>> Presenter: theCUBE presents Ignite '22, brought to you by Palo Alto Networks. >> Hey guys and girls. Welcome back to theCube's live coverage at Palo Alto Ignite '22. We're live at the MGM Grand Hotel in beautiful Las Vegas. Lisa Martin here with Dave Vellante. This is day one of our coverage. We've been talking with execs from Palo Alto, Partners, but one of our most exciting things is talking with Founders day. We get to do that next. >> The thing is, it's like I wrote this weekend in my breaking analysis. Understanding the problem in cybersecurity is really easy, but figuring out how to fix it ain't so much. >> It definitely isn't. >> So I'm excited to have Nir here. >> Very excited. Nir Zuk joins us, the founder and CTO of Palo Alto Networks. Welcome, Nir. Great to have you on the program. >> Thank you. >> So Palo Alto Networks, you founded it back in 2005. It's hard to believe that's been 18 years, almost. You did something different, which I want to get into. But tell us, what was it back then? Why did you found this company? >> I thought the world needed another cybersecurity company. I thought it's because there were so many cybersecurity vendors in the world, and just didn't make any sense. This industry has evolved in a very weird way, where every time there was a new challenge, rather than existing vendors dealing with a challenge, you had new vendors dealing with it, and I thought I could put a stop to it, and I think I did. >> You did something differently back in 2005, looking at where you are now, the leader, what was different in your mind back then? >> Yeah. When you found a new company, you have really two good options. There's also a bad option, but we'll skip that. You can either disrupt an existing market, or you can create a new market. So first, I decided to disrupt an existing market, go into an existing market first, network security, then cyber security, and change it. Change the way it works. And like I said, the challenges that every problem had a new vendor, and nobody just stepped back and said, "I think I can solve it with the platform." Meaning, I think I can spend some time not solving a specific problem, but building a platform that then can be used to solve many different problems. And that's what I've done, and that's what Palo Alto Networks has done, and that's where we are today. >> So you look back, you call it now, I think you call it a next gen firewall, but nothing in 2005, can it be next gen? Do you know the Silicon Valley Show? Do you know the show Silicon Valley? >> Oh! Yeah. >> Yeah, of course. >> You got to have a box. But it was a different kind of box- >> Actually. >> Explain that. >> Actually, it's exactly the same thing. You got to have a box. So I actually wanted to call it a necessary evil. Marketing wouldn't go for that. >> No. >> And the reason I wanted to call it a necessary evil, because one of the things that we've done in order to platform our cyber security, again, first network security now, also cloud security, and security operations, is to turn it into a SaaS delivered industry. Today every cyber security professional knows that, when they buy cyber security, they buy usually a SaaS delivered service. Back then, people thought I was crazy to think that customers are going to send their data to their vendor in order to process, and they wanted everything on premise and so on, but I said, "No, customers are going to send information to us for processing, because we have much more processing power than they have." And we needed something in the infrastructure to send us the information. So that's why I wanted to call it the necessary evil. We ended up calling it next generation firewall, which was probably a better term. >> Well, even Veritas. Remember Veritas? They had the no hardware agenda. Even they have a box. So it is like you say, you got to have it. >> It's necessary. >> Okay. You did this, you started this on your own cloud, kind of like Salesforce, ServiceNow. >> Correct. >> Similar now- >> Build your own data centers. >> Build your own data center. Okay, I call it a cloud, but no. >> No, it's the same. There's no cloud, it's just someone else's computer. >> According to Larry Ellison, he was actually probably right about that. But over time, you've had this closer partnership with the public clouds. >> Correct. >> What does that bring you and your customers, and how hard was that to navigate? >> It wasn't that hard for us, because we didn't have that many services. Usually it's harder. Of course, we didn't do a lift and shift, which is their own thing to do with the cloud. We rebuild things for the cloud, and the benefits, of course, are time to market, scale, agility, and in some cases also, cost. >> Yeah, some cases. >> In some cases. >> So you have a sort of a hybrid model today. You still run your own data centers, do you not? >> Very few. >> Really? >> There are very, very few things that we have to do on hardware, like simulating malware and things that cannot be done in a virtual machine, which is pretty much the only option you have in the cloud. They provide bare metal, but doesn't serve our needs. I think that we don't view cloud, and your viewers should not be viewing cloud, as a place where they're going to save money. It's a place where they're going to make money. >> I like that. >> You make much more money, because you're more agile. >> And that's why this conversation is all about, your cost of goods sold they're going to be so high, you're going to have to come back to your own data centers. That's not on your mind right now. What's on your mind is advancing the unit, right? >> Look, my own data center would limit me in scale, would limit my agility. If you want to build something new, you don't have all the PaaS services, the platform as a service, services like database, and AI, and so on. I have to build them myself. It takes time. So yeah, it's going to be cheaper, but I'm not going to be delivering the same thing. So my revenues will be much lower. >> Less top line. What can humans do better than machines? You were talking about your keynote... I'm just going to chat a little bit. You were talking about your keynote. Basically, if you guys didn't see the keynote, that AI is going to run every soc within five years, that was a great prediction that you made. >> Correct. >> And they're going to do things that you can't do today, and then in the future, they're going to do things that you can't... Better than you can do. >> And you just have to be comfortable with that. >> So what do you think humans can do today and in the future better than machines? >> Look, humans can always do better than machines. The human mind can do things that machines cannot do. We are conscious, I don't think machines will be conscious. And you can do things... My point was not that machines can do things that humans cannot do. They can just do it better. The things that humans do today, machines can do better, once machines do that, humans will be free to do things that they don't do today, that machines cannot do. >> Like what? >> Like finding the most difficult, most covert attacks, dealing with the most difficult incidents, things that machines just can't do. Just that today, humans are consumed by finding attacks that machines can find, by dealing with incidents that machines can deal with. It's a waste of time. We leave it to the machines and go and focus on the most difficult problems, and then have the machines learn from you, so that next time or a hundred or a thousand times from now, they can do it themselves, and you focus on the even more difficult. >> Yeah, just like after 9/11, they said that we lack the creativity. That's what humans have, that machines don't, at least today. >> Machines don't. Yeah, look, every airplane has two pilots, even though airplanes have been flying themselves for 30 years now, why do you have two pilots, to do the things that machines cannot do? Like land on the Hudson, right? You always need humans to do the things that machines cannot do. But to leave the things that machines can do to the machines, they'll do it better. >> And autonomous vehicles need breaks. (indistinct) >> In your customer conversations, are customers really grappling with that, are they going, "Yeah, you're right?" >> It depends. It's hard for customers to let go of old habits. First, the habit of buying a hundred different solutions from a hundred different vendors, and you know what? Why would I trust one vendor to do everything, put all my eggs in the same basket? They have all kind of slogans as to why not to do that, even though it's been proven again and again that, doing everything in one system with one brain, versus a hundred systems with a hundred brains, work much better. So that's one thing. The second thing is, we always have the same issue that we've had, I think, since the industrial revolution, of what machines are going to take away my job. No, they're just going to make your job better. So I think that some of our customers are also grappling with that, like, "What do I do if the machines take over?" And of course, like we've said, the machines aren't taking over. They're going to do the benign work, you're going to do the interesting work. You should embrace it. >> When I think about your history as a technology pro, from Check Point, a couple of startups, one of the things that always frustrated you, is when when a larger company bought you out, you ended up getting sucked into the bureaucratic vortex. How do you avoid that at Palo Alto Networks? >> So first, you mean when we acquire company? >> Yes. >> The first thing is that, when we acquire companies, we always acquire for integration. Meaning, we don't just buy something and then leave it on the side, and try to sell it here and there. We integrate it into the core of our products. So that's very important, so that the technology lives, thrives and continues to grow as part of our bigger platform. And I think that the second thing that is very important, from past experience what we've learned, is to put the people that we acquire in key positions. Meaning, you don't buy a company and then put the leader of that company five levels below the CEO. You always put them in very senior positions. Almost always, we have the leaders of the companies that we acquire, be two levels below the CEO, so very senior in the company, so they can influence and make changes. >> So two questions related to that. One is, as you grow your team, can you be both integrated? And second part of the question, can you be both integrated and best of breed? Second part of the question is, do you even have to be? >> So I'll answer it in the third way, which is, I don't think you can be best of breed without being integrated in cybersecurity. And the reason is, again, this split brain that I've mentioned twice. When you have different products do a part of cybersecurity and they don't talk to each other, and they don't share a single brain, you always compromise. You start looking for things the wrong way. I can be a little bit technical here, but please. Take the example of, traditionally you would buy an IDS/IPS, separately from your filtering, separately from DNS security. One of the most important things we do in network security is to find combining control connections. Combining control connections where the adversaries controlling something behind your firewall and is now going around your network, is usually the key heel of the attack. That's why attacks like ransomware, that don't have a commanding control connection, are so difficult to deal with, by the way. So commanding control connections are a key seal of the attacks, and there are three different technologies that deal with it. Neural filtering for neural based commanding control, DNS security for DNS based commanding control, and IDS/IPS for general commanding control. If those are three different products, they'll be doing the wrong things. The oral filter will try to find things that it's not really good at, that the IPS really need to find, and the DN... It doesn't work. It works much better when it's one product doing everything. So I think the choice is not between best of breed and integrated. I think the only choice is integrated, because that's the only way to be best of breed. >> And behind that technology is some kind of realtime data store, I'll call it data lake, database. >> Yeah. >> Whatever. >> It's all driven by the same data. All the URLs, all the domain graph. Everything goes to one big data lake. We collect about... I think we collect about, a few petabytes per day. I don't write the exact number of data. It's all going to the same data lake, and all the intelligence is driven by that. >> So you mentioned in a cheeky comment about, why you founded the company, there weren't enough cybersecurity companies. >> Yeah. >> Clearly the term expansion strategy that Palo Alto Networks has done has been very successful. You've been, as you talked about, very focused on integration, not just from the technology perspective, but from the people perspective as well. >> Correct. >> So why are there still so many cybersecurity companies, and what are you thinking Palo Alto Networks can do to change that? >> So first, I think that there are a lot of cybersecurity companies out there, because there's a lot of money going into cybersecurity. If you look at the number of companies that have been really successful, it's a very small percentage of those cybersecurity companies. And also look, we're not going to be responsible for all the innovation in cybersecurity. We need other people to innovate. It's also... Look, always the question is, "Do you buy something or do you build it yourself?" Now we think we're the smartest people in the world. Of course, we can build everything, but it's not always true that we can build everything. Know that we're the smartest people in the world, for sure. You see, when you are a startup, you live and die by the thing that you build. Meaning if it's good, it works. If it's not good, you die. You run out of money, you shut down, and you just lost four years of your life to this, at least. >> At least. >> When you're a large company, yeah, I can go and find a hundred engineers and hire them. And especially nowadays, it becomes easier, as it became easier, and give them money, and have them go and build the same thing that the startup is building, but they're part of a bigger company, and they'll have more coffee breaks, and they'll be less incentive to go and do that, because the company will survive with or without them. So that's why startups can do things much better, sometimes than larger companies. We can do things better than startups, when it comes to being data driven because we have the data, and nobody can compete against the amount of data that we have. So we have a good combination of finding the right startups that have already built something, already proven that it works with some customers, and of course, building a lot of things internally that we cannot do outside. >> I heard you say in one of the, I dunno, dozens of videos I've listened to you talked to. The industry doesn't need or doesn't want another IoT stovepipe. Okay, I agree. So you got on-prem, AWS, Azure, Google, maybe Alibaba, IoT is going to be all over the place. So can you build, I call it the security super cloud, in other words, a consistent experience with the same policies and edicts across all my estates, irrespective of physical location? Is that technically feasible? Is it what you are trying to do? >> Certainly, what we're trying to do with Prisma Cloud, with our cloud security product, it works across all the clouds that you mentioned, and Oracle as well. It's almost entirely possible. >> Almost. >> Almost. Well, the things that... What you do is you normalize the language that the different cloud scale providers use, into one language. This cloud calls it a S3, and so, AWS calls it S3, and (indistinct) calls it GCS, and so on. So you normalize their terminology, and then build policy using a common terminology that your customers have to get used to. Of course, there are things that are different between the different cloud providers that cannot be normalized, and there, it has to be cloud specific. >> In that instance. So is that, in part, your strategy, is to actually build that? >> Of course. >> And does that necessitate running on all the major clouds? >> Of course. It's not just part of our strategy, it's a major part of our strategy. >> Compulsory. >> Look, as a standalone vendor that is not a cloud provider, we have two advantages. The first one is we're security product, security focused. So we can do much better than them when it comes to security. If you are a AWS, GCP, Azure, and so on, you're not going to put your best people on security, you're going to put them on the core business that you have. So we can do much better. Hey, that's interesting. >> Well, that's not how they talk. >> I don't care how they talk. >> Now that's interesting. >> When something is 4% of your business, you're not going to put it... You're not going to put your best people there. It's just, why would you? You put your best people on 96%. >> That's not driving their revenue. >> Look, it's simple. It's not what we- >> With all due respect. With all due respect. >> So I think we do security much better than them, and they become the good enough, and we become the premium. But certainly, the second thing that give us an advantage and the right to be a standalone security provider, is that we're multicloud, private cloud and all the major cloud providers. >> But they also have a different role. I mean, your role is not the security, the Nitro card or the Graviton chip, or is it? >> They are responsible for securing up to the operating system. We secure everything. >> They do a pretty good job of that. >> No, they do, certainly they have to. If they get bridged at that level, it's not just that one customer is going to suffer, the entire customer base. They have to spend a lot of time and money on it, and frankly, that's where they put their best security people. Securing the infrastructure, not building some cloud security feature. >> Absolutely. >> So Palo Alto Networks is, as we wrap here, on track to nearly double its revenues to nearly seven billion in FY '23, just compared to 2020, you were quoted in the press by saying, "We will be the first $100 billion cyber company." What is next for Palo Alto to achieve that? >> Yeah, so it was Nikesh, our CEO and chairman, that was quoted saying that, "We will double to a hundred billion." I don't think he gave it a timeframe, but what it takes is to double the sales, right? We're at 50 billion market cap right now, so we need to double sales. But in reality, you mentioned that we're growing the turn by doing more and more cybersecurity functions, and taking away pieces. Still, we have a relatively small, even though we're the largest cybersecurity vendor in the world, we have a very low market share that shows you how fragmented the market is. I would also like to point out something that is less known. Part of what we do with AI, is really take the part of the cybersecurity industry, which are service oriented, and that's about 50% of the cybersecurity industry services, and turn it into products. I mean, not all of it. But a good portion of what's provided today by people, and tens of billions of dollars are spent on that, can be done with products. And being one of the very, very few vendors that do that, I think we have a huge opportunity at turning those tens of billions of dollars in human services to AI. >> It's always been a good business taking human labor and translating into R and D, vendor R and D. >> Especially- >> It never fails if you do it well. >> Especially in difficult times, difficult economical times like we are probably experiencing right now around the world. We, not we, but we the world. >> Right, right. Well, congratulations. Coming up on the 18th anniversary. Tremendous amount of success. >> Thank you. >> Great vision, clear vision, STEM expansion strategy, really well underway. We are definitely going to continue to keep our eyes. >> Big company, a hundred billion, that's market capital, so that's a big company. You said you didn't want to work for a big company unless you founded it, is that... >> Unless it acts like a small company. >> There's the caveat. We'll keep our eye on that. >> Thank you very much. >> It's such a pleasure having you on. >> Thank you. >> Same here, thank you. >> All right, for our guests and for Dave Vellante, I'm Lisa Martin. You're watching theCUBE, the leader in live emerging and enterprise tech coverage. (upbeat music)

