've had their CEO on. We've talked about MSSPs as a real trend, particularly in small and medium sized business, we'll come back to that, Sneek, you know, kind of high flyer in both app security and containers, and you can just see the number of companies in the space this huge and it just keeps growing. Now, just to make it a bit easier on the eyes we filtered the data on these companies with with those, and isolated on those with more than a hundred responses only within the survey. And that's what we show here. Some of the names that we just mentioned are a bit easier to see, but these are the ones that really stand out in ERT, ETS, survey of private companies, OneTrust, BeyondTrust, Taniam, Netscope, which is in Cloud, 1Password, Arctic Wolf, Sneek, BitSight, SecurityScorecard, HackerOne, Code42, and Exabeam, and Sim. All of these hit the ETS survey with more than a hundred responses by, by the IT practitioners. Okay, so these firms, you know, maybe they do some M&A on their own. We've seen that with Sneek, as I said, with 1Password has been inquisitive, as have others. Now these companies with the larger footprint, these private companies, will likely be candidate for both buying companies and eventually going public when the markets settle down a bit. So again, no shortage of players to affect consolidation, both buyers and sellers. Okay, so let's finish with some key questions that we're watching. CrowdStrike in particular on its earnings calls cited softness from smaller buyers. Is that because these smaller buyers have stopped adopting? If so, are they more at risk, or are they tactically moving toward the easy button, aka, Microsoft's good enough approach. What does that mean for the market if smaller company cohorts continue to soften? How about MSSPs? Will companies continue to outsource, or pause on on that, as well as try to free up, to try to free up some budget? Adam Celiski at Reinvent last week said, "If you want to save money the Cloud's the best place to do it." Is the cloud the best place to save money in cyber? Well, it would seem that way from the standpoint of controlling budgets with lots of, lots of optionality. You could dial up and dial down services, you know, or does the Cloud add another layer of complexity that has to be understood and managed by Devs, for example? Now, consolidation should favor the likes of Palo Alto and CrowdStrike, cause they're platform players, and some of the larger players as well, like Cisco, how about IBM and of course Microsoft. Will that happen? And how will economic uncertainty impact the risk equation, a particular concern is increase of tax on vulnerable sectors of the population, like the elderly. How will companies and governments protect them from scams? And finally, how many cybersecurity companies can actually remain independent in the slingshot economy? In so many ways the market is still strong, it's just that expectations got ahead of themselves, and now as earnings forecast come, come, come down and come down to earth, it's going to basically come down to who can execute, generate cash, and keep enough runway to get through the knothole. And the one certainty is nobody really knows how tight that knothole really is. All right, let's call it a wrap. Next week we dive deeper into Palo Alto Networks, and take a look at how and why that company has held up so well and what to expect at Ignite, Palo Alto's big user conference coming up later this month in Las Vegas. We'll be there with theCube. Okay, many thanks to Alex Myerson on production and manages the podcast, Ken Schiffman as well, as our newest edition to our Boston studio. Great to have you Ken. Kristin Martin and Cheryl Knight help get the word out on social media and in our newsletters. And Rob Hof is our EIC over at Silicon Angle. He does some great editing for us. Thank you to all. Remember these episodes are all available as podcasts. Wherever you listen, just search Breaking Analysis podcast. I publish each week on wikibond.com and siliconangle.com, or you can email me directly David.vellante@siliconangle.com or DM me @DVellante, or comment on our LinkedIn posts. Please do checkout etr.ai, they got the best survey data in the enterprise tech business. This is Dave Vellante for theCube Insights powered by ETR. Thanks for watching, and we'll see you next time on Breaking Analysis. (upbeat music)

(upbeat music) >> Welcome back to The Cube's coverage of Fal.Con 22. I'm Dave Vellante with Dave Nicholson. This is day one of our coverage. We had the big keynotes this morning. Derek Jeter was one of the keynotes. We have a big Yankee fan here: George Kurtz is the co-founder and CEO of CrowdStrike. George, thanks for coming on The Cube. >> It's great to be here. >> Boston fan, you know, I tweeted out Derek Jeter. He broke my heart many times, but I can't hate on Jeter. You got to have respect for the guy. >> Well, I still remember I was in Japan when Boston was down you know, by three games and came back to win. So I've got my own heartbreak as well. >> It did heal some wounds, but it almost changed the rivalry, you know? I mean, >> Yeah. >> Once, it's kind of neutralized it, you know? It's just not as interesting. I mean, I'm a season ticket holder. I go to all the games and Yankee games are great. A lot of it used to be, you would never walk into Fenway park with, you know pin stripes, when today there's as many Yankee fans as there are... >> I know. >> Boston fans. Anyway, at Fenway, I mean. >> Yeah. >> Why did you start CrowdStrike? >> Biggest thing for me was to really change the game in how people were looking at security. And at my previous company, I think a lot of people were buying security and not getting the outcome that they wanted. Not- I got acquired by a company, not my first company. So, to be clear, and before I started CrowdStrike, I was in the antivirus world, and they were spending a lot of money with antivirus vendors but not getting the outcome I thought they should achieve, which is to stop the breach, not just stop malware. And for me, security should be outcome based not sort of product based. And the biggest thing for us was how could we create the sales force of security that was focused on getting the right outcome: stopping the breach. >> And the premise, I've seen it, the unstoppable breach is a myth. No CSOs don't live by that mantra, but you do. How are you doing on that journey? >> Well I think, look, there's no 100% of anything in security, but what we've done is really created a platform that's focused on identifying and stopping breaches as well as now, extending that out into helping IT identify assets and their hygiene and basically providing more visibility into IT assets. So, we talked about the convergence of that. Maybe we'll get into it, but. >> Dave Vellante: Sure. >> We're doing pretty well. And from our standpoint, we've got a lot of customers, almost 20,000, that rely on us day to day to help stop the breach. >> Well, and when you dig into the CrowdStrike architecture, what's so fascinating is, you know, Dave, we've talked about this: agent bad. Well, not necessarily, if you can have a lightweight agent that can scale and support a number of modules, then you can consolidate all these point tools out there. You talked about in your keynote, your pillars, workloads, which really end points >> Right. >> ID, which we're going to talk about. Identity data and network security. You're not a network security specialist, >> Right. >> But the other three, >> Yes. >> You're knocking down. >> Yeah. >> You guys went deep into that today. Talk about that. >> We did, most folks are going to know us for endpoint and Cloud workload protection and visibility. We did an acquisition almost two years to the day on preempt. And that was our identity play, identity threat protection and detection. And that really turned out to be a smart move, because it's the hottest topic right now. If you look at all the breaches over the last couple years, it's all identity based. Big, big talking points in our keynotes today. >> Dave Vellante: Right. >> And then the third area is on data, and data is really the you know, the new currency that people trade in. So how do you identify and protect endpoints and workloads? How do you tie that together with identity, as well as understanding how you connect the dots and the data and where data flows? And that's really been our focus and we continue to deliver on that for customers. >> And you've had a real dogma, I'll call it, about Cloud Native. I've had this conversation with Frank Slootman, "No we're not going to do a halfway house." You, I think, said it really well today. I think it was you who said it. If you've got On-Prem and Cloud, you got two code bases, >> George Kurtz: Right. >> That you got to maintain. >> That's it, yeah. >> And that means you're taking away resources from one or the other. >> That's exactly right. And what a lot of our competitors have done is they started On-Prem as an AV vendor, and then they took what they had and they basically put it in a Cloud instance called a Cloud, which doesn't really scale. And then, you know, where they need to, they basically still keep their On-Prem, and that just diffuses your engineering team. And most of the On-Prem stuff doesn't even have the features of what they're trying to offer from the Cloud. So either you're Cloud Native or you're not. You can't be halfway. >> But it doesn't mean that you can't include and ingest On-Prem data- >> Well, absolutely. >> into your platform, and that's what I think most people just some reason don't seem to understand. >> Well our agents run wherever. They certainly run On-Prem. >> Dave Vellante: Right. Right. >> And they run in the Cloud, they run wherever. But the crowd in the CrowdStrike is the fact that we can crowdsource this threat information at scale into our threat graph, which gives us unique insight, 7 trillion events per week. And you can't do that if you're not Cloud Native. And that crowd gives the, we call, community immunity. We see all kinds of attacks across 176 different countries. That benefit accrues to all of our customers. >> But how do you envision and maintain and preserve a lightweight agent that can support so many modules? As you do more acquisitions and you knock down new areas and bring in new functionality, go after things like operations technology, how is it that you're able to keep that agent lightweight? >> Well, we started as a platform company, meaning that the whole idea was we're going to build a lightweight agent. First iteration had no security capabilities. It was collect data, get it into a common data architecture or threat graph, in one spot. And then once we had the data then we applied AI to it and we created different workflows. So, the first incarnation was get data into the Cloud at scale. And that still holds true today. So if you think about why we can actually have all these different modules without an impact on the performance, it's we collect data one time. It's a threat data, you know? We're not collecting user data, but threat data collection mechanism. Once we have all that data, then we can slice and dice and create other modules. So the new modules never have to even touch the agent 'cause we've already collected the data. >> I'm going to just keep going, Dave, unless you shove your way in. >> No, no, go ahead. No, no, no. I'm waiting to pounce. >> But okay, so, I think, George, but George, I need to ask you about a comment that you made about we're not just shoving it into a data lake. But you are collecting all the data. Can you explain that nuance? >> Yeah. So there's a difference between a collect and forward agent. It means they just collect a bunch of data. They'll probably store it in a lot of space on the endpoint. It's slow and cumbersome, and then they'll forward it up into another data lake. So you have no context going into no context. Our agent is a smart agent, which actually allows us to always track the context of all these processes in what's happening on the endpoint. And it's a mini graph, meaning we keep track of the relationships. And as we ship that contextual information to the Cloud, we never lose that context. And then it goes into the bigger graph database, always with the same level of context. So, we keep the context of each individual workload or endpoint, and then across the Cloud, we have the context of all of those put together. It's massive. And that allows us to create different insights rather than a data lake, which is, you know, you're looking for, you're creating a bigger needle stack looking for needles. >> And I'm envisioning almost an index that is super, super fast. I mean, you're talking about sub, well second kind of near real time responses, correct? >> Absolutely. So a lot of what we do in terms of protection is already pushed down to the endpoint , 'cause it has intelligence and the AI model. And then again, the Cloud is always looking for different anomalies, not only on each individual endpoint or workload, but across the entire spectrum of our customer base. And that's all real time. It continually self-learns from all the data we collect. >> So when, yeah, when you've made these architectural decisions over time, there was a time when saying that you needed to run an agent could be a deal killer somewhere for people who argued against that. >> George Kurtz: Right. >> You've made the right decision there, clearly. Having everything be crowdsourced into Cloud makes perfect sense. Has that, though, posed a challenge from a sovereignty perspective? If you were deploying stuff On-Prem all over the place, you don't need to worry about that. Everything is here >> George Kurtz: Yeah. >> in a given country. How do you address the challenges of sovereignty when these agents are sending data into some sort of centralized Cloud space that crosses boundaries? >> Well, yeah, I guess what we would, let me go back to the beginning. So I started company in 2011 and I had to convince people that delivering endpoint security from the Cloud was going to be a good thing. >> Dave Vellante: Right. (chuckles) >> You know, you go into a Swiss bank and a bunch of other places and they're like, you're crazy. Right? >> Dave Nicholson: Right. >> They all became customers afterwards, right? And you have to just look at what they're doing. And the question I would have in the early days is, well, let me ask you are you using Dropbox, Box? Are you using a Microsoft? You know, what are you using? Well, they're all sending data to the Cloud. So good news! You already have a model, you've already approved that, right? So let's talk about our benefit. And you know, you can either have an adversary steal your data or you can send threat data to our Cloud, which by the way is in a lot of sovereign Clouds that are out there. And when you actually break it down to what we're sending to the Cloud, it's threat data, right? It isn't user files and documents and stuff. It's threat data. So, we work through all of that. And the Cloud is bigger than CrowdStrike. So you look at Sales Force, Service Now, Workday, et cetera. That's being used all over the place, Box, Dropbox. We just tagged onto it. Like why shouldn't security be the platform of record, and why shouldn't CrowdStrike be the platform of record and be the pillar of Cloud security? >> Explain your observability strategy, 'cause you acquired Humio for, I mean, I think it was $400 million, which is a song. >> Yeah. >> And then Reposify is the latest acquisition. I see that as an extension, 'cause it gives you visibility. Is that part of your security, of your observability play? Explain where you do play and don't play. >> Sure. Well observability is a big, you know, fluffy word. Where we play is in probably the first two areas of observability, right? There's five, kind of, pillars. We're focused on event collection. Let's get events from the endpoints. Let's get events from really anywhere in the network. And we can do that with Humio is now log scale. And then the second piece is with our agents, let's get an understanding of their, the asset itself. What is the asset? What state is it in? Does it have vulnerabilities? Does it have, you know, is it running out of disc space? Is it have, does it have a performance issue? Those are really the first two, kind of, areas of observability. We're not in application performance, we're in let's collect data from the endpoint and other sources, and let's understand if the thing is working, right? And that's a huge value for customers. And we can do that because we already have a privileged spot on the endpoint with our agent. >> Got it. Question on the TAM. Like I look at your TAMs, your charts, I love it. You know, generally do. Were you taking known data from you know, firms like IDC >> George Kurtz: Yeah. >> and saying, okay we're going to play there, now we're made this acquisition. We're new modules, now we're playing there. Awesome. I think you got a big TAM. And I guess that's, that's the point. There's no lack of market for you. >> George Kurtz: Right. >> But I do feel like there's this unknown unquantifiable piece of your TAM. IDC can't see it, 'cause they're kind of looking back >> George Kurtz: Right. >> seein' what the market do last year and we'll forecast it out. It's almost, you got to be a futurist to see it. How do you think about your total available market and the opportunity that's out there? >> Well, it's well in excess of 120 billion and we've actually updated that recently. So it's even beyond that. But if you look at all the modules each module has a discreet TAM and again, for what, you know, what we're focused on is how do you give an outcome to a customer? So a lot of the modules map back into specific TAM and product categories. When you add 'em all up and when you look at, you know, some of the new things that we're coming out with, again, it's well in excess of 120 billion. So that's why we like to say like, you know, we're not an endpoint company. We're really, truly a security platform company that was born in the Cloud. And I think if you see the growth rates, and one of the things that we've talked about, and I think you might have pointed out in prior podcasts, is we're the second fastest company to 2 billion dollars in annual recurring revenue, only behind Zoom. And you know I would argue- great company, by the way, a customer- but that was a black Swan event in a pandemic, right? >> Dave Vellante: I'll say! >> Yeah. >> So we are rarefied air when you think about the capabilities that we have and the performance and the TAM that's available to us. >> The other thing I said in my breaking analysis was 'cause you guys aspire to be a generational company. And I think you got a really good shot at being one, but to be a generational company, you have to have an ecosystem. So I'd love you to talk about the ecosystem, but where you want to see it in five years. >> Well, it really is a good point and we are a partner first company. Ecosystem is really important. Cameras probably can't see all the vendors that are here that are our partners, right? It's a big part of this show that we're at. You see a lot of, well, you see some vendors behind us. >> Yep. >> We have to realize in 2022, and I think this is something that we did well and it's my philosophy, is we are not the only game in town. We like to be, and we are, for many companies the security platform on record, but we don't do everything. We talked about network in other areas. We can't do everything. You can't be good and try to do everything. So, for customers today, what they're looking at is best of platform. And in the early days of security, I've been in it over 30 years, it used to be best of breed products, then it was best of suite, now it's best of platform. So what do I mean by that? It means that customers don't want to engineer their own solution. They, like Lego blocks, they want to pull the platforms, and they want to stitch 'em together via API. And they want to say, okay, CrowdStrike works with Okta, works with Zscaler, works with Proofpoint, et cetera. And that's what customers want. So, ecosystem is incredibly important for us. >> Explain that. You mentioned Okta, I had another question for you. I was at Reinforce, and I saw this better together presentation, CrowdStrike and Okta talking about identity. You've got an identity module. Explain to people how you're not competing with Okta. You guys complement each other, there. >> Well, an identity kind of broker, if you will, is basically what Okta does in others, right? So you log in single sign on and you get access. They broker access to all these other applications. >> Dave Vellante: Right. >> That's not what we do. What we do is we look at those endpoints and workloads and domain controllers and directory services and we figure out, are there vulnerabilities and are there threats associated with them? And we call that out. The second piece, which is critical, is we prevent lateral movement. So if credentials are stolen we can prevent those credentials from being laundered or used and moved laterally, which is a key part of how breaches happen. We then create a trust score on those endpoints and workloads. And we basically say, okay, do we think the trust on the endpoint and workload is high or low? Do we think the identity, you know, is it George on the endpoint, or not? We give that a score. And we pass that along to Okta or Ping or whoever, and they then use that as part of their calculus in how they broker access to other resources. So it really is better together. >> So your execution has been stellar. This is my competition question. You obviously have competition out there. I think architecturally, you've got some advantages. You have a great relationship with AWS. I don't know what's going on with Google, but Kevin's up on stage. >> George Kurtz: Yeah. >> They're now part of Google. >> George Kurtz: We have a great relationship with them. >> Microsoft obviously, a competitor. You obviously do some things in, >> Right. >> in Azure. Are you building the security Cloud? >> We are. We think we are, because when you look at the amount of data that we actually ingest, when you look at companies using us for critical decisions and critical protection, not only on their On-Prem, but also in their Cloud environment, and the knowledge we have, we think it is a security Cloud. You know, you had, you had Salesforce and Workday and ServiceNow and each of them had their respective Clouds. When I started the company, there was no security Cloud. You know, it wasn't any of the companies that you know. It wasn't the firewall companies, wasn't the AV companies. And I think we really defined ourselves as the security Cloud. And the level of knowledge and insights we have in our Cloud, I think, are world class. >> But you know, it's a difference of being those- 'cause you mentioned those other, you know, seminal Clouds. They, like Salesforce, Workday, they're building their own Clouds. Maybe not so much Workday, but certainly Salesforce and ServiceNow built their own >> Yeah. >> Clouds, their own data centers. You're building on top of hyperscalers, correct? >> Well, >> Well you have your own data centers, too. >> We have our own data centers, yeah. So when we first started, we started in AWS as many do, and we have a great relationship there. We continue to build out. We are a huge customer and we also have, you know, with data sovereignty and those sort of things, we've got a lot of our sort of data that sits in our private Cloud. So it's a hybrid approach and we think it's the best of both worlds. >> Okay. And you mean you can manage those costs and it's, how do you make the decision? Is it just sovereignty or is it cost as well? >> Well, there's an operational element. There's cost. There's everything. There's a lot that goes into it. >> Right. >> And at the end of the day we want to make sure that we're using the right technology in the right Clouds to solve the right problem. >> Well, George, congratulations on being back in person. That's got to feel good. >> It feels really good. >> Got a really good audience here. I don't know what the numbers are but there's many thousands here, >> Thousands, yeah. >> at the ARIA. Really appreciate your time. And thanks for having The Cube here. You guys built a great set for us. >> Well, we appreciate all you do. I enjoy your programs. And I think hopefully we've given the audience a good idea of what CrowdStrike's all about, the impact we have and certainly the growth trajectory that we're on. So thank you. >> Fantastic. All right, George Kurtz, Dave Vellante for Dave Nicholson. We're going to wrap up day one. We'll be back tomorrow, first thing in the morning, live from the ARIA. We'll see you then. (calm music)

>>EDR NDR, what are the differences, which one's better? Are they better together? Today's security stack contains a lot of different tools and types of data and fortunate, as you know, this creates data silos, which leads to vis visibility gaps. EDR is endpoint detection and response. It's designed to monitor and mitigate endpoint attacks, which are typically focused on computers and servers, NDR network detection, and response. On the other hand, monitors network traffic to gain visibility into potential or active cyber threats, delivering real time visibility across the broader network. One of the biggest advantages that NDR has over EDR is that bad actors can hide or manipulate endpoint data, pretty easily network data. On the other hand, much harder to manipulate because attackers and malware can avoid detection at the endpoint. NDR, as you're gonna hear is the only real source for reliable, accurate, and comprehensive data. >>All endpoints use the network to communicate, which makes your network data, the ultimate source of truth. My name is Lisa Martin, and today on the special cube presentation, Tom Binkowski senior director of product marketing at net scout, and I are gonna explore the trends and the vital reasons why relying upon EDR is not quite enough. We're also gonna share with you the growing importance of advanced NDR. Welcome to the series, the growing importance of advanced NDR in the first segment, Tom's gonna talk with me about the trends that are driving enterprise security teams to implement multiple cyber security solutions that enable greater visibility, greater protection. We're also gonna explore Gartner's concept of the security operations center, SOC visibility triad, and the three main data sources for visibility, SIM EDR and NDR in segment two, Tom. And I will talk about the role of NDR and how it overcomes the challenges of EDR as Tom's gonna discuss, as you'll hear EDR is absolutely needed, but as he will explain it, can't be solely relied upon for comprehensive cybersecurity. And then finally, we'll come back for a third and final segment to discuss why not all NDR is created equal. Tom's gonna unpack the features and the capabilities that are most important when choosing an NDR solution. Let's do this. Here comes our first segment. >>Hey, everyone kicking things off. This is segment one. I'm Lisa Martin with Tom Binowski, senior director of product marketing at nets scout. Welcome to the growing importance of advanced NDR. Tom, great to have you on the program, >>Glad to be here. >>So we're gonna be talking about the trends that are driving enterprise security teams to implement multiple cyber security solutions that really enable greater visibility and protection. And there are a number of factors that continue to expand the ECAC service for enterprise networks. I always like to think of them as kind of the spreading amorphously you shared had shared some stats with me previously, Tom, some cloud adoption stats for 2022 94% of all enterprises today use a cloud service and more than 60% of all corporate data is store in the cloud. So, Tom, what are some of the key trends that nets scout is seeing in the market with respect to this? >>Yeah, so just to continue that, you know, those stats that, that migration of workloads to the cloud is a major trend that we're seeing in that was exasperated by the pandemic, right along with working from home. Those two things are probably the most dramatic changes that we we see out there today. But along with that is also this growing sophistication of the network, you know, today, you know, your network environment, isn't a simple hub and spoke or something like that. It is a very sophisticated combination of, you know, high speed backbones, potentially up to a hundred gigabits combination with partner networks. You have, like we said, workloads up in, in private clouds, pub public clouds. So you have this hybrid cloud environment. So, and then you have applications that are multi-tiered, there are pieces and parts. And in all of that, some on your premise, some up in a private cloud, some on a public cloud, some actually pulling data off when you a customer network or potentially even a, a partner network. So really, really sophisticated environment today. And that's requiring this need for very comprehensive network visibility, not only for, for cybersecurity purposes, but also just to make sure that those applications and networks are performing as you have designed them. >>So when it comes to gaining visibility into cyber threats, I, you talked about the, the sophistication and it sounds like even the complexity of these networks, Gartner introduced the concept of the security operations, visibility triad, or the SOC visibility triad break that down for us. It consists of three main data sources, but to break those three main data sources down for us. >>Sure. So Gartner came out a few years ago where they were trying to, you know, summarize where do security operations team get visibility into threats and they put together a triad and the three sides of the trier