(bright music) >> Welcome back to Vegas, guys and girls. We're pleased that you're watching theCUBE. We know you've been with us. This is our fourth day. We know you've been with us since day one. Why wouldn't you be? Lisa Martin, here. As I mentioned, day four of theCUBE's coverage of AWS re:Invent. There are north of 55,000 people that have been at this event this week. We're hearing hundreds of thousands online. It really feels like old times, which is awesome. We're pleased to welcome back a gentleman from Dataiku who's actually new to theCUBE but Dataiku is not. Jed Dougherty is here, the VP of Platform Strategy. Thanks to joining me today, Jed. >> Oh, I'm so happy to be here. >> Talk a little bit, for anybody that isn't familiar with Dataiku, tell the audience a little bit about the technology, what you guys do. >> Dataiku is an end-to-end data science machine learning platform. We take everything from data ingestion, piplining of that data, bringing it all together, something that's useful for building models, deploying those models and then managing your ML ops workflow. So, really all the way across. And we sit on top of, basically, tons of different AWS stack as well as lots of the partners that are here today. >> Okay, got it. >> Snowflake, Databricks, all that. >> Got it, so one of the things that, it was funny, I think it was Adam's keynote Tuesday morning. I didn't time it, I watched it, but one of my guests said to me earlier this week that Adam spent exactly 52 minutes talking about data. >> Yeah. >> 52 minutes. Obviously, we can't come to an event like this without talking about data. Every company these days has to be a data company. Whether it's my grocery store or a retailer, a hospital, and so- >> Jed: It is the lifeblood of every modern company. >> It is, but you have to be able to access it. You have to be able to harness it, access it, derive insights from it, and be able to act on that faster than the competitors that are waiting, like, right back here. One of the things Adam Selipsky talked about with our boss, John Furrier, who's the co-CEO of theCUBE, they had a sit-down about a week before re:Invent. John always gets a preview of the show and Adam said, you know, he thinks the role of data analyst is going to go away. Or at least the term, because with data democratization that needs to happen. Putting data in the hands of all the business users, that every business user, whether you're in technology or marketing or ops or finance, it's going to have to analyze data to do their jobs. >> Could not agree more. >> Are you hearing that from customers? >> 100% >> Yeah. >> I was just at the CTO Summit of Bank of America two weeks ago out in California, and they told, their CTO had a statistic, 60,000 technologists in Bank of America, all asking data-type questions. You can have the best team of data scientists in the world, and they do. They have some of the best data scientists in the world there. And this team of data scientists could answer any one of the questions that those 60,000 people might have but they can't answer all of them, right? You need those people to be able to answer their own questions. I don't know if the term data analysts are going away. I think, yeah, everybody's just going to have to become a bit more of one. Just like how Excel taught everybody how to use the spreadsheet, in the future, in the next five, 10 years, the democratization of AI means that tools like Dataiku and other data science tools are going to teach everybody how to analyze data. >> Talk about Dataiku as a facilitator of that, of that democratization. Giving, like the citizen technologist who might be in finance, the ability to do that. >> So, a lot of data science tools are aimed at your hardcore coder, right? Somebody who wants to be sitting at a notebook writing (indistinct) or something like that and running models on some big fancy Spark server. Dataiku is still going to be running models on some big fancy Spark server but we're really obfuscating the challenge of writing code away from the user. So we target low code, no code, and high code users all working together in a collaborative platform. So we really do, we believe that there is always going to be a place for data scientists. That role is not going away. You will always need hardcore coders to take on those moonshot very challenging topics. But for every day AI, anybody should be able to do this and it should be open to anybody. >> Right. >> Jed: Really aim to facilitate that. >> I would love to hear some feedback, you know, this is day four of the show as I was saying, and day four is packed. I mean, this is energy-level-wise, guys, it is the same as it was when we started here on Friday night. But I'd love to hear, Jed, from your perspective some of the customer conversations that you've had, what are some of the challenges? They're coming to you saying, "Jed, Dataiku, help us eradicate these challenges so we can transform our business." >> What I'm hearing from customers and partners and AWS here is, over and over, we don't want to buy tools anymore. We want to buy solutions. We want a vertical solution that's pre-built for our industry. And we want it to be, not necessarily click and run out of the box, but we want a template that we can build off of quickly. And I've heard that customers are also looking to understand how tools can be packaged together. You got how many booths are here? 1000 booths? >> Yes, easily. >> You have 1000 different products being talked about, right behind us. Customers need to know which of these products are friends with each other and how they fit together so that they are making sure that when they purchase a set, a suite of tools to do their jobs, it's all going to work naturally together. So, being able, I think this is a really vital concept for GSIs as well. GSIs needs to understand how to package sets of tools together to deliver a full solution to clients. People don't want to be, you know, I think 10 years ago, five years ago, AWS was in the business of selling servers in the cloud. But basically what you do is, you would buy an EC two instance and you install whatever software you wanted on it. I don't know that they're in that business still but customers don't want to buy servers from AWS anymore. They want to buy solutions. >> Right. >> Rent, whatever. >> Yeah. (chuckles) >> That is the big repeated message that I've heard here. >> So you brought up a good point that there are probably 1000 booths here. You could be here every day and not get to see everything that's going on. Plus this show was going on across the strip. We're only getting a fraction of the people that are here. But with that said, to your point, there are so many tools out there. Customers are looking for solutions. One of the things that we say about theCUBE is, we extract the signal from the noise. How does Dataiku get past the noise? How do you get up the stack to really impact customers so they understand the value that you're delivering? >> I think that Data science and ML sound like a very complicated topic but our value prop is relatively simple. And we appeal both to your end users who are excited to learn about how data science works and how they can leverage these tools in their day-to-day jobs, as well as appealing to IT. IT, right now, at major organizations they want to be able to build a full stack that makes sense. And the big choices they're making right now are around infrastructure. Where am I going to run my compute? So, they're choosing between Snowflake or Databricks or a native AWS compute solution, right? And so they make this big choice around compute and then they realize, "Oh, how many of our users across our organization are actually able to leverage this big compute choice?" Oh, maybe 100, maybe 200. That's not incredibly useful for what we've just decided to completely stand behind. Dataiku, all of a sudden, opens that up to 1000s of users across your organization. So it makes IT feel empowered by being able to help more people. And it makes users feel empowered by being able to use a great tool and start answering their own questions. >> And where are your customer conversations these days? As we look at AI and ML, emerging technologies, so many customers and companies, knowing we have to go in this direction. We have to have AI to speed the business. Are you seeing more of the conversations are still in IT or are they actually going up the stack? >> (chuckles) It's a great question. When you're going into large organizations, there's two sales motions, right? There's convincing the business users that this is a great thing and then convincing IT that it's not going to be too painful. You always have to go to both places. IT doesn't want to take on a boondoggler, or there's an albatross, I don't remember the word, but, something that they're going to have to deal with for the next 10 years and then eventually dismantle and pull apart. I think a lot of IT got very scared about big data platforms and solutions because of Hadoop. To be honest, Hadoop was incredibly powerful but maybe not as mature of technology as IT would've liked it to be. From a maintenance and administration standpoint. So yes, you will always have to sell to IT and help IT feel comfortable with the platform. But no, the conversations that I want to have are the use case conversations with a Chief Data Officer, Chief Revenue Officer, Chief Marketing Officer. That's who I really want to convince that this is going to be a worthwhile opportunity. >> And what are some of the key, sorry. What are some of the key use cases that Dataiku is tackling in the market these days? >> So we work a lot. Two of the biggest organizations, or verticals, that I work with personally are finance and pharmaceuticals. In finance, we are closely embedded with wealth management organizations. So, a lot of that is around customer entertainment, churn, relatively obvious, simple concepts but ones where it's worth a lot of money. In pharma, we work both on the supply side. So, doing supply chain optimization, ensuring the right drugs get to the right places at the right time. As well as on the business and marketing side. So, ensuring that your ad spend is correctly distributed across different advertising platforms. >> So if you're working with a financial organization, I want to understand from a consumer, from the end user's perspective, although obviously this technology impacts the end user who's trying to do a transaction. What's in it for me? And I don't know as the end user that Dataiku is under the hood. >> You'd never know. >> Which is good. I shouldn't have to worry about the technology. >> Jed: You shouldn't have to worry about that at all. >> What's in it for the end user customer? What are they gaining from this? >> So, from a very end user perspective, if you think about when you logged onto maybe your Bank of America, your Chase app, five or 10 years ago, maybe you didn't even have it on your phone five years ago. Or when you logged into your account online. We do 95% of our banking online right now, right? I go into a physical location, what? I don't know, once every six months or something? Get a cashier's check? I don't know. The experience that you're getting and the amount of information you're getting back about your spending habits, where your money is going, what your credit score is, all of these things are being driven by these big data organizations inside the banks. Also, any type, this is a little creepier, but any type of promotional emails or the types of things that you get feedback on when you use your credit card and the offers that you get through that, are all being personalized to you through the information that these banks are collecting about your spending habits. >> Yeah, but we want that as a consumer, we want the personalized. >> Yeah, of course. We want it to be magic slash not creepy. (laughs) >> Right, I want them to recommend the best card for me. >> Right. >> The next best thing. >> It's good for me, it's good for them. >> Don't serve me up something that I've already bought. That always bugs me when I'm like, I already bought that. >> I get that all the time. I'm like, yeah, I have that card already. It's in my wallet. Why are you telling me? >> We only have a couple of minutes left Jed, but talk to me about from a platform strategy perspective, what's next for Dataiku and AWS? >> So we are making a matrix transition right now and it's core to our platform. For a long time, the way that we've installed Dataiku is, we help our customers install it on their AWS account so it runs inside their tenant. This is very comfortable for, for example, large banking clients, pharma clients that have personally identifiable information, all that kind of thing. They own everything. However, as we were talking about before, we're really moving from providing a tool to providing solutions. And part of that is obviously a move to SaaS. So two years ago we released a SaaS offering. We've been expanding it more and more to, this year, we want to be pushing SaaS first. So Dataiku online should be the first option when new customers move on. And that is a huge platform shift. It means making sure that we have the right security in place. It means making sure that we have the right scaling in place, that we have 24-7 support. All this has been a big challenge. A big fascinating challenge, actually, to put together. >> Awesome. Last question for you. Say you get a brand new DeLorean, I hear they're coming back, and you want to put, you really, really want to put a bumper sticker on it, 'cause why not? And it's about Dataiku and it's like a sizzle reel kind of thing. >> A sizzle real, alright. >> Yeah. What does it say? >> Extraordinary people, everyday AI. >> Wow. Drop the mic, Jed. That was awesome. Thank you so much for coming on the program. We really appreciate the update on Dataiku. What you guys are doing for customers, your specialization and solutions for verticals. Awesome stuff, we'll have to have you back. >> Thank you so much. >> Alright, my pleasure. >> Bye-Bye. >> For my guest, I'm Lisa Martin. You're watching theCUBE, the leader in live enterprise and emerging tech coverage. (bright music)

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

(upbeat music) (logo crystals tingle) >> Hi, everybody, welcome back to FalCon22, I'm Dave Vellante and you're watching theCube's continuous coverage, this is day two. We live in an API economy, but APIs, you know, they're sometimes vulnerable, Michael Nicosia is here, he's the Chief Operating Officer and co-founder of Salt Security, API Security Specialist, Michael, welcome to theCUBE, thanks for coming on. >> Thank you so much, Dave, glad to be here. >> You're very welcome. Why did you and your co-founder, is it Roy? >> Yeah. >> Why did you guys start Salt Security? >> So really easy, I mean, as you mentioned, the proliferation of APIs constantly is growing on a year to year basis. So in 2015, when he and I met, we had this idea that it was going to continue to grow and APIs were going to be critical to every organization from an innovation perspective, from a safety perspective and we thought that current tools out there couldn't protect against the new threat vector that we thought was going to happen. And, you know, you fast forward to 2022 and here we are, it's the largest growing threat vector from an API perspective because APIs are just growing like crazy. >> Right. Well, let's talk about the news, CrowdStrike made an investment in your company. >> Michael: Yes. >> Congratulations. >> Michael: Thank you. >> Tell us about that, why it's important, and to have a strategic partner like that. >> Yeah, so first of all, we're super thrilled about the partnership, I mean, it's amazing. And not only the partnership, the strategic investment for us just signifies the importance of our two companies in terms of what we want to do in the field together or in the market together. So the strategic investment is amazing, the partnership is even more amazing just because it's kind of like, you know, the first in its class from an API security perspective, we've got partners from the cloud providers and then the only other partnerships really have is with API Management vendors. So this is unique in that it goes outside the security ecosystem to provide this partnership and the nice thing about it is it's exclusive, excuse me, and it just continues to validate the leadership where we have an API security, as well as obviously a leadership that CrowdStrike has. >> Exclusive in the sense that CrowdStrike's not going to invest in another API competitor and you're not going to take investment from an endpoint- >> Michael: Exactly. >> Or something like that. >> Endpoint or, you know, really cloud workload situation. >> Anything within that vastly expanding portfolio. >> Michael: Exactly. >> So pretty much anybody. >> Michael: Exactly. >> Except network security, from what I saw in the keynote yesterday, that's sort of on the table, for now. So, okay, so why should customers care about this? What's the benefit to them? >> Yeah, so if you think about, the security profile of organizations and where they seem to have potential risk, threat vectors, you know, endpoint, you know, Cloud obviously API becomes a bigger, threat vector as well. So I think the partnership just solidifies the fact that we want to create a better security profile for organizations and we want to make it safe for them to innovate and continue to do what they do. So I think that's the importance and when you put the two together it just creates a larger value proposition, more stickiness from end point to cloud, to APIs. >> So we have a partner, theCUBE, and in New York city and it's called ETR and they do quarterly surveys of CISOs, CIOs, IT buyers, about 12 to 1500 a quarter. And so I was chatting with those guys last week, they knew we were going to be at CrowdStrike and so they ran some data for all the API security vendors and you guys were, you know they had like the Gartner Magic Quadrant but it's not, you know, vision and execution, it's spending momentum and like presence in their survey, it's like market share, mind share. >> Sure. >> You guys were up and to the right, like, way, way, way ahead, I presume that's why you got the attention of CrowdStrike. I found their data set to be incredibly good, that's how we found CrowdStrike years ago, like, "Wow, who's this company?" >> Yeah. >> You know, companies like CrowdStrike, Okta, Zscaler, Snowflake Off The Charts, but you guys were really noticeable. Talk about the spending momentum you're seeing with customers, where's that coming from? >> Yeah, I mean look, for us it's a continuing growing market, it's accelerating and we're still in the, you know, early stages of the market, which is amazing. But if you think about what organizations do, they innovate, right, they innovate through, you know, software, through applications or APIs. So if you think about, you know, how do they continue to innovate safely? They need a solution, like Salt Security to protect from any bad actors that could potentially create any breaches, vulnerabilities. So I think that that's why CISOs in particular are super excited about talking to us, making sure that they have all of their bases covered especially when it comes to applications that they have within their organization, which continues to grow. >> And not to not to be a methodology geek, but the methodology they use is to essentially say, is a customer spending more or less, they subtract the lesses from the mores and that's what you're left with. And one of the lesses is churn, and if you have high churn, you're spending momentum, >> you know- >> Micheal: Yeah. >> In their methodology goes into the tank. So you have obviously admitted you have very low churn is that what you're saying in the field? >> Micheal: Absolutely. >> Why is that? >> Yeah, I mean, again, I think it's, it goes back to the value that we bring to customers. I think, you know, our solution works, we're the only AI/ML-based solution with deep context so we can really take a closer granular look at the APIs, model those APIs, create a baseline and really protect against them. So I mean, our solution works and it works really well and I think we provide value in that, you know, CISOs don't have to worry about any bad actors trying to infiltrate their applications 'cause they know that Salt Security is there protecting them. >> I know you're not the tech guy but you're the founder, co-founder of a technology company so you got to be conversant in the tech, 'cause this is the way it is in our business, so tell us about the tech, what's so cool about it? What's the differentiation? >> Yeah, I guess, and I mentioned that it's really AI/ML based, you know, we leverage big data and it's really the context associated to that, which means that, you know, we can get into granular details of really baselining the API itself. And what we do really well is, because these are unique attacks and these attacks could be days, weeks, months and we're the only vendor that, that can really correlate across that timeline because of the context-based big data that we leverage to be able to, you know, spot these potential bad actors that we look for. >> And all this happens in the cloud or? >> Absolutely, it's all... >> You have a server in your office? >> No, no, it's all it's a hundred percent SaaS-based, Cloud-based solution, I think that's one of the reasons why the partnership with CrowdStrike is so amazing as well. >> Talk a little bit more about the synergies between CrowdStrike and Salt Security. >> Tons of synergies, I mean, if you think about from, you know, from the part of being a little fluffy culture, the two companies have similar cultures, we go after similar you know, first Cloud, innovative companies. If you think about kind of the technology that CrowdStrike has put forth, revolutionized the endpoint security, and now moving into the Cloud, you know, leveraging AI and ML, we're doing the exact same thing so I think there's a lot of synergies associated with that. And again, the final point that I'll make is that you know, we think together the, you know, better together story is, resonates just because if you think about all of the areas that you know have potential breaches, these threats, we kind of cover 'em all with the partnership. >> When I talk to a founding, you know, co-founder, who's a go to market pro, I like to ask them how did you know when to scale? I mean, you got to have product market fit, I see so many companies failing because they try to go to market before they have, they try to scale go to market before they have product market, but how did you do it? How did you know when to scale? >> You know, it's tricky, and you got to look at a couple of, you know, factors, you got to look at the market, you got to look at, you know, how much potential opportunity exists and you really need to look at, the momentum that is being established. You know, when you talk to CISOs, kind of, you know, talking to them about projects and how, how they prioritize projects and where API security fits, you know, once it begins to be the top three and you start that momentum and obviously you bringing in the revenue. I think that those are signs that we see, that we say, "Okay, we need to double down on making sure we've got coverage across the world in order for us to support demand." >> And you were the first sales rep, right? >> Michael: Yeah. >> Okay. >> Roy and I, I was the first AE, here was the first SE. >> Okay, but your early go-to market pros are probably different than what you're bringing in today, you didn't have, you know, a lot of BDRs at the time, but you guys were hands on consultants- >> Absolutely. >> Like sort of process consultants, sales folks, right? And then you codify that when you're ready to scale and now you're, is that kind of a, what you're doing? >> Absolutely, I mean, you nailed it, I mean, it's in the early stages, it's validating that there's a problem that exists in the market and how important is that problem, you know, to CISOs. So when we first started we met probably about 50 CISOs where we just had that conversation, not about sales, it was more about, "Hey we just want to talk to you about a problem we think exists in the market, love to get your reaction on that problem and then obviously how you're solving that problem and how much of a priority is that problem," How important is it to you? And then once you have those discussions then you can really find those individuals, early adopters if you will, that are ready to buy and then it kind of proliferates from there. >> And then you have a CRO , I presume, right? So what was that like finding him or her, is a really important first sales hire. >> Super important, yeah. >> How did you go about that? How long did it take? >> Yeah so it took about six to eight months and you know it's really tough because, you know, we look at cultural fit, above everything else. So it's not, that, "Can they do the job?" it's culturally, do they fit in? And you know, how much can that individual scale the organization? So there's a lot of factors associated, there's a lot of individuals associated to, you know with the interview process. So that's how we looked at it and obviously we wanted somebody that had experience in a company our size, was able to scale it and so on. The one tricky thing is, and I'll tell you this, is, you know, for Roy and I, you kind of have to let go a little bit, that was really tough, so knowing that you need to do that is something that- >> A little bit of founderitis? >> Micheal: Yeah. >> Dave: It's hard, right? >> Micheal: It's hard. >> Dave: Yeah, it's your baby. >> It's like, whaat? >> I get it, Michael, thanks so much for coming to theCUBE, congratulations on the news- >> Thank you Dave. >> The investment and good luck. >> Awesome, thank you so much, appreciate it. >> You're really welcome. All right, keep it right there, we'll be back right after this short break. Dave Vellante for theCUBE at FalCon22, CrowdStrike's big user event, we'll be right back. (cheerful bouncy music)

>>Welcome back everyone to the cubes coverage here in Seattle, Washington for the Avis marketplace seller conference, part of the APN partner network merging with the marketplace to form the Amazon partner organization. I'm John furrier, host of the cube Walter Wall coverage today, Christian Gor cash, who is the VP of alliances at Kong Inc. Welcome to the cube. Thanks for coming on. >>Thank you. Thank you, John. Really glad to be here. Corke exactly. Yeah. It's awesome. >>So Kong we've been following you guys for while Docker Kong cube. You've been part of our cube conversation. Also part of our, our startup showcase fast growing startup, you know, working on stuff that everyone loves APIs. I mean, APIs are so popular now that they now a security concern, right? Yeah. So like it gets squat there everywhere. I won't say API sprawl, but APIs are the connections and that are, is the web. That is the cloud. Okay. Now with cloud native developers who are now in the front lines have taken over it, everyone knows DevOps dev SecOps is now the new it and it's the developers security and data they're below they're the new ops, right? So, so this is where microservices come in, open source service MES new automation is coming down the pike. That's super valuable to businesses as they look at cloud native architecture, what are you guys doing in there? Take a minute to explain Kong's value proposition, the hot products, and then why you're here. >>Yeah. So, you know, I joined Kong now or three years ago, you know, we were still just reaching our hundred employees, mark, which is very important, very startup, but even back then, you know, Kong was relatively well known in industry, you know, so we have one of the most, well the most popular open source project in API gateway area. So con API gateway, you know, we cross now 300 million downloads, even more important is just the scale it, which the product's been used. So between our open source community and enterprise customers, we are now crossing like 11 trillion transactions per month. Now just give you comparison. Like this is like 18, 19 times more than Netflix per month. You know? So for any company that has a technology that operates it at scale, you need to hit few things outta the park. You know, as he mentions cloud data developers, they want simplicity. You know, they want automation. They also want performance and scale and security, which are all critical, you know, to how Kong, you know, start as opensource project. Now, of course we have the whole suite of enterprise products. We also have our con service mesh offering as well as our cloud offerings. >>Yeah. And this is how open source is doing it now, obviously, you know, I, I still remember, I still tell the story to the young startups. Hey, I, there was proprietary software when I was in college. Open source is now everything. Now you've got, got cloud scale. So the dynamic between open source, which has become the software industry open source success doesn't mean it's it's game over. It's the beginning. The commercialization that you guys have gone through is super important. Trillions of transactions. Now you have enterprises working with you. What's the big advantage of the seller relationship that you have with Amazon? Why are customers using it? What are they buying it for? Give the pitch of con for the marketplace customer. >>Yeah, it's actually, we are relatively new in AWS marketplace. You know, so our first transaction that we ever done was actually in July and 2021. So we are just over a year, you know, that journey, you know, when I look what Chris gross talked today, he was talking about, you know, Hey, just publishing marketplace, not enough. You know, you need to understand what's your value proposition. You need to make sure your operations already, your sales is ready. Everything is, is set. And we kind of did this for the first year and a half is spend a lot of time improving our integration with AWS overall, all the first party services relevant to con we also understood, well, what does it take to kind of fine tune our value proposition? We have like three specific sales place. And you know, when we launch our flagship product con connect enterprise and got our first transaction, that was great milestone for, for star like Kong. But then what we've seen is just that work that we've done before really paid off. I mean right now, >>Like what we'll give example. >>Yeah. So, you know, we are focusing on as measure three sales place. Money is we are focused, specific on helping customers who are modernizing and, and their application going to the cloud. And you have a lot of these, you know, lifting shift and are rearchitect and modernized, but most of the attentions on the workloads, what about the connections? You know, so a monolith application had to authentic all the users understand wheres the network and so on. When you build those, when you now decouple this built like 1,000 thousand microservices, you don't want to repeat this for every microservice. So that's where K brings the whole suite from, you know, service match to the API gate to help manage the journey and really support this environment. And we spend a lot of time to just fine tune that message. So that customers understood where, you know, how can we help them on their journey beyond what, for instance, cloud native or AWS API gateway offers them. So we can really help them from day one on the journey and accelerate. And >>I think I it's a no, it's a no braining for a customer to buyer or to come into the marketplace and say, click, I'm gonna buy some data analytics services. I'm gonna buy gateway through Kong. But when they start getting into these microservices, this automation opportunity there, there's more behind the curtain for them with Kong. So I have to ask you with the keynote we heard from Chris, the leader of the marketplace. Now he said that he wants the ISVs to be more native in the cloud. That probably resonates with you. You, >>You guys well with con's relatively simple because we were built at cloud native, you know, so very briefly the whole story of Congo. This is before Ajo, our founders were actually running the, the very popular API exchange col mesh shape. And they had to build their own gateway just to handle the scale and was built on cloud native technologies. And then when everybody's calling you, what are you using to running? This are using PGS. And so else, no, we built ourselves, oh, how can we get our hands on? That's how con actually >>Came to. And that's how the big winners usually happen too. They start build their own, solve their own problem because it's a big scale problem. Exactly. No one's had that problem. >>Yeah. And what we have seen, especially what was very, you know, through, through the pandemic, what we have seen. And it's interesting, you know, being in a startup doing pandemic is like, whoa, will the life just shut down or what we're doing? You know? But actually what we have seen customers prioritize the new business capability. For instance, you have a large parental companies that overnight, they have to understand where the assets are. Yeah. Or banks who are like 45 days of, you know, approving process for the loans. They need to reduce it for a day or two. >>Yeah. And they're adding more developers, too, exactly. To build the modern application. So they need to have that infrastructure as code aspect. Correct. >>And they >>Need in place. >>Yeah. I need to like you have, you know, I don't think that many customers still have waterfall cycles, but they have, have pre pretty long developers development cycles. And now you need to, you know, do this multiple times a day. That's >>Interesting. We talked to a lot of cloud architects and C CIO C says, and you know, the executive just hire more developers take that hill, build. It just don't build a new app. It's not that easy boss. When, when the cloud architect says we have to be fully operationally ready with cloud native infrastructure's code. So with that, you're seeing a lot more enterprises come in now that are more savvy. They getting better. We're seeing Kubernetes more and more. You're seeing containerization. You're seeing that cloud native enterprise acceptance. What does that mean for you guys in the marketplace, as you look at the value proposition, how are you guys working with the marketplace today and where do you see customers buying in the future? >>Yeah, so we as mentioned, you know, we, we are now a year into that journey. We already seen tremendous benefits just in terms of reducing the friction. You know, the whole procurement, you know, you come as a startup with some, some of the largest companies in the world, they used to buy five, 10 billion in software and they have all these processes and you're like, well, but we only have like two people in finance. Sorry. How can you, and where marketplace can really, really helps us is, you know, improve this experience, both sides because they understand like we are fast moving company. They, they want us because of our speed and, and innovation that we, the product's strong. Yeah. They don't want us to get bogged down in all these pro procurement processes either. And so, so that's the first benefit. We also are working very hard to make sure that the customers can provision Kong in AWS and automate across the board. So essentially reducing their time to value dramatically. Yeah. And another thing that we found tremendously beneficial for us is a startup is the whole concept of a standard marketplace contract. Yeah. So instead of us coming with our little MSA or come like 50 page MSA from companies, we now have a middle ground. So we can just agree. You know, there's some differences, some specifics to qu software and it's tremendously reduced costs on both sides. >>Great. For you guys great for the buyers. Yeah. You get deployed services. They're not just buying, they're managing and deploying. Yeah, >>Exactly. Great. >>Quick, final question. Put a plugin for the company. What are you working on now? What's the big news. What's the con update? >>Well, that's an interesting part because I can't tell you because next week we have our con summit. Oh right. In San Francisco. The cubes not so 28, 20 ninth. Yeah. We, we we'll, I think we are gonna fix that in the future. But anyway, this is the first time after pandemic to do this in person, we have number of very exciting announcement, our Kong products, as well as you may hear some news about our AWS partnership, >>We like con we believe that DevOps has happened. Dev sec ops, whatever you gonna call it, dev is now the developers they're in the front lines. They're in the C I CD pipeline. They're shifting left. That's the new they took over it. That's what DevOps does. It's not a title. Now you have security and data ops behind the scenes. That's gonna be middleware. That's gonna have tons of microservices. So more, more, more action coming, all API based. >>Exactly. And the more, you know, the more complexity we can take away from that, the better we, you know, the >>Whole community. Thank you. Spending the time to come on the cube here at the, a us marketplace seller conference. What do you think about the APN merging with the marketplace formed the P the Amazon partner organization. Thumbs up, thumbs down. What's your heard? >>It's excellent. We have a great friend in AP, a great friend, us marketplace. Now both of them work together with huge. >>Fantastic. Yes. Thanks for okay. Cube coverage here in Seattle. I'm John furier APN marketplace together. APOs the new organization making it easier. Of course, we got all the coverage here. Thanks for watching.

(upbeat music) >> Welcome back to The Cube's coverage of Fal.Con 22. I'm Dave Vellante with Dave Nicholson. This is day one of our coverage. We had the big keynotes this morning. Derek Jeter was one of the keynotes. We have a big Yankee fan here: George Kurtz is the co-founder and CEO of CrowdStrike. George, thanks for coming on The Cube. >> It's great to be here. >> Boston fan, you know, I tweeted out Derek Jeter. He broke my heart many times, but I can't hate on Jeter. You got to have respect for the guy. >> Well, I still remember I was in Japan when Boston was down you know, by three games and came back to win. So I've got my own heartbreak as well. >> It did heal some wounds, but it almost changed the rivalry, you know? I mean, >> Yeah. >> Once, it's kind of neutralized it, you know? It's just not as interesting. I mean, I'm a season ticket holder. I go to all the games and Yankee games are great. A lot of it used to be, you would never walk into Fenway park with, you know pin stripes, when today there's as many Yankee fans as there are... >> I know. >> Boston fans. Anyway, at Fenway, I mean. >> Yeah. >> Why did you start CrowdStrike? >> Biggest thing for me was to really change the game in how people were looking at security. And at my previous company, I think a lot of people were buying security and not getting the outcome that they wanted. Not- I got acquired by a company, not my first company. So, to be clear, and before I started CrowdStrike, I was in the antivirus world, and they were spending a lot of money with antivirus vendors but not getting the outcome I thought they should achieve, which is to stop the breach, not just stop malware. And for me, security should be outcome based not sort of product based. And the biggest thing for us was how could we create the sales force of security that was focused on getting the right outcome: stopping the breach. >> And the premise, I've seen it, the unstoppable breach is a myth. No CSOs don't live by that mantra, but you do. How are you doing on that journey? >> Well I think, look, there's no 100% of anything in security, but what we've done is really created a platform that's focused on identifying and stopping breaches as well as now, extending that out into helping IT identify assets and their hygiene and basically providing more visibility into IT assets. So, we talked about the convergence of that. Maybe we'll get into it, but. >> Dave Vellante: Sure. >> We're doing pretty well. And from our standpoint, we've got a lot of customers, almost 20,000, that rely on us day to day to help stop the breach. >> Well, and when you dig into the CrowdStrike architecture, what's so fascinating is, you know, Dave, we've talked about this: agent bad. Well, not necessarily, if you can have a lightweight agent that can scale and support a number of modules, then you can consolidate all these point tools out there. You talked about in your keynote, your pillars, workloads, which really end points >> Right. >> ID, which we're going to talk about. Identity data and network security. You're not a network security specialist, >> Right. >> But the other three, >> Yes. >> You're knocking down. >> Yeah. >> You guys went deep into that today. Talk about that. >> We did, most folks are going to know us for endpoint and Cloud workload protection and visibility. We did an acquisition almost two years to the day on preempt. And that was our identity play, identity threat protection and detection. And that really turned out to be a smart move, because it's the hottest topic right now. If you look at all the breaches over the last couple years, it's all identity based. Big, big talking points in our keynotes today. >> Dave Vellante: Right. >> And then the third area is on data, and data is really the you know, the new currency that people trade in. So how do you identify and protect endpoints and workloads? How do you tie that together with identity, as well as understanding how you connect the dots and the data and where data flows? And that's really been our focus and we continue to deliver on that for customers. >> And you've had a real dogma, I'll call it, about Cloud Native. I've had this conversation with Frank Slootman, "No we're not going to do a halfway house." You, I think, said it really well today. I think it was you who said it. If you've got On-Prem and Cloud, you got two code bases, >> George Kurtz: Right. >> That you got to maintain. >> That's it, yeah. >> And that means you're taking away resources from one or the other. >> That's exactly right. And what a lot of our competitors have done is they started On-Prem as an AV vendor, and then they took what they had and they basically put it in a Cloud instance called a Cloud, which doesn't really scale. And then, you know, where they need to, they basically still keep their On-Prem, and that just diffuses your engineering team. And most of the On-Prem stuff doesn't even have the features of what they're trying to offer from the Cloud. So either you're Cloud Native or you're not. You can't be halfway. >> But it doesn't mean that you can't include and ingest On-Prem data- >> Well, absolutely. >> into your platform, and that's what I think most people just some reason don't seem to understand. >> Well our agents run wherever. They certainly run On-Prem. >> Dave Vellante: Right. Right. >> And they run in the Cloud, they run wherever. But the crowd in the CrowdStrike is the fact that we can crowdsource this threat information at scale into our threat graph, which gives us unique insight, 7 trillion events per week. And you can't do that if you're not Cloud Native. And that crowd gives the, we call, community immunity. We see all kinds of attacks across 176 different countries. That benefit accrues to all of our customers. >> But how do you envision and maintain and preserve a lightweight agent that can support so many modules? As you do more acquisitions and you knock down new areas and bring in new functionality, go after things like operations technology, how is it that you're able to keep that agent lightweight? >> Well, we started as a platform company, meaning that the whole idea was we're going to build a lightweight agent. First iteration had no security capabilities. It was collect data, get it into a common data architecture or threat graph, in one spot. And then once we had the data then we applied AI to it and we created different workflows. So, the first incarnation was get data into the Cloud at scale. And that still holds true today. So if you think about why we can actually have all these different modules without an impact on the performance, it's we collect data one time. It's a threat data, you know? We're not collecting user data, but threat data collection mechanism. Once we have all that data, then we can slice and dice and create other modules. So the new modules never have to even touch the agent 'cause we've already collected the data. >> I'm going to just keep going, Dave, unless you shove your way in. >> No, no, go ahead. No, no, no. I'm waiting to pounce. >> But okay, so, I think, George, but George, I need to ask you about a comment that you made about we're not just shoving it into a data lake. But you are collecting all the data. Can you explain that nuance? >> Yeah. So there's a difference between a collect and forward agent. It means they just collect a bunch of data. They'll probably store it in a lot of space on the endpoint. It's slow and cumbersome, and then they'll forward it up into another data lake. So you have no context going into no context. Our agent is a smart agent, which actually allows us to always track the context of all these processes in what's happening on the endpoint. And it's a mini graph, meaning we keep track of the relationships. And as we ship that contextual information to the Cloud, we never lose that context. And then it goes into the bigger graph database, always with the same level of context. So, we keep the context of each individual workload or endpoint, and then across the Cloud, we have the context of all of those put together. It's massive. And that allows us to create different insights rather than a data lake, which is, you know, you're looking for, you're creating a bigger needle stack looking for needles. >> And I'm envisioning almost an index that is super, super fast. I mean, you're talking about sub, well second kind of near real time responses, correct? >> Absolutely. So a lot of what we do in terms of protection is already pushed down to the endpoint , 'cause it has intelligence and the AI model. And then again, the Cloud is always looking for different anomalies, not only on each individual endpoint or workload, but across the entire spectrum of our customer base. And that's all real time. It continually self-learns from all the data we collect. >> So when, yeah, when you've made these architectural decisions over time, there was a time when saying that you needed to run an agent could be a deal killer somewhere for people who argued against that. >> George Kurtz: Right. >> You've made the right decision there, clearly. Having everything be crowdsourced into Cloud makes perfect sense. Has that, though, posed a challenge from a sovereignty perspective? If you were deploying stuff On-Prem all over the place, you don't need to worry about that. Everything is here >> George Kurtz: Yeah. >> in a given country. How do you address the challenges of sovereignty when these agents are sending data into some sort of centralized Cloud space that crosses boundaries? >> Well, yeah, I guess what we would, let me go back to the beginning. So I started company in 2011 and I had to convince people that delivering endpoint security from the Cloud was going to be a good thing. >> Dave Vellante: Right. (chuckles) >> You know, you go into a Swiss bank and a bunch of other places and they're like, you're crazy. Right? >> Dave Nicholson: Right. >> They all became customers afterwards, right? And you have to just look at what they're doing. And the question I would have in the early days is, well, let me ask you are you using Dropbox, Box? Are you using a Microsoft? You know, what are you using? Well, they're all sending data to the Cloud. So good news! You already have a model, you've already approved that, right? So let's talk about our benefit. And you know, you can either have an adversary steal your data or you can send threat data to our Cloud, which by the way is in a lot of sovereign Clouds that are out there. And when you actually break it down to what we're sending to the Cloud, it's threat data, right? It isn't user files and documents and stuff. It's threat data. So, we work through all of that. And the Cloud is bigger than CrowdStrike. So you look at Sales Force, Service Now, Workday, et cetera. That's being used all over the place, Box, Dropbox. We just tagged onto it. Like why shouldn't security be the platform of record, and why shouldn't CrowdStrike be the platform of record and be the pillar of Cloud security? >> Explain your observability strategy, 'cause you acquired Humio for, I mean, I think it was $400 million, which is a song. >> Yeah. >> And then Reposify is the latest acquisition. I see that as an extension, 'cause it gives you visibility. Is that part of your security, of your observability play? Explain where you do play and don't play. >> Sure. Well observability is a big, you know, fluffy word. Where we play is in probably the first two areas of observability, right? There's five, kind of, pillars. We're focused on event collection. Let's get events from the endpoints. Let's get events from really anywhere in the network. And we can do that with Humio is now log scale. And then the second piece is with our agents, let's get an understanding of their, the asset itself. What is the asset? What state is it in? Does it have vulnerabilities? Does it have, you know, is it running out of disc space? Is it have, does it have a performance issue? Those are really the first two, kind of, areas of observability. We're not in application performance, we're in let's collect data from the endpoint and other sources, and let's understand if the thing is working, right? And that's a huge value for customers. And we can do that because we already have a privileged spot on the endpoint with our agent. >> Got it. Question on the TAM. Like I look at your TAMs, your charts, I love it. You know, generally do. Were you taking known data from you know, firms like IDC >> George Kurtz: Yeah. >> and saying, okay we're going to play there, now we're made this acquisition. We're new modules, now we're playing there. Awesome. I think you got a big TAM. And I guess that's, that's the point. There's no lack of market for you. >> George Kurtz: Right. >> But I do feel like there's this unknown unquantifiable piece of your TAM. IDC can't see it, 'cause they're kind of looking back >> George Kurtz: Right. >> seein' what the market do last year and we'll forecast it out. It's almost, you got to be a futurist to see it. How do you think about your total available market and the opportunity that's out there? >> Well, it's well in excess of 120 billion and we've actually updated that recently. So it's even beyond that. But if you look at all the modules each module has a discreet TAM and again, for what, you know, what we're focused on is how do you give an outcome to a customer? So a lot of the modules map back into specific TAM and product categories. When you add 'em all up and when you look at, you know, some of the new things that we're coming out with, again, it's well in excess of 120 billion. So that's why we like