consists of one, the SIM security information event manager, two, the endpoint or, or data that you get from EDR systems, endpoint detection, response systems. And the third side is the network or the data you get from network detection, response systems. And, you know, they didn't necessarily say one is better than the other. They're basically said that you need all three in order to have comprehensive visibility for cybersecurity purposes. >>So talk, so all, all three perspectives are needed. Talk about what each provides, what are the different perspectives on threat detection and remediation? >>Yeah. So let's start with the SIM, you know, that is a device that is gathering alerts or logs from all kinds of different devices all over your network. Be it routers servers, you know, firewalls IDs, or even from endpoint detection and network detection devices too. So it is, it is the aggregator or consumer of all those alerts. The SIM is trying to correlate those alerts across all those different data sources and, and trying to the best it can to bubble up potentially the highest priority alerts or drawing correlations and, and, and, and giving you some guidance on, Hey, here's something that we think is, is really of importance or high priority. Here's some information that we have across these disparate data sources. Now go investigate the disadvantage of the SIM is that's all it gives you is just these logs or, or, or information. It doesn't give you any further context. >>Like what happened, what is really happening at the end point? Can I get visibility into the, into the files that were potentially manipulated or the, the registry setting or what, what happened on the network? And I get visibility into the packet date or things like that. It that's, so that's where it ends. And, and that's where the, so there other two sides of the equation come in, the endpoint will give you that deeper visibility, endpoint detection response. It will look for known and or unknown threats, you know, at that endpoint, it'll give you all kinds of additional information that is occurring in endpoint, whether it be a registry setting in memory on the file, et cetera. But you know, one of, some of its disadvantages, it's really difficult because really difficult to deploy pervasive because it requires an agent and, you know, not all devices can accept an agent, but what it miss, what is lacking is the context on the network. >>So if I was an analyst and I started pursuing from my SIM, I went down to the end point and, and said, I wanna investigate this further. And I hit a, I hit a dead end from some sort, or I realize that the device that's potentially I should be alerted to, or should be concerned about is an IOT device that doesn't even have an agent on it. My next source of visibility is on the network and that's where NDR comes in. It, it sees what's traversing. The entire network provides you visibility into that from both a metadata and even a ultimately a packer perspective. And maybe, you know, could be deployed a little bit more strategically, but you know, it doesn't have the perspective of the endpoint. So you can see how each of these sort of compliments each other. And that's why, you know, Gartner said that, that you need 'em all, then they all play a role. They all have their pros and cons or advantage and disadvantages, but, you know, bringing them and using 'em together is, is the key. >>I wanna kinda dig into some of the, the EDR gaps and challenges, as you talked about as, as the things evolve and change the network, environment's becoming far more sophisticated and as well as threat actors are, and malware is. So can you crack that open more on some of the challenges that EDR is presenting? What are some of those gaps and how can organizations use other, other, other data sources to solve them? >>Yeah, sure. So, you know, again, just be clear that EDR is absolutely required, right? We, we need that, but as sort of these network environments get more complex, are you getting all kinds of new devices being put on the network that devices being brought into the network that may be, you didn't know of B Y O D devices you have, I T devices, you know, popping up potentially by the thousands in, in, in some cases when new applications or world that maybe can't accept an and endpoint detection or an EDR agent, you may have environments like ICS and skate environments that just, you can't put an endpoint agent there. However, those devices can be compromised, right? You have different environments up in the cloud or SaaS environments again, where you may not be able to deploy an endpoint agent and all that together leaves visibility gaps or gaps in, in, in the security operation triad. Right. And that is basically open door for exploitation >>Open door. Go ahead. Sorry. >>Yeah. And then, then you just have the malware and the, and the attackers getting more sophisticated. They, they have malware that can detect an EDR agent running or some anti malware agent running on device. And they'll simply avoid that and move on to the next one, or they know how to hide their tracks, you know, whether it be deleting files, registry, settings, things like that. You know, so it's, that's another challenge that, that, that just an agent faces. Another one is there are certain applications like my SQL that are, you know, have ministry administrative rights into certain parts of the windows operate system that EDR doesn't have visibility into another area that maybe EDR may not have visibility is, is, is in, you know, malware that tries to compromise, you know, hardware, especially like bios or something like that. So there's a number of challenges as sort of the whole network environment and sophistication of bad actors and malware increases. >>Ultimately, I think one of the things that, that we've learned, and, and we've heard from you in this segment, is that doing business in, in today's digital economy, demands, agility, table stakes, right? Absolutely essential corporate digital infrastructures have changed a lot in response to the dynamic environment, but its businesses are racing to the clouds. Dave Alane likes to call it the forced March to the cloud, expanding activities across this globally distributed digital ecosystem. They also sounds like need to reinvent cybersecurity to defend this continuously expanding threat surface. And for that comprehensive network, visibility is, as I think you were saying is really, really fundamental and more advanced network detection is, and responses required. Is that right? >>That's correct. You know, you know, we, we at ESCO, this is, this is where we come from. Our perspective is the network. It has been over for over 30 years. And, and we, as well as others believe that that network visibility, comprehensive network visibility is fundamental for cyber security as well as network performance and application analysis. So it, it, it's sort of a core competency or need for, for modern businesses today. >>Excellent. And hold that thought, Tom, cause in a moment, you and I are gonna be back to talk about the role of NDR and how it overcomes the challenges of EDR. You're watching the cube, the leader in enterprise tech coverage. Hey everyone, welcome back. This is segment two kicking things off I'm Lisa Martin with Tom Binkowski, senior director of product marketing at nets scout, Tom, great to have you back on the program. >>Good to be here. >>We're gonna be talking about the growing importance of advanced NDR in this series. In this segment specifically, Tom's gonna be talking about the role of NDR and how it overcomes the challenges of EDR. So Tom, one of the things that we talked about previously is one of the biggest advantages that NDR has over EDR is that bad actors can hide or manipulate endpoint data pretty easily, whereas network data, much harder to manipulate. So my question, Tom, for you is, is NDR the only real source for reliable, accurate, comprehensive data. >>I'm sure that's arguable, right? Depending on who you are as a vendor, but you know, it's, it's our, our answer is yes, NDR solutions also bring an analyst down to the packet level. And there's a saying, you know, the, the packet is the ultimate source or source of truth. A bad actor cannot manipulate a packet. Once it's on the wire, they could certainly manipulate it from their end point and then blast it out. But once it hits the wire, that's it they've lost control of it. And once it's captured by a network detection or, or network monitoring device, they can't manipulate it. They can't go into that packet store and, and manipulate those packets. So the ultimate source of truth is, is lies within that packet somewhere. >>Got you. Okay. So as you said in segment one EDR absolutely necessary, right. But you did point out it can't organizations can't solely rely on it for comprehensive cybersecurity. So Tom, talk about the benefits of, of this complimenting, this combination of EDR and NDR and, and how can that deliver more comprehensive cybersecurity for organizations? >>Yeah, so, so one of the things we talked about in the prior segment was where EDR, maybe can't be deployed and it's either on different types of devices like IOT devices, or even different environments. They have a tough time maybe in some of these public cloud environments, but that's where NDR can, can step in, especially in these public cloud environments. So I think there's a misconception out there that's difficult to get packet level or network visibility and public clouds like AWS or Azure or Google and so on. And that's absolutely not true. They have all kinds of virtual tapping capabilities that an NDR solution or network based monitoring solution could take advantage of. And one of the things that we know we spoke about before some of that growing trends of migrating workloads to the cloud, that's, what's driving that those virtual networks or virtual taps is providing visibility into the performance and security of those workloads. >>As they're migrated to public clouds, NDR can also be deployed more strategically, you know, prior segment talking about how the, in order to gain pervasive visibility with EDR, you have to deploy an agent everywhere agents can't be deployed everywhere. So what you can do with NDR is there's a lot fewer places in a network where you can strategically deploy a network based monitoring device to give you visibility into not only that north south traffic. So what's coming in and out of your network, but also the, the, the, the east west traffic too west traversing, you know, within your network environment between different points of your op your, your multi-tiered application, things like that. So that's where, you know, NDR has a, a, a little bit more advantage. So fewer points of points in the network, if you will, than everywhere on every single endpoint. And then, you know, NDR is out there continuously gathering network data. It's both either before, during, and even after a threat or an attack is, is detected. And it provides you with this network context of, of, you know, what's happening on the wire. And it does that through providing you access to, you know, layer two through layer seven metadata, or even ultimately packets, you know, the bottom line is simply that, you know, NDR is providing, as we said before, that that network context that is potentially missing or is missing in EDR. >>Can you talk a little bit about XDR that kind of sounds like a superhero name to me, but this is extended detection and response, and this is an evolution of EDR talk to us about XDR and maybe EDR NDR XDR is really delivering that comprehensive cybersecurity strategy for organizations. >>Yeah. So, you know, it's, it's interesting. I think there's a lot of confusion out there in the industry. What is, what is XDR, what is XDR versus an advanced SIM, et cetera. So in some cases, there are some folks that don't think it's just an evolution of EDR. You know, to me, XDR is taking, look at these, all these disparate data sources. So going back to our, when our first segment, we talked about the, the, the security operations center triad, and it has data from different perspectives, as we were saying, right? And XCR, to me is the, is, is trying to bring them all together. All these disparate data source sets or sources bring them together, conduct some level of analysis on that data for the analyst and potentially, you know, float to the top. The most, you know, important events are events that we, that you know, that the system deems high priority or most risky and so on. But as I, as I'm describing this, I know there are many advanced Sims out there trying to do this today too. Or they do do this today. So this there's this little area of confusion around, you know, what exactly is XDR, but really it is just trying to pull together these different sources of information and trying to help that analyst figure out, you know, what, where's the high priority event that's they should be looking at, >>Right? Getting those high priority events elevated to the top as soon as possible. One of the things that I wanted to ask you about was something that occurred in March of this year, just a couple of months ago, when the white house released a statement from president Biden regarding the nation's cyber security, it included recommendations for private companies. I think a lot of you are familiar with this, but the first set of recommendations were best practices that all organizations should already be following, right? Multifactor authentication, patching against known vulnerabilities, educating employees on the phishing attempts on how to be effective against them. And the next statement in the president's release, focus on data safety practices, also stuff that probably a lot of corporations doing encryption maintaining offline backups, but where the statement focused on proactive measures companies should take to modernize and improve their cybersecurity posture. It was vague. It was deploy modern security tools on your computers and devices to continuously look for and mitigate threats. So my question to you is how do, how do you advise organizations do that? Deploy modern security tools look for and mitigate threats, and where do the data sources, the SOC tri that we talked about NDR XDR EDR, where did they help fit into helping organizations take something that's a bit nebulous and really figure out how to become much more secure? >>Yeah, it was, it was definitely a little vague there with that, with that sentence. And also if you, if you, I think if, if you look at the sentence, deploy modern security tools on your computers and devices, right. It's missing the network as we've been talking about there, there's, there's a key, key point of, of reference that's missing from that, from that sentence. Right. But I think what they mean by deploying monitor security tools is, is really taking advantage of all these, these ways to gain visibility into, you know, the threats like we've been talking about, you're deploying advanced Sims that are pulling logs from all kinds of different security devices or, and, or servers cetera. You're, you're deploying advanced endpoint detection systems, advanced NDR systems. And so on, you're trying to use, you're trying to utilize XDR new technology to pull data from all those different sources and analyze it further. And then, you know, the other one we, we haven't even mentioned yet. It was the, so the security operation and automation, right. Response it's now, now what do we do? We've detected something, but now help me automate the response to that. And so I think that's what they mean by leveraging modern, you know, security tools and so on >>When you're in customer conversations, I imagine they're coming to, to Netscale looking for advice like what we just talked through the vagueness in that statement and the different tools that organizations can use. So when you're talking to customers and they're talking about, we need to gain visibility across our entire network, across all of our devices, from your perspective from net Scout's perspective, what does that visibility actually look like and deliver across an organization that does it well? >>Yeah, we, I mean, I think the simple way to put it is you need visibility. That is both broad and deep. And what I mean by broad is that you need visibility across your network, no matter where that network may reside, no matter what protocols it's running, what, you know, technologies is it, is it virtualized or, or legacy running in a hundred gigabits? Is it in a private cloud, a public cloud, a combination of both. So that broadness, meaning wherever that network is or whatever it's running, that's, that's what you need visibility into. It has to be able to support that environment. Absolutely. And the, the, absolutely when I, we talk about being deep it's, it has to get down to a packet level. It can't be, you know, as high as say, just looking at net flow records or something like that, that they are valuable, they have their role. However, you know, when we talk about getting deep, it has to ultimately get down to the packet level and that's, and we've said this in this time that it's ultimately that source of truth. So that, that's what that's, I think that's what we need. >>Got it. That that depth is incredibly important. Thanks so much, Tom, for talking about this in a moment, you and I are gonna be back, we're gonna be talking about why not all NDR is created equally, and Tom's gonna actually share with you some of the features and capabilities that you should be looking for when you're choosing an NDR solution. You're watching the cube, the leader in enterprise tech coverage, >>And we're clear. >>All right. >>10 45. Perfect. You guys are >>Okay. Good >>Cruising. Well, >>Welcome back everyone. This is segment three. I'm Lisa Martin with Tom gin. Kowski senior director of product marketing at nets scout. Welcome back to the growing importance of advanced NDR in this segment, Tom and I are gonna be talking about the fact that not all NDR is created equally. He's gonna impact the features, the capabilities that are most important when organizations are choosing an NDR solution. Tom, it's great to have you back on the program. >>Great, great to be here. >>So we've, we've covered a lot of content in the first two segments, but as we, as we see enterprises expanding their it infrastructure, enabling the remote workforce, which is here to stay leveraging the crowd cloud, driving innovation, the need for cybersecurity approaches and strategies that are far more robust and deep is really essential. But in response to those challenges, more and more enterprises are relying on NDR solutions that fill some of the gaps that we talked about with some of the existing tool sets in the last segment, we talked about some of the gaps in EDR solutions, how NDR resolves those. But we also know that not all NDR tools are created equally. So what, in your perspective, Tom are some of the absolutely fundamental components of NDR tools that organizations need to have for those tools to really be robust. >>Yeah. So we, we, we touched upon this a little bit in the previous segment when we talked about first and foremost, your NDR solution is providing you comprehensive network visibility that must support whatever your network environment is. And it should be in a single tool. It shouldn't have a one vendor per providing you, you know, network visibility in the cloud and another vendor providing network visibility in a local network. It should be a single NDR solution that provides you visibility across your entire network. So we also talked about it, not only does it need to be broadened like that, but also has to be deep too, eventually down to a packet level. So those are, those are sort of fundamental table stakes, but the NDR solution also must give you the ability to access a robust source of layer two or layer three metadata, and then ultimately give you access to, to packets. And then last but not least that solution must integrate into your existing cybersecurity stack. So in the prior segments, we talked a lot about, you know, the, the SIM, so that, that, that NDR solution must have the ability to integrate into that SIM or into your XDR system or even into your source system. >>Let's kind of double click on. Now, the evolution of NDR can explain some of the differences between the previous generations and advanced NDR. >>Yeah. So let's, let's start with what we consider the most fundamental difference. And that is solution must be packet based. There are other ways to get network visibility. One is using net flow and there are some NDR solutions that rely upon net flow for their source of, of, of visibility. But that's too shallow. You ultimately, you need to get deeper. You need to get down to a pack level and that's again where some, so, you know, you, you want to make sure that your NDR or advanced NDR solution is packet based. Number two, you wanna make sure that when you're pulling packets off the wire, you can do it at scale, that full line rate and in any environment, as we, as we spoke about previously, whether it be your local environment or a public cloud environment, number three, you wanna be able to do this when your traffic is encrypted. As we know a lot of, lot of not of network traffic is encrypted today. So you have the ability to have to have the ability to decrypt that traffic and then analyze it with your NDR system. >>Another, another, another one number four is, okay, I'm not just pulling packets off the wire, throwing full packets into a data storage someplace. That's gonna, you know, fill up a disc in a matter of seconds, right? You want the ability to extract a meaningful set of metadata from layer two to layer seven, the OSI model look at key metrics and conducting initial set of analysis, have the ability to index and compress that data, that metadata as well as packets on these local storage devices on, you know, so having the ability to do this packet capture at scale is really important, storing that packets and metadata locally versus up in a cloud to, you know, help with some compliance and, and confidentiality issues. And then, you know, last final least when we talk about integration into that security stack, it's multiple levels of integration. Sure. We wanna send alerts up into that SIM, but we also want the ability to, you know, work with that XDR system to, or that, that source system to drill back down into that metadata packets for further analysis. And then last but not least that piece of integration should be that there's a robust set of information that these NDR systems are pulling off the wire many times in more advanced mature organizations, you know, security teams, data scientists, et cetera. They just want access to that raw data, let them do their own analysis outside, say the user interface with the boundaries of a, of a vendor's user interface. Right? So have the ability to export that data too is really important and advance in the systems. >>Got it. So, so essentially that the, the, the breadth, the visibility across the entire infrastructure, the depth you mentioned going down to a packet level, the scale, the metadata encryption, is that what net scout means when you talk about visibility without borders? >>Yeah, exactly. You know, we, we have been doing this for over 30 years, pulling packets off of wire, converting them using patent technology to a robust set of metadata, you know, at, at full line rates up to a hundred in any network environment, any protocols, et cetera. So that, that's what we mean by that breadth. And in depth of visibility, >>Can you talk a little bit about smart detection if we say, okay, advanced NDR needs to deliver this threat intelligence, but it also needs to enable smart detection. What does net scout mean by that? >>So what you wanna make sure you have multiple methods of detection, not just a methods. So, you know, not just doing behavioral analysis or not just detecting threats based on known indicators or compromise, what you wanna wanna have multiple ways of detecting threats. It could be using statistical behavioral analysis. It could be using curated threat intelligence. It could be using, you know, open source signature engine, like from Sara COTA or other threat analytics, but to, but you also wanna make sure that you're doing this both in real time and have the ability to do it historically. So after a, a threat has been detected, for example, with another, with another product, say an EDR device, you now want the ability to drill into the data from the network that had occurred in, in, you know, prior to this. So historically you want the ability to comb through a historical set of metadata or packets with new threat intelligence that you've you've gathered today. I wanna be able to go back in time and look through with a whole new perspective, looking for something that I didn't know about, but you know, 30 days ago. So that's, that's what we, what we mean by smart detection. >>So really what organizations need is these tools that deliver a far more comprehensive approach. I wanna get into a little bit more on in integration. You talked about that in previous segments, but can you, can you give us an example of, of what you guys mean by smart integration? Is that, what does that deliver for organizations specifically? >>Yeah, we really it's three things. One will say the integration to the SIM to the security operations center and so on. So when, when an ed, when an NDR device detects something, have it send an alert to the SIM using, you know, open standards or, or, or like syslog standards, et cetera, the other direction is from the SIM or from the so, so one, you know, that SIM that, so is receiving information from many different devices that are, or detecting threats. The analyst now wants the ability to one determine if that's a true threat or not a false positive, if it is a true threat, you know, what help me with the remediation effort. So, you know, an example could be an alert comes into a SIM slash. So, and part of the playbook is to go out and grab the metadata packets associated with this alert sometime before and sometime after when that alert came in. >>So that could be part of the automation coming from the SIM slash. So, and then last one, not least is we alluded to this before is having the ability to export that robust set of layer two through layer seven metadata and or packets to a third party data lake, if you will, and where analysts more sophisticated analysts, data scientists, and so on, can do their own correlation, enrich it with their own data, combined it with other data sets and so on, do their own analysis. So it's that three layers of, of integration, if you will, that really what should be an advanced NDR system? >>All right, Tom, take this home for me. How does nets scout deliver advanced NDRs for organizations? >>We do that via solution. We call Omni the security. This is Netscout's portfolio of, of multiple different cyber security products. It all starts with the packets. You know, our core competency for the last 30 years has been to pull packets off the wire at scale, using patented technologies, for example, adapt service intelligence technologies to convert those broad packets into robust set of layer seven layer two through seven metadata. We refer to that data as smart data with that data in hand, you now have the ability to conduct multiple types of threat detection using statistical behavioral, you know, curative threat intelligence, or even open source. So rules engine, you have the ability to detect threats both in real time, as well as historically, but then a solution goes beyond just detecting threats or investigating threats has the ability to influence the blocking of threats too. So we have integrations with different firewall vendors like Palo Alto, for example, where they could take the results of our investigation and then, you know, create policies, blocking policies into firewall. >>In addition to that, we have our own Omni a E D product or our Arbor edge defense. That's, that's a product that sits in front of the firewall and protects the firewall from different types of attacks. We have integration that where you can, you can also influence policies being blocked in the a E and in last but not least, our, our solution integrates this sort of three methods of integration. As we mentioned before, with an existing security system, sending alerts to it, allowing for automation and investigation from it, and having the ability to export our data for, you know, custom analysis, you know, all of this makes that security stack that we've been talking about better, all those different tools that we have. That's that operations triads that we talked about or visibility triad, we talked about, you know, our data makes that entire triad just better and makes the overall security staff better and makes overall security just, just better too. So that, that that's our solution on the security. >>Got it. On the security. And what you've talked about did a great job. The last three segments talking about the differences between the different technologies, data sources, why the complimentary and collaborative nature of them working together is so important for that comprehensive cybersecurity. So Tom, thank you so much for sharing such great and thoughtful information and insight for the audience. >>Oh, you're welcome. Thank you. >>My pleasure. We wanna thank you for watching the program today. Remember that all these videos are available@thecube.net, and you can check out today's news on Silicon angle.com and of course, net scout.com. We also wanna thank net scout for making this program possible and sponsoring the cube. I'm Lisa Martin for Tomski. Thanks for watching and bye for now.