to say like, you know, we're not an endpoint company. We're really, truly a security platform company that was born in the Cloud. And I think if you see the growth rates, and one of the things that we've talked about, and I think you might have pointed out in prior podcasts, is we're the second fastest company to 2 billion dollars in annual recurring revenue, only behind Zoom. And you know I would argue- great company, by the way, a customer- but that was a black Swan event in a pandemic, right? >> Dave Vellante: I'll say! >> Yeah. >> So we are rarefied air when you think about the capabilities that we have and the performance and the TAM that's available to us. >> The other thing I said in my breaking analysis was 'cause you guys aspire to be a generational company. And I think you got a really good shot at being one, but to be a generational company, you have to have an ecosystem. So I'd love you to talk about the ecosystem, but where you want to see it in five years. >> Well, it really is a good point and we are a partner first company. Ecosystem is really important. Cameras probably can't see all the vendors that are here that are our partners, right? It's a big part of this show that we're at. You see a lot of, well, you see some vendors behind us. >> Yep. >> We have to realize in 2022, and I think this is something that we did well and it's my philosophy, is we are not the only game in town. We like to be, and we are, for many companies the security platform on record, but we don't do everything. We talked about network in other areas. We can't do everything. You can't be good and try to do everything. So, for customers today, what they're looking at is best of platform. And in the early days of security, I've been in it over 30 years, it used to be best of breed products, then it was best of suite, now it's best of platform. So what do I mean by that? It means that customers don't want to engineer their own solution. They, like Lego blocks, they want to pull the platforms, and they want to stitch 'em together via API. And they want to say, okay, CrowdStrike works with Okta, works with Zscaler, works with Proofpoint, et cetera. And that's what customers want. So, ecosystem is incredibly important for us. >> Explain that. You mentioned Okta, I had another question for you. I was at Reinforce, and I saw this better together presentation, CrowdStrike and Okta talking about identity. You've got an identity module. Explain to people how you're not competing with Okta. You guys complement each other, there. >> Well, an identity kind of broker, if you will, is basically what Okta does in others, right? So you log in single sign on and you get access. They broker access to all these other applications. >> Dave Vellante: Right. >> That's not what we do. What we do is we look at those endpoints and workloads and domain controllers and directory services and we figure out, are there vulnerabilities and are there threats associated with them? And we call that out. The second piece, which is critical, is we prevent lateral movement. So if credentials are stolen we can prevent those credentials from being laundered or used and moved laterally, which is a key part of how breaches happen. We then create a trust score on those endpoints and workloads. And we basically say, okay, do we think the trust on the endpoint and workload is high or low? Do we think the identity, you know, is it George on the endpoint, or not? We give that a score. And we pass that along to Okta or Ping or whoever, and they then use that as part of their calculus in how they broker access to other resources. So it really is better together. >> So your execution has been stellar. This is my competition question. You obviously have competition out there. I think architecturally, you've got some advantages. You have a great relationship with AWS. I don't know what's going on with Google, but Kevin's up on stage. >> George Kurtz: Yeah. >> They're now part of Google. >> George Kurtz: We have a great relationship with them. >> Microsoft obviously, a competitor. You obviously do some things in, >> Right. >> in Azure. Are you building the security Cloud? >> We are. We think we are, because when you look at the amount of data that we actually ingest, when you look at companies using us for critical decisions and critical protection, not only on their On-Prem, but also in their Cloud environment, and the knowledge we have, we think it is a security Cloud. You know, you had, you had Salesforce and Workday and ServiceNow and each of them had their respective Clouds. When I started the company, there was no security Cloud. You know, it wasn't any of the companies that you know. It wasn't the firewall companies, wasn't the AV companies. And I think we really defined ourselves as the security Cloud. And the level of knowledge and insights we have in our Cloud, I think, are world class. >> But you know, it's a difference of being those- 'cause you mentioned those other, you know, seminal Clouds. They, like Salesforce, Workday, they're building their own Clouds. Maybe not so much Workday, but certainly Salesforce and ServiceNow built their own >> Yeah. >> Clouds, their own data centers. You're building on top of hyperscalers, correct? >> Well, >> Well you have your own data centers, too. >> We have our own data centers, yeah. So when we first started, we started in AWS as many do, and we have a great relationship there. We continue to build out. We are a huge customer and we also have, you know, with data sovereignty and those sort of things, we've got a lot of our sort of data that sits in our private Cloud. So it's a hybrid approach and we think it's the best of both worlds. >> Okay. And you mean you can manage those costs and it's, how do you make the decision? Is it just sovereignty or is it cost as well? >> Well, there's an operational element. There's cost. There's everything. There's a lot that goes into it. >> Right. >> And at the end of the day we want to make sure that we're using the right technology in the right Clouds to solve the right problem. >> Well, George, congratulations on being back in person. That's got to feel good. >> It feels really good. >> Got a really good audience here. I don't know what the numbers are but there's many thousands here, >> Thousands, yeah. >> at the ARIA. Really appreciate your time. And thanks for having The Cube here. You guys built a great set for us. >> Well, we appreciate all you do. I enjoy your programs. And I think hopefully we've given the audience a good idea of what CrowdStrike's all about, the impact we have and certainly the growth trajectory that we're on. So thank you. >> Fantastic. All right, George Kurtz, Dave Vellante for Dave Nicholson. We're going to wrap up day one. We'll be back tomorrow, first thing in the morning, live from the ARIA. We'll see you then. (calm music)

>>Welcome back to Boston. Everybody watching the cubes coverage, OFS reinforce 22 from Boston, Atlanta chow lobster, the SOS a ruin in my summer, Andy and Smith is here is the CMO of laminar. Andy. Good to see you. Good >>To see you. Great to be >>Here. So laminar came outta stealth last year, 2021, sort of, as we were exiting the isolation economy. Yeah. Why was laminar started >>Really about there's there's two mega trends in the industry that, that created a problem that wasn't being addressed. Right? So the two mega trends was cloud transformation. Obviously that's been going on for a while, but what most people doesn't don't realize is it really accelerated with COVID right? Being all, everybody having to be remote, et cetera, various stats I've read like increased five times, right? So cloud transformation are now you are now problem, right? That's going on? And then the other next big mega trend is data democratization. So more data in the cloud than ever before. And this is, this is just going and going and going. And the result of those two things, more data in the cloud, how am I securing that data? You know, the, the, the breach culture we're in like every day, a new, a new data breach coming up, et cetera, just one Twitter, one yesterday, et cetera. The, those two things have caused a gap with data security teams and, and that's what he >>Heard at attract. Yeah. So, you know, to your point and we track this stuff pretty carefully quarterly, and you saw, it was really interesting trend. You actually saw AWS's growth rate accelerate during the pandemic. Absolutely. You know? Absolutely. So you're talking about, you know, a couple of hundred billion dollars for the big four clouds. If you, if you include Alibaba and it's still growing at 35, you know, 40% a year, which is astounding, so, okay. So more cloud, more data. Explain why that's a, a problem for practitioners. >>Yeah, exactly. The reality is in, in the security, what, what are we doing? What all the security it's about protecting your data in the end, right? Like, like we're here at this at, at reinforce all these security vendors here really it's about protecting your data, your sensitive data. And, but what, what had been happening is all the focus was on the infrastructure, the network, et cetera, et cetera, and not as much focus, particularly on the data and, and the move to the cloud gave the developers and the data scientists, way more power. They don't longer have to ask for permission. And so they can just do what they want. And it's actually wonderful for the business. The business is moving faster, you spin up applications sooner, you get new, new insights. So all those things are really great, but because the developer has so much power, they can just copy data over here, make a backup over here, new et cetera. And, and security has no idea about all these copies of the, of the data that are out there. And they're typically not as well protected as that main production source. And that's the gap that >>Exists. Okay. So there was this shift from sort of perimeter hardening the perimeter, hardening the infrastructure and, and now your premises, it's moving to the data we saw when, when there was during the pandemic, there was definitely a shift to end point security. There was a shift to cloud security rethinking the network, but it was still a lot of, you know, kind of cha chasing the whackamole and people have talked about this is a data problem for years. Yeah. But it was, it's taken a while for, for companies, for the technology industry to, to come at it. You guys are one of the first, if not the first. Yeah. Why do you think it took so long? Is this cuz it's really hard. >>Yeah. I mean, it, it's hard. You need to focus on it. The, the traditional security has been around the network and the box, right. And those are still necessary. It's important to, you know, your use identity to cover the edge, to, to make sure people can't get into the box, but you also have to have data. So what, what happens is there's really good solutions for enterprise data security, looking at database, you know, technology, et cetera. There are good solutions for cloud infrastructure security. So the CSP of the world and the CWPP are protecting containers, you know, protecting the infrastructure. But there really wasn't much for cloud everything you build and run in the cloud. So basically your custom application, your custom applications in the IAS and PAs environments, there really wasn't anything solving that. And that's really where laminar is focused. >>Okay. So you guys use this term shadow data. We talk about shadow. It what's shadow data. >>Yeah. So what we're finding at a hundred percent of our customer environments and our POVs and talking to CISOs out there is that they have these shadow data assets and shadow data elements that they have no clue that existed. So here's the example. Everybody knows the main RDS database that is in production. And this is where, you know, our, our data is taken from. But what people don't realize is there's a copy of that. You know, in a dev environment, somebody went to run a test and they was supposed to be there for two weeks. But then that developer left forgot, left it there. They left the company, oh, now it's been there for two years that there was an original SQL database left over from a lift and shift project. They got moved to RDS, but nobody deleted that thing there, you know, it's a database connected to an application, the application left, but that database, that abandoned database is still sitting. These are all real life customer examples of shadow data that we run into. And there's, and what the problem is that main production data store is secured pretty well. It's following all your policies, et cetera. But all these shadow data resources are typically less well protected unmonitored. And that is what the attackers are after. >>So you're, you know, the old, the, the Watergate follow the money, you're following the data, >>Following the data. >>How do you follow that data if there's so much of it, it, and it's, you know, sometimes, you know, not really well understood where it is. How do you know where >>It is? Yeah. It's the beauty of partnering with somebody like AWS, right? So with each of the cloud providers, we actually take a role in your cloud account and use the APIs from the cloud provider to see all the changes in all the instances are going on. Like it is, the problem is way more complicated in the cloud because I mean, AWS has over 200 services, dozens of ways to store data, right. It's wonderful for the developer, but it's very hard for the security practitioner. And so, because we have that visibility through the cloud provider's APIs, we can see all those changes that are happening. We can then say, ah, that's a data store. Let me go analyze, make a copy, have a snapshot of that and do the analyzing of that data right inside our customer's account without pulling the data out. And we have complete visibility to everything. And then we can give that data catalog over to the customer. >>All right. I gotta ask you a couple Colombo questions. So if you know, we talk about encryption, everything's encrypted everything. If, if the data is encrypted, why then would I need laminar? >>Because I mean, we'll make sure that the data's encrypted okay. Right. Often. So it's not supposed to be and not right. Two is, we're gonna tell you what type of data is inside there. Oh, is this, is this health information? Is it personal identify information? Is it credit cards? You know, et cetera, C so we'll classify the data for you. We will also, then there's things like retention, period. How long should we, I hold onto that data, all the things about what are, who has access, what's the exposure level for that data. And so when you, when you think about data security posture, what's the posture of that data you're looking at at those data policies. It's something that has been very well defined and written down. But in the past, there was just no way to go verify that those, that, that, that policy is actually being followed. And so we're doing that verification automatically. >>So without the context, you can't answer those other questions. So you make sure it's encrypted. If it's not, or you can at least notify me that it's not, you don't do the encryption. Right. Or do you, >>We don't do it ourselves, but we can give you here. Here's the command in and the Amazon to go encrypt it >>Right. Then I can automate that. And then the classification is key because now you're telling me the context. So I can say, okay, apply this policy to that data, retain it for this long, get rid of it after X number of years, or if it's work, process, get rid of it now. Yeah. And then who should have access to that data. And so you can help at least inform how to enforce those policies. >>Exactly. And so we, we, we call it guided remediation because what we're, you know, talking to a CISO, they're like, I need 400 more alerts, like a hole in the head like that. Doesn't do me any good. If you can't tell me how to resolve the, the, the, this security gap that I have or this, then it doesn't do any good. And, and the first, first it starts with who do I need to go talk to? Right. So they have hundreds, if not thousands of developers. Oh, great. You found this issue. I, I, I don't know who to go. Like, I can't just delete it myself, but I need to go talk to somebody really, should this be deleted? We need, do we really, really need to hold onto this? So we, we help guide who the data owner is. So we give you who to talk to. You, give you all the context. Here's the data, here's the data asset that it's in. Here's our suggestion. Here's the problem. Here's our suggestion for >>Solution. And you started the company on AWS >>Started on AWS. Absolutely. >>So what's of course it's best cloud and why not start there? So what's the relationship like, I mean, how'd you get started? You said, okay, Hey, we're we got an idea for a company. We're gonna build it on AWS. We're gonna become a customer. We're gonna, you know, >>We actually, so insight partners is our main investor. Yeah. And they were very helpful in giving us access to literally hundreds of CSOs, who we had conversations with before we actually launched the company. And so we did some shifting and to, to figure out our exact use case. But by the time we came to market, it was in February this year, we actually GAed the product that, where like product market fit nailed because we'd had so many conversations that we knew the problem in the market that we needed to solve. And we knew where we needed to solve it first. And, and the, the, the relationship we AWS is great. We just got on the marketplace, just became a, a partner. So really good. Good >>Start. So I gotta ask you, so I always ask this question. So how do you actually know when you have product market fit? >>You it's about those conversations. Right. You know, so like, I I've been to lots of startups and sometimes you're you're, you, you each have a conversation and then they, they saying, oh, well kind of want this. And we kind of like that. And so it, the more conversations you have, the more, you know, you're solving a real problem. Right. And, and, and, and, and you re react to what that, what that prospect is telling you back and, or that advisor or that whoever we're talking to. And, and every single one of the CISO conversations we had was I don't have a good inventory of my data in the cloud. >>The reason I asked that, cause I always ask the startups, like, when do you scale? Cause I think startups sometimes scale too fast. They try to scale too fast, they'll hire 50 sales people. And then they, you know, churn, you know, they, they got a 50% churn, but they're trying to optimize their go to market when they got 50% of their customers are gonna leave. So it's, it's gotta be the sequential thing. So, so you got product market fit. So are, are you in the scaling phase >>Now? We are. Yeah. Yeah, yeah. So now it's about how quickly can we deliver? We, we we're ramping customer base significantly. And, and you know, we've got a whole go to market team in, you know, sales and marketing in the us and, and often off to the races >>And you just run on AWS or you run another clouds. >>It's multi-cloud so AWS, Azure, GCP, et cetera. >>Okay. So then my least my next question is it sort of, you can do this within each of the individual clouds today. Do you see a day and maybe it's here today is where you can create a single experience across those clouds >>Today. It's a single experience across cloud. So our SaaS, we have our SaaS portion runs in AWS, but the actual data analysis runs in each cloud provider. So AWS, Azure, GCP and snowflake too, actually. >>Ah, okay. So I come through your whatever portal, like if I can use that term. Yep. And that's running on AWS. Yes. You're SAS, as you say, and then you go out to these other environments, GCP, Azure, AWS itself, and snowflake. Yep. And I see laminar, is that right? Or >>There's a piece running inside our customer's environment. Okay. So, so we have a customer, they, the, we have, we get a role inside of their cloud account or read only role inside of their cloud account. And we spin up serverless functions in that cloud account. That's where all the analysis happens. And that's why we don't take any data out of the environment. So it all stays there. And, and therefore we don't, we don't actually see the data outside of the environment. Like, I, I can tell you there's a metadata comes out. I can tell you, there are credit cards inside that data store, but I can't tell you exactly which credit card it is cuz I don't know. So all the important actions happens are there and just the metadata metadata comes out. So we can give you a cross cloud dashboard of all your sensitive data. >>And of course, so take the example of snowflake. They're going across clouds, they're building what we call super cloud sort of, of a layer that floats on top. You're just sort of going wherever that data goes. >>Yeah, exactly. So, so each of there's a component that lives in the customer's environment in the, in those multi-cloud environments and then a single view of the world dashboard that is our SaaS component that runs an AWS. So >>You guys are, is, am I correct? You're series a funded >>Series, a funded yeah, exactly. >>And, and already scaling to go to market. Yeah. Which is, which is early to scale. Right. I mean you've got startup experience. Right? >>Absolutely. >>How does it compare? >>Well, what was amazing here was access. I mean, really it was through the relationship with insight. It was access to the CISOs that I had never had at any of the other startups I was with. You're trying to get meetings, you're meeting with a lot of practitioners, you know, et cetera. But getting all those conversations with buyers was, was super valuable for us to say, ah, I know I'm solving a real problem that has value that they will pay for. Right. And, and, and so that, that was a year and a half probably still of all that work going on. We just, just waited to GA until we understood the market >>Better. Yeah. Insight. They're amazing. The way to talk about scaling. I mean, they've just the last 10 years that comp that, that PE firm has just gone wild in terms of just their, their philosophy, their approach, their cadence, their consistency. And now of course their portfolio. >>Yeah. And, and they started doing a little bit earlier and earlier stage. I mean, I, I always think of them as PE too, but you know, they, they did our seed round. Right. They did our a round and, and they're doing earlier stages, but particularly what they saw in Laar was exactly what we started this conversation with. They saw cloud transformation speeding up, they saw data democratization happening. They're like, we need to invest in this now because this is a now a problem to solve. >>Yeah. It's interesting. Cuz when you go back even pre 2010, you talk to, you know, look at insight, they would wait. They would invest in companies unless there was, you know, on the way to five plus million dollar ARR, they weren't doing seed deals. Totally. Like they saw, wow, these actually can be pretty lucrative and we can play and we have a point of view and yeah. So cool. Well, congratulations. I'll give you the final word. What, what should we be watching for from, from Laar as sort of, you know, milestones that you guys want to hit and, and indicators of success. >>Yeah. Now it's all about growth partnerships, you know, integrations with, with other of the players out here. Right. And so, you know, like scaling our AWS partnership is one of the key aspects for us. And so, you know, just look for, look for the name out there and, and you'll start, you'll start to see it a lot more. And, and if, if you have the need, you know, come look us up. Laar security.com. >>Awesome. Well thanks very much for coming to Cuban. Good luck. Appreciate it. All right. >>Wonderful. Thanks. You're >>Welcome. All right. Keep it right there, everybody. This is Dave ante. We'll be back right after this short break from AWS reinvent 2022 in Boston. You're watching the cue.

>> Hello, everyone. Welcome to theCUBE presentation of the AWS startup showcase, market MarTech, emerging cloud scale customer experience. This is season two, episode three of the ongoing series covering the exciting startups from the AWS ecosystem. Talking about the data analytics, all the news and all the hot stories. I'm John Furrier your host of theCUBE. And today we're excited to be joined by Rachel Ostler, VP of product at Heap, Heap.io. Here to talk about from what, to why the future of digital insights. Great to see you, thanks for joining us today. >> Thanks for having me, John. Thanks for having me back. >> Well, we had a great conversation prior to the event here, a lot going on, you guys had acquired Auryc in an acquisition. You kind of teased that out last time. Talk about this, the news here, and why is it important? And first give a little setup on Heap and then the acquisition with Auryc. >> Yeah. So heap is a digital insights platform. So as you mentioned, it's all about analytics and so Heap really excels at helping you understand what your users and customers are doing in your digital application at scale. So when it comes to Auryc, what we really saw was a broken workflow. Maybe, I would even call it a broken market. Where a lot of customers had an analytics tool like Heap. So they're using Heap on one hand to figure out what is happening at scale with their users. But on the other hand, they were also using, like a session replay tool separately, to look at individual sessions and see exactly what was happening. And no one was very effective at using these tools together. They didn't connect at all. And so as a result, neither one of them could really be fully leveraged. And so with this acquisition, we're able to put these two tools together, so that users can both understand the what at scale, and then really see the why, immediately together in one place. >> You know, that I love that word why, because there's always that, you know, that famous motivational video on the internet, "you got to know your why", you know, it's very a motivational thing, but now you're getting more practicality. What and why is the, is the lens you want, right? So, I totally see that. And again, you can teased that out in our last interview we did. But I want to understand what's under the covers, under the acquisition. What was the big thesis behind it? Why the joint forces? What does this all mean? Why is this so important to understand this new, what and why and the acquisition specifically? >> Yeah, so let me give you example of a couple used cases, that's really helpful for understanding this. So imagine that you are a product manager or a, maybe a growth marketer, but you're someone who owns a digital experience. And what you're trying to do, of course, is make that digital experience amazing for your users so that they get value and that may mean that they're using it more, it may mean that new features are easily discoverable, that you can upsell things on your own. There's all sorts of different things that that may mean, but it's all about making it easy to use, discoverable, understandable, and as self-service as possible too. And so most of these digital builders, we call 'em digital builders sometimes. They are trying to figure out when the application is not working the way that it should be working, where people are getting stuck, where they're not getting the value and figure out how to fix that. And so, one really great used case is, I just want to understand in mass, like, let's say I have a flow, where are people dropping off? Right, so I see that I have a four step funnel and between step three and four people are dropping off. Heap is great for getting very detailed on exactly what action they're taking, where they're dropping off. But then the second you find what that action is, quantitatively, you want to watch it, you want to see what they did exactly before it. You want to see what they did after it. You want to understand why they're getting stuck. What they're confused at, are they mouthing over two things, like you kind of want to watch their session. And so what this acquisition allows us to do, is to put those things together seamlessly, you find the point in friction, you watch a bunch of examples, very easily. In the past, this would take you at least hours, if you could do it at all. And then in other used cases, the other direction. So there's the kind of, I think of it as the max to the min, and then there's the other direction as well. Like you have the, or maybe it's the macro to micro. You have the micro to macro, which is you have one user that had a problem. Maybe they send in a support ticket. Well, you can validate the problem. You can watch it in the session, but then you want to know, did this only happen to them? Did this happen to a lot of users? And this is really worth fixing, because all these customers are having the same problem. That's the micro to macro flow that you can do as well. >> Yeah. That's like, that's like the quantitative qualitative, the what and the why. I truly see the value there and I liked the way you explained that, good call out. The question I have for you, because a lot of people have these tools. "I got someone who does that." "I got someone over here that does the quantitative." "I don't need to have one company do it, or do I?" So the question I have for you, what does having a single partner or vendor, providing both the quantitative and the qualitative nails mean for your customers? >> So it's all because now it's immediate. So today with the two tools being separate, you may find something quantitatively. But then to, then to find the sessions that you want to watch that are relevant to that quantitative data point is very difficult. At least it takes hours to do so. And a lot of times people just give up and they don't bother. The other way is also true, you can watch sessions, you can watch as many sessions as you want, you can spend hours doing it, you may never find anything of interest, right? So it just ends up being something that users don't do. And actually we've interviewed a lot of customers, they have a lot of guilt about this. A lot of product managers feel like they should be spending all this time, but they just don't have the time to spend. And so it not only brings them together, but it brings them together with immediacy. So you can immediately find the issue, find exactly where it is and watch it. And this is a big deal, because, if you think about, I guess, like today's economic conditions, you don't have a lot of money to waste. You don't have a lot of time to waste. You have to be very impactful with what you're doing and with your spending of development resources. >> Yeah. And totally, and I think one of the things that immediacy is key, because it allows you to connect dots faster. And we have the aha moments all the time. If you miss that, the consequences can be quantified in a bad product experience and lost customers. So, totally see that. Zooming out now, I want to get your thoughts on this, cause you're bringing, we're going down this road of essentially every company is digital now, right? So digitization, digital transformation. What do you want to call it? Data is digital. This video is an experience. It's also data as well. You're talking, we're going to share this and people are going to experience that. So every website that's kind of old school is now becoming essentially a digital native application or eCommerce platform. All the things that were once preserved for the big guys, the hyper-scalers and the categories, the big budgets, now are coming down to every company. Every company is a digital company. What challenges do they have to transition from? I got a website, I got a marketing team. Now I got to look like a world class, product, eCommerce, multifaceted, application with developers, with change, with agility? >> Well, so I think that last thing you said is a really important part of it, the agility. So, these products, when you're going from a, just a website to a product, they're a lot more complex. Right? And so maybe I can give an example. We have a customer, it's an insurance company. So they have this online workflow. And if you can imagine signing up for insurance online, it's a pretty long complicated workflow. I mean, Hey, better to do it online than to have to call someone and wait on, you know, on the phone. And so it's a good experience, but it's still fraught with like opportunities of people getting stuck and never coming back. And so one of the things that Heap allowed this customer to do was figure out something that wasn't working in their workflow. And so if you think about traditional analytics tools, typically what you're doing is you're writing tracking code and you're saying, "Hey, I'm going to track this funnel, this process." And so maybe it has, you know, five different forms or pages that you have to go through. And so what you're doing when you track it is you say, did you submit the first one? Did you submit the second one? Did you submit the third one? So you know, like where they're falling off. You know where they're falling off, but you don't know why, you don't know which thing got them stuck because each one of these pages has multiple inputs and it has maybe multiple steps that you need to do. And so you're completely blind to exactly what's happening. Well, it turned out because Heap collects all this data, that on one of these pages where users were dropping off, it was because they were clicking on a FAQ, there was a link to a FAQ, and because this was a big company, the FAQ took them to a completely different application. Didn't know how to get back from there and they just lost people. And imagine if you are doing this with traditional means today, right? You don't have any visibility into what's happening on that page, you just know that they fell off. You might think about what do I do to fix this? How do I make this flow work better? And you might come up with a bunch of ideas. One of your ideas could be, let's break it into multiple pages. Maybe there's too much stuff on this page. One of your ideas may have been, let's try a FAQ. They're getting stuck, let's give them some more help. That would be a very bad idea, right? Because that was actually the reason why they were leaving and never coming back. So, the point I'm making is that, if you don't know exactly where people are getting stuck and you can't see exactly what is happening, then you're going to make a lot of very bad decisions. You're going to waste a lot of resources, trying things that make no sense. It is hard enough as a digital builder and all the product managers and growth marketers and marketers out there can attest to this, it's hard enough when you know exactly what the problem is to figure out a good solution. Right? That's still hard. But if you don't know the problem, it's impossible. >> Okay, so let's just level up, the bumper sticker now for the challenges are what? Decision making, what's the, stack rank the top three challenges from that. So it's being agile, right? So being very fast, because you're competing with a lot of companies right now. It's about making really good decisions and driving impact, right? So you have to have all the data that you need. You have to have the, the specific information about what's going on. Cause if you don't have it, you're going to decide to invest in things and you're not going to drive the impact that you want. >> So now you got the acquisition of Auryc and Auryc and you have the, this visibility to the customers that are building, investing, you mentioned, okay. As they invest, whether it's the digital product or new technology in R and D, what feedback have you guys seen from these investments, from these customers, what results have come out of it? Could you share any specific answers to the problems and challenges you have outlined, because you know, there's growth hackers could be failing cause of stupid little product mistakes that could have been avoided in the feedback, you know what I'm saying? So it's like, where can you, where are these challenges addressed and what are some of the results? >> Yeah, so, what we've seen with our customers is that when they are applying this data and doing this analysis on say workflows or goals that they're trying to accomplish, they've been able to move the needle quite a bit. And so, whether it is, you know, increasing conversion rates or whether it is making sure that they don't have, you know, drop off of trial signups or making sure that their customers are more engaged than before, when they know exactly where they're failing, it is much easier to make an investment and move the needle. >> Awesome. Well, let's move on to the next big topic, which I love, it's about data science and data engineering. You guys are a data company and I want to ask you specifically, how Heap uniquely is positioned to help companies succeed, where in the old big tech world, they're tightening the ropes on secure cookies, privacy, data sharing. At the same time, there's been an explosion in cloud scale data opportunities and new technologies. So it seems like a new level of, capability, is going to replace the old cookies, privacy and data sharing, which seem to be constricting or going away. How do you, what's your reaction to that? Can you share how Heap fits into this next generation and the current situation going on with the cookies and this privacy stuff. >> Yep, so it is really important in this world to be collecting data compliantly, right? And so what that means is, you don't want to be reliant on third party cookies. You want to be reliant on just first party information. You want to make sure that you don't collect any PII. Heap is built to do that from the ground up. We by default will not collect information, like what do people put into forms, right? Because that's a obvious source of PII. The other thing is that, there's just so much data. So you kind of alluded to this, with this idea of data science. So first of all, you're collecting data compliantly, you're making sure that you have all the data of what your user actions are doing, compliantly, but then it's so much data that it like, how do you know where to start? Right? You want to know, you want to get to that specific point that users are dropping off, but there's so many different options out there. And so that's where Heap is applying data science, to automatically find those points of friction and automatically surface them to users, so that you don't have to guess and check and constantly guess at what the problem is, but you can see it in the product surface right for you. >> You know, Rachel, that's a great point. I want to call that out because I think a lot of companies don't underestimate, they may underestimate what you said earlier, capturing in compliance way means, you're opting in to say, not to get the data, to unwind it later, figure it out. You're capturing it in a compliant way, which actually reduces the risk and operational technical debt you might have to deploy to get it fixed on compliance. Okay, that's one thing, I love that. I want to make sure people understand that value. That's a huge value, especially for people that don't have huge teams and diverse platforms or other data sources. The other thing you mentioned is owning their own data. And that first party data is a strategic advantage, mainly around personalization and targeted customer interaction. So the question is, with the new data, I own the data, you got the comp- capture with compliance. How do you do personalization and targeted customer interactions, at the same time while being compliant? It just seems, it seems like compliance is restrictive and kind of forecloses value, but open means you can personalization and targeted interactions. How do you guys connect the dots there by being compliant, but yet being valuable on the personalization and targeted? >> Well, it all depends on how the customer is managing their information, but imagine that you have a logged in user, well, you know, who the logged in user is, right? And so all we really need is an ID. Doesn't have, we don't need to know any of the user information. We just need an ID and then we can serve up the information about like, what have they done, if they've done these three actions, maybe that means that this particular offer would be interested to them. And so that information is available within Heap, for our customers to use it as they want to, with their users. >> So you're saying you can enable companies to own their data, be compliant and then manage it end to end from a privacy standpoint. >> Yes. >> That's got to be a top seller right there. >> Well, it's not just a top seller, it's a necessity. >> It's a must have. I mean, think about it. I mean, what are people, what are the, what are people who don't do this? What do they face? What's the alternative? If you don't keep, get the Heap going immediately, what's the alternative? I'm going through logs, I got to have to get request to forget my data. All these things are all going on, right? Is, what's the consequence of not doing this? >> Well, there's a couple consequences. So one is, and I kind of alluded to it earlier that, you're just, you're blind to what your users are doing, which means that you're making investments that may not make sense, right? So you can, you can decide to add all the cool features in the world, but if the customers don't perceive them as being valuable or don't find them or don't understand them, it doesn't, it doesn't serve your business. And so, this is one of like the rule number one of being a product manager, is you're trying to balance what your customers need, with what is also good for your business. And both of those have to be in place. So that's basically where you are, is that you'll be making investments that just won't be hitting the mark and you won't be moving the needle. And as I mentioned, it's more important now in this economic climate than ever to make sure that the investments you're making are targeted and impactful. >> Yeah and I think the other thing to point out, is that's a big backlash against the whole, Facebook, you're the product, you're getting used, the users being used for product, but you're, you guys have a way to make that happen in a way that's safe for the user. >> Yes. Safe and compliant. So look, we're all about making sure that we certainly don't get our customers into trouble and we recommend that they follow all compliance rules, because the last thing you want to be is on the, on the wrong side of a compliance officer. >> Well, there's also the user satisfaction problem of, and the fines. So a lot going on there, great product. I got to ask you real quick before we kind of wrap up here. What's the reaction been to the acquisition? Quantitative, qualitative. What's been the vibe? What are some, what are people saying about it? >> We've got a lot of interest. So, I mentioned earlier that this is really a broken workflow in the market. And when users see the two products working together, they just love it because they have not been able to leverage them being separate before. And so it just makes it so much easier for these digital builders to figure out, what do I invest in because they know exactly where people are having trouble. So it's been really great, we've had a lot of reach outs already asking us how they can use it, try it, not quite available yet. So it's going to be available later this summer, but great, great response so far. >> Awesome. Well, I love the opportunity. Love the conversation, I have to ask you now, looking forward, what does the future look like for companies taking advantage of your platform and tool? What can they expect in terms of R and D investments, area moves you're making? You're the head of product, you get the keys to the kingdom. What's the future look like? What's coming next? >> Yeah, so other than pulling the qual and the quant together, you actually hinted at it earlier when you're asking me about data science, but continuing to automate as much of the analysis as we can. So, first of all, analysis, analytics, it should be easy for everyone. So we're continue to invest in making it easy, but part of making it easy is, like we can automate analysis. We can, we can see that your website has a login page on it and build a funnel for you automatically. So that's some of the stuff that we're working on, is how do we both automate getting up to speed and getting that initial analysis done easily, without any work. And then also, how do we automate more complex analysis? So you have, typically a lot of companies have a data science team and they end up doing a lot of analysis, it's a little bit more complex. I'm not saying data science teams will go away, they will be around forever. There's tons of very complex analysis that they're probably not even getting time to do. We're going to start chipping away at that, so we can help product managers do more and more of that self-service and then free up the data science team to do even more interesting things. >> I really like how you use the word product managers, product builders, digital builders, because while I got you, I want to get your thought on this, because it's a real industry shift. You're talking about it directly here, about websites going to eCommerce, CMOs, a C-suite, they generally observe that websites are old technology, but not going away, because the next level abstraction builds on top of it. What's the new capabilities because for the CMOs and the C-suites and the product folks out there, they're not building webpages, they're building applications. So what is it about this new world that's different from the old web architecture? How would you talk to a CMO or a leader? And to, when they ask what's this new opportunity to take my website, cause maybe it's not enough traffic. People are consuming out in the organic, what's this new expectation and how, what does a new product manager environment look like, if it's not the web, so to speak? >> Well, there's a couple things. So one is, and you alluded to it a bit, like the websites are also getting more complex and you need to start thinking of your website as a product. Now it's, it may not be the product that you sell, but it is, well for eCommerce it's the place that you get access to the product, for B2B SaaS, it is the window to the product. It's a place where you can learn about the product. And you need to think about, not just like, what pieces of content are being used, but you need to understand the user flow, through the application. So that's how it's a lot more like a product. >> Rachel, thanks so much for coming on theCUBE here for this presentation, final word, put a plugin for the company. What are you guys up to? What are you looking for? Take a minute to explain kind of that, what's going on. How do people contact you with a great value proposition? Put a plugin for the company. >> Yeah, well, if you want to up level your product experience or website experience, you want to be able to drive impact quickly, try Heap. You can go to Heap.io, you can try it for free. We have a free trial, we have a free product even. And yeah, and then if you have any questions, you want to talk to a live person, you can do that too, at sales@Heap.io. >> Rachel, thanks so much. Customer-scale experiences with the cloud house league. This is the season two, episode three of the ongoing series. I'm John Furrier, your host. Thanks for watching. (upbeat music)