(bright music) >> Welcome to this next session of AWS Storage Day. I'm your host, Dave Vellante of theCUBE. And right now we're going to explore how to simplify and evolve your data lake backup disaster recovery and analytics in the cloud. And we're joined by Kevin Miller who's the general manager of Amazon S3. Kevin, welcome. >> Thanks Dave. Great to see you again. >> Good to see you too. So listen, S3 started as like a small ripple in the pond and over the last 15 years, I mean, it's fundamentally changed the storage market. We used to think about storage as, you know, a box of disc drives that either store data in blocks or file formats and then object storage at the time it was, kind of used in archival storage, it needed specialized application interfaces, S3 changed all that. Why do you think that happened? >> Well, I think first and foremost, it's really just, the customers appreciated the value of S3 and being fully managed where, you know, we manage capacity. Capacity is always available for our customers to bring new data into S3 and really therefore to remove a lot of the constraints around building their applications and deploying new workloads and testing new workloads where they know that if something works great, it can scale up by a 100x or a 1000x. And if it doesn't work, they can remove the data and move on to the next application or next experiment they want to try. And so, you know, really, it's exciting to me. Really exciting when I see businesses across essentially every industry, every geography, you know, innovate and really use data in new and really interesting ways within their business to really drive actual business results. So it's not just about building data, having data to build a report and have a human look at a report, but actually really drive the day-to-day operations of their business. So that can include things like personalization or doing deeper analytics in industrial and manufacturing. A customer like Georgia-Pacific for example, I think is one of the great examples where they use a big data lake and collect a lot of sensor data, IoT sensor data off of their paper manufacturing machines. So they can run them at just the right speed to avoid tearing the paper as it's going through, which really just keeps their machines running more and therefore, you know, just reduce their downtime and costs associated with it. So you know, it's just that transformation again, across many industries, almost every industry that I can think of. That's really what's been exciting to see and continue to see. I think we're still in the really early days of what we're going to see as far as that innovation goes. >> Yeah, I got to agree. I mean, it's been pretty remarkable. Maybe you could talk about the pace of innovation for S3. I mean, if anything, it seems to be accelerating. How Kevin, does AWS, how has it thought about innovation over the past decade plus and where do you see it headed? >> Yeah, that's a great question Dave, really innovation is at our core as part of our core DNA. S3 launched more than 15 years ago, almost 16 years old. We're going to get a learner's permit for it next year. But, you know, as it's grown to exabytes of storage and trillions of objects, we've seen almost every use case you can imagine. I'm sure there's a new one coming that we haven't seen yet, but we've learned a lot from those use cases. And every year we just think about what can we do next to further simplify. And so you've seen that as we've launched over the last few years, things like S3 Intelligent Tiering, which was really the clouds first storage class to automatically optimize and reduce customer's costs for storage, for data that they were storing for a long time. And based on, you know, variable access patterns. We launched S3 Access Points to provide a simpler way to have different applications operating on shared data sets. And we launched earlier this year S3 Object Lambda, which really is, I think, cool technology. We're just starting to see how it can be applied to simplify serverless application development. Really the next wave, I think, of application development that doesn't need, not only is the storage fully managed, but the compute is fully managed as well. Really just simplify that whole end to end application development. >> Okay, so we heard this morning in the keynote, some exciting news. What can you tell us, Kevin? >> Yeah, so this morning we launched S3 Multi-Region Access Points and these are access points that give you a single global endpoint to access data sets that can span multiple S3 buckets in different AWS regions around the world. And so this allows you to build these multi-region applications and multi-region architectures with, you know, with the same approach that you use in a single region and then run these applications anywhere around the world. >> Okay. So if I interpret this correctly, it's a good fit for organizations with clients or operations around the globe. So for instance, gaming, news outlets, think of content delivery types of customers. Should we think about this as multi-region storage and why is that so important in your view? >> Absolutely. Yeah, that is multi-region storage. And what we're hearing is seeing as customers grow and we have multinational customers who have operations all around the world. And so as they've grown and their data needs grow around the world, they need to be using multiple AWS regions to store and access that data. Sometimes it's for low latency so that it can be closer to their end users or their customers, other times it's for regions where they just have a particular need to have data in a particular geography. But this is really a simple way of having one endpoint in front of data, across multiple buckets. So for applications it's quite easy, they just have that one end point and then the data, the requests are automatically routed to the nearest region. >> Now earlier this year, S3 turned 15. What makes S3 different, Kevin in your view? >> Yeah, it turned 15. It'll be 16 soon, you know, S3 really, I think part of the difference is it just operates at really an unprecedented scale with, you know, more than a hundred trillion objects and regularly peaking to tens of millions of requests per second. But it's really about the resiliency and availability and durability that are our responsibility and we focus every single day on protecting those characteristics for customers so that they don't have to. So that they can focus on building the businesses and applications that they need to really run their business and not worry about the details of running highly available storage. And so I think that's really one of the key differences with S3. >> You know, I first heard the term data lake, it was early last decade. I think it was around 2011, 2012 and obviously the phrase has stuck. How are S3 and data lakes simpatico, and how have data lakes on S3 changed or evolved over the years? >> Yeah. You know, the idea of data lakes, obviously, as you say, came around nine or 10 years ago, but I actually still think it's really early days for data lakes. And just from the standpoint of, you know, originally nine or 10 years ago, when we talked about data lakes, we were looking at maybe tens of terabytes, hundreds of terabytes, or a low number of petabytes and for a lot of data lakes, we're still seeing that that's the kind of scale that currently they're operating at, but I'm also seeing a class of data lakes where you're talking about tens or hundreds of petabytes or even more, and really just being used to drive critical aspects of customer's businesses. And so I really think S3, it's been a great place to run data lakes and continues to be. We've added a lot of capability over the last several years, you know, specifically for that data lake use case. And we're going to continue to do that and grow the feature set for data lakes, you know, over the next many years as well. But really, it goes back to the fundamentals of S3 providing that 11 9s of durability, the resiliency of having three independent data centers within regions. So the customers can use that storage knowing their data is protected. And again, just focus on the applications on top of that data lake and also run multiple applications, right? The idea of a data lake is you're not limited to one access pattern or one set of applications. If you want to try out a new machine learning application or something, do some advanced analytics, that's all possible while running the in-flight operational tools that you also have against that data. So it allows for that experimentation and for transforming businesses through new ideas. >> Yeah. I mean, to your point, if you go back to the early days of cloud, we were talking about storing, you know, gigabytes, maybe tens of terabytes that was big. Today, we're talking about hundreds and hundreds of terabytes, petabytes. And so you've got huge amount of information customers that are of that size and that scale, they have to optimize costs. Really that's top of mind, how are you helping customers save on storage costs? >> Absolutely. Dave, I mean, cost optimization is one of the key things we look at every single year to help customers reduce their costs for storage. And so that led to things like the introduction of S3 Intelligent Tiering, 10 years ago. And that's really the only cloud storage class that just delivers the automatic storage cost savings, as data access patterns change. And, you know, we deliver this without performance impact or any kind of operational overhead. It's really intended to be, you know, intelligent where customers put the data in. And then we optimize the storage cost. Or for example, last year we launched S3 Storage Lens, which is really the first and only service in the cloud that provides organization-wide visibility into where customers are storing their data, what the request rates are and so forth against their storage. So when you talk about these data lakes of hundreds of petabytes or even smaller, these tools are just really invaluable to help customers reduce their storage costs year after year. And actually, Dave I'm pleased, you know, today we're also announcing the launch of some improvements to S3 Intelligent Tiering, to actually further automate the cost savings. And what we're doing is we're actually removing the minimum storage duration. Previously, Intelligent Tiering had a 30 day minimum storage duration, and we're also eliminating our monitoring and automation charge for small objects. So previously there was that monitoring and automation charge applied to all objects independent of size. And now any object less than 120 kilobytes is not charged at that charge. So, and I think some pretty critical innovations on Intelligent Tiering that will help customers use that for an even wider set of data lake and other applications. >> That's three, it's ubiquitous. The innovation continues. You can learn more by attending the Storage Day S3 deep dive right after this interview. Thank you, Kevin Miller. Great to have you on the program. >> Yeah, Dave, thanks for having me. Great to see you. >> You're welcome, this is Dave Vellante and you're watching theCUBE's coverage of AWS Storage Day. Keep it right there. (bright music)

>>mhm Yes. >>Welcome back to the Cube coverage of Red Hat summit 21 2021. I'm john for host of the Cubans virtual this year as we start preparing to come out of Covid a lot of great conversations here happening around technology. This is the emerging technology with Red hat segment. We've got three great guests steve watt manager, distinguished engineer at Red Hat hurl saying senior software engineer Red Hat and luke Hines, who's the senior software engineer as well. We got the engineering team steve, you're the the team leader, emerging tech within red hat. Always something to talk about. You guys have great tech chops that's well known in the industry and I'll see now part of IBM you've got a deep bench um what's your, how do you view emerging tech um how do you apply it? How do you prioritize, give us a quick overview of the emerging tech scene at Redhead? >>Yeah, sure. It's quite a conflated term. The way we define emerging technologies is that it's a technology that's typically 18 months plus out from commercialization and this can sometimes go six months either way. Another thing about it is it's typically not something on any of our product roadmaps within the portfolio. So in some sense, it's often a bit of a surprise that we have to react to. >>So no real agenda. And I mean you have some business unit kind of probably uh but you have to have first principles within red hat, but for this you're looking at kind of the moon shot, so to speak, the big game changing shifts. Quantum, you know, you got now supply chain from everything from new economics, new technology because that kind of getting it right. >>Yeah, I think we we definitely use a couple of different techniques to prioritize and filter what we're doing. And the first is something will pop up and it will be like, is it in our addressable market? So our addressable market is that we're a platform software company that builds enterprise software and so, you know, it's got to be sort of fit into that is a great example if somebody came up came to us with an idea for like a drone command center, which is a military application, it is an emerging technology, but it's something that we would pass on. >>Yeah, I mean I didn't make sense, but he also, what's interesting is that you guys have an open source D N A. So it's you have also a huge commercial impact and again, open sources of one of the 4th, 5th generation of awesomeness. So, you know, the good news is open source is well proven. But as you start getting into this more disruption, you've got the confluence of, you know, core cloud, cloud Native, industrial and IOT edge and data. All this is interesting, right. This is where the action is. How do you guys bring that open source community participation? You got more stakeholders emerging there before the break down, how that you guys manage all that complexity? >>Yeah, sure. So I think that the way I would start is that, you know, we like to act on good ideas, but I don't think good ideas come from any one place. And so we typically organize our teams around sort of horizontal technology sectors. So you've got, you know, luke who's heading up security, but I have an edge team, cloud networking team, a cloud storage team. Cloud application platforms team. So we've got these sort of different areas that we sort of attack work and opportunities, but you know, the good ideas can come from a variety of different places. So we try and leverage co creation with our customers and our partners. So as a good example of something we had to react to a few years ago, it was K Native right? So the sort of a new way of doing service um and eventing on top of kubernetes that was originated from google. Whereas if you look at Quantum right, ibms, the actual driver on quantum science and uh that originated from IBM were parole. We'll talk about exactly how we chose to respond to that. Some things are originated organically within the team. So uh luke talking about six law is a great example of that, but we do have a we sort of use the addressable market as a way to sort of focus what we're doing and then we try and land it within our different emerging technologies teams to go tackle it. Now. You asked about open source communities, which are quite interesting. Um so typically when you look at an open source project, it's it's there to tackle a particular problem or opportunity. Sometimes what you actually need commercial vendors to do is when there's a problem or opportunity that's not tackled by anyone open source project, we have to put them together to create a solution to go tackle that thing. That's also what we do. And so we sort of create this bridge between red hat and our customers and multiple different open source projects. And this is something we have to do because sometimes just that one open source project doesn't really care that much about that particular problem. They're motivated elsewhere. And so we sort of create that bridge. >>We got two great uh cohorts here and colleagues parole on the on the Quantum side and you got luke on the security side. Pro I'll start with you. Quantum is also a huge mentioned IBM great leadership there. Um Quantum on open shift. I mean come on. Just that's not coming together for me in my mind, it's not the first thing I think of. But it really that sounds compelling. Take us through, you know, um how this changes the computing landscape because heterogeneous systems is what we want and that's the world we live in. But now with distributed systems and all kinds of new computing modules out there, how does this makes sense? Take us through this? >>Um yeah john's but before I think I want to explain something which is called Quantum supremacy because it plays very important role in the road map that's been working on. So uh content computers, they are evolving and they have been around. But right now you see that they are going to be the next thing. And we define quantum supremacy as let's say you have any program that you run or any problems that you solve on a classical computer. Quantum computer would be giving you the results faster. So that is uh, that is how we define content supremacy when the same workload are doing better on content computer than they do in a classical computer. So the whole the whole drive is all the applications are all the companies, they're trying to find avenues where Quantum supremacy are going to change how they solve problems or how they run their applications. And even though quantum computers they are there. But uh, it is not as easily accessible for everyone to consume because it's it's a very new area that's being formed. So what, what we were thinking, how we can provide a mechanism that you can you don't connect this deal was you have a classical world, you have a country world and that's where a lot of thought process been. And we said okay, so with open shift we have the best of the classical components. You can take open shift, you can develop, deploy around your application in a country raised platform. What about you provide a mechanism that the world clothes that are running on open shift. They are also consuming quantum resources or they are able to run the competition and content computers take the results and integrate them in their normal classical work clothes. So that is the whole uh that was the whole inception that we have and that's what brought us here. So we took an operator based approach and what we are trying to do is establish the best practices that you can have these heterogeneous applications that can have classical components. Talking to our interacting the results are exchanging data with the quantum components. >>So I gotta ask with the rise of containers now, kubernetes at the center of the cloud native value proposition, what work clothes do you see benefiting from the quantum systems the most? Is there uh you guys have any visibility on some of those workloads? >>Uh So again, it's it's a very new, it's very it's really very early in the time and uh we talk with our customers and every customers, they are trying to identify themselves first where uh these contacts supremacy will be playing the role. What we are trying to do is when they reach their we should have a solution that they that they could uh use the existing in front that they have on open shift and use it to consume the content computers that may or may not be uh, inside their own uh, cloud. >>Well I want to come back and ask you some of the impact on the landscape. I want to get the look real quick because you know, I think security quantum break security, potentially some people have been saying, but you guys are also looking at a bunch of projects around supply chain, which is a huge issue when it comes to the landscape, whether its components on a machine in space to actually handling, you know, data on a corporate database. You guys have sig store. What's this about? >>Sure. Yes. So sick store a good way to frame six store is to think of let's encrypt and what let's encrypt did for website encryption is what we plan to do for software signing and transparency. So six Door itself is an umbrella organization that contains various different open source projects that are developed by the Six door community. Now, six door will be brought forth as a public good nonprofit service. So again, we're very much basing this on the successful model of let's Encrypt Six door will will enable developers to sign software artifacts, building materials, containers, binaries, all of these different artifacts that are part of the software supply chain. These can be signed with six door and then these signing events are recorded into a technology that we call a transparency log, which means that anybody can monitor signing events and a transparency log has this nature of being read only and immutable. It's very similar to a Blockchain allows you to have cryptographic proof auditing of our software supply chain and we've made six stores so that it's easy to adopt because traditional cryptographic signing tools are a challenge for a lot of developers to implement in their open source projects. They have to think about how to store the private keys. Do they need specialist hardware? If they were to lose a key then cleaning up afterwards the blast radius. So the key compromise can be incredibly difficult. So six doors role and purpose essentially is to make signing easy easy to adopt my projects. And then they have the protections around there being a public transparency law that could be monitored. >>See this is all about open. Being more open. Makes it more secure. Is the >>thief? Very much yes. Yes. It's that security principle of the more eyes on the code the better. >>So let me just back up, is this an open, you said it's gonna be a nonprofit? >>That's correct. Yes. Yes. So >>all of the code is developed by the community. It's all open source. anybody can look at this code. And then we plan alongside the Linux Foundation to launch a public good service. So this will make it available for anybody to use if your nonprofit free to use service. >>So luke maybe steve if you can way into on this. I mean, this goes back. If you look back at some of the early cloud days, people were really trashing cloud as there's no security. And cloud turns out it's a more security now with cloud uh, given the complexity and scale of it, does that apply the same here? Because I feel this is a similar kind of concept where it's open, but yet the more open it is, the more secure it is. And then and then might have to be a better fit for saying I. T. Security solution because right now everyone is scrambling on the I. T. Side. Um whether it's zero Trust or Endpoint Protection, everyone's kind of trying everything in sight. This is kind of changing the paradigm a little bit on software security. Could you comment on how you see this playing out in traditional enterprises? Because if this plays out like the cloud, open winds, >>so luke, why don't you take that? And then I'll follow up with another lens on it which is the operate first piece. >>Sure. Yes. So I think in a lot of ways this has to be open this technology because this way we have we have transparency. The code can be audited openly. Okay. Our operational procedures can be audit openly and the community can help to develop not only are code but our operational mechanisms so we look to use technology such as cuba netease, open ship operators and so forth. Uh Six store itself runs completely in a cloud. It is it is cloud native. Okay, so it's very much in the paradigm of cloud and yeah, essentially security, always it operates better when it's open, you know, I found that from looking at all aspects of security over the years that I've worked in this realm. >>Okay, so just just to add to that some some other context around Six Law, that's interesting, which is, you know, software secure supply chain, Sixth floor is a solution to help build more secure software secure supply chains, more secure software supply chain. And um so um there's there's a growing community around that and there's an ecosystem of sort of cloud native kubernetes centric approaches for building more secure software. I think we all caught the solar winds attack. It's sort of enterprise software industry is responding sort of as a whole to go and close out as many of those gaps as possible, reduce the attack surface. So that's one aspect about why 6th was so interesting. Another thing is how we're going about it. So we talked about um you mentioned some of the things that people like about open source, which is one is transparency, so sunlight is the best disinfectant, right? Everybody can see the code, we can kind of make it more secure. Um and then the other is agency where basically if you're waiting on a vendor to go do something, um if it's proprietary software, you you really don't have much agency to get that vendor to go do that thing. Where is the open source? If you don't, if you're tired of waiting around, you can just submit the patch. So, um what we've seen with package software is with open source, we've had all this transparency and agency, but we've lost it with software as a service, right? Where vendors or cloud service providers are taking package software and then they're making it available as a service but that operationalize ng that software that is proprietary and it doesn't get contributed back. And so what Lukes building here as long along with our partners down, Lawrence from google, very active contributor in it. Um, the, is the operational piece to actually run sixth or as a public service is part of the open source project so people can then go and take sixth or maybe run it as a smaller internal service. Maybe they discover a bug, they can fix that bug contributed back to the operational izing piece as well as the traditional package software to basically make it a much more robust and open service. So you bring that transparency and the agency back to the SAS model as well. >>Look if you don't mind before, before uh and this segment proportion of it. The importance of immune ability is huge in the world of data. Can you share more on that? Because you're seeing that as a key part of the Blockchain for instance, having this ability to have immune ability. Because you know, people worry about, you know, how things progress in this distributed world. You know, whether from a hacking standpoint or tracking changes, Mutability becomes super important and how it's going to be preserved in this uh new six doorway. >>Oh yeah, so um mutability essentially means cannot be changed. So the structure of something is set. If it is anyway tampered or changed, then it breaks the cryptographic structure that we have of our public transparency service. So this way anybody can effectively recreate the cryptographic structure that we have of this public transparency service. So this mutability provides trust that there is non repudiation of the data that you're getting. This data is data that you can trust because it's built upon a cryptographic foundation. So it has very much similar parallels to Blockchain. You can trust Blockchain because of the immutable nature of it. And there is some consensus as well. Anybody can effectively download the Blockchain and run it themselves and compute that the integrity of that system can be trusted because of this immutable nature. So that's why we made this an inherent part of Six door is so that anybody can publicly audit these events and data sets to establish that there tamper free. >>That is a huge point. I think one of the things beyond just the security aspect of being hacked and protecting assets um trust is a huge part of our society now, not just on data but everything, anything that's reputable, whether it's videos like this being deep faked or you know, or news or any information, all this ties to security again, fundamentally and amazing concepts. Um I really want to keep an eye on this great work. Um Pearl, I gotta get back to you on Quantum because again, you can't, I mean people love Quantum. It's just it feels like so sci fi and it's like almost right here, right, so close and it's happening. Um And then people get always, what does that mean for security? We go back to look and ask them well quantum, you know, crypto But before we get started I wanted, I'm curious about how that's gonna play out from the project because is it going to be more part of like a C. N. C. F. How do you bring the open source vibe to Quantum? >>Uh so that's a very good question because that was a plan, the whole work that we are going to do related to operators to enable Quantum is managed by the open source community and that project lies in the casket. So casket has their own open source community and all the modification by the way, I should first tell you what excuse did so cute skin is the dedicate that you use to develop circuits that are run on IBM or Honeywell back in. So there are certain Quantum computers back and that support uh, circuits that are created using uh Houston S ticket, which is an open source as well. So there is already a community around this which is the casket. Open source community and we have pushed the code and all the maintenance is taken care of by that community. Do answer your question about if we are going to integrate it with C and C. F. That is not in the picture right now. We are, it has a place in its own community and it is also very niche to people who are working on the Quantum. So right now you have like uh the contributors who who are from IBM as well as other uh communities that are specific specifically working on content. So right now I don't think so, we have the map to integrated the C. N. C. F. But open source is the way to go and we are on that tragic Torri >>you know, we joke here the cube that a cubit is coming around the corner can can help but we've that in you know different with a C. But um look, I want to ask you one of the things that while you're here your security guru. I wanted to ask you about Quantum because a lot of people are scared that Quantum is gonna crack all the keys on on encryption with his power and more hacking. You're just comment on that. What's your what's your reaction to >>that? Yes that's an incredibly good question. This will occur. Okay. And I think it's really about preparation more than anything now. One of the things that we there's a principle that we have within the security world when it comes to coding and designing of software and this aspect of future Cryptography being broken. As we've seen with the likes of MD five and Sha one and so forth. So we call this algorithm agility. So this means that when you write your code and you design your systems you make them conducive to being able to easily swap and pivot the algorithms that use. So the encryption algorithms that you have within your code, you do not become too fixed to those. So that if as computing gets more powerful and the current sets of algorithms are shown to have inherent security weaknesses, you can easily migrate and pivot to a stronger algorithms. So that's imperative. Lee is that when you build code, you practice this principle of algorithm agility so that when shot 256 or shot 5 12 becomes the shar one. You can swap out your systems. You can change the code in a very least disruptive way to allow you to address that floor within your within your code in your software projects. >>You know, luke. This is mind bender right there. Because you start thinking about what this means is when you think about algorithmic agility, you start thinking okay software countermeasures automation. You start thinking about these kinds of new trends where you need to have that kind of signature capability. You mentioned with this this project you're mentioning. So the ability to actually who signs off on these, this comes back down to the paradigm that you guys are talking about here. >>Yes, very much so. There's another analogy from the security world, they call it turtles all the way down, which is effectively you always have to get to the point that a human or a computer establishes that first point of trust to sign something off. And so so it is it's a it's a world that is ever increasing in complexity. So the best that you can do is to be prepared to be as open as you can to make that pivot as and when you need to. >>Pretty impressive, great insight steve. We can talk for hours on this panel, emerging tech with red hat. Just give us a quick summary of what's going on. Obviously you've got a serious brain trust going on over there. Real world impact. You talk about the future of trust, future of software, future of computing, all kind of going on real time right now. This is not so much R and D as it is the front range of tech. Give us a quick overview of >>Yeah, sure, yeah, sure. The first thing I would tell everyone is go check out next that red hat dot com, that's got all of our different projects, who to contact if you're interested in learning more about different areas that we're working on. And it also lists out the different areas that we're working on, but just as an overview. So we're working on software defined storage, cloud storage. Sage. Well, the creator of Cf is the person that leads that group. We've got a team focused on edge computing. They're doing some really cool projects around um very lightweight operating systems that and kubernetes, you know, open shift based deployments that can run on, you know, devices that you screw into the sheet rock, you know, for that's that's really interesting. Um We have a cloud networking team that's looking at over yin and just intersection of E B P F and networking and kubernetes. Um and then uh you know, we've got an application platforms team that's looking at Quantum, but also sort of how to advance kubernetes itself. So that's that's the team where you got the persistent volume framework from in kubernetes and that added block storage and object storage to kubernetes. So there's a lot of really exciting things going on. Our charter is to inform red hats long term technology strategy. We work the way my personal philosophy about how we do that is that Red hat has product engineering focuses on their product roadmap, which is by nature, you know, the 6 to 9 months. And then the longer term strategy is set by both of us. And it's just that they're not focused on it. We're focused on it and we spend a lot of time doing disambiguate nation of the future and that's kind of what we do. We love doing it. I get to work with all these really super smart people. It's a fun job. >>Well, great insights is super exciting, emerging tack within red hat. I'll see the industry. You guys are agile, your open source and now more than ever open sources, uh, product Ization of open source is happening at such an accelerated rate steve. Thanks for coming on parole. Thanks for coming on luke. Great insight all around. Thanks for sharing. Uh, the content here. Thank you. >>Our pleasure. >>Thank you. >>Okay. We were more, more redhead coverage after this. This video. Obviously, emerging tech is huge. Watch some of the game changing action here at Redhead Summit. I'm john ferrier. Thanks for watching. Yeah.