>>Welcome back everyone to the Cube's live coverage of snowflake summit 22, we are live in Las Vegas. Caesar's forum, Lisa Martin, Dave Valante, Dave. This is day one of a lot of wall action on the, >>Yeah. A lot of content on day one. It, it feels like, you know, the, the reinvent fire hose yes. Of announcements feels like a little mini version of that. >>It does. That's a good, that's a good way of putting it. We've been unpacking a lot of the news. That's come out, stick around, lots more coming. We've got two guests joining us from tech systems global services. Please welcome Devon. Pania managing director and Shai Sheva of us senior and Shire. Shrivastava senior manager, guys. Great to have you on the cube. >>Thank you so much. Good to see you. And it's great to be in person. Finally, it's been a long UE, so excited to be here. >>Agree. The keynote this morning was not only standing room only, but there was an overflow area. >>Oh my goodness. We have a hard time getting in and it is unbelievable announcement that we have heard looking forward for an exciting time. Next two days here >>Absolutely exciting. The, the cannon shotgun of announcements this morning was amazing. The innovation that has been happening at snowflake and you know, this clearly as partner has been, it just seems like it's the innovation flywheel is getting faster and faster and faster. Talk to us a little bit, Devon about tech systems. Give us the audience a little bit of an overview of the company, and then talk to us about the partnership with snowflake. >>Sure. Thank you. Lisa tech system global services is a full stack global system integrator working with 8% of fortune 500 customers helping in accelerating their business as well as technology modernization journey. We have been a snowflake partner since 2019, and we are one of the highest accredited sales and technical certification with snowflake. And that's what we have earned as a elite partner or sorry, emerging partner with snowflake last year. And we are one of the top elite partner as well. >>Yeah. So since 2019, I mean, in the keynote this morning, Frank showed it. I think Christian showed it as well in terms of the amount of, of change innovation that's happened since 2019 Ellen, we were talking before we went live to share about the, the last two years, the acceleration of innovation cloud adoption digital transformation. The last two years is kind of knock your head back. You need a yeah. A whiplash collar to deal with that. Talk about what you've seen in the last three years, particularly with the partnership and how quickly they are moving and listening to their customers. >>Yeah. Yeah. I think last two years really has given pretty much every organization, including us and our customers a complete different perspective. And that's, that's the exact thing which Christian was talking about, you know, disruption, that's the that's that has been the core message, which we have seen and we've got it from the customers. And we have worked on that right from the get go. We have, you know, all our tools and technology. We are working hand in hand with snowflake in terms of our offerings, working with customers, we have tools. We talk about, you know, accelerators quote unquote that's that helps our customers, you know, to take it from on-prem systems to all the way to the snowflake data cloud and that too, you know, fraction of seconds. You talk about data, you talk about, you know, code conversion, you talk about data validation. So, you know, there are ample amount of things, you know, in terms of, you know, innovation, all workload, I've heard, you know, those are the buzzwords today, and those are like such an exciting time out here. >>So before the pandemic, you know, digital transformation, it was, it was sort of a thing, but it was, it was also a lot of complacency around it. And then of course, if you weren't in a digital business, you were out of the business and boom. So you talked to bang about the stack. You guys obviously do a lot in cloud migration. What's changed in cloud migration. And how is the stack evolving to accommodate that? >>That's a great question there when last two years, it's absolutely a game changer in terms of the digital transformation. Can we believe that 90% of world's data that we have produced and captured is in last two years? It's, isn't that amazing? Right. And what IDC is predicting by 20 25, 200 terabytes of data is going to be generated. And most of them is going to be unstructured. And what we are fascinated about is only 0.5% of unstructured data is currently analyzed by the organization to look at the immense opportunity in front of us and with Snowflake's data cloud, as well as some of the retail data cloud finance and healthcare data cloud launching, it's going to immensely help in processing that unstructured data and really bring life to the data in making organization and market leader. >>Quick, quick fall, if I could, why is, is such a small, why is so much data dark and not accessible to organizations? What's >>The, that's a, that's a great question. I think it's a legacy that we have been trained such a way that data has to be structured. It needs to be modeled, but last decade or so we have seen note it hasn't required that way. And all the social media data being generated, how we communicate in a world is all arm structure, right? We don't create structured data and put it into the CSV and things like that. It's just a natural human behavior. And I think that's where we see a lot of potential in mining that dataset and bringing, you know, AI ML capabilities from descriptive to diagnostic analysis, moving forward with prescriptive and predictive analytics. And that's what we heard from snowflake in Christian announce, Hey, machine learning workload is going to be the key lot of investment happening last 10 years. Now it's going to, you know, capitalize on those ROI in making quick decisions. >>Should you talk to me about those customer conversations? Obviously they have they've transformed and evolved considerably. Yeah. But for customers that have this tremendous amount of unstructured data, a lot of potential as you talked about dung, but there's gotta be, it's gotta be a daunting task. Oh yeah. But these days, every company has to be a data company to be successful, to be competitive and to deliver the experience that the demanding consumers expect. Yeah. How do you start with customers? Where do they start? What's that conversation like and how can tech systems help them get rid of that kind of that daunting iceberg, if you will and get around >>It. Yeah, yeah, yeah, exactly. And I think you got the right point there. Unstructured data is just the tip of the iceberg we are talking about and we have just scratched little surface of it, you know, it's it's and as the one was mentioning earlier, it's, it's gone out those days, you know, where we are talking about, you know, gigabytes of data or, you know, terabytes. Now we are talking about petabytes and Zab bytes of data, and there are so many, and that's, that's the data insight we are looking for and what else, you know, what best platform you can get better than, you know, snowflake data cloud. You have everything in there. You talk about programmability today. You know, Christian was talking about snow park, you know, that, that gives you all the cutting edge languages. You talk about Java, you talk about scale, you talk about Python, you know, all those languages. >>I mean, there were days when these languages, you need to bring that data to a separate platform, process it and then connect it. Now it is right there. You can connect it and just process it. So I think that's, that's the beginning. And to start the conversation, we always, you know, go ahead and talk to the customers and, you know, understand their perspective, know where they want to start, you know, what are their pain points and where they, they want to go, you know, what's their end goal, you know, how they want to pro proceed, you know, how they want to mature in terms of, you know, data agility and flexibility and you know, how do they want to offer their customers? So that's, that's the basically, you know, that's our, the path forward and that's how we see it. >>And just, >>Just to add on top of that, Dave, sorry about that. What we have seen with our customers, the legacy mindset of creating the data silos, primarily because it's not that they wanted it that way, but there were limitations in terms of either the infrastructure or the unlimited scalability and flexibility and accent extensibility, right? That's why those kind of, you know, work around has been built. But with snowflake unified data cloud platform, you have everything in unified platform and what we are telling our customers, we need to eliminate the Datalog. Yes, data is a new oil, but we need to make sure that you eliminate the Datalog within the enterprise, as well as outside the enterprise to really combine then and get a, you know, valuable insight to be the market leader. >>You know, when the cube started, it was 2010. And I remember we went to Hadoop world and it was a lot of excitement around big data and yes, and it turned out, it didn't quite live up to the expectations. That's an understatement, but we, we learned a lot and we made some strides and, and now we're sort of entering this, this new era, but you know, the, the, the last era was largely this big batch job right now, today. You're seeing real time, you know, we've, we've projected out real time in, is gonna become more and more of a thing. How do you guys see the, the sort of data patterns changing and again, where do you see snowflake fitting in? >>Yeah. Great question. And they, what I would have to say, just in a one word is removing the complexity and moving towards the simplicity. Why the legacy solutions such as big data didn't really work out well, it had all the capabilities, but it was a complex environment. You need to really be, you know, knowing a lot of technical aspect of it. And your data analyst were struggling with that kind of a tool set. So with snowflake simplicity, you can bring citizen data scientists, you can bring your data scientists, you can bring your data analysts, all of them under one platform, and they can all mine the data because it's all sitting in the one environment, are >>You seeing organizations change the way they architect their data teams? And specifically, are you seeing a decentralization of data teams or you see, you mentioned citizen data scientists, are you seeing lines of business take more ownership of the data or is it still cuz again, that big data era created this data science role, the data engineering role, the data pipeline, and it was sort of an extension of the sort of EDW. We had a, a few people, maybe one or two experts who knew how to use the system and you build cubes. And it was sort of a, you know, in order of magnitude more complex than that could maybe do more, but are you seeing it being pushed out to the lines of business? >>That's a great question. And I think what we are seeing in the organization today is this time is absolutely both it and business coming together, hand in hand. It's not that, Hey, it, you do this data pipeline work. And then I will analyze this data. And then we'll, you know, share the dashboards to the CEO. We are seeing more and more cohesiveness within the organization in making a path forward in making the decision intelligence very, very rapid. So I think that's a great change. We don't need to operate in silos. I think it's coming together. And I think it's going to create a win-win combination for our >>Customers. Just to add one more point, what the one has mentioned. I think it's the world of data democratization we are talking about, you know, data is available there, insights. We need to pull it out and you know, just give it to every consumer of the organization and they're ready to consume it. They are, they are hungry. They are ready to take it. You know, that's, that's, that's something, you know, we need to look forward for. >>Well, absolutely look forward to it. And as you talked about, there's so much potential it's we see the tip of the iceberg, right? There's so much underneath that guys. I wish we had more time to continue unpacking this, but thank you so much for joining Dave and me on the program, talking about tech systems and snowflake, what you guys are doing together and what you're enabling those end customers to achieve. We appreciate your insights. >>Yeah. Thank you so much. It's an exciting time for us. And we have been, you know, partnering with snowflake on retail data cloud launch, as well as some upcoming opportunity with manufacturing and also the financial competency that we have earned. So I think it's a great time for us ahead in future. So >>Excellent. Lots to come from Texas systems guys. Thank you. We appreciate your time. Thank you. >>Appreciate it. Thank you. Let it snow. I would say let >>It snow, snow. Let it snow. I like that. You're heard of your life from hot Las Vegas for our guests and Dave ante. I'm Lisa Martin. We are live in Las Vegas. It's not snowing. It's very hot here. We're at the snowflake summit, 22 covering that stick around Dave and I will be joined where next guests in just a moment.

(upbeat music) >> We're back at VeeamON 2022. We're here at the Aria in Las Vegas Dave Vellante with Dave Nicholson. Bill Andrews is here. He's the president and CEO of ExaGrid, mass boy. Bill, thanks for coming on theCUBE. >> Thanks for having me. >> So I hear a lot about obviously data protection, cyber resiliency, what's the big picture trends that you're seeing when you talk to customers? >> Well, I think clearly we were talking just a few minutes ago, data's growing like crazy, right This morning, I think they said it was 28% growth a year, right? So data's doubling almost just a little less than every three years. And then you get the attacks on the data which was the keynote speech this morning as well, right. All about the ransomware attacks. So we've got more and more data, and that data is more and more under attack. So I think those are the two big themes. >> So ExaGrid as a company been around for a long time. You've kind of been the steady kind of Eddy, if you will. Tell us about ExaGrid, maybe share with us some of the differentiators that you share with customers. >> Sure, so specifically, let's say in the Veeam world you're backing up your data, and you really only have two choices. You can back that up to disc. So some primary storage disc from a Dell, or a Hewlett Packard, or an NetApp or somebody, or you're going to back it up to what's called an inline deduplication appliance maybe a Dell Data Domain or an HPE StoreOnce, right? So what ExaGrid does is we've taken the best of both those but not the challenges of both those and put 'em together. So with disc, you're going to get fast backups and fast restores, but because in backup you keep weekly's, monthly's, yearly retention, the cost of this becomes exorbitant. If you go to a deduplication appliance, and let's say the Dell or the HPs, the data comes in, has to be deduplicated, compare one backup to the next to reduce that storage, which lowers the cost. So fixes that problem, but the fact that they do it inline slows the backups down dramatically. All the data is deduplicated so the restores are slow, and then the backup window keeps growing as the data grows 'cause they're all scale up technologies. >> And the restores are slow 'cause you got to rehydrate. >> You got to rehydrate every time. So what we did is we said, you got to have both. So our appliances have a front end disc cache landing zone. So you're right directed to the disc., Nothing else happens to it, whatever speed the backup app could write at that's the speed we take it in at. And then we keep the most recent backups in that landing zone ready to go. So you want to boot a VM, it's not an hour like a deduplication appliance it's a minute or two. Secondly, we then deduplicate the data into a second tier which is a repository tier, but we have all the deduplicated data for the long term retention, which gets the cost down. And on top of that, we're scale out. Every appliance has networking processor memory end disc. So if you double, triple, quadruple the data you double, triple, quadruple everything. And if the backup window is six hours at 100 terabyte it's six hours at 200 terabyte, 500 terabyte, a petabyte it doesn't matter. >> 'Cause you scale out. >> Right, and then lastly, our repository tier is non-network facing. We're the only ones in the industry with this. So that under a ransomware attack, if you get hold of a rogue server or you hack the media server, get to the backup storage whether it's disc or deduplication appliance, you can wipe out all the backup data. So you have nothing to recover from. In our case, you wipe it out, our landing zone will be wiped out. We're no different than anything else that's network facing. However, the only thing that talks to our repository tier is our object code. And we've set up security policies as to how long before you want us to delete data, let's say 10 days. So if you have an attack on Monday that data doesn't get deleted till like a week from Thursday, let's say. So you can freeze the system at any time and do restores. And then we have immutable data objects and all the other stuff. But the culmination of a non-network facing tier and the fact that we do the delayed deletes makes us the only one in the industry that can actually truly recover. And that's accelerating our growth, of course. >> Wow, great description. So that disc cache layer is a memory, it's a flash? >> It's disc, it's spinning disc. >> Spinning disc, okay. >> Yeah, no different than any other disc. >> And then the tiered is what, less expensive spinning disc? >> No, it's still the same. It's all SaaS disc 'cause you want the quality, right? So it's all SaaS, and so we use Western Digital or Seagate drives just like everybody else. The difference is that we're not doing any deduplication coming in or out of that landing zone to have fast backups and fast restores. So think of it like this, you've got disc and you say, boy it's too expensive. What I really want to do then is put maybe a deduplication appliance behind it to lower the cost or reverse it. I've got a deduplication appliance, ugh, it's too slow for backups and restores. I really want to throw this in front of it to have fast backups first. Basically, that's what we did. >> So where does the cost savings, Bill come in though, on the tier? >> The cost savings comes in the fact that we got deduplication in that repository. So only the most recent backup >> Ah okay, so I get it. >> are the duplicated data. But let's say you had 40 copies of retention. You know, 10 weekly's, 36 monthly's, a few yearly. All of that's deduplicated >> Okay, so you're deduping the stuff that's not as current. >> Right. >> Okay. >> And only a handful of us deduplicate at the layer we do. In other words, deduplication could be anywhere from two to one, up to 50 to one. I mean it's all over the place depending on the algorithm. Now it's what everybody's algorithms do. Some backup apps do two to one, some do five to one, we do 20 to one as well as much as 50 to one depending on the data types. >> Yeah, so the workload is going to largely determine the combination >> The content type, right. with the algos, right? >> Yeah, the content type. >> So the part of the environment that's behind the illogical air gap, if you will, is deduped data. >> Yes. >> So in this case, is it fair to say that you're trading a positive economic value for a little bit longer restore from that environment? >> No, because if you think about backup 95% of the customers restores are from the most recent data. >> From the disc cache. >> 95% of the time 'cause you think about why do you need fast restores? Somebody deleted a file, somebody overwrote a file. They can't go work, they can't open a file. It's encrypted, it's corrupted. That's what IT people are trying to keep users productive. When do you go for longer-term retention data? It's an SEC audit. It's a HIPAA audit. It's a legal discovery, you don't need that data right away. You have days and weeks to get that ready for that legal discovery or that audit. So we found that boundary where you keep users productive by keeping the most recent data in the disc cache landing zone, but anything that's long term. And by the way, everyone else is long term, at that point. >> Yeah, so the economics are comparable to the dedupe upfront. Are they better, obviously get the performance advance? >> So we would be a lot looped. The thing we replaced the most believe it or not is disc, we're a lot less expensive than the disc. I was meeting with some Veeam folks this morning and we were up against Cisco 3260 disc at a children's hospital. And on our quote was $500,000. The disc was 1.4 million. Just to give you an example of the savings. On a Data Domain we're typically about half the price of a Data Domain. >> Really now? >> The reason why is their front end control are so expensive. They need the fastest trip on the planet 'cause they're trying to do inline deduplication. >> Yeah, so they're chasing >> They need the fastest memory >> on the planet. >> this chips all the time. They need SSD on data to move in and out of the hash table. In order to keep up with inline, they've got to throw so much compute at it that it drives their cost up. >> But now in the case of ransomware attack, are you saying that the landing zone is still available for recovery in some circumstances? Or are you expecting that that disc landing zone would be encrypted by the attacker? >> Those are two different things. One is deletion, one is encryption. So let's do the first scenario. >> I'm talking about malicious encryption. >> Yeah, absolutely. So the first scenario is the threat actor encrypts all your primary data. What's does he go for next? The backup data. 'Cause he knows that's your belt and suspend is to not pay the ransom. If it's disc he's going to go in and put delete commands at the disc, wipe out the disc. If it's a data domain or HPE StoreOnce, it's all going to be gone 'cause it's one tier. He's going to go after our landing zone, it's going to be gone too. It's going to wipe out our landing zone. Except behind that we have the most recent backup deduplicate in the repository as well as all the other backups. So what'll happen is they'll freeze the system 'cause we weren't going to delete anything in the repository for X days 'cause you set up a policy, and then you restore the most recent backup into the landing zone or we can restore it directly to your primary storage area, right? >> Because that tier is not network facing. >> That's right. >> It's fenced off essentially. >> People call us every day of the week saying, you saved me, you saved me again. People are coming up to me here, you saved me, you saved me. >> Tell us a story about that, I mean don't give me the names but how so. >> I'll actually do a funnier story, 'cause these are the ones that our vendors like to tell. 'Cause I'm self-serving as the CEO that's good of course, a little humor. >> It's your 15 minutes of job. >> That is my 15 minutes of fame. So we had one international company who had one ExaGrid at one location, 19 Data Domains at the other locations. Ransomware attack guess what? 19 Data Domains wiped out. The one ExaGrid, the only place they could restore. So now all 20 locations of course are ExaGrids, China, Russia, Mexico, Germany, US, et cetera. They rolled us out worldwide. So it's very common for that to occur. And think about why that is, everyone who's network facing you can get to the storage. You can say all the media servers are buttoned up, but I can find a rogue server and snake my way over the storage, I can. Now, we also of course support the Veeam Data Mover. So let's talk about that since we're at a Veeam conference. We were the first company to ever integrate the Veeam Data Mover. So we were the first actually ever integration with Veeam. And so that Veeam Data Mover is a protocol that goes from Veeam to the ExaGrid, and we run it on both ends. So that's a more secure protocol 'cause it's not an open format protocol like SaaS. So with running the Veeam Data Mover we get about 30% more performance, but you do have a more secure protocol layer. So if you don't get through Veeam but you get through the protocol, boom, we've got a stronger protocol. If you make it through that somehow, or you get to it from a rogue server somewhere else we still have the repository. So we have all these layers so that you can't get at it. >> So you guys have been at this for a while, I mean decade and a half plus. And you've raised a fair amount of money but in today's terms, not really. So you've just had really strong growth, sequential growth. I understand it, and double digit growth year on year. >> Yeah, about 25% a year right now >> 25%, what's your global strategy? >> So we have sales offices in about 30 countries already. So we have three sales teams in Brazil, and three in Germany, and three in the UK, and two in France, and a lot of individual countries, Chile, Argentina, Columbia, Mexico, South Africa, Saudi, Czech Republic, Poland, Dubai, Hong Kong, Australia, Singapore, et cetera. We've just added two sales territories in Japan. We're adding two in India. And we're installed in over 50 countries. So we've been international all along the way. The goal of the company is we're growing nicely. We have not raised money in almost 10 years. >> So you're self-funding. You're cash positive. >> We are cash positive and self-funded and people say, how have you done that for 10 years? >> You know what's interesting is I remember, Dave Scott, Dave Scott was the CEO of 3PAR, and he told me when he came into that job, he told the VCs, they wanted to give him 30 million. He said, I need 80 million. I think he might have raised closer to a hundred which is right around what you guys have raised. But like you said, you haven't raised it in a long time. And in today's terms, that's nothing, right? >> 100 is 500 in today's terms. >> Yeah, right, exactly. And so the thing that really hurt 3PAR, they were public companies so you could see all this stuff is they couldn't expand internationally. It was just too damn expensive to set up the channels, and somehow you guys have figured that out. >> 40% of our business comes out of international. We're growing faster internationally than we are domestically. >> What was the formula there, Bill, was that just slow and steady or? >> It's a great question. >> No, so what we did, we said let's build ExaGrid like a McDonald's franchise, nobody's ever done that before in high tech. So what does that mean? That means you have to have the same product worldwide. You have to have the same spares model worldwide. You have to have the same support model worldwide. So we early on built the installation. So we do 100% of our installs remotely. 100% of our support remotely, yet we're in large enterprises. Customers racks and stacks the appliances we get on with them. We do the entire install on 30 minutes to about three hours. And we've been developing that into the product since day one. So we can remotely install anywhere in the world. We keep spares depots all over the world. We can bring 'em up really quick. Our support model is we have in theater support people. So they're in Europe, they're in APAC, they're in the US, et cetera. And we assign customers to the support people. So they deal with the same support person all the time. So everything is scalable. So right now we're going to open up India. It's the same way we've opened up every other country. Once you've got the McDonald's formula we just stamp it all over the world. >> That's amazing. >> Same pricing, same product same model, same everything. >> So what was the inspiration for that? I mean, you've done this since day one, which is what like 15, 16 years ago. Or just you do engineering or? >> No, so our whole thought was, first of all you can't survive anymore in this world without being an international company. 'Cause if you're going to go after large companies they have offices all over the world. We have companies now that have 17, 18, 20, 30 locations. And there were in every country in the world, you can't go into this business without being able to ship anywhere in the world and support it for a single customer. You're not going into Singapore because of that. You're going to Singapore because some company in Germany has offices in the U.S, Mexico Singapore and Australia. You have to be international. It's a must now. So that was the initial thing is that, our goal is to become a billion dollar company. And we're on path to do that, right. >> You can see a billion. >> Well, I can absolutely see a billion. And we're bigger than everybody thinks. Everybody guesses our revenue always guesses low. So we're bigger than you think. The reason why we don't talk about it is we don't need to. >> That's the headline for our writers, ExaGrid is a billion dollar company and nobody's know about it. >> Million dollar company. >> On its way to a billion. >> That's right. >> You're not disclosing. (Bill laughing) But that's awesome. I mean, that's a great story. I mean, you kind of are a well kept secret, aren't you? >> Well, I dunno if it's a well kept secret. You know, smaller companies never have their awareness of big companies, right? The Dells of the world are a hundred billion. IBM is 70 billion, Cisco is 60 billion. Easy to have awareness, right? If you're under a billion, I got to give a funny story then I think we got to close out here. >> Oh go ahead please. >> So there's one funny story. So I was talking to the CIO of a super large Fortune 500 company. And I said to him, "Just so who do you use?" "I use IBM Db2, and I use, Cisco routers, and I use EMC primary storage, et cetera. And I use all these big." And I said, "Would you ever switch from Db2?" "Oh no, the switching costs would kill me. I could never go to Oracle." So I said to him, "Look would you ever use like a Pure Storage, right. A couple billion dollar company." He says, "Who?" >> Huh, interesting. >> I said to him, all right so skip that. I said, "VMware, would you ever think about going with Nutanix?" "Who?" Those are billion dollar plus companies. And he was saying who? >> Public companies. >> And he was saying who? That's not uncommon when I talk to CIOs. They see the big 30 and that's it. >> Oh, that's interesting. What about your partnership with Veeam? Tell us more about that. >> Yeah, so I would actually, and I'm going to be bold when I say this 'cause I think you can ask anybody here at the conference. We're probably closer first of all, to the Veeam sales force than any company there is. You talk to any Veeam sales rep, they work closer with ExaGrid than any other. Yeah, we are very tight in the field and have been for a long time. We're integrated with the Veeam Data Boomer. We're integrated with SOBR. We're integrated with all the integrations or with the product as well. We have a lot of joint customers. We actually do a lot of selling together, where we go in as Veeam ExaGrid 'cause it's a great end to end story. Especially when we're replacing, let's say a Dell Avamar to Dell Data Domain or a Dell Network with a Dell Data Domain, very commonly Veeam ExaGrid go in together on those types of sales. So we do a lot of co-selling together. We constantly train their systems engineers around the world, every given week we're training either inside sales teams, and we've trained their customer support teams in Columbus and Prague. So we're very tight with 'em we've been tight for over a decade. >> Is your head count public? Can you share that with us? >> So we're just over 300 employees. >> Really, wow. >> We have 70 open positions, so. >> Yeah, what are you looking for? Yeah, everything, right? >> We are looking for engineers. We are looking for customer support people. We're looking for marketing people. We're looking for inside sales people, field people. And we've been hiring, as of late, major account reps that just focus on the Fortune 500. So we've separated that out now. >> When you hire engineers, I mean I think I saw you were long time ago, DG, right? Is that true? >> Yeah, way back in the '80s. >> But systems guy. >> That's how old I am. >> Right, systems guy. I mean, I remember them well Eddie Castro and company. >> Tom West. >> EMV series. >> Tom West was the hero of course. >> The EMV 4000, the EMV 20,000, right? >> When were kids, "The Soul of a New Machine" was the inspirational book but anyway, >> Yeah Tracy Kidder, it was great. >> Are you looking for systems people, what kind of talent are you looking for in engineering? >> So it's a lot of Linux programming type stuff in the product 'cause we run on a Linux space. So it's a lot of Linux programs so its people in those storage. >> Yeah, cool, Bill, hey, thanks for coming on to theCUBE. Well learned a lot, great story. >> It's a pleasure. >> That was fun. >> Congratulations. >> Thanks. >> And good luck. >> All right, thank you. >> All right, and thank you for watching theCUBE's coverage of VeeamON 2022, Dave Vellante for Dave Nicholson. We'll be right back right after this short break, stay with us. (soft beat music)

(upbeat music) >> Every company needs great salespeople, it's one of the most lucrative professions out there. And there's plenty of wisdom and knowledge that's been gathered over the years about selling. We've heard it all, famous quotes from the greatest salespeople of our time, like Zig Ziglar and Jeffrey Gitomer, and Dale Carnegie and Jack Welch, and many others. Things like, "Each of us has only 24 hours in a day, "it's all about how we use our time." And, "You don't have to be great to start, "but you have to start to be great." And then I love this one, "People hate to be sold, but they love to buy." "There are no traffic jams on the extra mile, "make change before you have to." And the all time classic, "Put that coffee down. "Coffee is for closers." Thousands of pieces of sales advice are readily available in books, videos, on blogs and in podcasts, and many of these are free of charge. So why would entrepreneurs start a company to train salespeople? And how is it that sharp investors are pouring millions of dollars into this space? Hello everyone, and welcome to this Cube Video Exclusive, my name is Dave Vellante, and today we welcome Paul Fifield who's the co-founder and CEO of Sales Impact Academy who's going to answer these questions and share some exciting news on the startups. Paul, welcome to "The Cube" good to see you again. >> Yeah, good to see you again, Dave, great to be here. >> Hey, so before we get into the hard news, tell us a little bit about the Sales Impact Academy, why'd you start the company, maybe some of the fundamentals of this market, your total available market, who you're targeting, you know, what's the premise behind the company? >> Yeah sure. So I mean, I started the company, it was actually pretty organic in the way it began. I had a 10 year career as a CRO and it was, you know, had a couple of great hits with two companies, but it was a real struggle to basically, you know, operate as a CRO and learn your craft at the same time. And so when I left my last company, I kind of got out there, I wanted to kind of give back a little bit and I started doing some voluntary teaching in and around London, and I actually, one of the companies I started was in New York so I got schooled very much on a sort of US approach to how you build a modern you know, go to market and sales operation. Started going out there, doing some teaching, realized that so many people just didn't have a clue about how to build a scalable and predictable revenue function, and I kind of felt sorry for them. So I literally started doing some, you know, online classes myself, got my co-founder Alex to put curriculum together as well and we literally started just doing online classes, very live, very organic, just a Google Drive and some decks, and it really just blew up from there. >> That's amazing. I mean, so you've my, you know, tongue and cheek up front, but people might wonder, why do you need a platform 'cause there's so much free information out there? Is it to organize, is it a discipline thing? Explain that. >> Well, I think the way I sort of see this is that is that the lack of structured learning and education is actually one of the greatest educational travesties, I think, of the last 50 years, okay. Now sales and go to market is a huge global profession, right? Half the world's companies are B2B, so roughly that's a proxy for half the world's GDP, right? Which is $40 trillion of GDP. Now that 40 trillion rests on kind of the success of the growth and the sales functions of all those companies. Yet in its infinite wisdom, the global education system literally just ignored sales and go to market as a profession. Some universities are kind of catching up, but it's really too little too late. So what I sort of say to people, you imagine this Dave, right. You imagine if the way that law worked as a profession let's say, is that there's no law school, there's no law training, there's no even in work professional continuous professional development in law. The way that it works is you leave university, join a company, start practicing law and just use like YouTube just to maybe like, you know, where you're struggling, just use YouTube to like work out what's going on. The legal profession would be in absolute chaos. And that's what's happened in the sales and go to market profession, okay. What this profession desperately desperately needs is structured learning, good pedagogy, good well designed course and curriculum. And here's the other thing, right? Is the sort of paradox of infinite information is that just because all the information is out there, right, doesn't mean it's actually a good learning experience. Like, where do you find it? What's good? What's not good? And also the other thing I'd point out is that there is this kind of myth that all the information is out there on the internet. But actually what we do, and we'll come into it in a second is, the people teaching on our platform are the elite people from the industry. They haven't got time to do blog posts and just explain to people how they operate. They're going from company to company working at like, you know, working at these kind of elite companies. And they're the people that teach, and that information is not readily available and freely out there on the internet. >> Yeah, real opportunity, you made some great points there. I think business schools are finally starting to teach a little bit about public speaking and presenting, but nobody's teaching us how to sell. As Earl Nightingale says, "To some degree we're all salespeople, "selling our family on living the good life" or whatever. What movie we want to see tonight. But okay, let's get to the hard news. You got fresh funding of 22 million, tell us about that, congratulations. You know, the investors, what else can you share with us? >> Sure. Well, I mean, obviously, you know, immensely proud. We started from very sort of humble beginnings, as I said, we've now scaled very rapidly, we're a subscription business, we're a SaaS business. We'll come onto some of the growth metrics shortly, but just in a couple of years, you know, the last year which ended January, we grew 500% from year one, we're now well over 125 people, and I'm very, very, very honored, flattered, humbled that MIT, obviously one of those prestigious universities in the world, has taken a direct investment by their endowment fund, HubSpot Ventures. Another Boston great has also taken a direct investment as well. They actually began as a customer and loved what we were doing so much that they then decided to make an investment. Stage 2 Capital who invested in our seed round pretty much tripled down, played a huge role in helping us assemble MIT and HubSpot ventures as investors, and they continue to be an incredible VC giving us amazing, amazing support that their LP network of go to market leaders is second to none. And then Emerge Education, who is our pre-seed investor, they're actually based in London, also joined this round as well. >> Great, well actually, let's jump ahead. Let's talk about the metrics. I mean, if Stage Two is involved, they're hardcore. What can you share with us about, you know, everybody's chasing AR and NR and the like, what can you share with us? >> They are both pretty important. Well, I think from a headcount perspective, so as I mentioned our fiscal ends at the end of January, each year. We've gone from 25 to over 125 employees in that time. We've gone from 82 to 260 customers also in that time. And customers now include HubSpot, Gong, Klaviyo, GitHub, GT, Six Cents, so some really sort of major SaaS companies in the space. Our revenue's grown significantly with 5X. So 500% increase in revenue year over year, which is pretty fast, very proud of that. Our learning community has gone from over 3000 people to almost 15,000 professionals, and that makes us comfortably, the largest go to market learning community in the world. >> How did you decide when to scale? What were the sort of signals that said to you, "Okay, we're ready, "we have product market fit, "we can now scale the go to market." What were the signals there, Paul? >> Yeah. Well, I mean, I think for a very small team to achieve that level of growth in customers, to be kind of honest with you, like it's the pull that we're getting from the market. And I think the thing that has surprised me the most, perhaps in the last 12 months, is the pull we're getting from the enterprise. We're you know, I can't really announce, we've actually got a huge pilot with one of the largest companies actually in the world which is going fantastically well, our pipeline for enterprise customers is absolutely huge. But as you can imagine, if you've got distributed teams all over the world, we're living and working in this kind of hybrid world, how on earth do you kind of upscale all those people, right, that are, like I say, that are so distributed. It's impossible. Like in work, in the office delivery of training is pretty much dead, right? And so we sort of fill this really big pain, we solved this really, really big pain of how to effectively upskill people through this kind of live curriculum and this live teaching approach that we have. So I think for me, it's the pull that we're getting from the market really meant that you know, we have to double down. There is such a massive TAM, it is absolutely ridiculous. I mean, I think there are 20 million people just in sales and go to market in tech alone, right. And I mentioned to you earlier, half the world's companies effectively, you know, are B2B and therefore represent, you know, at its largest scope, our TAM. >> Excellent, thank you for that. Tell us more about the product and the platform. How's it work if I'm a customer, what type of investment do I have to make both financially? And what's my time commitment? How do you structure that? >> So the model is basically on a seat model. So roughly speaking, every seat's about a thousand dollars per year per rep. The lift is light. So we've got a very low onboarding, it's not a highly complex technical product, right? We've got a vast curriculum of learning that covers learning for, you know, SDRs, and the AEs, and CS reps, and leadership management training. We're developing curriculum for technical pre-sales, we're developing curriculum for revenue operations. And so it's very, very simple. We basically, it's a seat model, people literally just send us the seats and the details, we get people up and running in the platform, they start then enrolling and we have a customer success team that then plots out learning journeys and learning pathways for all of our customers. And actually what's starting to happen now, which is very, very exciting is that, you know, we're actually a key part of people's career development pathway. So to go from you know, SDR1 let's say to SDR2, you have to complete these three courses with Sales Impact