(upbeat introductory music) >> Presenter: From theCUBE Studios in Palo Alto and Boston, connecting with thought leaders all around the world, this is theCUBE CONVERSATION. >> Hi everyone, welcome to this special CUBE CONVERSATION I'm John Furrier, Host of theCUBE here in Palo Alto, California in our studios, we have a remote guest here talking about cybersecurity and all the industry trends and the recent news and announcements around Fortinet with John Madison CMO and Executive Vice President of products at Fortinet John, great to see you, welcome back to theCUBE. Great to have you back for some commentary around what's going on in the trends and your recent news. So thanks for coming on. >> Thanks John, nice to see you again. >> So you guys had earnings, congratulations again another successful results, you guys are doing well. Cyber is super important and that's the top conversation, cloud computing, cloud native, we're living in a pandemic. New things are exposed. Clearly the environment has changed in the past four months in a major, major way. So a lot of demand, a lot of needs out there from customers. So you guys had some earnings and you also have an update on your Fortinet OS67.0 platform with major updates. Let's quickly hit the news real quick. What's the hot topic? >> Yeah, well you're right. Things have accelerated in some ways in this cybersecurity world and we had the recent solar winds incident that's also made people look really, really closely at their cyber security strategy and architecture. We announced our results yesterday for Q4. For Q4 we had over 20% product growth which is the key, of course, the future growth. We also, for the full year in 2020 past 3 billion in billings for the first time for the company. And we're really proud of that. We're proud for a lot of reasons with our people and our team, but also another company that goes and makes large acquisitions to boost revenue and billings growth. We've done it predominantly organically over the last 20 years. And so we're very proud of our achievement and obviously a big thank you to our partners, our employees, and our customers. >> We also have been covering you guys for many, many years. Congratulations, well deserved good products win the long game, as we say on theCUBE, and that's a great Testament, but now more than ever I really want to get your thoughts because everyone that I talked to is really kind of sitting back saying, "Wow, look what's happened in the past three, six months in particular, a lot of sea change in both on the technical landscape, the intersection with society obviously with cyber, you mentioned solar winds that's been kind of hanging around. More data's coming out about how pervasive that was and how native it was for many months. So what's out there, we don't even know what's next. So this is causing a lot of people to take pause and reevaluate their environment. Can you share your perspective and how Fortinet sees this playing out and how that you are advising your customers? >> Yeah, well, leaving compliance and regulatory to one side for now because that's also a driver cybersecurity and focus on the two main drivers. One is the threat landscape, and I hinted a bit around that supply chain attack which affects a lot of people in solar winds incident. They got hold or got onto a device that has privileged access across a lot of servers and applications. And that's exactly what they wanted to get to. So state-sponsored ABTs, there's still volume out there. We still see now ransomware doubling every six months but that's very scary. The threat landscape around state sponsored. Now, the other driver of cybersecurity is the infrastructure. And whether that be end point. So as you know people are working from home as I am for the last eight months. So there's a on and off network, end point kind of a zero trust architecture there that people are looking towards. On the network side, we've seen these edges develop. And so whether it be the WAN edge, LANedge, Cloud Edge, data center edge even OT edge, those need protecting. So that's a big challenge for customers. And then also on the cloud side where the applications have moved to cloud, but different types of cloud, multi-cloud I've even seen building cloud recently. So that's a very adaptive area. So challenging for the customer in the terms of the threats and weaponized threats as well as the ability to cover all the different parts of the attack surface going forward. >> It's interesting, we've been living in a generation in the technology business around, you just get a tool for that. Every hammer looks for a nail, that's the expression. Now more than ever when you have this no perimeter environment, which we've been talking about for many years, that's not new. What is new is that everyone's now thinking about architectural systems approach to this and thinking systematically around the platform of what their business is. So in your announcement that you guys just released for OS67.0, there's really some meat on the bone there. You have the secure access, edge SASE and then the endpoint protection which are defined categories by the analyst. But those are the areas that are super hot. Can you translate that into the architectural equation because you and I were talking before we came on camera around how it's not just one thing there's multiple layers to this. Could you break that out for us please? >> Yeah. If you look at historically and I'm now coming up to my 20th year in cybersecurity. Before Fortinet I worked for an end point company. If you go back a while and I can, between 2000, 2010, the Endpoint Vendors were the the big cybersecurity players because Endpoint was where the data was and everything else. And then over the last 10 years the network security vendors, the next gen firewalls have been the most important vendors out there. And it's also reflected in revenues and market cap and everything else. What we're going to see over the next 10 years is the platform. And that platform can't be just an endpoint platform. It can't be just a network security platform or just the cloud platform, because you only, you're only seeing and defending and protecting a part of the overall we call digital experience. Whether it be a device in the factory, whether it be a person dialing in from somewhere or connecting from somewhere through the network and through to the applications you've got to measure that digital experience. And so that's going to be very important to be able to provide a platform that sits across all your devices users, across your whole network including new networks like 5G and across the applications and in the cloud. So the platform to us extends across all those areas. We've been building that platform on what we call our FortiOS operating system. The latest release is 7.0, which released yesterday. It obviously upgrades and extends all parts of the platform but we did major parts of the release yesterday were around SASE, which of course is the CloudEdge. So we're adding that CloudEdge to our component. We did acquire a company Opaque Networks a few months ago that's now we've integrated that technology. And then just as importantly on the access side, a zero trust network access capability for giving access per application. In fact, again, with this, I've talked a bit about in the past about all these Gartner acronyms I don't think zero trust network access is the right wording for it. It should be application access, because that's all we are going to move to. Application specific access versus just getting on the network and getting access to everything. But something that gives you context. So those are the two big things, but there's 300 plus new features across networking end point in cloud across management, inside the resource. It's a major release for us. And it gives us our customers the capability to really protect that attack surface from the end point to the cloud. >> Yeah, there's a lot of meat in there, from that release, I've got to say. but it's basically you're saying devices and users have access. That's been around. There's been tools for that. You hire people, you get some tools. Network access, it's been around. It's getting evolving. Now apps in the cloud, cloud native is a hot area. And people that I talk to, I want to get your reaction to this comment that I hear from people and customers and CXOs and developers. "Hey, we bought a tool for that. We hired a bunch of people. They mainly left, or the environment changed. We bought another tool. And then we bought a tool for that. We bought a tool for that." And then you have this kind of tool shed mentality, where they have tools that don't even have people to run them. So you have this problem there kind of tools need to be upgraded. And then you have this hot trend of observability on the app side, where now you have new data coming in on the application side, those are new tools. You got all kinds of stuff and competing for that. How do you talk to that customer? Because this is what the customer hears all this noise, all this action. They need to have it. They got to have the staff, they got to be trained up. What's going on there? What's your reaction to that? And how do you talk to customers who have this problem? Well, it's a big problem for them. Because, and by the way when I speak to a lot of customers about cloud they don't go to cloud because it's cheaper. It's not, it's actually more expensive. But they go to cloud to give them more agility because they want flexibility in the way they deploy applications as they go forward. And again, this pandemic has made a lot of companies realize they need to be more flexible in the way they deploy IT resources and faster in the way they bring up new services and applications. And so, but there's quite a few elements I say of cybersecurity and networking, which to me and to us are just features. You shouldn't be buying 40 different networking and cybersecurity vendors. You just can't staff and maintain that. And so we do see some things consolidated and converging into a single platform. We're a leader in the magic quadrant for SD WAN or a leader for network security or a visionary in WIFI. And many of the times in each of those magic quadrants, it's a different vendor or if it's the same vendor it's a different platform. For us it's the same platform in each one. And we pride ourselves in building not only best of breed capabilities, but also it's the same platform same management system, same API. And that gives the customer some capabilities in trying to manage that. What we say to customers is not a question of going from 40 vendors down to one That's no good, but go from 40 vendors down to maybe seven or eight platforms but make sure those platforms can inter-operate. They can share policy, and they can share threat intelligence. And that's why customers are looking to more of an architectural approach to cybersecurity but also they feel cybersecurity and networking are starting to converge at the same time. >> One of the biggest stories we're covering these days in 2021 besides the pandemic and how people are going to come out with a growth strategy that's secure, trusted and scalable, is the rise of the new executive in business in the enterprise where they're more tech savvy, right? You see executives like Satya and Intel. Intel, rise with the CEO of Microsoft. Andy Jassy rise up to the CEO of Amazon and you're seeing lawmakers in DC become more techie, less lawyer-oriented. So you seeing the rise of a business techie person. And I think this speaks to this holistic fabric philosophy you guys have as you talk to customers, when they look at the business impact of cybersecurity, for instance you mentioned solar winds earlier. I mean, these are deadly company killing events. This is real. So it's not just an IT problem. It's a business problem. How do you guys talk to customers, obviously that you have the security fabric and you're stitching things together? What's the conversation when you talk to customers like that? >> One interesting thing I've noticed, and I do quite a lot of customer calls each week, executive briefings and pretty early on, I noticed that both the infrastructure networking with the CIO team and the cyber security the CSO teams run on the same video call and that's got more and more as we've gone on. And I think what companies have realized is that if they want to move fast, they can't have these silos or this layering of capabilities. Then when they build something they needed to build it securely from day one and have that as a joint team. And so I don't think the teams are not merged but they're definitely working more closely. And I think the responsibility of reporting back into the board level gain is not just, it's just an IT project. Oh, by the way, we've got a security project. It's the same project. And I think that's again, points to this convergence of networking and security. >> Yeah. The silos got to be broken down. That's been a theme that's been more highlighted more than ever the benefits and the consequences of doing it or not doing it are clear to people especially at all levels of the corporation and tech. That brings up my favorite conversation. I always ask you whenever you're back on theCUBE giving me an update on what's going on with Fortinet I got to ask you how it's going with data, because data again is the consistent theme we always talk about, how we're exposing that data, how we're protecting that data, the role of data as people continue to get more data and figure out how to use machine learning how to use AI, how to democratize it all kinds of things are happening around data. What's the latest in your opinion? >> Yeah, I think there's progress, but I always say there's progress on both sides. The cyber criminals, big AI networks and machine learning just to counter what the cyber security companies are doing. I think right now we're processing hundreds of billions of events on a weekly basis. We've got the largest install base of network security out there over 500,000 customers. And so processing that event, it's going well in that we're able to determine really quickly for specific threat vectors in specific geographies that this battle good. It's about a good file. It's about a good URL. It's a vulnerability that's associated with Stevia. So we're able to kind of do use machine learning and volume against a specific application to get a good result. The key going forward for us, and I think for the whole industry is using the AI to start to discover campaigns in the wild like the solar winds ones, which is going on without anybody knowing. And that takes a lot of compute, takes a lot of threat intelligence and the AI piece needs to understand the relationship between the different elements of threat vectors, the command and controls and everything else to get you that result. I do think a couple of things. One is the cybersecurity industry, and I've said this before on this broadcast is are not walking together as they should. And sharing this threat intelligence across the industry. As soon as they find something, I actually applaud Microsoft on the solar wind side, they got information out really quickly and did well. And so we did the same. I think the industry needs to do more of that more proactively. And then I do think that, again, that I see a lot of companies cybersecurity companies claim a lot of things without any evidence that it works whatsoever. >> The world's got to call them out the consequences of not having, things work as they're advertised and or sharing them, your point about sharing. There should be some recognition for folks that are actually being fast on the sharing side. It's not like... We need our own militia against the bad guys. That's what's kind of going on here. So great stuff. I got to get your thoughts on the edge real quick. I know we talked about it briefly. You broke it down to three categories device users, network, and then apps in the cloud. The hottest topic on our recent CUBE on cloud editorial virtual event we had was the edge. And edge being industrial edge. And also, just the edge of the network with humans and users and devices. How are you seeing the current situation out there? A lot of hype, obviously the reality of that, that we're in a distributed network, the internet and the web and the cloud cloud natives coming. What's Fortinet's thoughts? What's your thoughts on how the edge is evolving and what people should pay attention to when they look at as they're architecturally planning for building out and managing and securing the edge? >> Given this a zero trust conversation on users and devices and given that people are familiar with the cloud and how they're going to use cloud. I think the network is becoming a really important very important area. And some people say, "Oh, don't worry about the network, just go to the cloud." The network is very important in providing that digital experience, but what's happening with the network is it's being stretched. It's being extended into factories. It's opening up on the winning side. You've got people now working from home. You've got that edge that used to be just the data center edge is now CloudEdge and SAS edge. And so you have to pay close attention to those edges. Now what you can't do is say, "Oh, I know we've got all those edges there. Let me overlay some security on each edge," because it's going to be different the way you deploy that in on a wifi device versus a CloudEdge. And so what you need to look towards is convergence of a capability either of the CloudEdge or the WAN edge or the LTE edge, it's got to be converged networking, and security. Otherwise it's too operationally inefficient, too complex to do. And so I think this is a really important subject and area for customers because as I said at the beginning, it provides that digital, we acquired a company called (indistinct) a few months ago, which actually focuses on the digital experience monitoring marketplace. What are users actually going through in terms of availability and quality and performance all the way from their device, all the way back into the application? I think that's very important. And the network edges have to be secured, where you can only do it through a converged solution. >> Yeah, that's a great point Architecturally, you might have a good technology or product look on paper but the complexity is the vulnerability. That's a really, really great point. John always great to have you on. Thanks for coming on, sharing the update. Before we end, I'll give you a quick minute to plug the news you had. Quickly put a plug in for the release you guys just put out around the new FortiOS 7.0 the features. What's the most important point about that release? Share, take a minute to explain. >> Yeah. FortiOS 7.0 is our big release our operating system is big news because it allows us FortiOS to sit at any edge across the network, whether it would be the one edge CloudEdge, data center edge. We've extended it into the CloudEdge with SASE in this release. We're also bringing in zero trust network access capabilities but overall it includes 300 features across the network, Endpoint in cloud. So a very important release for us and our customers and partners. >> John, great to have you on theCUBE again and get the news. You guys doing a great job, congratulations on your earnings but more importantly, congratulations on the product success and how you guys are thinking about it as a platform. That's what customers want. And you guys are continuing to do a great job there and congratulations from the news. Thanks for coming on. >> Thanks Jim. >> Again, John Furrier here inside theCUBE for CUBE Conversation getting the update on Fortinet and cybersecurity. Look for our cybersecurity coverage on SiliconANGLE.com. And of course, theCUBE's coverage continuing to talk to the thought leaders and the people making things happen, securing our networks and our cloud and deploying cloud native applications. Thanks for watching. (upbeat music)

>>from around the globe. It's the Cube with digital coverage of VM World 2020 brought to you by VM Ware and its ecosystem partners. Hello and welcome back to the cubes. Virtual coverage of VM World 2020 Virtual I'm John for your host of the Cube, our 11th year covering V emeralds. Not in person. It's virtual. I'm with my coast, Dave. A lot, of course. Ah, guest has been on every year since the cubes existed. Sanjay Putin, who is now the chief operating officer for VM Ware Sanjay, Great to see you. It's our 11th years. Virtual. We're not in person. Usually high five are going around. But hey, virtual fist pump, >>virtual pissed bump to you, John and Dave, always a pleasure to talk to you. I give you more than a virtual pistol. Here's a virtual hug. >>Well, so >>great. Back at great. >>Great to have you on. First of all, a lot more people attending the emerald this year because it's virtual again, it doesn't have the face to face. It is a community and technical events, so people do value that face to face. Um, but it is virtually a ton of content, great guests. You guys have a great program here, Very customer centric. Kind of. The theme is, you know, unpredictable future eyes is really what it's all about. We've talked about covert you've been on before. What's going on in your perspective? What's the theme of your main talks? >>Ah, yeah. Thank you, John. It's always a pleasure to talk to you folks. We we felt as we thought, about how we could make this content dynamic. We always want to make it fresh. You know, a virtual show of this kind and program of this kind. We all are becoming experts at many Ted talks or ESPN. Whatever your favorite program is 60 minutes on becoming digital producers of content. So it has to be crisp, and everybody I think was doing this has found ways by which you reduce the content. You know, Pat and I would have normally given 90 minute keynotes on day one and then 90 minutes again on day two. So 180 minutes worth of content were reduced that now into something that is that entire 180 minutes in something that is but 60 minutes. You you get a chance to use as you've seen from the keynote an incredible, incredible, you know, packed array of both announcements from Pat myself. So we really thought about how we could organize this in a way where the content was clear, crisp and compelling. Thekla's piece of it needed also be concise, but then supplemented with hundreds of sessions that were as often as possible, made it a goal that if you're gonna do a break out session that has to be incorporate or lead with the customer, so you'll see not just that we have some incredible sea level speakers from customers that have featured in in our pattern, Mikey notes like John Donahoe, CEO of Nike or Lorry beer C I, a global sea of JPMorgan Chase partner Baba, who is CEO of Zuma Jensen Wang, who is CEO of video. Incredible people. Then we also had some luminaries. We're gonna be talking in our vision track people like in the annuity. I mean, one of the most powerful women the world many years ranked by Fortune magazine, chairman, CEO Pepsi or Bryan Stevenson, the person who start in just mercy. If you watch that movie, he's a really key fighter for social justice and criminal. You know, reform and jails and the incarceration systems. And Malala made an appearance. Do I asked her personally, I got to know her and her dad's and she spoke two years ago. I asked her toe making appearance with us. So it's a really, really exciting until we get to do some creative stuff in terms of digital content this year. >>So on the product side and the momentum side, you have great decisions you guys have made in the past. We covered that with Pat Gelsinger, but the business performance has been very strong with VM. Where, uh, props to you guys, Where does this all tie together for in your mind? Because you have the transformation going on in a highly accelerated rate. You know, cov were not in person, but Cove in 19 has proven, uh, customers that they have to move faster. It's a highly accelerated world, a lot. Lots changing. Multi cloud has been on the radar. You got security. All the things you guys are doing, you got the AI announcements that have been pumping. Thean video thing was pretty solid. That project Monterey. What does the customer walk away from this year and and with VM where? What is the main theme? What what's their call to action? What's what do they need to be doing? >>I think there's sort of three things we would encourage customers to really think about. Number one is, as they think about everything in infrastructure, serves APS as they think about their APS. We want them to really push the frontier of how they modernize their athletic applications. And we think that whole initiative off how you modernized applications driven by containers. You know, 20 years ago when I was a developer coming out of college C, C plus, plus Java and then emerge, these companies have worked on J two ee frameworks. Web Logic, Be Aware logic and IBM Web Street. It made the development off. Whatever is e commerce applications of portals? Whatever was in the late nineties, early two thousands much, much easier. That entire world has gotten even easier and much more Micro service based now with containers. We've been talking about kubernetes for a while, but now we've become the leading enterprise, contain a platform making some incredible investments, but we want to not just broaden this platform. We simplified. It is You've heard everything in the end. What works in threes, right? It's sort of like almost t shirt sizing small, medium, large. So we now have tens Ooh, in the standard. The advanced the enterprise editions with lots of packaging behind that. That makes it a very broad and deep platform. We also have a basic version of it. So in some sense it's sort of like an extra small. In addition to the small medium large so tends to and everything around at modernization, I think would be message number one number two alongside modernization. You're also thinking about migration of your workloads and the breadth and depth of, um, er Cloud Foundation now of being able to really solve, not just use cases, you are traditionally done, but also new ai use cases. Was the reason Jensen and us kind of partner that, and I mean what a great company and video has become. You know, the king maker of these ai driven applications? Why not run those AI applications on the best infrastructure on the planet? Remember, that's a coming together of both of our platforms to help customers. You know automotive banking fraud detection is a number of AI use cases that now get our best and we want it. And the same thing then applies to Project Monterey, which takes the B c f e m A Cloud Foundation proposition to smart Knicks on Dell, HP Lenovo are embracing the in video Intel's and Pen Sandoz in that smart make architectural, however, that so that entire world of multi cloud being operative Phobia Macleod Foundation on Prem and all of its extended use cases like AI or Smart Knicks or Edge, but then also into the AWS Azure, Google Multi Cloud world. We obviously had a preferred relationship with Amazon that's going incredibly well, but you also saw some announcements last week from, uh, Microsoft Azure about azure BMR solutions at their conference ignite. So we feel very good about the migration opportunity alongside of modernization on the third priority, gentlemen would be security. It's obviously a topic that I most recently taken uninterested in my day job is CEO of the company running the front office customer facing revenue functions by night job by Joe Coffin has been driving. The security strategy for the company has been incredibly enlightening to talk, to see SOS and drive this intrinsic security or zero trust from the network to end point and workload and cloud security. And we made some exciting announcements there around bringing together MAWR capabilities with NSX and Z scaler and a problem black and workload security. And of course, Lassiter wouldn't cover all of this. But I would say if I was a attendee of the conference those the three things I want them to take away what BMR is doing in the future of APS what you're doing, the future of a multi cloud world and how we're making security relevant for distributed workforce. >>I know David >>so much to talk about here, Sanjay. So, uh, talk about modern APS? That's one of the five franchise platforms VM Ware has a history of going from, you know, Challenger toe dominant player. You saw that with end user computing, and there's many, many other examples, so you are clearly one of the top, you know. Let's call it five or six platforms out there. We know what those are, uh, and but critical to that modern APS. Focus is developers, and I think it's fair to say that that's not your wheelhouse today, but you're making moves there. You agree that that is, that is a critical part of modern APS, and you update us on what you're doing for that community to really take a leadership position there. >>Yeah, no, I think it's a very good point, David. We way seek to constantly say humble and hungry. There's never any assumption from us that VM Ware is completely earned anyplace off rightful leadership until we get thousands, tens of thousands. You know, we have a half a million customers running on our virtualization sets of products that have made us successful for 20 years 70 million virtual machines. But we have toe earn that right and containers, and I think there will be probably 10 times as many containers is their virtual machines. So if it took us 20 years to not just become the leader in in virtual machines but have 70 million virtual machines, I don't think it will be 20 years before there's a billion containers and we seek to be the leader in that platform. Now, why, Why VM Where and why do you think we can win in their long term. What are we doing with developers Number one? We do think there is a container capability independent of virtual machine. And that's what you know, this entire world of what hefty on pivotal brought to us on. You know, many of the hundreds of customers that are using what was formerly pivotal and FDR now what's called Tan Xue have I mean the the case. Studies of what those customers are doing are absolutely incredible. When I listen to them, you take Dick's sporting goods. I mean, they are building curbside, pick up a lot of the world. Now the pandemic is doing e commerce and curbside pick up people are going to the store, That's all based on Tan Xue. We've had companies within this sort of world of pandemic working on contact, tracing app. Some of the diagnostic tools built without they were the lab services and on the 10 zoo platform banks. Large banks are increasingly standardizing on a lot of their consumer facing or wealth management type of applications, anything that they're building rapidly on this container platform. So it's incredible the use cases I'm hearing public sector. The U. S. Air Force was talking about how they've done this. Many of them are not public about how they're modernizing dams, and I tend to learn the best from these vertical use case studies. I mean, I spend a significant part of my life is you know, it s a P and increasingly I want to help the company become a lot more vertical. Use case in banking, public sector, telco manufacturing, CPG retail top four or five where we're seeing a lot of recurrence of these. The Tan Xue portfolio actually brings us closest to almost that s a P type of dialogue because we're having an apse dialogue in the in the speak of an industry as opposed to bits and bytes Notice I haven't talked at all about kubernetes or containers. I'm talking about the business problem being solved in a retailer or a bank or public sector or whatever have you now from a developer audience, which was the second part of your question? Dave, you know, we talked about this, I think a year or two ago. We have five million developers today that we've been able to, you know, as bringing these acquisitions earn some audience with about two or three million from from the spring community and two or three million from the economic community. So think of those five million people who don't know us because of two acquisitions we don't. Obviously spring was inside Vienna where went out of pivotal and then came back. So we really have spent a lot of time with that community. A few weeks ago, we had spring one. You guys are aware of that? That conference record number of attendees okay, Registered, I think of all 40 or 50,000, which is, you know, much bigger than the physical event. And then a substantial number of them attended live physical. So we saw a great momentum out of spring one, and we're really going to take care of that, That that community base of developers as they care about Java Manami also doing really, really well. But then I think the rial audience it now has to come from us becoming part of the conversation. That coupon at AWS re invent at ignite not just the world, I mean via world is not gonna be the only place where infrastructure and developers come to. We're gonna have to be at other events which are very prominent and then have a developer marketplace. So it's gonna be a multiyear effort. We're okay with that. To grow that group of about five million developers that we today Kate or two on then I think there will be three or four other companies that also play very prominently to developers AWS, Microsoft and Google. And if we're one among those three or four companies and remembers including that list, we feel very good about our ability to be in a place where this is a shared community, takes a village to approach and an appeal to those developers. I think there will be one of those four companies that's doing this for many years to >>come. Santa, I got to get your take on. I love your reference to the Web days and how the development environment change and how the simplicity came along very relevant to how we're seeing this digital transformation. But I want to get your thoughts on how you guys were doing pre and now during and Post Cove it. You already had a complicated thing coming on. You had multi cloud. You guys were expanding your into end you had acquisitions, you mentioned a few of them. And then cove it hit. Okay, so now you have Everything is changing you got. He's got more complex city. You have more solutions, and then the customer psychology is change. You got to spectrums of customers, people trying to save their business because it's changed, their customer behavior has changed. And you have other customers that are doubling down because they have a tailwind from Cove it, whether it's a modern app, you know, coming like Zoom and others are doing well because of the environment. So you got your customers air in this in this in this, in this storm, you know, they're trying to save down, modernized or or or go faster. How are you guys changing? Because it's impacted how you sell. People are selling differently, how you implement and how you support customers, because you already had kind of the whole multi cloud going on with the modern APS. I get that, but Cove, it has changed things. How are you guys adopting and changing to meet the customer needs who are just trying to save their business on re factor or double down and continue >>John. Great question. I think I also talked about some of this in one of your previous digital events that you and I talked about. I mean, you go back to the last week of February 1st week of March, actually back up, even in January, my last trip on a plane. Ah, major trip outside this country was the World Economic Forum in Davos. And, you know, there were thousands of us packed into the small digits in Switzerland. I was sitting having dinner with Andy Jassy in a restaurant one night that day. Little did we know. A month later, everything would change on DWhite. We began to do in late February. Early March was first. Take care of employees. You always wanna have the pulse, check employees and be in touch with them. Because the health and safety of employees is much more important than the profits of, um, where you know. So we took care of that. Make sure that folks were taking care of older parents were in good place. We fortunately not lost anyone to death. Covert. We had some covert cases, but they've recovered on. This is an incredible pandemic that connects all of us in the human fabric. It has no separation off skin color or ethnicity or gender, a little bit of difference in people who are older, who might be more affected or prone to it. But we just have to, and it's taught me to be a significantly more empathetic. I began to do certain things that I didn't do before, but I felt was the right thing to do. For example, I've begun to do 25 30 minute calls with every one of my key countries. You know, as I know you, I run customer operations, all of the go to market field teams reporting to me on. I felt it was important for me to be showing up, not just in the big company meetings. We do that and big town halls where you know, some fractions. 30,000 people of VM ware attend, but, you know, go on, do a town hall for everybody in a virtual zoom session in Japan. But in their time zone. So 10 o'clock my time in the night, uh, then do one in China and Australia kind of almost travel around the world virtually, and it's not long calls 25 30 minutes, where 1st 10 or 15 minutes I'm sharing with them what I'm seeing across other countries, the world encouraging them to focus on a few priorities, which I'll talk about in a second and then listening to them for 10 15 minutes and be, uh and then the call on time or maybe even a little earlier, because every one of us is going to resume button going from call to call the call. We're tired of T. There's also mental, you know, fatigue that we've gotta worry about. Mental well, being long term. So that's one that I personally began to change. I began to also get energy because in the past, you know, I would travel to Europe or Asia. You know, 40 50%. My life has travel. It takes a day out of your life on either end, your jet lag. And then even when you get to a Tokyo or Beijing or to Bangalore or the London, getting between sites of these customers is like a 45 minute, sometimes in our commute. Now I'm able to do many of these 25 30 minute call, so I set myself a goal to talk to 1000 chief security officers. I know a lot of CEOs and CFOs from my times at S A P and VM ware, but I didn't know many security officers who often either work for a CEO or report directly to the legal counsel on accountable to the audit committee of the board. And I got a list of these 1,002,000 people we called email them. Man, I gotta tell you, people willing to talk to me just coming, you know, into this I'm about 500 into that. And it was role modeling to my teams that the top of the company is willing to spend as much time as possible. And I have probably gotten a lot more productive in customer conversations now than ever before. And then the final piece of your question, which is what do we tell the customer in terms about portfolio? So these were just more the practices that I was able to adapt during this time that have given me energy on dial, kind of get scared of two things from the portfolio perspective. I think we began to don't notice two things. One is Theo entire move of migration and modernization around the cloud. I describe that as you know, for example, moving to Amazon is a migration opportunity to azure modernization. Is that whole Tan Xue Eminem? Migration of modernization is highly relevant right now. In fact, taking more speed data center spending might be on hold on freeze as people kind of holding till depend, emmick or the GDP recovers. But migration of modernization is accelerating, so we wanna accelerate that part of our portfolio. One of the products we have a cloud on Amazon or Cloud Health or Tan Xue and maybe the other offerings for the other public dog. The second part about portfolio that we're seeing acceleration around is distributed workforce security work from home work from anywhere. And that's that combination off workspace, one for both endpoint management, virtual desktops, common black envelope loud and the announcements we've now made with Z scaler for, uh, distributed work for security or what the analysts called secure access. So message. That's beautiful because everyone working from home, even if they come back to the office, needs a very different model of security and were now becoming a leader in that area. of security. So these two parts of the portfolio you take the five franchise pillars and put them into these two buckets. We began to see momentum. And the final thing, I would say, Guys, just on a soft note. You know, I've had to just think about ways in which I balance work and family. It's just really easy. You know what, 67 months into this pandemic to burn out? Ah, now I've encouraged my team. We've got to think about this as a marathon, not a sprint. Do the personal things that you wanna do that will make your life better through this pandemic. That in practice is that you keep after it. I'll give you one example. I began biking with my kids and during the summer months were able to bike later. Even now in the fall, we're able to do that often, and I hope that's a practice I'm able to do much more often, even after the pandemic. So develop some activities with your family or with the people that you love the most that are seeing you a lot more and hopefully enjoying that time with them that you will keep even after this pandemic ends. >>So, Sanjay, I love that you're spending all this time with CSOs. I mean, I have a Well, maybe not not 1000 but dozens. And they're such smart people. They're really, you know, in the thick of things you mentioned, you know, your partnership with the scale ahead. Scott Stricklin on who is the C. C so of Wyndham? He was talking about the security club. But since the pandemic, there's really three waves. There's the cloud security, the identity, access management and endpoint security. And one of the things that CSOs will tell you is the lack of talent is their biggest challenge. And they're drowning in all these products. And so how should we think about your approach to security and potentially simplifying their lives? >>Yeah. You know, Dave, we talked about this, I think last year, maybe the year before, and what we were trying to do in security was really simplified because the security industry is like 5000 vendors, and it's like, you know, going to a doctor and she tells you to stay healthy. You gotta have 5000 tablets. You just cannot eat that many tablets you take you days, weeks, maybe a month to eat that many tablets. So ah, grand simplification has to happen where that health becomes part of your diet. You eat your proteins and vegetables, you drink your water, do your exercise. And the analogy and security is we cannot deploy dozens of agents and hundreds of alerts and many, many consoles. Uh, infrastructure players like us that have control points. We have 70 million virtual machines. We have 75 million virtual switches. We have, you know, tens of million's off workspace, one of carbon black endpoints that we manage and secure its incumbent enough to take security and making a lot more part of the infrastructure. Reduce the need for dozens and dozens of point tools. And with that comes a grand simplification of both the labor involved in learning all these tools. Andi, eventually also the cost of ownership off those particular tool. So that's one other thing we're seeking to do is increasingly be apart off that education off security professionals were both investing in ah, lot of off, you know, kind of threat protection research on many of our folks you know who are in a threat. Behavioral analytics, you know, kind of thread research. And people have come out of deep hacking experience with the government and others give back to the community and teaching classes. Um, in universities, there are a couple of non profits that are really investing in security, transfer education off CSOs and their teams were contributing to that from the standpoint off the ways in which we can give back both in time talent and also a treasure. So I think is we think about this. You're going to see us making this a long term play. We have a billion dollar security business today. There's not many companies that have, you know, a billion dollar plus of security is probably just two or three, and some of them have hit a wall in terms of their progress sport. We want to be one of the leaders in cybersecurity, and we think we need to do this both in building great product satisfying customers. But then also investing in the learning, the training enable remember, one of the things of B M worlds bright is thes hands on labs and all the training enable that happened at this event. So we will use both our platform. We in world in a variety of about the virtual environments to ensure that we get the best education of security to professional. >>So >>that's gonna be exciting, Because if you look at some of the evaluations of some of the pure plays I mean, you're a cloud security business growing a triple digits and, you know, you see some of these guys with, you know, $30 billion valuations, But I wanted to ask you about the market, E v m. Where used to be so simple Right now, you guys have expanded your tam dramatically. How are you thinking about, you know, the market opportunity? You've got your five franchise platforms. I know you're very disciplined about identifying markets, and then, you know, saying, Okay, now we're gonna go compete. But how do you look at the market and the market data? Give us the update there. >>Yeah, I think. Dave, listen, you know, I like davinci statement. You know, simplicity is the greatest form of sophistication, and I think you've touched on something that which is cos we get bigger. You know, I've had the great privilege of working for two great companies. s a P and B M where the bulk of my last 15 plus years And if something I've learned, you know, it's very easy. Both companies was to throw these TLS three letter acronyms, okay? And I use an acronym and describing the three letter acronyms like er or s ex. I mean, they're all acronyms and a new employee who comes to this company. You know, Carol Property, for example. We just hired her from Google. Is our CMO her first comments like, My goodness, there is a lot of off acronyms here. I've gotta you need a glossary? I had the same reaction when I joined B. M or seven years ago and had the same reaction when I joined the S A. P 15 years ago. Now, of course, two or three years into it, you learn everything and it becomes part of your speed. We have toe constantly. It's like an accordion like you expanded by making it mawr of luminous and deep. But as you do that it gets complex, you then have to simplify it. And that's the job of all of us leaders and I this year, just exemplifying that I don't have it perfect. One of the gifts I do have this communication being able to simplify things. I recorded a five minute video off our five franchise pill. It's just so that the casual person didn't know VM where it could understand on. Then, when I'm on your shore and when on with Jim Cramer and CNBC, I try to simplify, simplify, simplify, simplify because the more you can talk and analogies and pictures, the more the casual user. I mean, of course, and some other audiences. I'm talking to investors. Get it on. Then, Of course, as you go deeper, it should be like progressive layers or feeling of an onion. You can get deeper. It's not like the entire discussion with Sanjay Putin on my team is like, you know, empty suit. It's a superficial discussion. We could go deeper, but you don't have to begin the discussion in the bowels off that, and that's really what we don't do. And then the other part of your question was, how do we think about new markets? You know, we always start with Listen, you sort of core in contact our borough come sort of Jeffrey Moore, Andi in the Jeffrey more context. You think about things that you do really well and then ask yourself outside of that what the Jason sees that are closest to you, that your customers are asking you to advance into on that, either organically to partnerships or through acquisitions. I think John and I talked about in the previous dialogue about the framework of build partner and by, and we always think about it in that order. Where do we advance and any of the moves we've made six years ago, seven years ago and I joined the I felt VM are needed to make a move into mobile to really cement opposition in end user computing. And it took me some time to convince my peers and then the board that we should by Air One, which at that time was the biggest acquisition we've ever done. Okay. Similarly, I'm sure prior to me about Joe Tucci, Pat Nelson. We're thinking about nice here, and I'm moving to networking. Those were too big, inorganic moves. +78 years of Raghu was very involved in that. The decisions we moved to the make the move in the public cloud myself. Rgu pack very involved in the decision. Their toe partner with Amazon, the change and divest be cloud air and then invested in organic effort around what's become the Claudia. That's an organic effort that was an acquisition fast forward to last year. It took me a while to really Are you internally convinced people and then make the move off the second biggest acquisition we made in carbon black and endpoint security cement the security story that we're talking about? Rgu did a similar piece of good work around ad monetization to justify that pivotal needed to come back in. So but you could see all these pieces being adjacent to the core, right? And then you ask yourself, Is that context meaning we could leave it to a partner like you don't see us get into the hardware game we're partnering with. Obviously, the players like Dell and HP, Lenovo and the smart Knick players like Intel in video. In Pensando, you see that as part of the Project Monterey announcement. But the adjacent seas, for example, last year into app modernization up the stack and into security, which I'd say Maura's adjacent horizontal to us. We're now made a lot more logical. And as we then convince ourselves that we could do it, convince our board, make the move, We then have to go and tell our customers. Right? And this entire effort of talking to CSOs What am I doing is doing the same thing that I did to my board last year, simplified to 15 minutes and get thousands of them to understand it. Received feedback, improve it, invest further. And actually, some of the moves were now making this year around our partnership in distributed Workforce Security and Cloud Security and Z scaler. What we're announcing an XDR and Security Analytics. All of the big announcements of security of this conference came from what we heard last year between the last 12 months of my last year. Well, you know, keynote around security, and now, and I predict next year it'll be even further. That's how you advance the puck every year. >>Sanjay, I want to get your thoughts. So now we have a couple minutes left. But we did pull the audience and the community to get some questions for you, since it's virtually wanted to get some representation there. So I got three questions for you. First question, what comes after Cloud and number two is VM Ware security company. And three. What company had you wish you had acquired? >>Oh, my goodness. Okay, the third one eyes gonna be the turkey is one, I think. Listen, because I'm gonna give you my personal opinion, and some of it was probably predates me, so I could probably safely So do that. And maybe put the blame on Joe Tucci or somebody else is no longer here. But let me kind of give you the first two. What comes after cloud? I think clouds gonna be with us for a long time. First off this multi cloud world, you just look at the moment, um, that AWS and azure and the other clouds all have. It's incredible on I think this that multi cloud from phenomenon. But if there's an adapt ation of it, it's gonna be three forms of cloud. People are really only focus today in private public cloud. You have to remember the edge and Telco Cloud and this pendulum off the right balance of workloads between the data center called it a private cloud. The public cloud on one end and the telco edge on the other end. I think we're in a really good position for workloads to really swing between all three of those locations. Three other part that I think comes as a sequel to Cloud is cloud native. All of the capabilities a serverless functions but also containers that you know. Obviously the one could think of that a sister topics to cloud but the entire world of containers. The other seat, uh, then cloud a cloud native will also be topics, but these were all fairly connected. That's how I'd answer the first question. A security company? Absolutely. We you know, we aspire to be one of the leading companies in cyber security. I don't think they will be only one. We have to show this by the wealth on breath of our customers. The revenue momentum we have Gartner ranking us or the analysts ranking us in top rights of magic quadrants being viewed as an innovator simplifying the stack. But listen, we weren't even on the radar. We weren't speaking of the security conferences years ago. Now we are. We have a billion dollar security business, 20,000 plus customers, really strong presences and network endpoint and workload and Cloud Security. The three Coppola's a lot more coming in Security analytics, Cloud Security distributed workforce Security. So we're here to stay. And if anything, BMR persist through this, we're planning for multi your five or 10 year timeframe. And in that course I mean, the competition is smaller. Companies that don't have the breadth and depth of the n words are Andy muscle and are going market. We just have to keep building great products and serving customer on the third man. There's so many. But I mean, I think Listen, when I was looking back, I always wondered this is before I joined so I could say the summit speculatively on. Don't you know, make this This is BMR. Sorry. This is Sanjay one's opinion. Not VM. I gotta make very, very clear. Well, listen, I would have if I was at BMO in 2012 or 2013. I would love to about service now then service. It was a great company. I don't even know maybe the company's talk, but then talk about a very successful company at that time now. Maybe their priorities were different. I wasn't at the company at the time, but I can speculate if that had happened, that would have been an interesting Now I think that was during the time of Paul Maritz here and and so on. So for them, maybe there were other priorities the company need to get done. But at that time, of course, today s so it's not as big of a even slightly bigger market cap than us. So that's not happening. But that's a great example of a good company that I think would have at that time fit very well with VM Ware. And then there's probably we don't look back and regret we move forward. I mean, I think about the acquisitions we have made the big ones. Okay, Nice era air watch pop in black. Pivotal. The big moves we've made in terms of partnership. Amazon. What? We're announcing this This, you know, this week within video and Z scaler. So you never look back and regret. You always look for >>follow up on that To follow up on that from a developer, entrepreneurial or partner Perspective. Can you share where the white spaces for people to innovate around vm Where where where can people partner and play. Whether I'm an entrepreneur in a garage or venture back, funded or say a partner pivoting and or resetting with Govind, where's the white spaces with them? >>I think that, you know, there's gonna be a number off places where the Tan Xue platform develops, as it kind of makes it relevant to developers. I mean, there's, I think the first way we think about this is to make ourselves relevant toe all of that ecosystem around the C I. C. D type apply platform. They're really good partners of ours. They're like, get lab, You know, all of the ways in which open source communities, you know will play alongside that Hash E Corp. Jay frog there number of these companies that are partnering with us and we're excited about all of their relevancy to tend to, and it's our job to go and make that marketplace better and better. You're going to hear more about that coming up from us on. Then there's the set of data companies, you know, con fluent. You know, of course, you've seen a big I p o of a snowflake. All of those data companies, we'll need a very natural synergy. If you think about the old days of middleware, middleware is always sort of separate from the database. I think that's starting to kind of coalesce. And Data and analytics placed on top of the modern day middleware, which is containers I think it's gonna be now does VM or play physically is a data company. We don't know today we're gonna partner very heavily. But picking the right set of partners been fluent is a good example of one on. There's many of the next generation database companies that you're going to see us partner with that will become part of that marketplace influence. And I think, as you see us certainly produce out the VM Ware marketplace for developers. I think this is gonna be a game changing opportunity for us to really take those five million developers and work with the leading companies. You know, I use the example of get Lab is an example get help there. Others that appeal to developers tie them into our developer framework. The one thing you learn about developers, you can't have a mindset. With that, you all come to just us. It's a very mingled village off multiple ecosystems and Venn diagrams that are coalescing. If you try to take over the world, the developer community just basically shuns you. You have to have a very vibrant way in which you are mingling, which is why I described. It's like, Listen, we want our developers to come to our conferences and reinvent and ignite and get the best experience of all those provide tools that coincide with everybody. You have to take a holistic view of this on if you do that over many years, just like the security topic. This is a multi year pursuit for us to be relevant. Developers. We feel good about the future being bright. >>David got five minutes e. >>I thought you were gonna say Zoom, Sanjay, that was That was my wildcard. >>Well, listen, you know, I think it was more recently and very fast catapult Thio success, and I don't know that that's clearly in the complete, you know, sweet spot of the anywhere. I mean, you know, unified collaboration would have probably put us in much more competition with teams and, well, back someone you always have to think about what's in the in the bailiwick of what's closest to us, but zooms a great partner. Uh, I mean, obviously you love to acquire anybody that's hot, but Eric's doing really well. I mean, Erica, I'm sure he had many people try to come to buy him. I'm just so proud of him as a friend of all that he was named to Time magazine Top 100. But what he's done is phenomenon. I think he could build a company that's just his important, his Facebook. So, you know, I encourage him. Don't sell, keep building the company and you'll build a company that's going to be, you know, the enterprise version of Facebook. And I think that's a tremendous opportunity to do this better than anybody else is doing. And you know, I'm as an immigrant. He's, you know, China. Born now American, I'm Indian born, American, assim immigrants. We both have a similar story. I learned a lot from him. I learned a lot from him, from on speed on speed and how to move fast, he tells me he learns a thing to do for me on scale. We teach each other. It's a beautiful friendship. >>We'll make sure you put in a good word for the Kiwi. One more zoom integration >>for a final word or the zoom that is the future Facebook of the enterprise. Whatever, Sanjay, Thank >>you for connecting with us. Virtually. It is a digital foundation. It is an unpredictable world. Um, it's gonna change. It could be software to find the operating models or changing you guys. We're changing how you serve customers with new chief up commercial customer officer you have in place, which is a new hire. Congratulations. And you guys were flexing with the market and you got a tailwind. So congratulations, >>John and Dave. Always a pleasure. We couldn't do this without the partnership. Also with you. Congratulations of Successful Cube. And in its new digital format, Thank you for being with us With VM world here on. Do you know all that you're doing to get the story out? The guests that you have on the show, they look forward, including the nonviable people like, Hey, can I get on the Cuban like, Absolutely. Because they look at your platform is away. I'm telling this story. Thanks for all you're doing. I wish you health and safety. >>I'm gonna bring more community. And Dave is, you know, and Sanjay, and it's easier without the travel. Get more interviews, tell more stories and tell the most important stories. And thank you for telling your story and VM World story here of the emerald 2020. Sanjay Poon in the chief operating officer here on the Cube I'm John for a day Volonte. Thanks for watching Cube Virtual. Thanks for watching.

(upbeat music) >> Instructor: From around the globe. It's theCUBE covering Google Cloud Next OnAir 20. >> Welcome to theCUBE's coverage, virtual coverage of Google Next OnAir. I'm John for host theCUBE, We're here in Palo Alto California, for our remote interviews, part of our quarantine crew, getting all the stories that matter, Google Next OnAir, continuous event through the summer. We're calling it the summer of cloud. We've got two great guests here. Sunil Potti general manager and vice president of cloud security at Google Cloud. and Orion Hindawi co founder and CEO of Tanium. Gentlemen, thank you for coming on today, appreciate it. Great event you guys have on the continue. I'll call it the summer cloud. It's a lot of events that Google's having, So you guys and your team are doing a great job, but there's some hard news. You guys are announcing an expanded partnership together. Sunil tell us what is the news today. >> John, first of all, great to see you again, love being on theCUBE any time, and it's my honor to actually share the stage this time around with Orion and the Tanium team. So essentially what we're announcing today, is the fact that, as most of you know, especially in the new normal with a distributed workforce, and potentially it being the safer normal, down the road it presents, an unprecedented opportunity, I think in our opinion, that we can use this to accelerate potentially safer posture that otherwise would have taken years to build into the enterprise ecosystem that we could now bring forward, in a potentially, you know, in the year 2020 or 2021. So the primary announcement, is based on the fact that, Tanium's, you know, core enterprise offering and Google clouds, chronicle offering are coming together, to build a full stack offering for endpoint detection and response so that customers can have an end to end offering. That's both powerful, and you know, easy to use. All the way from the detection, response, remediation and analytics, all built together into one seamless, easy to consume offering for the global enterprise and being delivered in such a way that it can take into account organizations of thousands of employees or hundreds of thousands of employees. All by the same cloud native solution. >> All right how about why you're excited about this deal. What's different about it. Obviously there's a relationship here, what's so exciting about this story. >> Yeah, I think, you know, Orion to comment as well, but look, I think the key thing that we sort of partnered on initially was a customer driven, you know, technology centric integrations, where, you know, we went deep from a chronical perspective, to ensure native integration, between Tanium products to send signals, out of the box, as well as curated, enhanced, enriched, so that they could be actionable responses taken by Tanium solutions as well on behalf of security analysts, as part of our journey, to kind of reinvent the SOC of the future. Right? And so essentially, it's been a deliberate effort by both teams to not provide incremental integrations, but something that offers a reimagined safety posture, especially that's enhanced, I would say amplified, in a world where pretty much every employee, is essentially a tech director now. But otherwise was not the case, when they were working in a normal enterprise office. >> All right, what's your take on this? I'll say what's different I'll say big news. >> Sure, yeah. I mean, if you look at why we decided that Google would have been the perfect partner for us, we have very large enterprises. We work with about 70 of the fortune 100, the USOD, a lot of these very large environments, and many of them were coming to us and telling us two things. The first one was the amount of data, that they were generating, that they needed to be able to process and analyze and be able to find insight from, was going exponentially up. And the second one was, in the new kind of post COVID world, the amount of work from home risks that they were seeing, and the kind of perfection they needed to achieve, on finding threats quickly and neutralizing them was actually also going up. And so between those two things, we started really looking for a partner, that we could accelerate with, to provide our customers with true world-class data analytics, retention, being able to visualize that data and then being able to act on that data through Tanium. And I think that the partnership that we've struck with Google and the work we've done with them, to make this seamless for our customers, to make it scale really well, even for the largest managed networks, is something we're really proud of. >> What's the history between Chronicle and Tanium. What's the, how far back does it go, and how would you guys categorize this time and point in time in terms of evolution of that partnership? >> So maybe I'll take a stab Sunil, then you can take one as well, you know. We've been working with Chronicle now for over a year. And we've got customers, who kind of pointed us in this direction, which is how we love to start partnerships. We had some customers who had a lot of faith, that Google was going to be able to crack this nut. And honestly many of our customers had been really struggling with this, with their current vendors at the time, for years. And we're really looking for Google, because Google was the company, that they saw as having the most credibility with massive, massive data sets. What we got surprised by actually, was that there were a bunch of different legs of the stool, that we could work with Google on. So not only data retention of Chronicle, but things like zero trust, which I think many people know Google actually invented the concept of. When we start thinking about thin client management. So we actually found that, there's a really expansive partnership here. And what we're doing with Chronicle, I think is the first kind of instantiation of that. But we expect that over the next even years, we've got a lot of room to run with Google, to really secure and help our customers. >> Sunil talk about the wave that you're riding on right now. 'Cause obviously the reality is, I won't use the term new normal, but the new reality is, COVID has forced everyone to look at basically an unexpected disruption that no one saw coming. Yeah, we can prepare for disasters and floods and hurricanes and whatnot, but this is unforeseen everybody working at home. I mean, I can imagine all the VPN vendors, freaking out who even needs a VPN. So, you know, the access methods is everything, it's mobile, home, home is the new office. It's not just, you know, connect to an access point, my son's gaming, my daughter is watching Netflix. I'm trying to do some video conferencing and it's a mix of consumer business all happening. This is a complex environment now. What does this mean? This relation, how does this connect the dots? Can you, can you expand on that. >> Yeah, I mean I think I hinted on this a little bit at the beginning John, is that, we think, you know, this is an, you know, an unprecedented opportunity to help accelerate digital transformation, that otherwise would have taken a few years for many enterprises to get to. That can now be done potentially in months and for some customers maybe even in weeks. And some examples of that, that we've seen are that, look, if you just took, if you just take Google as an company, to Orion's point, look, we invested many years worth of technology and IP that now we're slowly bringing out in the form of BeyondCorp product sets. But essentially of the fact that look, we should treat every employee as if they were a remote worker. We don't trust the network, we basically break transitive properties, which was one of the foundational issues with security in the enterprise, where I trust a network and the network is trusted by a desktop. And then if you penetrate one, you can penetrate everything else in the chain. And so when COVID hit, we went from essentially pretty much, a hundred thousand plus employees, working in distributed headquarters, but within the Google environment, to working from home within a week later, but retained the same sort of like, not productive the levels just, but actually the same safety levels that were much stronger. And so in many cases, what we are announcing, is that even though enterprises have come forward and said, look, yeah, we have some PaaS work solutions, just because this is a major change for us. Now that we are in it, for not just three months or six months, but potentially a longer period of time. Why not take the opportunity to replatform our security environments, so that we can actually be in a better state, when we actually exit out of this. We might actually never go back full time, but it can actually be a hybrid environment. So that's part of the reason, why I think we are so jazzed about the partnership, is that these are two examples, of products coming together to help replatform, at least one sets of, you know, traditional, if I can call it weaklings in the security ecosystem, that can now be sort of like replatformed. >> I was doing an interview actually last week, and I was kind of riffing on this idea. This is one big IoT experiment. I mean, people are devices here and everyone's connected, but it's all remote. It's changed the patterns of work and traffic and all kinds of paradigms. But this brings up the issue of the customer challenge. Everyone's going to look up their environment saying, look at, we now know the benefit of cloud it's clear. But I got to rethink the projects that are on the table, and get rid of the ones, that aren't going to be relevant, to where the world has shifted. It's not even a question of digital transfer. It's like, okay, what am I doubling down on. And what am I going to eliminate from the picture. So I've got to ask you guys, if you guys can comment, if I'm a customer that's what's going through my head, I got to survive, reinvent the foundation, and come out with a growth strategy, with a workforce, workplace, workloads, and workflows that are completely different. What's in it for me. What does this mean to me. This partnership, so how do you help me. What's in it for me. >> So I might take a stab at that, you know, I think that a lot of our customers, if we look at where they were at the beginning of the year, they'd been building on a pretty creaky foundation and just adding more and more layers to it. So, you know, in the security side, many of our customers have 20 or 30 or 50 different tools. And many of them are there, because they were there yesterday. They're not actually, if you were going to zero base budget, the way you were going to do security, they wouldn't be the tools you'd choose. And the interesting thing about this whole work from home transition, it is effectively a zero based budget for security, because a lot of the tools just basically don't work. So you think about a lot of the network tools, and when everybody's working from home, you don't own the network. You think about a lot of even the endpoint tools, that assumed that devices would be behind that network perimeter, and now just don't work over the internet. And so when we look at our customers, they're realizing they have to replatform, their security model, anyway. And what they're doing is they're now picking again. And what they get to do is they get to pick the platforms that they now trust in 2020, with the work from home environment as it is. And I think what it gives you as a customer, is a huge simplification of your environment. I mean, we talk to people every day, who were used to operating those 20 or 30, 50 tools, and they were spending 90% of their energy just operating those tools, not actually improving security and they were falling behind. If you look at what they're able to do now, they actually can go back to a starting point, where they think about what is the real threat I'm facing. What are the real platforms, I should be choosing today. And we're actually seeing huge increases, in our customer kind of adoption of our platform because that resistance to change, has been removed. People can't resist change anymore, change has come, and as a result of that, they get to choose what they would like now. >> That's a huge point, I want to just double down on that and redirect, and then we'll go to Sunil and his commentary, but I think you just hit the nail on the head. We're seeing the same kind of commentary. You said it really eloquently, but the thing is that, okay, let's just, if you believe what you just said, which I do going into zero base budgeting decisions, fresh look and everything. The problem is people are looking at the decisions and comparing what the bells and whistles were from the tools. So how do you advise customers to rethink like, okay, if it's a fresh look, it's a fresh look. It's not like, okay, the way we did it before, so a lot of times when you were evaluating products, a group gets to say, it doesn't have this bell or this whistle, 'cause that's the way we did it before. So you got to kind of separate out, this idea of you're got to go that direction. It's a full, fresh look. So how are customers doing that, 'cause that's really difficult. >> It's a super relevant question for today's world, because I think you're absolutely right. If you talk to the person who operated the compliance tool in a big bank, and you ask them, what do you need from that tool? They very quickly get the things, that if you just take the question, which is, I need to do compliance for the bank, what do I need to do compliance effectively? And you look at the answer that they give you, which is I need this check box here. I need this button here. I need this kind of minutiae that I'm used to, to be consistent with what I've been used to, for the last 10 years. Those two things are not the same. And what we've really been encouraging our customers to do is take a look back at your requirements. So you are processing credit cards, you need to be PCI regulated. You need to be able to answer to your vendors, how many copies of their software you're using. You need to be able to find an attacker, who's moving around your environment, and do that as quickly as possible. And then let's build from there what capabilities you need. And let's forget about whether the color scheme, of the logo at the top of the report is the same. Let's talk about the core capabilities. And it's a very freeing conversation actually, because what a lot of people start realizing, is they've been maintaining the status quo, for reasons that actually have nothing to do with efficacy, they have to do with comfort. And the curse and the beauty of the last six months, is no one's comfortable. So I don't care how comfortable you are with your tools. No one I know is comfortable today. And what it's giving us, is an opportunity to look past the old school comfort and think about how do we transition to the future. And I think it's actually going to galvanize a lot of positive change. You know, I was saying this before we went on air, but I don't think anybody wished, that COVID was the way, that we would end up in a position, where people have the appetite for change. But if there's a silver lining in the situation, that's it. And I really think that the CIOs and CEOs and CFOs and CSOs, really across the board, need to take advantage of the fact, that there's a discontinuity here, that allows us to throw out the old, and bring in things that are much more effective. >> Sunil that's some great tea up for you, because what he's saying basically saying is if you don't focus on the check boxes, because it was reasons why, and they'll give you, there's a long list, probably RFPs are the same way, we check in the boxes, okay, throw that out. And then you can, by the way, you can innovate on those check boxes differently, but still achieve the same outcome. I get that. But for Google Cloud, you guys have a great network. It's well known in the industry. Google's got a phenomenal network, hence powering Android and all the servers. We know that, with a cloud player, this is a great opportunity for you guys to be a fresh candidate for this kind of change. How are you guys talking about this internally? Because this really is, the goalposts have been moved and in favor of who can deliver. >> I think as both of you have been talking about, I think, look, I think the way I will, you know, maybe color this is, you know, when consumers got to a safer posture with the advent of iPhone, right? Even though it was much more productive, delightful, and there's a bunch of other things, ultimately though, if anything, things became safer, when you actually did computing on a phone. Just because it was an opinionated stack. Ultimately we believe, whether you come to cloud completely or you consume some stacks, the more opinionated they are, that's ultimately the only way, to reduce these moving parts that expose us to security issues. And that principle applied by the way in reliability too, right? I mean, you have to simplify stuff for things to actually work at six nines and so forth. So same things, apply in security. So imagine a world, where every employee now is sitting at home, maybe two years from now, they come back, they work in the Starbucks, but we had a virtual Chromebook experience, because a physical Chromebook of course, it's a goal to kind of get that out there, because on one hand we have the cloud, which is a full stack opinionated offering, but there's various elements of computing, still dispersed in the environment. And you were talking about IoT. Eventually we will get there, but just look at the employee's laptop, but productivity station and imagine the construct of a virtual Chromebook off, and that's an opinionated stack. And that's essentially a variant of what the joint offering between the two companies is essentially, you know, sort of aspiring to, is to provide that level of, you know, clarity and opinionation, that actually genuinely solves for some foundational security issues. And in doing so, you now have, an opinionated stack close to the user, the enterprise user is an opinion stack via mobile phones, close to the consumer user. And for all enterprises from a computing side, there's an opinion stack, whether it be Google or some of the other public clouds, right? And ultimately I think the world will move, into these few sets of these opinionated stacks at various points of control. And at least this particular partnership, is around making the first step towards, potentially one of those opinionated stacks, virtual Chromebook like experience, for the enterprise use. >> And I think this is the beginning, of the wave of the reality, that the edge of the network, whatever you want to call it. And you see this with end point detection, right I mean, everything's an endpoint now. I mean, I still think every, this is one big IoT device, and everything is just moving around. So zero trust is a big part of it, Google cloud, and this relationship kind of brings that to the next level. How does zero trust, attaining a mission intersect here. Because I mean, I see some obvious ones, we just talked about it, but what's the connection. >> Yeah, I think we'll hopefully, you know, talk more about it later in the year, as well as we can to come out with more integrations. But at the high level, I think the way to think about this would be, imagine that device as you were talking about, having an ability to actually send a strong set of signals, not just for detection and response, but for actually enforcing, you know, authentication and authorization as well, because ultimately identity needs to intersect, with the current stack, that we currently have between the two companies. And so when identity of the user, identity of the device, identity of you know, the context in which, you know, someone actually allows a user to access an application, these are all net new things, that need to be brought into the solution. We cannot then provide both the, you know, not just a safe way to kind of provide an, you know, an endpoint detection and response kind of opinion stack, but also essentially meet that part of an uber zero trust offering, that a customer can consume to ensure that look, you know, ultimately look, it doesn't really matter whether the employees at home they're using their own laptop. They're at Starbucks. They can come back to work, but ultimately they have this virtualized, sort of security ring, that protects and always constantly authorizes authenticates and provides a bunch of this security operations capabilities. So anyway, the simple answer is, you know, once we intersect identity, and a slew of BeyondCorp capabilities, into the current offering, that's how the next step towards, a more formidable zero trust offering force. >> Okay, Orion I'd love to get your thoughts, but if you both can answer question, that'd be great. I'd love to get your thoughts, a little gamification here. If you had to put the headline out on this news. Not the one on the press release, that's like perfectly written, like, I mean, bumper sticker. what is the real meaning, of this relationship in this news? If you had to put a headline out there, I think Washington, think New York post style maybe, or you know, something that can describe the news. >> I mean, I will admit, I am not known for being good at soundbites, so, I'll give you the one sentence, and you can help me pare it down. But I mean, really what it is, is I think Tanium got, the highest fidelity and point visibility and control out there. And I think Google's got the best data storage analytics retention cross-referencing we've ever seen. And when you combine those two things, it's incredibly powerful, for our enterprise users, and we've already seen customers, where it's been transformative. >> So you need a headline, that's good though , that's fine. You know, point projection solid. >> I think it's a much more descriptive nature, frankly, but I think my logical tagline, that I just keep, you know, sort of like the sound, but soundbite that I keep referring to is. Looking out the world needs a virtual Chromebook, to really feel safe at an end point level. And this is sort of like the first instantiation, of that core stack, that can at least get enterprise to start on that journey. >> You know, I think you guys run something really big here. And one of my personal observations, is one is the complexity of the telemetry coming, and I can see how you would go in there and connecting the dots between Google's backend, and your stuff coming together. You need to have that high powered energy, from the resource, but also there's a human element. People are working at home, whether you're a teacher, you're getting fished their spear fish, to targeted social engineering. So as people come home, and there's now multiple access points, there's more surface area. So every single endpoint needs to be protected. And I think people are kind of in the normal world, or outside of the tech industry saying, Oh, I get it now. We're not really protected. And this is not just sensor networks, or, you know, OT technology, you know, OT, it's really humans. And this is really where it's going. Isn't it guys? >> Okay. >> You should take it there, look, I think we do have a foundational principle here, which says, look as demonstrated in a postcode world, but your point John, or whether it be IoT, just distributed computing in general continues to expand. We should just assume, that the surface area for security issues only expense, right? And rather than trying to kind, of do a vacuum all of the surface area, what if you could take a foundational approach, that actually breaks the relationship, between expanded surface area means expanded exposure to PaaS. And so essentially the same approach that we took, with zero trust, which is, look, we just know we're going to get broken into. So just don't assume that your network is not safe, but still have a secure posture. Right? How did that come to be? I think if we can just apply that, more generally into this construct of a distributed enterprise, which says, look, the surface area is going to keep going, but let's break that correlation between surface area. Let's buy a more foundational construct, that says, look, it doesn't matter, if today, as you said this your device, tomorrow, it could be, you know, your son's laptop, that you use to actually log into your network and so forth. But ultimately though, it doesn't matter who you are, where you're accessing it from, what device you're using, or what network you're using, or which location, the safety posture is still very strong. >> That's awesome. >> Yeah. I will just add you're absolutely right. I mean, if you look at a customer, I'm thinking about today and I just heard this from their CIO, a couple of days ago, but they have one and a half million things, they're protecting today. They expect to have over 150 million in five years. And so you look at containerization, cloud mobility, all the work from home stuff. It's just going to make this a more and more complex, highly variant problem. We need to expect that. And I think a lot of people are very frustrated, that at the time, that expansion is happening, the network essentially did become a control point. You couldn't trust anymore. So the thesis that Google had around zero trust, actually became our entire world for most enterprises. When you look at that, we do owe our customers quantum jumps in capability, or they're just not going to catch up. And I think that the theoretical approach that we're taking here between Google and Tanium, lets our customers take one of those quantum jumps, where they're going to be seeing a lot more, they're going to be able to trust it a lot more. They're going to be able to allow devices, to have access to things, based on their current state and based on believing that we can extrapolate, whether their security on that device accurately. And that's something that I think a lot of customers have just never been able to do before. And frankly, I think it takes companies like this, to pair up and really invest in joining their technologies to be able to get that fabric that will get our customers materially forward. And you know, I'll just say one other thing, many of our customers have to literally like, you know, three or four months ago, we're in a position, where they were spending 60 or 70% of their security budgets on network. There's nowhere to spend that money today. That's actually productive. It gives them the ability to refactor what they're doing and the obligation to do it, because if they don't do it, I think is, you know, I was describing with the amount of increased assets, the amount of complexity, the lack of network control. If they don't do it, looking at the amount, of threat our customers are facing today, they're going to be under water really quickly. And so, you know, I'm proud that we get to get together here and give them a big step forward. And you know, I think there's an obligation on our industry, not to try and rewarm the same stuff, we've been doing for the last 20 years, and try and serve it to our customers again, but to really rethink the approach because it is a different world. >> Sunil you've been involved in a very, a lot of entrepreneurial ventures. You've been on these waves, that were misunderstood and then became understood. This is what we're getting at here. And what he's saying, essentially new expectations. We're going to drive that experience and then ultimately drive the demand, and people will either be out of business or in business. If you're a supplier, I'll give you the final word, you guys are in good positions. >> Especially in security John, more so than maybe any other infrastructure space, that I've been involved in. Most products have been built to solve problems with other products. And Orion just pointed out, I think this opportunity gives enterprises, clarity and vendors, clarity that look, you really have to take, you know, foundationally original approach, to solve problems, that can get customers to, if I can call it a function change, in their current safety posture. Right? And so that's really the core essence of the partnership is to sort of, rather than worrying about solving problems, with other products and so forth, is to use this opportunity, like I said, you have an opinionated view, to fundamentally change, the security posture of the endpoint once and for all. >> Well gentlemen, congratulations, on a great partnership, expanded partnership. Again, the world has changed. I love this fresh look. I think that's totally right on the money. New reality we're here. Thanks for you taking the time, to remote in from Seattle and the Bay area. Great to see you again at Google cloud. Thanks for coming in or a nice to meet you, and good luck with everything. >> Thank you. >> Thank you. >> Okay, this is theCUBE coverage, CUBE virtual coverage of Google OnAir next 2020. It's all virtual, virtualization has come in, and don't trust the network. You know, you got to watch those end points. Here with Google and Tanium great partnership news. I'm John for your host of theCUBE. Thanks for watching. (upbeat music)

from the cube studios in palo alto in boston bringing you data driven insights from the cube and etr this is breaking analysis with dave vellante over the past 150 days virtually everybody that i know in the technology industry has become an expert on covid in some way shape or form we've all lived the reality that covet 19 has accelerated by at least two years many trends that were in motion well before the virus hit the cyber security sector is no exception and one of the best examples where we have witnessed the accelerated change hello everyone and welcome to this week's episode of wikibon cube insights powered by etr in this breaking analysis we'll update you on the all-important security sector which remains one of the top spending priorities for organizations and i want to give you a shout out to my colleague eric bradley from etr who gave me some really good data and some macro insights as well as some anecdotal data from csos for this episode let's take a look at the big picture first now for many years we've talked about the shifting patterns in networking moving from what's often referred to as a north-south architecture meaning a hierarchical network that supports you know age-old organizational structures well today the network is flattening into what they often refer to as an east-west model and the moat or perimeter it's been vaporized the perimeter is now wherever the user is and users are at home or they're at their beach houses thanks to kovid now this is a bad actor's dream as the threat surfaced has expanded by orders of magnitude and as we've said in the past the adversary is well funded extremely capable and highly motivated because the roi of infiltration and exfiltration is outstanding the cso's job quite simply stated is to lower that return on investment now the other big trend that we see is that the cloud and sas are reducing reliance on hardware-based solutions like traditional firewalls because so many workers are now at home they're in their accessing sensitive data identity and endpoint security are exploding xdr or extended detection and response and zero trust networks are on the rise organizations are increasingly relying on analytics and automation to detect and remediate threats you know alerts just don't cut it anymore i need action and so to do so they're turning to a number of best of breed point products that have the potential to become the next great security platforms and this is setting up an epic battle between hot startups that are growing very very quickly and entrenched incumbents that really aren't going to go down without a fight finally while security is clearly a top spending priority customers and their cfos continue to be somewhat circumspect with respect to how much they allocate toward security budgets especially in the context of a shrinking i.t spending climate that we have said is dropping between five and eight percent in 2020. now security is critical but even in these times spending is governed by these tight budgets well cyber remains a top category in the etr taxonomy in terms of its presence in the data set what this chart tells us is that cios and i.t buyers have other priorities that they have to fund this data shows a comparison of net scores over three survey dates october of last year april and july net score remember is an indicator of momentum which is calculated by subtracting the percent of customers spending less on the technology from those spending more it's more complicated than that but that's that's the basics and you can see that at a 29 net score the security sector is just one of many priorities that i.t buyers face now remember this is the july survey and it's asking customers are you planning to spend more or less in the second half of 2020 relative to the first half and it's a forward-looking metric so what may be happening here is that the height of the lockdown and in the u.s anyway and the pivot to work from home organizations were spending heavily and are now fine-tuning those investments and maybe addressing other digital priorities let's look back and do some pre and post-covet assessments of various players within the etr data set i'm gonna go fairly quickly through these next slides but i want to give you a perspective as to how the security landscape and the vendor momentum has changed in the past eight months first i'm going to take you back to the january data set we actually originally did this exercise last year and then we updated it right at the beginning of 2020. the chart shows the top-ranked cyber security companies based on two metrics the left-hand side sorts the data and ranks companies based on net score or spending momentum and the right-hand side shows the ranking by shared n which is a measure of the pervasiveness of a company in the data set i.e the number of mentions that they get in the sector and what we did is we gave four stars to those companies that showed up in the top of both of those rankings and two stars to those that were close so you can see that microsoft splunk palo alto and proofpoint as well as octa and crowdstrike and then we added z scalar in january as new and then cyber arc software all got four stars then we gave cisco and fortinet two stars now this next chart shows the same thing at the height of the u.s lockdown now you may say okay what's the difference there's still microsoft palo alto proof point octa cyber arc z scaler and crowdstrike at four stars with cisco and fortnite having two star stars splunk fell off but that's it well what's different is instead of making the cut the top 22 which we did last time we narrowed it down to the top ten in order for a company to make that grade so if we had done that in january octa crowdstrike zscaler and cyberark they wouldn't have made the cut but in april they did as their presence in the dataset grew and we strongly believe this is a direct result of the work from home pivot crowdstrike endpoint octa identity access management z-scaler cloud security and they're disrupting traditional appliance-based firewalls now just to note we placed dell emc which was rsa and ibm in the list just for context now let's take a look at the most recent july survey now a lot of i'm out on a limb a little bit here because many of these companies they haven't reported yet so we don't have full visibility on their business outlook but we show the same data for the most recent survey the red line that you see there is the top 10 cutoff point and you can see splunk which didn't make the cut in april is back on the four-star list it's very possible buyers took a pause last quarter and focused attention on work from home but splunk continues to impress as it shifts toward the subscription model that we've talked about in the past splunk has a very strong hold on the sim space but everyone wants a piece of splunk especially some of the traditional firewall companies who they're seeing their hardware business dying so we're watching the competition from these players but also some other players like tennable now proof point fell off the four-star list because its net score didn't make the top ten crowdstrike cyber arc and zscaler also fell back because they dropped below the top 10 in shared in but we still really like these companies and expect them to continue to do well you know it could be some anomalies in the survey but we're trying to be as transparent as possible with you share the data listen to it interpret it and really adjust our models accordingly each quarter now let me make a few points and try to interpret what might be happening here first i want to point out octa pops to the top of the net score ranking overtaking crowdstrike's momentum from the last survey now one customer in the financial services sector told eric bradley on a recent then we're seeing amazing things from octa but the traditional firewall companies are stepping into identity they may not be best of breed but they have a level of integration and that's appealing to this individual this person also specifically called out palo alto and fortinet is trying to encroach on that space so keep your eyes on that now crowdstrike has declined noticeably which surprised us z z scalar is actually showing more momentum relative to the last survey so that's a positive palo alto and microsoft are consistently holding serve and continue to be leaders proof point and cyber arc are showing a bit of a velocity drop and sales point and tenable are also catching our attention in this survey and of course sales sale point which is identity management had a great quarter and reinstituted its guidance giving us the benefit of hindsight on its performance so it was actually pretty easy to give them two stars now just a side note by the way we've cut the data here with those companies that have more than 50 mentions in the sector we didn't do that the first time we did this we allowed companies with less than 50. so we're trying to tighten that up a bit so we still maintain strongly that you're seeing cloud endpoint and identity as the big security themes here csos need tools to be responsive they don't want to just get an alert secops pros would rather immediately shut off access and risk pissing off a user than getting hacked and companies are increasingly turning to ai to detect and they're relying on automation to remediate or protect and fence off critical resources let's now look at the two players or players in our two-dimensional view followers of this program know that we like to plot vendors within a sector across two of our favorite metrics net score or spending momentum which is a simple metric that tracks those spending more versus less on the technology and market share which measu measures a vendor's pervasiveness in the data set and it's calculated by taking the number of mentions a vendor gets within a sector divided by the total responses what we show here are the key security players that we've highlighted over the last several quarters let me start with microsoft microsoft has consistently performed well in the security sector as well as other parts of the etr taxonomy as you know they have a huge presence in the survey which is indicated on the horizontal axis and you can see they have a very solid net score which is shown on the y-axis impressive for a company their size now one interesting thing is you don't see aws in this chart and it's because aws and microsoft at least so far have somewhat different strategies with respect to security microsoft with its long application software history and sas presence across office 365 and sharepoint etc with active directory has been really focused on selling security solutions to directly protect its apps they have offerings like defender atp which is advanced threat protection sentinel which is microsoft sim cloud offering azure identity access management and the company's really going hard after this space now aws of course prioritizes security but they don't show an etr data set the same way microsoft does it's almost like aws is hiding in plain sight look aws has always put a great deal of emphasis on security and securing its infrastructure like the s3 buckets and it's you know it announced iam for ec2 way back in 2012. and last year at its reinforced conference you saw an impressive focus on security in a burgeoning security ecosystem in fact when you think of getting started in aws you really think about three things ec2 s3 and iam so i'd expect to see aws really become more prominent over time in the data set now i'll spend a minute talking about octa for the first time since we've been analyzing the security space with etr data octa has the highest net score at 58 percent it had consistently been crowdstrike with this moniker and the momentum lead the company though is dropped in this quarter survey and that's something that we're watching and by the way we're not implying that octa and crowdstrike are direct competitors they're not now as you can see nonetheless that crowdstrike z scalar and sales point sale sale point show very elevated net scores and we've plotted tenable here which is also showing some strength so you can see the respective positions of proof point and fortinet these are more mature companies they were founded in the early part of the century so you'd expect them to have somewhat lower net scores given their history and maturity and then there's cisco they've got a huge presence in the data and big in security cisco's doing really well in that space it consistently grows its security business in the double digits each quarter and it's a real feather in the cisco portfolio cap this is important because cisco's traditional hardware business continues to come under pressure splunk we talked about a lot and it's no surprise at their leadership position but i want to talk a little bit more about palo alto networks here's a company that we've talked about quite a bit in the past they are a tier one player in security they got great service csos want to work with them because they are thought leaders they're like a gold standard and have an impressive portfolio of great solutions but their traditional firewall business is coming under pressure for the reasons that we discussed earlier now palo alto has expanded its portfolio into the cloud and with prisma the company's suite of security services it will maintain a leadership position in our view but palo alto networks as we've discussed had some missteps with its product transition its sales execution and some of some challenges with its pricing models and it hurt their stock price but we've always said that they would work through these issues and that that was a buying opportunity the other thing about palo alto is you know they're considered the expensive choice you got to pay for that gold standard but that's what customers you know will tell us and so you're paying up for those top tier offerings but that's a sort of two-edged sword for palo alto here's an example why people often compare fortinet to palo alto and as we've shared in previous segments the valuation divergence between palo alto and fortinet where the the latter was making a smoother transition to its future and people often tell us that fortinet well you know maybe it's considered not as elite as palo alto they are a value choice their stuff just works and fortinet is a great alternative to palo alto and that has served them very well now let's take a closer look at the valuations of some of these companies we started off this segment by saying that the pandemic has affected every sector and especially cyber security so the next chart that we're showing here is the progression of key valuation metrics since earlier this year what we show are the valuations of nine of the companies in the sector since mid-february the data tracks their respective valuations their revenue multiples their growth rates in both value and revenue revenue growth is shown in the last column for the most recent quarterly report now the companies in red have yet to report the report any day now so he said i'm flying a little bit blind here and we'll have to take a look after the earnings to see how the survey data aligns with the actual results but let me make a few points here first here's the s p in nasdaq performance you see it in february in june and august pandemic recession what are you talking about you'd never know it looking at this data the nasdaq especially is up 14 said since mid february which is quite astounding next i want to come back to the discussion about palo alto and fortinet fortinet already has reported this quarter and palo alto has not but you can see based on the revenue multiples highlighted in red that the valuation divergence is starting to shrink a little bit and we'll see if that holds up after palo alto reports now the big eye popper in this chart is the valuation increases from february to august for octa crowdstrike and z scalar 52 67 and 104 percent increase respectively now you can't say we didn't warn you that these companies were all well positioned when we reported last year and in our january episode but i did say actually to be honest in the last episode that these three i thought were getting a little expensive that was a couple months ago and since then they've continued to run up so if you've been waiting for an entry point based on my advice well i'm sorry for that but look at the revenue multiples look at the expansion in the orange octa goes from 34x to 52x crowdstrike from 39x to 66x z scalar 25x to 43x i mean wow let's see what happens after these three report by this time i would have hoped that they'd taken a little breather maybe over the summer and you could have jumped in to these stocks but they just keep going up and despite the decline in net score for crowdstrike i still really like all three of these companies and feel that they're very well positioned from a product standpoint and customer feedback perspective and finally i want to mention sale point which we said last time was one to watch sale point crushed its quarter bringing in some large deals and providing forward guidance nearly a 50 percent valuation increase since february in a revenue multiple expansion from last quarter where the street last quarter wasn't really thrilled with their numbers but identity management is hot and so now is sales point from the streets perspective the last thing i'll say here is watch the growth rates expectations are very high for some of these companies and the street will cream any of them that misses now that may be your opportunity to jump in because i like these companies i think they're disruptors but as always do your research and watch out for the big whales trying to freeze the markets on these guys all right let's wrap up we've covered a lot of ground today and surf the landscape a little bit so look the trend is plain as day the move to sas is entrenched and by the way this isn't necessarily all good news for buyers cios and cfos tell me that the dark side of capex to opex is unpredictable bills but the flexibility and business value gained is outweighing the downside and every vendor in this space is transitioning into a sas and annual recurring revenue model we believe the remote work trend is here to stay organizations are re-architecting their business around work from home and we think that they're seeing some real benefits they've made investments and it's driving new modes of work and productivity they're not just going to throw away those investments why should they what just to go back to the old way it's not going to happen and if we as we've said previously look the internet it's like the new private network so you've got a question vpns and sd-wan they start to look like stop gaps and of course you know the cloud endpoint security cloud-based iam they are clearly winning in the marketplace you know we're also seeing new security regimes emerge where the cso and the secops team are not this island we we've seen even some csos falling back under the cio which used to be taboo he used to be thought of that's like the fox guarding the hen house but this idea of shared responsibility is not just between the cloud providers and the secops teams because security is a board level priority everyone in the business is becoming more aware more attuned and despite the millennials fascination with and undotted courage when it comes to tick tock i digress now the last two points are interesting i remember reading a post by john oltzek who was an esg security analyst and he predicted last year that integrated suites would win out over the buffet of point products on the market and you know generally i i agreed with that assessment but look at least in the near term and probably mid-term that doesn't seem to be happening as we we've seen these hot companies really take off the ones that we've highlighted now these companies have ambitions beyond selling products and they would bristle at me lumping them into point products their boards are going after platform plays so they're on a collision course with each other and the big guys this should be fun to watch because the big integrated companies are well funded they got great cash flow they got large customer bases and and i've said they're not going down without a fight so i would expect eventually there's going to be more of an equilibrium to what seems to be right now a bifurcated and unbalanced market today so you're going to see more m a activity expect that however at these valuations some of these companies that we've highlighted they're becoming acquisition proof as such they'd better keep innovating or they're going to be in big trouble all right that's it for today remember these episodes are all available as podcasts wherever you listen so please subscribe i publish weekly on wikibon.com we've added in the wikibon menu bar a breaking analysis link that has all the episodes in there i also publish on siliconangle.com so check that out and please do comment on my linkedin posts don't forget to check out etr.plus for all the survey action get in touch on twitter i'm at d vellante or email me at david.vellante at siliconangle.com this is dave vellante for the cube insights powered by etr thanks for watching everybody be well and we'll see you next time [Music] you

>> Narrator: From theCUBE Studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is theCUBE conversation. >> Over welcome to theCUBE's virtual coverage of Google Next on air. I'm John Furrier host of theCUBE. We're here in Palo Alto, California for our remote interviews, part of our quarantine crew, getting all the stories that matter, Google Next OnAir, continues event through the summer. We're calling it the summer of Cloud. We got two great guests here, Sunil Potti, General Manager and Vice President of Cloud security at Google Cloud. And Orion Hindawi, Co founder and CEO of Tanium. Gentlemen, thank you for coming on today. Appreciate it. Great event you guys have on the container. I call the summer of Cloud. It's a lot of events that Google's having. So you guys and your team are doing a great job. But there's some hard news, you guys are announcing an expanded partnership together. Sunil, tell us what is the news today? >> Hey, John, first of all, great to see you again. Love being on theCUBE anytime and it's my honor to actually share the state system around with Orion and the Tatium team. So essentially, what we are announcing today is the fact that, as most of you know, especially in the new normal, with a distributed workforce, and potentially it being the safer normal down the road, it presents an unprecedented opportunity. I think, in our opinion that we can use this to accelerate potentially safer posture that otherwise would have taken years to build into the enterprise ecosystem that we could now bring forward in a potentially in the year 2020 or 2021. So the primary announcement is based on the fact that Tanium's core enterprise offering and Google Clouds conical offering are coming together to build a full stack offering for endpoint detection and response so that customers can have an end to end offering that's both powerful, and easy to use. All the way from the detection, response, remediation, and analytics all built together into one seamless, easy to consume offering for the global enterprise. And being delivered in such a way that it can take into account organizations of thousands of employees or hundreds of thousands of employees, all by the same Cloud native solution. >> All right, how about why you're excited about this deal? What's different about it? Obviously, there's a relationship here. What's so exciting about this story? >> Yeah, I think, Orion should comment as well. But look, I think the key thing that we partnered on initially was a customer driven technology centric integrations, where we went deep from a chronical perspective to ensure native integration between any MS products to send signals out of the box, as well as curated, enhanced, enriched so that they could be actionable responses taken by Tanium's solutions as well on behalf of security analysts, as part of our journey to reinvent soccer the future, right. And so essentially, it's been a deliberate effort by both teams to not provide incremental integrations, but something that offers a re-imagined safety posture, especially that's enhanced, I would say or amplified in a world where pretty much every employee is essentially a threat vector now, but otherwise was not the case when they were working in a normal enterprise off. >> All right, what's your take on this? I see what's different. I see new big news. >> Sure, yeah. I mean, if you look at why we decided that Google would have been the perfect partner for us. We have very large enterprises. We work with about 70 of the Fortune 100, the US DOD, a lot of these very large environments, and many of them were coming to us and telling us two things. The first one was the amount of data that they were generating that they needed to be able to process and analyze and be able to find insight from was growing exponentially. And the second one was in the new kind of post COVID world, the amount of work from home risk that they were seeing and the perfection they needed to achieve on finding threats quickly and neutralizing them was actually also going up. And so between those two things, we started really looking for a partner that we could accelerate with to provide our customers with true world class, data analytics, retention, being able to visualize that data and then being able to act on that data through Tanium. And I think that the partnership that we've struck with Google and the work we've done with them to make this seamless for our customers, to make it scale really well, even for the largest managed networks, is something we're really proud of. >> What's the history between Chronicle and Tanium? How far back does it go? And how would you guys categorize this time and point in time in terms of evolution of that partnership? >> So maybe I'll take a stab Sunil. And then you can take one as well. We've been working with Chronicle now for over a year. And we've got customers who pointed us in this direction, which is how we love to start partnerships. We had some customers who had a lot of faith that Google was going to be able to crack this nut. And honestly, many of our customers had been really struggling with this with their current vendors at the time for years. And we're really looking for Google, because Google was the company that they saw as having the most credibility with massive, massive datasets. What we got surprised by actually was that there were a bunch of different legs of the stool that we could work with Google on. So not only data retention of Chronicle, but things like zero trust, which I think many people know Google actually invented the concept of. When we start thinking about Thin Client Management. So we actually found that there's a really expensive partnership here. And what we're doing with Chronicle, I think, is the first instantiation of that. But we expect that over the next even years, we've got a lot of room to run with Google to really secure and help our customers. >> Sunil talk about the way that you're riding on right now because obviously, the reality is and I won't use the term new normal, but the new reality is COVID has forced everyone to look at basically an unexpected disruption that no one saw coming. Yeah, we could we can prepare for disasters and floods and hurricanes and whatnot. But this is unforeseen. Everybody working at home. I mean, I can imagine all the VPN vendors freaking out who even needs a VPN? So the access methods is everything. It's mobile, home, home is new office. It's not just connect to an access point. My son's gaming, my daughter's watching Netflix, I'm trying to do some video conferencing. It's a mix of consumer business all happening. This is a complex environment now. What does this mean, this relation? How does this connect the dots? Can you expand on that? >> Yeah, I mean, I think I hinted on this a little bit at the beginning, is that we think this is an unprecedented opportunity to help accelerate digital transformation that otherwise would have taken a few years for many enterprises to get to, that can now be done, potentially, in months. And for some customers, maybe even in weeks. And some examples of that, that we've seen are that look, if you just take Google as a company, to Orion's point, look we invested many years worth of technology and IP that now we're slowly bringing out in the form of beyond Corp, product sets, but essentially of the fact that look, we should treat every employee as if they were a remote worker. We don't trust the network, we basically break transitive properties, which was one of the foundational issues with security in the enterprise, where I trust network and the network is trusted by a desktop. And then if you penetrate one, you can penetrate everything else in the chain. And so when COVID hit, we went from, essentially pretty much 100,000 plus employees working in distributor headquarters, but within the Google environment to working from home within a week later, but retained the same sort of, not productivity levels just, but actually the same safety levels that were much stronger. And so in many cases, what we are now seeing is that even though enterprises have come forward and said, "Look, yeah, we have some patchwork solutions "just because this is a major change for us. "Now that we are in it "for not just three months or six months, "but potentially a longer period of time, "why not take the opportunity "to replatform our security environments "so that we can actually be in a better state, "when we actually exit out of this environment. "Where we might actually never go back full time, "but it can actually be a hybrid run." So that's part of the reason why I think we're so jazzed about the partnership is that these are two examples of products coming together to help replatform at least one sets of traditional, if I can call it weak links in the security ecosystem that can now be sort of repacked. >> I was doing an interview actually, last week, and I was kind of riffing on this idea. This is one big IoT experiment. I mean, people are devices here, everyone's connected, but it's all remote, it's change the patterns of work and traffic and all kind of paradigms. But this brings up the issue of the customer challenge. Everyone's going to look at their environment saying, "Look, we now know the benefit of Cloud, it's clear, "but I got to rethink the projects that are on the table "and get rid of the ones that aren't going to be relevant "to where the world has shifted." It's not even a question of Digital Trends. It's like, okay, what am I doubling down on and what am I going to eliminate from the picture. So I got to ask you guys, if you guys can comment if I'm a customer, that's what's going through my head I got to survive, reinvent the foundation and come out with a growth strategy with a workforce, workplace, workloads, and workflows that are completely different. What's in it for me? What does this mean to me this partnership? So how do you help me what's in it for me? >> So I might take a stab at that. I think that a lot of our customers, if we look at where they were at the beginning of the year, they'd been building on a pretty creaky foundation and just adding more and more layers to it. So in the security side, many of our customers have 20, or 30, or 50, different tools, and many of them are there, because they were there yesterday. They're not actually, if you were going to zero based budget the way you were going to do security, they wouldn't be the tools you'd choose. And the interesting thing about this whole work from home transition, is it is effectively a zero based budget for security because a lot of the tools just basically don't work. So you think about a lot of the network tools and when everybody's working from home, you don't own the network. You think about a lot of even the end point tools that assumed that devices would be behind that network perimeter and now just don't work over the internet. And so when we look at our customers, they're realizing they have to re-platform their security model, anyway. And what they're doing is they're now picking again. And what they get to do is they get to pick the platforms that they now trust in 2020, with the work from home environment as it is. And I think what it gives you as a customer is a huge simplification of your environment. I mean, we talk to people every day, who were used to operating those 20 or 30, 50 tools, and they were spending 90% of their energy, just operating those tools, not actually improving security, and they were falling behind. >> That's a great-- >> If look at what they're able to do now. They actually can go back to a starting point where they think about what is the real threat I'm facing? What are the real platforms I should be choosing today? And we're actually seeing huge increases in our customer adoption of our platform. Because that resistance to change has been removed. People can't resist change anymore. Change has come. And as a result of that, they get to choose what they would like now. >> That's a huge point, I want to just double down on that redirect. And then we'll go to Sunil and his commentary. But I think you just hit the nail on the head. We are seeing the same commentary. You said it really eloquently, but the thing is, is that okay, if you believe what you just said, which I do, going into zero based budgeting decisions, fresh look at everything. The problem is people are looking at the decisions and comparing what the bells and whistles were from the tools. So how do you advise customers to rethink like, "Okay, if it's a fresh look, it's a fresh look." It's not like, okay, with the way we did it before. So a lot of times when you're evaluating products, a group gets together and say, "It doesn't have this bell or this whistle, "because that's the way we did it before." So you get to separate out this idea if you're going to go with that. It's a full fresh look. So how are customers doing that? Cause that's really difficult. >> It's a super relevant question for today's world, because I think you're absolutely right. If you talk to the person who operated the compliance tool in a big bank, and you ask them, "What do you need from that tool?" They very quickly get the things that if you just take the question, which is I need to do compliance for the bank, what do I need to do compliance effectively? And you look at the answer that they give you, which is I need this checkbox here, I need this button here, I need this minutia that I'm used to, to be consistent with what I've been used to for the last 10 years, those two things are not the same. And what we've really been encouraging our customers to do is take a look back at your requirements. So you are processing credit cards, you need to be PCI regulated. You need to be able to answer to your vendors, how many copies of their software you're using. You need to be able to find an attacker who's moving around your environment and do that as quickly as possible. And then let's build from there, what capabilities you need. And let's forget about whether the color scheme of the logo at the top of the report is the same. Let's talk about the core capabilities. And it's a very freeing conversation, actually, because what a lot of people start realizing is they've been maintaining the status quo, for reasons that actually have nothing to do with efficacy. They have to do with comfort, and the curse, and the beauty of the last six months is, no one's comfortable. So I don't care how comfortable you are with your tools, no one I know is comfortable today. And what it's giving us is an opportunity to look past the old school comfort and think about how do we transition to the future. And I think it's actually going to galvanize a lot of positive change. I was saying this before we went on air, but I don't think anybody wished that COVID was the way, that we would end up in a position where people have the appetite for change, but if there's a silver lining in the situation, that's it. And I really think that CIOs and CEOs and CFOs and CSOs, really across the board need to take advantage of the fact that there's a discontinuity here that allows us to throw out the old and bring in things that are much more effective. >> Sunil, that's a great tip for you. Because what he's basically saying is, if you don't focus on the check boxes, because there was reasons why, there's a long list probably RFPs are the same way, but we check in the boxes, okay, throw that out. By the way, you can innovate on those check boxes differently, but still achieve the same outcome, I get that. But for Google Cloud, you guys have a great network. It's well known in the industry, Google's got a phenomenal network, hence powering Android, and all the servers. We know that. With a Cloud player, this is a great opportunity for you guys to be a fresh candidate for this change. How are you guys talking about this internally, because this really is the goalposts have been moved in favor of who can deliver. >> Yeah, I think as both of you have been talking about it, look, I think the way I will maybe color this is, when consumers got to a safer posture with the advent of iPhone, right? Even though it was much more productive, delightful, and there's a bunch of other things. Ultimately, though, if anything, things became safer when you actually did computing on a phone, just because it was an opinionated stack. Ultimately, we believe whether you come to Cloud completely, or you consume some stacks, the more opinionated they are, that's ultimately the only way to reduce these moving parts that expose us to security issues. And that principles apply, by the way in reliability too, right? I mean, you have to simplify stuff for things to actually work at six nines and so forth. So same things apply in security. So imagine a world where every employee now is sitting at home. Maybe two years from now they come back they work in the Starbucks, but we had a virtual Chromebook experience. Because a physical Chromebook, of course, it's our goal to get that out there. Because on one hand, we have the Cloud, which is a full stack opinionated offering, but there's various elements of computing still dispersed in the environment. And you're talking about IoT, eventually, we'll get there, but just look at the employee's laptop or productivity station and imagine the construct of a virtual Chromebook off. And that's an opinionated stack. And that's essentially a variant of what the joint offering between the two companies is essentially aspiring to, is to provide that level of clarity and opinionation that actually genuinely solves for some foundational security issues. And in doing so, you now have a, essentially a opinionated stack close to the user. The enterprise user is a opinion stack via mobile phones close to the consumer user. And for all enterprises from a computing side, there's an opinion stack, whether it be Google or some of the other public Clouds, right. And ultimately, I think the world will move into these few sets of these opinion stacks at various points of control. And at least this particular partnership is around making the first step towards potentially one of those opinionated stacks. Allow virtual Chromebooks like experience for the enterprise users. >> And I think this is the beginning of the wave of the reality that the edge of the network, whatever you want to call it, and you see this with endpoint detection, right? I mean, everything's an endpoint now. I mean, I still think this is one big IoT device and everything's just moving around. So zero trust is a big part of it, Google Cloud, and this relationship brings that to the next level. How does zero trust and Tanium mission intersect here? Because I see some obvious ones we just talked about, but what's the connection? >> Yeah, I think and we'll hopefully talk more about it later in the year as well as we can and come up with more integrations. But at the high level, I think the way to think about this would be, imagine that device as you were talking about having an ability to actually send a strong set of signals, not just for detection and response, but for actually enforcing authentication and authorization as well. Because ultimately, identity needs to intersect with the current stack that we currently have between the two companies. And so when identity of the user, identity of the device, identity of... The context in which someone actually allows a user to access an application, these are all net new things that need to be brought into the solution to then provide both not just a safe way to provide an endpoint detection and response opinionated stack, but to also essentially make that part of an Uber zero trust offering, that a customer can consume, to ensure that, ultimately look, it doesn't really matter whether the employee is at home, they're using their own laptop, they're at Starbucks, they can come back to work, but ultimately they have this virtualized security ring that protects and always constantly authorizes, authenticates, and provides a bunch of this security operations capabilities beyond. >> So anyway-- >> The simple answer is, once we intersect identity and a slew of beyond Corp capabilities into the current offering, that's how the next step towards a more formidable zero trust offering falls. >> Okay, Orion, I'd love to get your thoughts, but if you both can answer this question, that'd be great. I'd love to get your thoughts little gamification here. If you had to put the headline out on this news, not the one on the press release that's like perfectly written. I mean bumper sticker. What is the real meaning of this relationship in this news? If you get to put a headline out there, Think New York Post style maybe or something that's can describe the news. >> I mean, I will admit, I'm not known for being good at sound bites. So I'll give you the one sentence and you can help me pair it down. But I mean, really what it is, is I think Tanium has got the highest fidelity and visibility and control out there. And I think Google's got the best data storage analytics, retention, cross referencing we've ever seen. And when you combine those two things, it's incredibly powerful for our enterprise users. And we've already seen customers where it's been transformative. >> Sunil headline-- (both talking) No, that's fine, protection solid. >> I think it's a much more descriptive nature, frankly, but I think my logical tagline that I just keep sort of the soundbite that I keep referring to is, look, you know, the world needs a virtual Chromebook to really feel safe at an endpoint level. And this is the first instantiation of that core stack that can at least get enterprise to start on that journey. >> I think you guys run something really big here. And one of my personal observations is, one is the complexity of the telemetry coming back and I can see how you would go in there and connecting the dots between Google's back end and your stuff coming together. You need to have that high powered energy from the resource. But also there's a human element, people are working at home, whether you're a teacher, they're getting you getting fished, they're spear fished, they're targeted social engineering. So as people come home, and there's now multiple access points, there's more surface area. So every single endpoint needs to be protected. And I think people in the normal world or outside of the tech industry saying, "Oh, I get it now. "We're not really protected." And this is not just sensor networks or OT technology, OT it's really humans. This is really where it's going, isn't it, guys? >> I chime in and then maybe Orion you should take it there. Cause look, I think we do have a foundational principle here, which says look, as demonstrated in a post code world. But your point, John, whether it be IoT, just to distributed computing in general continues to expand, we should just assume that the surface area for security issues on the expense, right. And rather than trying to do a rakamole of the surface area, what if you could take a foundational approach that actually breaks that relationship between expanded surface area means, expanded exposure to that. And so essentially, the same approach that we took with zero trust, which is, look, we just know we're going to get broken into. So just don't assume that your network is not safe, but still have a secure posture, right? How did that come to be? I think if you can just apply that, more generally into this construct of a distributed enterprise, which says, "Look, the surface area is going to keep going, "but let's break that correlation "between surface area to rates "buy a more foundational construct." That says, "Look, doesn't matter if today it's your, "as you said, this is your device. "Tomorrow, it could be your son's laptop "that you use to actually log into your network "and so forth." But ultimately, though, doesn't matter who you are, where you're accessing it from, what device you're using, or what network you're using, which location, the safety posture is still very strong. >> That's awesome. >> Yeah, I will just add, you're absolutely right. I mean, if you look at a customer I'm thinking about today, and I just heard this from their CIO a couple days ago, but they have one and a half million things they're protecting today, they expect to have over 150 million in five years. And so you look at containerization, cloud mobility, all the work from home stuff, it's just going to make this a more and more complex, highly variant problem, we need to expect that. And I think a lot of people are very frustrated that at the time that expansion is happening, the network essentially did become a control point you couldn't trust anymore. So the thesis that Google had around zero trust, actually became our entire world for most enterprises. When you look at that we do owe customers Quantum Jumps in capability, or they're just not going to catch up. And I think that the theoretical approach that we're taking here, between Google and Tanium lets our customers take one of those Quantum Jumps, where they're going to be seeing a lot more, they're going to be able to trust it a lot more. They're going to be able to allow devices to have access to things based on their current state and based on believing that we can extrapolate whether there's security on that device accurately. And that's something that I think a lot of customers have just never been able to do before. And frankly, I think it takes companies like this to pair up and really invest in joining their technologies to be able to get that fabric that will get our customers materially forward. And I'll just say one other thing. Many of our customers up to literally, three or four months ago, we're in a position where they were spending 60 or 70% of their security budgets on network. There's nowhere to spend that money today that's actually productive. It gives them the ability to refactor what they're doing, and the obligation to do it. Because if they don't do it, I think as, I was describing with the amount of increased assets, the amount of complexity, the lack of network control, if they don't do it, looking at the amount of threat our customers are facing today, they're going to be underwater really quickly. And so I'm proud that we get to get together here and give them a big step forward. And I really, I think there's an obligation on our industry, not to try and re-warm the same stuff we've been doing for the last 20 years and try and serve it to our customers again, but to really rethink the approach because it is a different world. >> Sunil you've been involved in a lot of entrepreneurial ventures, you've been on these waves that were misunderstood and then became understood. This is what we're getting out here and we saying essentially new expectations, we're going to drive that experience, and then ultimately drive the domain. And people will either be out of business or in business. If you're a supplier, I'll give you the final word. you guys are in good position. >> Yeah, I say that, especially in security gone, more so than maybe any other infrastructure space that I've been enrolled in. Most products have been built to solve problems with other products. And as Orion just rightfully pointed out, I think this opportunity gives enterprises clarity and vendors clarity, that look, you really have to take a foundationally, original approach to solve problems that can get customers to, if I can call it a staff function change in their current safety posture, right? And so that's really the core essence of the partnership is to, rather than worrying about solving problems with other products and so forth, is to use this opportunity, like I said, to have an opinionated view, to fundamentally change the security posture of the endpoint once and for all. >> Well, gentlemen, congratulations on a great partnership, expanded partnership. Again, the world is changing. I love this fresh look. I think that's totally right on the money. The new reality, we're here. Thanks for you taking the time to remote in from Seattle and the Bay Area. Sunil great to see you again at Google Cloud. Thanks for coming in. Orion, nice to meet you and good luck with everything. >> Thank you. >> Thank you. >> Okay, this is theCUBE's virtual coverage of Google OnAir next 2020. It's all virtual, virtualization is come in. And don't trust the network. You got to watch those endpoints. Here with Google and Tanium great partnership news. I'm John Furrier host of theCube. Thanks for watching. (upbeat music)

>> Announcer: From theCUBE studios in Palo Alto and Boston connecting with thought leaders all around the world. This is a CUBE conversation. >> Hello everybody, welcome to this special CUBE conversation. My name is Dave Vellante and you're watching theCUBE. We're here with Sanjay Poonen who's the COO of VMware and a good friend of theCUBE. Sanjay great to see you. Thanks for coming on. >> Dave it's a pleasure. In these new circumstances, shelter at home and remote working. I hope you and your family are doing well. >> Yeah, and back at you Sanjay. Of course I saw you on Kramer Mad Money the other night. I was jealous. I said, "I need Sanjay on to get an optimism injection." You're a great leader And I think, a role model for all of us. And of course the "Go Niners" in the background really incented me to get-- I got my Red Sox cap and we have a lack of sports, but, and we miss it, But hey, we're making the best. >> Okay Red Sox is better than the Patriots. Although I love the Patriots. If i was in the east coast, especially now that Brady's gone. I guess you guys are probably ruing a little bit that Jimmy G came to us. >> I am a huge Tampa Bay fan all of a sudden. I be honest with you. Tom Brady can become a Yankee and I would root for them. I tell you that's how much I love the guy. But anyway, I'm really excited to have you on. It's obviously as you mentioned, these times are tough, but we're making the best do and it's great to see you. You are a huge optimist, but I want to ask you, I want to start with Narendra Modi just announced, basically a lockdown for 21 days. 1.3 billion people in your native country. I wonder if you could give us some, some thoughts on that. >> I'm, my parents live half their time in Bangalore and half here. They happen to be right now in the US, and they're doing well. My dad's 80 and my mom's 77. I go to India a lot. I spent about 18 years of my life there, and the last 32 odd years here and I still go there a lot. Have a lots friends and my family there. And , it's I'm glad that the situation is kind of , as best as they can serve it. It's weird, I was watching some of the social media photos of Bangalore. I tweeted this out last night. The roads look so clean and beautiful. I mean, it looks like 40 years ago when I was growing up. When I would take a bicycle to school. I mean Bangalore's one of the most beautiful cities in India, very green and you can kind of see it all again. And I think, as I've been watching some of the satellite photos of the various big cities to just watch sort of Mother Nature. Obviously, we're in a tough time and, I open my empathy and thoughts and prayers go to every family that's affected by this. And certainly ones who have lost loved ones, but it's sort of, I think it's neat, that we're starting to see some of the beautiful aspects of nature. Even as we deal with the tough aspects of sheltered home. And the incredible tough impacts of this pandemic across the world. >> Yeah, I think you're right. There is a silver lining as much as, our hearts go out to those that are that are suffering. You're seeing the canals in Venice run clear. As you mentioned, the nitrous oxide levels over China. what's going on in Bangalore. So, there is a little bit of light in the end of the tunnel for the environment, I hope. and at least there's an indication that we maybe, need to be more sensitized to this. Okay, let's get into it. I want to ask you, so last week in our breaking analysis. We worked with a data company called ETR down in New York City. They do constant surveys of CIO's. I want to read you something that they came out with just on Monday and get your reaction. Basically, their annual growth and IT spend they're saying, is showing a slight decline for 2020. As a significant number of organizations plan to cut and/or delay IT expenditures due to the coronavirus. Though the current climate may suggest worse many organizations are accelerating spending for 2020 as they ramp up their work-from-home infrastructure. These organizations are offsetting what would otherwise be a notable decline in global IT spend versus last year. Now we've gone from the 4% consensus at the beginning of the year. ETR brought it down to zero percent and then just on Monday, they went to slight negative. But, what's not been reported widely is the somewhat offsetting factor of work-from-home infrastructure. VMware obviously plays there. So I wonder if you could comment on what you're seeing. >> Yeah, Dave, I think , we'll have to see . I'm not an economic pundit. So we're going to have to see what the, IT landscape looks like in the overall sense and we'll probably play off GDP. Certain industries: travel, hospitality, I mean, it's brutal for them. I mean, and I hope that, what I really hope, that's going to happen to that industry, especially there's an infusion through recovery type of bill. Is that no real big company goes under, and goes bankrupt. I mean kind of the situation in 2008. I mean, people wondering what will happen to the Airlines. Boeing, hospital-- these are ic-- some of them like Boeing are iconic brands of the United States and of the world. There's only two real companies that make planes. So we've got to make sure that those industries stay afloat and stay good for the health of the world. Health of the US economy, jobs, and so on. That's always one end. Listen, health and safety of our employees always comes first. Before we even think about that. I always tell people the profits of VMware will wait if you are not well, if your loved ones not well, if your going to take care of people, take care of that first. We will be fine. This too shall pass. But if you're healthy, let's turn our attention because we're not going to just sit at home and play games. We're going to serve our customers. How do we do that? A lot of our customers are adjusting to this new normal. As a result, they have to either order devices with a laptop, screens, things of those kinds, to allow a work-from-home environment to be as close to productive as they work environment. So I expect that there will be a surge in the, sort of, end points that people need. I will have to see how Dell and HP and Lenovo, but I expect that they will probably see some surge in their laptops. As people, kind of, want those in the home and hopefully their supply chains are able to respond. But then with every one of those endpoints and screens that we need now for these types of organizations. You need to manage them, end point management. Often, you need virtual desktops on them. You need to end point security and then in some cases you will probably need, if it's a remote office, branch office, and into the home office, network security and app acceleration. So those Solutions, end point management, Workspace ONE, inclusive of a full-fledged virtual desktop capability That's our product Workspace ONE. Endpoint Securities, Carbon Black and the Network Platform NSX being software-defined was relegated for things like, load balancers and SDWAN capabilities and it's kind of almost feels like good, that we got those solutions, the last three, four years through acquisitions, in many cases. I mean, of course, Airwatch and Nicira were six, seven, eight years ago. But even SD-WAN, we acquired Velocloud three and a half years ago, Carbon Black just four months ago, and Avi in the last year. Those are all parts of that kind of portfolio now, and I feel we were able to, as customers come to us we're not going in ambulance-chasing. But as customers come to us and say, "What do you have as a work-at-home "for business continuity?" We're able to offer them a solution. So we did a webcast earlier this week. Where we talked about, we're calling it work in home with business continuity. It's led with our EUC offerings Workspace ONE. Accompanied by Carbon Black to secure that, and then underneath it, will obviously be the cloud foundation and our Network capabilities of NSX. >> Yeah, so I want to double down on that because it was not, the survey results, showed it was not just collaboration tools. Like Zoom and WebEx and gotomeeting Etc. It was, as you're pointing out, it was other infrastructure that was of VPN's. It was Network bandwidth. It was virtualization, security because they need to secure that work-from-home infrastructure. So a lot of sort of, ancillary activity. It was surprising to me, when I saw the data, that 21% of the CIO's that we surveyed, said that they actually plan on spending more in 2020 because of these factors. And so now we're tracking that daily. And the sentiment changes daily. I showed some other data that showed the CIO sentiment through March. Every day of the survey it dropped. Okay, so it's prudent to be cautious. But nonetheless, people to your point aren't just sitting on their hands. They're not standing still. They're moving to support this new work-from-home normal. >> Yeah, I mean listen, I forgot to say that, Yeah, we are using the video collaboration tools. Zoom a lot. We use Slack. We'll use Teams. So we are, those are accompanied. We were actually one of the first customers to use Zoom. I'm a big fan of my friend Eric Yuan and what they're doing there in modernizing, making it available on a mobile device. Just really fast. They've been very responsive and they reciprocated by using Workspace ONE there. We've been doing ads joined to VMware and zoom in the market for the last several years. So we're a big fan of their technology. So far be it from me to proclaim that the only thing you need here's VMware. There's a lot of other things on the stack. I think the best way, Dave, for us that we've sought to do this is again, I'm very sensitive to not ambulance-chase, which is, kind of go after this. To do it authentically, and the way that authentically is to be, I think Satya Nadella put this pretty well in an interview he did yesterday. Be a first responder to the first responder. A digital first responder, if I could. So when the, our biggest customers are hospital and school and universities and retailers and pharmacies. These are some of our biggest customers. They are looking, in some cases, actually hire more people to serve their communities and customers. And every one of them, as they , hire new people and so and so on, will I just naturally coming to us and when they come to us, serve them. And it's been really gratifying Dave. If I could read you the emails I've been getting the last few days. I got one from a very prominent City, the United States, the mayor's office, the CTO, just thanking us and our people. For being available who are being careful not to, we're being very sensitive to the pricing. To making sure customers don't feel like, in any way, that we're looking at the economics of it will always come just serve your customer. I got an email yesterday from a very large pharmacy. Routinely we were talking to folks in the, in the healthcare industry. University, a president of a school. In fact, Southern New Hampshire University, who I mentioned Jim Cramer. Sent me a note saying, "hey, we're really grateful you even mentioned our name." and I'm not doing this because, Southern New Hampshire University is doing an incredible job of moving a lot of their platform to online to help tens of thousands. And they were one of the early customers to adopt virtual desktops, and the cloud desktops, and the services. So, as we call. So in any of these use cases, I just tell our employees, "Be authentic. "First off take care of your families. "It's really important to take care of your own health and safety. But once you've done that, be authentic in serving our customers." That's what VR has always done. From the days of dying green, to bombers, to Pat, and all of us here now. Take care of our customers and we'll be fine. >> Yeah, and I perfectly understand your sensitivity to that notion of ambulance-chasing and I'm by no means trying to bait you into doing that. But I would stress, the industry needs you and the tech it-- many in the tech industry, like VMware, have very strong balance sheets. They're extremely viable companies and we as a community, as an industry, need companies like VMware to step up, be flexible on pricing, and terms, and payment, and things like that nature. Which it sounds like you're doing. Because the heroes that are on the front lines, they're fighting a battle every day, every hour, every minute and they need infrastructure to be able to work remotely with the stay-at-home mandates. >> I think that's right. And listen, let me talk a little bit of one of the things you talked about. Which is financing and we moved a lot of our business to increasingly, to the cloud. And SaaS and subscription services are a lot more radical than offer license and maintenance. We make that choice available to customers, in many cases we lead with cloud-first solutions. And then we also have financing services from our partners like Dell financial services that really allow a more gradual, radibal payment. Do people want financing? And , I think if there are other scenarios. Jim asked me on his show, "What will you do if one of your companies go bankrupt?" I don't know, that's an unprecedented, we didn't have, we had obviously, the financial crisis. I wasn't here at VMware during the dot-com blow up where companies just went bankrupt in 2000. I was at Informatica at the time. So, I'm sure we will see some unprecedented-- but I will tell you, we have a very fortunate to be profitable, have a good balance sheet. Whatever scenario, if we take care of our customers, I mean, we have been very fortunate to be one of the highest NPS, Net promoter scorer, companies in the industry. And , I've been reaching out to many of our top customers. Just a courtesy, without any agenda other than, we're just checking in. A friend in need is a friend indeed. It's a line that I remembered. And just reach out your customers. Hey listen. Checking in. No, other than can we help you, if there's anything and thank you, especially for ones who are retailers, pharmacies, hospitals, first responders. Thank them for what they're doing to serve many of their people. Especially people in retail. Think about the people who have to go into warehouses to service us, to deliver the stuff that comes to our home. I mean, these people are potentially at risk, but they do it. Put on masks. Braving health situations. That often need the paycheck. We're very grateful for that, and our hope is that this world situation, listen, I mentioned it on on TV as a kind of a little bit of a traffic jam. I love to ski and when I go off and to Tahoe, I tell my family, "I don't know how long it's going to take." with check up on Waze or Google Maps and usually takes four hours, no traffic. Every now and then it'll take five, six, seven. Worst case eight. I had some situation, never happen to me but some of my friends would just got stuck there and had to sleep in their car. But it's pretty much the case, you will eventually get there. I was talking to my dad, who is 80, and he's doing well. And he said, this feels a little bit like World War Two because you're kind of, in many places there. They had a bunker, shelter. Not just shelter in place, but bunker shelter in that time. But that lasted, whatever five, six years. I don't think this is going to last five, six years. It may be five, six months. It might be a whole year. I don't know. I can guarantee it's not going to be six years. So it won't be as bad as World War two. It certainly won't be as bad as the Spanish Flu. Which took 39 people and two percent of the world. Including five percent of my country, India in the 1918 to 1920 period, a hundred years ago. So we will get through this. I like, we shall overcome. I'm not going to sing it for you. It's one of my favorite Louis Armstrong songs, but find ways by which you encourage, uplift people. Making sure, it is tough, it is very tough times and we have to make sure that we get through this. That jobs are preserved as best as we can because that's the part I'm really, really concerned about. The loss of jobs and how we're going to recover as US economy, but we will make it through this. >> Yeah, and I want to sort of second what you're saying. That look, I know there are a lot of people at home that going a little bit stir crazy and this, the maybe a little bit of depression setting in. But to your point, we have to be empathic for those that are suffering. The elderly, who are in intensive care and also those frontline workers. And then I love your optimism. We will get through this. This is not the Spanish Flu. We have, it's a different world, a different technology world. Our focus, like many other small businesses is, we obviously want to survive. We want to maintain our full employment. We want to serve our customers and we, as you, believe that that is the recipe for getting through this. And so, I love the optimism. >> And listen, and we can help be a part of my the moment you texted me and said, "Hey, can I be in your show?" If it helps you drive, whatever you need, sponsorship revenue, advertising. I'm here and the same thing for all of our friends who have to adjust the way in which the wo-- we want to be there to help them. And I've chosen as best as I can, in terms of how I can support my family, the sort of five, five of us at home now. All fighting over bandwidth, the three kids, and my wife, and I. To be positive with them, to be in my social media presence, as best as possible. Every day to be positive in what I tweet out to the world And point people to a hope of what's going to come. I don't know how long this is going to last. But I can tell you. I mean, just the fact that you and I are talking over video interview. High fidelity, reasonably high fidelity, high bandwidth. The ability to connect. I mean it is a whole lot better than a lot of what happened in World War 2 or the Spanish flu. And I hope at the end of it, some of us, some of this will forever change our life. I hope for for example in a lot of our profession. We have to travel to visit customers. And now that I'm building some of these relationships virtually. I hope that maybe my travel percentage will drop. It's actually good for the environment, good for my family life. But if we can lower that percentage, still get things done through Zoom calls, and Workspace ONE, and things of those kinds, that would be awesome. So that's how I think about the way in which I'm adapting my life. And then I set certain personal goals. This year, for example, we're expanding a lot of our focus in security. We have a billion dollar security business and we're looking to grow that NSX, Common Black, Workspace ONE, and accompanying tools and I made it a goal to try and meet at all my sales teams. A thousand C-ISOs. I mean off I know a lot of CIO's in the 25 years, I've had, maybe five, six thousand of them in the world. And blessed to build that relationship over the years of my SAP and VMware experience, but I don't know. I mean, I knew probably 50 or 100. Maybe a few hundred CISO's. And now that we have a portfolio it's relevant to grant them and I think very compelling across network security and End Point security. We own the companies with such a strong portfolio in both those areas. I'm reaching out to them and I'm happy to tell you, I connected, I've got the names of 1,000 of the top CISO's in the Fortune 1000, Global 2000, and connecting with many of them through LinkedIn and other mixers. I hope I talked to many of them through the course of the year. And many of them will be virtual conversations. Again, just to talk to them about being a trusted advisor to us. Seeing if we can help them. And then of course, there will be a product pitch for NSX and Carbon Black and how we're different from whoever it is, Palo Alto and F5 and Netscaler and the SD line players or semantic McAfee Crowdstrike. We're differentiated so I want to certainly earn some of the business. But these are ways in which you adjust to a virtual kind of economy. Where I'm not having to physically go and meet them. >> Yeah, and we share your optimism and those CISO's are, they're heroes, superheroes on the front line. I'll tell ya a quick aside. So John Furrier and I, we're in Barcelona. When really, the coronavirus came to our heightened awareness and John looked at me and said, "Dave we've been doing digital for 10 years. "We have to take all of the software that we've developed, "all these assets and help our customers pivot." So we share that optimism and we're actually lucky to be able to have the studios and be able to have these conversations with you guys. So again, we share that, that optimism. I want to ask you, just on guidance. A lot of companies have come out and said we're not giving guidance anymore. I didn't see anything relative to VMware. Have you guys announced anything on guidance in terms of how you're going to communicate? Where are you at with that? >> No, I think we're just, I mean listen, we take this very carefully because of reg FD and the regulations of public company. So we just allow the normal quarterly ins. And of outside of that, if our CFO decides they may. But right now we're just continuing business as usual. We're in the middle of our, kind of, whatever, middle of our quarter. Quarter ends April. So work hard do the best we can in all the regions, be available for all of our teams. Pat, myself, and others we're, to the extent that we're healthy and we're doing well, but thank God, is reach out to CISO's and CIO's and CTO's and CEOs and help them. And I believe people will spend money. The questions we have to go over. And I think the stronger will survive. The companies with better balance sheet and unfortunately, some of the weaker companies won't. And I think quite frankly, if you do your job well. I don't mean this in any negative sense. The stronger companies will take share in these environments. I was watching a segment for John Chambers. He has been through a number of different, when I know him, so an I have, I've talked to him about some of the stuff. He will tell you that he, advises is a lot of his companies now. From the experiences he saw in 2008, 2001, in many of the crisis and supply chain issues. This is a time where leadership counts. The strong get stronger. Never waste a good crisis, as Winston Churchill said. And as you do that, the strong will come strong because you figure out ways by which, if you're going to make changes that were planned for one or two years from now. Maybe a good time to make them is now. And as you do that you communicate a vision for where you're going. Very clearly to your employees. Again incessantly over and over again. They, hopefully, are able to repeat it in their own words in a simple fashion, and then you get all of your employees in our case 30,000 plus employees of VMware lined up. So one of the things that we've been doing a lot of these days is communicate, communicate, communicate, internally. I've talked a lot about our communication with customer. But inside, our employees, we do calls with our top leaders over Zoom. Calls, intimate calls, and many, often we're adjusting to where I'll say a few words. I have a mandatory every two week goal with all of my senior most leaders. I'll speak for about five minutes and then for the next 25 minutes, the top 12, 15 of them I listen. To things, I want all of them to speak up. There's nobody who should stay silent, because I want to hear what's going on in that corner of the world. >> But fantastic Sanjay. Well, I mean, Boeing, I heard this morning's going to get some support from the government. And strategically that's very important for our country. Congress finally passed, looks like they're passing that bill, and support which is awesome. It's been, especially for all these small businesses that are struggling and want to maintain full employment. I heard Steve Mnuchin the other day saying, "Look, we're talking about two months of payroll "for people if they agree to keep people employed. "or hire them back." I mean the Fed. people say, oh the FED is out of arrows. The Feds, not out of arrows. I mean, I'm not an economist either. But the Fed. has a lot of bullets in their gun, as they say. So Sanjay, thanks so much. You're an awesome leader and really an inspirational executive and a good friend so thank you so much for coming on theCUBE. >> Dave, always a pleasure. Please say hi to all of my friends, your co-anchors, and the staff at CUBE. Thank them for all their hard work. It's a pleasure to talk to you this morning. I wish you, your family, and your friends and all of our community, stay safe and be well. >> Thank you Sanjay and thank you for watching everybody. This is Dave Vellante for the cube and we'll see you next time. (soft music)

live from Miami Beach Florida Biman 2019 brought to you by beam welcome back to sunny Miami everybody you're watching the cube the leader in live tech coverage we like to go out to the events extract the signal from the noise and we're here at Vemma on 2019 I'm Dave Volante with my co-host this is day 2 Peter Burris and I have been covering wall-to-wall coverage with the cube folks from net APIs are here Jeff McCullough who's the vice president of Americas partner sales for net app and our good friend Keith Norby who runs alliances for net up guys great to see you thanks for coming on thanks for having us so Keith let's start with you V has been a partner of yours for a while now you guys go to market together year you have always been very partner friendly particularly when it comes to data protection but what's the state of the partnership today yeah this is something that we'd looked at a couple years ago and got into a very much more strategic relationship with veem over a year ago kind of work through a lot of ways to reconnect and establish a better together and this is something that we think is a strategic opportunity is kind of backed by a lot of the data you see at this show talking about you know organizations are gonna change roughly 60% of the organization is going to change their platform because of cost complexity reasons and together we've been working with Veeam to figure out how to deliver data protection for a data fabric and and IDC validates that in a number of ways that we can unpack here on this on the show or in the conversations with customers and and we've gotten great reaction to it and Jeff you lead America's partner sales from North America South America the whole kit and kaboodle talk more about your role sure well my responsibility is net at partners I am I'm successful when our partners successful are successful so everything I do is all around putting our partners in the position of you know executing being successful within that brand certainly being profitable right having profitable strong businesses and and growing right growing and taking taking market share and and helping them expand and grow their respective business law you guys have dramatically increased the percentage of your sales that come through the channel over the last you know 10 10 12 years yes pretty significantly and there's a fundamental part of your strategy stager at this executive level so yeah for sure you know channel is its core to what we do you know when we go to market you know with developing our products or executing our marketing plans it's all around how do we go execute with partners right whether it's the tools the partners need the pricings the programs to help them go engage in the market that leads to man generation and we're at various stages in all these but you know what I think you'll see consistently from the partners that you know certainly will talk and talk about their net businesses we generally lead in profitability across our partner base and we absolutely lead in terms of total profitability when you include things like services attached and how we go and execute on us partner delivered services strategy so you know from I always say NetApp is it's not just a product category it's a whole economy for our channel and it puts people to work it allows them to expand and grow their teams and it's it's a critical part of many many of the partners that are here today at veeneman certain v-mon and and certainly in the marketplace and your partner friendly and assess that you don't have a huge services organization that's competing with your channel i mean that's a jerk yeah we put partner services in the forefront of everything we do Keith you talked about better together yeah what does that mean just in terms of engineering integration go to market I mean how did you sort over the last two years you know get better together what specific actions were you guys taking I think you got to look at it first from kind of the customer in the markets in and you got a look at what's the dynamic that requires change right that sort of shapes what your PRD and your Mardis are to make a product in this case you know we've got platforms that have incredible snapshot technologies so to me it really starts there with simplifying the way that you get the first copy of data and then simply working with the strengths that veem has and their platforms and making sure that we have great option ality between our replication and other snapshot technologies their replication tech to be able to give a level of flexibility for this data fabric to come to life you know no matter if you've got the traditional data center that's got these enterprise apps like at sa P Hana or others or you built the next generation data center like on that FH CI and you're building up scale out via more private cloud or you've got the hyper scalar cloud you know with our cloud volumes you know we have options on how we get data throughout the copy process of primary to secondary to you know cloud and tertiary data so you know to us it was about really making that as simple and as pre-wired as possible via the api's and then really making that easy for partners to go and grab on to to make it easy for someone to buy us because you always want to build something that people want to buy no one wants to be sold any of this stuff and so building the right thing that people want to buy the next step then with Jeff and reason why is so critical to this is getting that ready for the partners be able to have an easy process with their customers that frankly they love people hate to be sold they love to buy yeah let's talk about they love to buy one of the challenges that the entire industry has is we move through the significant transformation is customers user organizations or themselves in the midst of huge transformations institutional transformations technology transformations relationship with their business transformation mission transformation just starting with this whole role that the channel is has been playing it's going to play how will the channel be an increasing source of value add in the deal yeah how's that playing out to help these customers you know smooth their changes yeah and I think you know I was just watching the news this morning right target announced their earnings and a big part of their earnings announcement was the improvement they made in customer interaction through digital platforms right the ability to order online pick up in the store or order online and have it delivered same-day right and these are and it's just you know one example you can go down the list of customers that have really used transformation to change their business right and you know Chipotle who's trans you know they've transformed burritos now and a lot of their successes come through digital transformation platforms so you know the evidence is overwhelming that digital transformation drives better results and we've done a lot of study at this right we we have lots of detail around customers that know how to use data and you know that the basic fact is one out of ten customers is in a position to actually leverage data effectively right this is all of the research we've done along you know with partners with with other companies the other nine need help and this is where channel partners come in this is what I tell partners all the time is this digital transformation wave is real the results are real and the customers need to move is is real and so they play a role in can play a role in helping customers accelerate that digital transformation and so our portfolio is all around accelerating customers and their ability to leverage data to transform their business and partners through both of the portfolio that they sell but then the partner driven services that we promote and drive you know really stand out in the forefront of being able to help a customer execute these these really tough strategies and in you know the thing that reason why customers love partners is partners bring choices right and you know for us as vendors we have to deal with the other side of that which is partners have choices and who they sell so we represent a portfolio that is forward thinking it aligns to where the market is going the lines to the tough problems that customers have and it's you know in its a position that allows partners to be profitable and and make money helping customers transform and deliver their own success but it's got to be more than just partners cat create choices and here's one explain what I mean by that it's increasingly your typical CIO medium-sized company large size company which is where we spend most of our time is thinking in terms of what is going to bring me value today and also generate a stream of value for me in the future so I need choice now but options for the future that are relevant and meaningful and so partners increasingly have to be part of that options equation how are they going to create options for customers and you know one of the nice things about the relationship that you have the theme is that you are a partner to veem and presumably you're going to help Veen customers create additional types of options through this expanding folio of value that you guys have so so talk about that dynamic because it really requires an even greater dependency on that customer partner engagement including you know the dependency the beam has on on you guys yeah doing it maybe start with just the veem partnership partnership yeah I think you know which we create the conditions with which I think a partner comes to life with what we've tried to do in in the product building solutions and then trying to develop the go-to-market around the partners ability to go meet the market and what the market is asking for in such you know the partners have natural services on the front side of the assessments a bit like trying to help you plan your 401 K they help you like see what kind of data you don't even see we have a wealth of partners that just have incredible skills there and then as they take that through our solution we do everything we can to make that process easy to match our technology to that design requirement and then afterwards the partners always have these these great capabilities for things like you know a one call or a managed service to help take even more complexity off the table for people to just live with the ability to have data protected across all spectrums of where they have data live so the partner equation is definitely getting more complicated right if you dial back you know half a decade decade you had guys who sold hardware boxes they livox sellers we love them but and they moved a lot of a lot of product and they worked with you okay now the cloud comes in you guys they're going you know software-defined so you can run your services in the cloud you know or you run it on Prem you've got hybrid so it's a complicated equation much more so than it was in the past so how are you seeing the partners evolve and transform you know beyond the sort of box selling mentality of course you know VMware specialists you get those guys at sa P maybe Oracle but yeah but it's even more than that now with cloud isn't it oh yeah yeah you know cloud is you know kind of the third big disruptive wave in the channel right if you think of kind of client-server is the big first disruptive way of virtualization the second disruptive way to now cloud just purely from a channel perspective the third big one and maybe the biggest right because it is completely changing the dynamics and the economics of how partners operate and you know and we've been looking at this for you know for a long time and certainly as we move our portfolio as we transition our portfolio to be cloud enabled and native to the cloud it creates options but but you know the market is moving from you know deal based revenue to reoccurring revenue and what I see partners moving to is various various degrees of reoccurring revenue strategies whether they're setting up their own MSP business and they're opening up shop and they're doing data protection on demand or they are doing managed services on premise and they're charging customer or they're buying out the infrastructure I'm charging a customer once a month or they're selling services in the cloud and in what I think is also interesting and you can see the kind of the direction where the industry of a channel is going is when you look at the acquisitions that partners are making not only of each other but of software development right IP there are going out and buying software development because the the the long term opportunity is not just selling the infrastructure it's selling a solution solving a big problem right which could be this digital transformation opportunity but it's it's more than just sure I can I can upgrade your servers it's their digital transformation right it is you know you know kind of clouds not really a destination right everybody thinks clouds the destination I got to get to you know it's not a destination it's a tool in the bag that you know customer is going to use and certainly a partner is going to leverage cloud to create a money stream write a business model that is sustainable and can grow but it's super dynamically different than what we do you know what they're doing today so you guys talk about profitability before you had a point go ahead and I say balance all that against I think we're the volume the mass of the volume is even though the hyper scalars have a tremendous amount of growth it is still VM based it is still kind of on-prem based and so there's still in this two-year window of change the vast majority of the opportunity is going to be on Prem but you also have to factor in how you involve the cloud and that strategy as what ratmir would called second wave right of beams strategy and we're right in the heart of that I mean there isn't any greater strength than what we're doing as a company with NetApp than what we're doing with cloud and it's just a natural way for us to extend you know a partner's capability a customer's ability to buy what they what you'd want to get from NetApp and beam together well and what the hyper scales have done is they've changed the way in which people consume technology absolutely understand and NetApp is a great case study of a company that's moving through that process from a product orientation to a services orientation the key I want to come back to this notion of how the NetApp relationship with Veen creates new classes of options for Ravine customers as they thought try to think about data protection differently because precisely because it's Dave said you have expanded your portfolio you are going to market with a different value proposition than a couple years ago how is that playing out in your conversations with customers as they think about moving from a data protection that's focused on devices to a data protection that's focused on delivery of digital services yeah well it's not a great topic to talk about where do you start with that organically I think you look at the way people try to operate and deal with the operations of data protection you know it really starts there because you know cloud is really about IT operations what we've done is really try to simplify that stack to get beyond it being one single endpoint of technology so it's not just about how we take data sets you know from say a net F as or a net of HCI and bring it through Veeam to another thousand or eseries and then off to the cloud you know it's beyond just the basic technology it's much more operational and it's in its nature so if you look at all the stuff they're talking about here with VOA and all the discovery elements that they're doing to help make it easier one of the one of the areas that IDC caught particularly in one of our benefit statements on taking complexity off the table is our ability to have autodiscover of yemm's you know it's it's ways that you could make much more autonomy and orchestration of operations kind of come to life as a way of you doing this technology together that's only just one of the example points that we have on this better together with veem taking the heart of their core technology and where they're being you know pervade of in in not just a VM centric crowd but also hyper-v and some of the other things they talked about that's kind of the top of their rationalize stack and then bringing that down through the heart of our data fabric portfolio and saying you know any one point at which you're at we were able to put these things together at the heart of the first step and we kind of mapped this customer journey out in our presentation to the attendees here was this customer journey from the current form of complexities you have you know and moving that all the way through to snapshot integration platform selection of which ones would make sense for what scenario how we work through veem x' data replication and management technologies our data replication our data fabric technologies to get from one endpoint to the other so and then ultimately you gotta be able talk about the ability to restore or you really shouldn't be talking about backup all right we got a wrap but I'm gonna ask you guys each question Jeff from trip reports so from your standpoint you talkin sales momentum with partners what are you gonna tell your colleagues and Keith obviously the partnership with Veen what what are you gonna tell your colleagues when you get back home yeah so so for me it's you know this is we've talked about transformation this you know I think our relationship with Veeam and the strategies that we're executing is all around transforming data protection right and it's really around this concept of simplification and I think as we were chatting before before we started taping the you know simple simple matters right simplification or simple is really attractive feature and you know our ability to simplify data protection for customers in partnership with Veeam deliver solution that's you know clearly world-class and you know NetApp bringing world-class technology to the table it's a great partnership it creates an opportunity for us to go and have conversations with customers that made me never thought of NetApp before and and it's you know an opportunity for us to open a lot of doors and certainly for me what I care about it's an opportunity for our partners to open a lot of doors yeah I would just say listen we worked from our joint CEOs together so George and ratmir starting this like joint bond of alignment all the way down through product solutions feel Geo's channels we're gonna have explosive growth together you know we're gonna go address this market that is looking to change we've got something we're bringing together and it's absolutely better together great power players aligning at the top all the way down through the channel to the partners into the cloud bringing you all the data here the cube Jeff and Keith thanks very much for coming on the cube keep it right to everybody Peter Burris and I will be back with our next guest right after this short break we're live from Miami at Vemma in 2019 over a pack