Academy, and let's say, get 75% in your exam and it becomes a very powerful and simple way of developing career pathway. >> Yeah, so really detailed curriculum. So I was going to say, do I as a sales professional, do I pick and choose the things that are most relevant for me? Or are people actually going through a journey in career progression, or maybe both? >> Yeah, it's a mixture of both. We tend to see now, we're sort of starting to standardize, but really we're developing enough curriculum that over, let's say a 15 year period, you could start with us as an SDR and then end as a chief revenue officer, you know, running the entire function. This is the other thing about the crazy world of go to market. Very often, people are put into roles and it's sink or swim. There's no real learning that happens, there's no real development that happens before people take these big steps. And what this platform does so beautifully is is it equips people with the right skills and knowledge before they take that next step in their profession and in their career. And it just dramatically improves their chances of succeeding. >> Who are the trainers? Who's leading the classes, how do you find these guys, how do you structure? What are the content, you know, vectors, where's all that come from? >> Yeah. So the sort of secret source of what we do, beyond just the live instruction, beyond the significant amount of peer to peer learning that goes on, is that we go and source the absolute most elite people in go to market to teach, okay. Now I mentioned to you before, you've got these people that are going from like job to job at the very like the sort of peak of their careers, working for these incredible companies, it's that knowledge that we want to get access to, right. And so Stage 2 Capital is an incredible resource. The interesting thing about Stage 2 Capital as you know Dave, you know, run by Mark Roberge, who was on when we spoke last year and also Jay Po is all the LPs of Stage 2 Capital represent 3 to 400 of the most elite go to market professionals in the world. So, you know, about seven or eight of those are now on an advisory board. And so we have access to this incredible pool of talent. And so we know by consulting these amazing people who are the best people in certain aspects of go to market. We reach out to them and very often they're at a stage in their career where they're really kind of willing to give back, of course there are commercials around it as well, and there's lots of other benefits that we provide our teachers and our faculty, and what we call our coaches. But yeah, we source the very, very best people in the world to teach. >> Now, how does it work as a user of your service? Is it all on demand? Do you do live content or a combination? >> Yeah look, one of the big differentiators is this is a live delivery of learning, okay. Most learning online is typically done on demand, self-directed, and there's a ton of research. There's a great blog post on Andrew's recent site. A short time ago, which is talking about how the completion rates of on demand learning are somewhere between 3 and 6%. That is like, that's awful. >> Terrible. >> I was like why bother? However, we're seeing through that live instruction. So we teach two, one hour classes a week, that's it. We're upskilling very busy people, they're stressed, they've got targets. We have to be very, very cognizant of that. So we teach two, one hour classes a week. Typically, you know, Monday and a Wednesday, or a Tuesday and a Thursday. And that pace of learning is about right, it's kind of how humans learn as well. You know, short bursts of information, and then put that learning and those skills that you've acquired in class literally to work minutes after the class finishes. And so through that, and it sits in your calendar like a meeting, it doesn't feel overwhelming, you're learning together as a team as well. And all that combined, we see completion rates often in excess of 80% for our courses. >> Okay, so they block that time out- >> In the calendar, yeah. >> And they make an investment. Go ahead, please. >> Yeah yeah, exactly, sorry Dave. Yeah, yeah, exactly. So like, you know, we have course lengths. So one of our shorter courses are like four hours long over two weeks. And again, it's just literally in the calendar. We also teach what we call The Magic Learning Hour. And the magic learning hour is this one specific hour in the day that enables teams all over the western hemisphere to join the same class. And that magic learning hour is eight o'clock Pacific 11 o'clock Eastern, >> 4: 00 PM over in the UK, and 5:00 PM in the rest of Europe. And that one time in the day means that these enterprises have got teams all over the western hemisphere joining that class, learning together as a team, plus it's in the calendar and it's that approach is why we're seeing such high engagement and completion. >> That's very cool, the time zone thing. Now who's the target buyer? Are you selling only to sales teams? Can I as an individual purchase your service? >> Yeah, that's a good question. Currently it's a very much like a B2B motion. As I mentioned earlier on, we're getting an enormous pull from the enterprise, which is very exciting. You know, we have an enterprise segment, we have sort of more of a startup earlier stage segment, and then we have a mid-market segment that we call our sort of strategic, and that's typically and most of like venture backed, fast growth tech companies. So very much at the moment a B2B motion. We're launching our own technology platform in the early summer, and then later on this year we're going to be adding what's called PLG or a product led growth, so individuals can actually sign up to SIA. >> Yeah, I mean, I think you said $1,000 per year per rep, is that right? I mean, that's- >> Yeah. >> That's a small investment for an individual that wants to be part of, you know, this community and grow his or her career. So that's the growth plan? You go down market I would imagine, you talked about the western hemisphere, there's international opportunities maybe, local language. What's the growth plan? >> Yeah, I mean look, we've identified the magic learning hour for the middle east and APAC, which is eight o'clock in the morning in Istanbul, right. Is 5:00 PM in Auckland, it's quite fun trying to work out like what this optimum magic learning hour is. What's incredible is we teach in that time and that opens up the whole of the middle east and the whole of APAC, right, right down to Australia. And so once we're teaching the curriculum in those two slots, that means literally you can have teams in any country in the world, I think apart from Hawaii, you can actually access our live learning products in work time and that's incredibly powerful. So we have so many like axis of growth, we've got single users as I mentioned, but really Dave that's single users we'll be winning from the enterprise and that will represent pipeline that we could then potentially convert as well. And look, you make a very good point. You know, we've seen students are now leaving university with over $100,000 dollars in debt. We've got a massive, massive debt problem here in the US with student debt. You could absolutely sign up to our platform at let's say a hundred bucks a month, right. And probably within six months, gain enough knowledge and skill to walk into a $60,000 a year based salary job as an SDR, that's a huge entry level salary. And you could do that without even going to university. So there could be a time here where we become a really viable alternative to actually even going to university. >> I love it. The cost education going through the roof, it's out of reach for so many people. Paul, congratulations on the progress, the fresh funding. Great to have you back in "The Cube." We'd love to have you back and follow your ascendancy. I think great things ahead for you guys. >> Thank you very much, Dave. >> All right, and thank you for watching. This is Dave Vellante for "The Cube, we'll see you next time. (upbeat music)

(upbeat music) >> Good evening, guys. Welcome back to Las Vegas, theCUBE is here live at AWS re:Invent 2021. I'm Lisa Martin. We have two live sets, two remote sets, over 100 guests on theCUBE talking with AWS, and its massive ecosystem of partners bringing you this hybrid tech event, probably the biggest of the year, and I'm pleased to welcome Stephen Kovac next, the Chief Compliance Officer at Zscaler. Stephen, how's it going? >> Well, it's going well, Lisa. Thank you for asking, enjoying Vegas, loving the conference, unbelievable. >> Isn't it great to be back in person? >> Oh, it's so great, I've seen people. >> Conversations you can't replicate on video conferencing, you just can't. >> Can't, and you see people you haven't seen in two years, and it's like all of a sudden you're best buddies again. It's just wonderful, it's so great to back. >> It is, and AWS in typical fashion has done a great job of getting everybody in here safely. I'm not at all surprised, that's what I expected, but it's been great. And I hope that this can demonstrate to other companies, you can do this safely. >> You can, I think so. I mean, there's a lot of effort going into this, but as usual AWS does it right. So, you expect that. >> They do. Talk to me about the Zscaler-AWS partnership. What's going on? >> Well, it's a great partnership. So AWS and Zscaler have been partners since the beginning of Zscaler. We are the largest security cloud in the world. We're born and bred in the cloud security company. So literally we wrote one application that does global security, everything from firewall to proxy, secure web gateway, to DLP, to all this in one piece of software. So, in the past where people would buy appliances for all these devices and put them in their own data center, we wrote a software that allows us to put that in the cloud, run it on the cloud globally around the world. And our partnership with AWS is, we originally built that on AWS, and today still AWS is our prime partner, especially in the zero trust side of our business. So, great relationship, long-term and great I think for both of us, it's been a very, very... >> Fruitful partnership, synergistic? >> Synergistic, love that, so yes. >> You mentioned zero trust, and we have seen such massive changes to the security and the threat landscape the last 20, 22 months. Talk to me about the recent executive order calling for zero trust, how does Zscaler's partnership with AWS help you enable organizations, fed, SLED, DoD, to be able to actually bring in and apply zero trust? >> Yeah, great question. Five years ago I was tasked to bring Zscaler into the government side of the business. So I was employee one to do that. It was a great honor to do it. And the first thing we did is we partnered with AWS because we needed to get FedRAMP compliant. We knew we were going to go into DoD. So we needed to go to the Impact Level five. And eventually we'll be able to go up level six with AWS. And so it was our partnership started there. And as you've seen in five years with all the change that's happened, that obviously the breaches like SolarWinds, and the people up here talking about them all week with you I'm sure. The executive order came down from the Biden Administration, who I completely salute for being just tremendous leaders in the cybersecurity space. And the executive order, one of the big pieces of the executive order was every agency must produce a plan for zero trust. So our cloud platform that is on AWS is a zero trust platform. It is the first and only zero trust platform to get authorized by the federal government at the FedRAMP level, and now the IL five level. So, together we are literally capturing and taking over the, being the leader in the zero trust space for the federal government. And I'm going to get a sip of water, so forgive me, I've been here all week talking to a lot of people, so forgive me for that. >> That's one thing that we don't have to deal with when we're on Zoom, right, is you don't really have the risk of losing your voice. >> Stephen: There you go. >> But in terms of the executive order, something that you mentioned, SolarWinds, Colonial Pipeline, we only hear about some of the big ones. The fact that ransomware happens one attack every 10, 11 seconds, it's a matter of when we get hit, not if. >> As you know, the story coming up from me, coming up on stage with you today, I just got myself breached just this morning, just individually. So yes, it's going to get all of us. And especially, I think when you look at zero trust and ransomware and how they worked out how zero trust can prevent it, you look at the SLED market, you know, state, local governments, they don't have the dollars to go spend like DHS does, or say, some of the DoD does. So, our partnership with AWS allows us to produce a product that is very cost-effective on a per user basis, consumption model, which is what AWS has been famous for since day one, right, the consumption model, use it when you need it, don't use it when you don't. We built our software the same way. So, at some point in a year, in a school year, we'll ramp up with some schools up to a hundred thousand users in the district, and over the summer we'll ramp down to a thousand, and we just bill them for that. So it's a beautiful relationship that we partner in not just the executive order, but being a partner in SLED, fed in the sense that matches making our business together, match the government's business. And that makes us a true leader and makes us a cost-effective solution. And if you think about it just for a moment, yesterday, I told you I was testifying in front of the Senate. And one of the questions I got asked was, oh, how many security updates do you guys see a year? I said, a year, well, we do over 200,000 a day. 200,000 security updates from potential hackers every single day. And we're doing that over 200 billion transactions a day run on AWS. So it's tremendous partnership, and to be able to work like that, and at that kind of volume, and be able to go up and down with the, and you got AWS able to scope up and down, and us to be able to ride that wave with them. It's been great. >> One of the things that we always talk about when we talk AWS is they're customer focused or customer obsession that, hey, we start backwards, we work backwards from the customer. Same thing, synergistic from a cultural perspective? >> Absolutely, I mean, one of the things I always love about AWS and I've been a customer of AWS for many years, even prior to my Zscaler days, I love the way they approach things, right? If they're not trying to go out and sell it, they're trying to meet with the customer and find out what the customer needs, and then build a solution. We're the same way. I always tell, you know, when you think of our solutions, Zscaler, I always tell my sales teams, I say it takes four sales calls for people to really understand what we do. And AWS, in the beginning of AWS, it was kind of the same thing. In the old days, you know, we all just built data centers and we had all these racks, and all this expense and mesh is what you did. It was unusual back in the day, 10 years ago, and I've been to every single re:Invent. I mean, the first one there was like, you're actually going to put all your stuff in this unknown cloud thing, and it will be available when you need it? So yes, you know, the way that they did it is the same way we do it together today. And we do it together today. We partner on many deals today where we're both, our teams are in there together, selling together, whether it's the DoD, federal agencies, SLED agencies, and commercial, you know, selling it hand-in-hand because it's that same philosophy is we're going to build what a customer needs. We're not going to tell the customer what they need. We're going to hear what they need, and that's the same relationship. So I'm going to get another sip real quick. >> Go for it. One of the things that has been a theme that we've heard the last couple of days is every company needs to be a data company or private sector, public sector, and if they're not, they're probably not going to be around much longer. How do you help customers get their handle around that? Because the security threats are only increasing. I mean, it's ransomware as a service. The fact that these criminals are getting much more brazen, you just had this happen to yourself, but enabling them to become data-driven organizations and use the data, extract the value from it securely, that's hard. >> It is, I mean, if you think back in the day, I mean, companies didn't have chief compliance officers that worked in the space that we do. Their chief compliance officer back in the day was the guy that was writing your HR issues and what OSHA issues, and of course, I still deal with some of that stuff, but my true job is really around the data, right? You know, how do we build our platforms, what decisions we make on our platforms, how we're going to certify them to support that, and I mean, chief data officers, chief security officers, I mean, you go into companies today, even car dealerships today. I mean, I'm picking one, you never thought of them having a security officer, but they do, they have to, they have to. And I mean, basic school districts, I mean, I don't about you, when I was a kid and went to school, they didn't have computers, but when my kid went to school, they did, but they didn't have a security officer. Now today, every single school district has security officers. I mean, I love how you said it, that data-driven, that data thought is there. It has to be, it's a real threat. And the sad thing is of these ransomware attacks, how many don't get reported. >> Oh, right, we're only hearing about a select few. >> The numbers are something like 88% don't get reported. It's that big. So that just tells you, we hear the big ones, right, Colonial Pipeline, things like that. We don't hear about West Texas or Middle Illinois school district that paid five grand because somebody had something on the school. That's how, as you said, this ransomware as a service security, we call it a security as a service, there's SaaS, which is software as a service, we're security software as a service, and AWS is the infrastructure as a service that we run on. And that's how it works well together. >> Do you guys go into accounts together from a go-to-market perspective? >> We, do, we can always do a better job. And my good friend here at AWS, who's probably listening, we can always do better. But yeah, so it is become something that, especially in the government space we do, in federal, DoD, because the certifications are really important, certifications are important everywhere, and we have many, we talked about all the certifications we have in federal, FedRAMP and IL five, and we have a plethora of those certifications in the commercial space. But they mean in a federal space, they're really the ticket. They call them the ENERGY STAR of approval, good housekeeping piece. So, you know, having that, teaming up with AWS who we partner together and because AWS has the same certs, we can sell at the same levels. And we do a really great job of co-selling in that space together. And I think when they look at us and they say, well, you're AWS, they've got their FedRAMP high, IL five, and you're Zscaler, you got your FedRAMP high, IL five. Yes, we can do business with these guys, and that's important. >> So you guys both open doors for each other. >> We do, we do in many cases, yeah. As a matter of fact, re:Invent five years ago, a buddy of mine here opened a big, big account for us, which is today our largest account in federal came from re:Invent, where came up to me and said, hey, my customer wants to, he's looking to do something, they're an agency that has global footprint, and they're like, we want to do something as a security as a service. They don't want to ship boxes all over the place. And we just met the customer for a coffee, and next thing you know, became our, still today, our probably largest customer in federal. >> Wow, well, this is the 10th re:Invent, you said you've been to all of them. >> Stephen: I have been to all of them. I can't lie, but I can't say I did all the virtual ones. I mean, I was logged in. (laughs) >> That's okay, we'll wink on that one. But, one of the things then, we've just got about a minute left here, is in new leadership, Andy Jassy being promoted to the CEO of Amazon, we've got Adam Selipsky, heard lot of announcements and news from Adam yesterday, but some of the things that we've been talking about on theCUBE is the first 15 years of innovation at AWS, that's going to accelerate. Do you see that also, like if you look forward to the next decade, do you see things moving much faster than they did the past decade? >> I don't think they can't. I mean, I shouldn't say they have to. And the change of the guard as you might call it here, is it's always good to have a change of the guard I think. You know, the question is when's Andy going to go to space? I mean, that's the next. (Lisa laughs) I think you have the guys who got AWS to the dance, and now the dance, who's going to become the belle of the ball. And this next generation of leadership coming in is fabulous. I think they've made great decisions, and I think they're going to do really well. And we're behind them, we support it. I got a chance to meet with most of them, love a chance to meet with Andy, I haven't met with him yet. So Andy, I'd love to meet you sometime soon. But I'm very impressed with what they've done. And yes, I think it's going to be, the last 10 years of growth is going to be a year next year. I think literally, you take 10 years be compressed to a year, and then next year it will be compressed to a day. So it's moving that fast. >> Yep, get your neck brace on, prepare for that whiplash. >> Yeah, right? That's what I said to Jeff when Jeff went to space, that's how fast we're about to travel, right? But it's really relative. >> It is, there is no limit. Well, Stephen, thank you for joining me, talking about Zscaler, AWS, what you guys are doing, how you're helping to revolutionize the public sector, fed, SLED, a lot of great stuff there. Security is an ever-evolving topic, and we appreciate all of your insights. >> Well, it was wonderful to be here. Great to see you again. And great to be back with all our friends at re:Invent. >> All of our friends, exactly. >> Stephen: Thank you so much for the time today. >> My pleasure. For Stephen Kovac, I'm Lisa Martin. You're watching theCUBE, the global leader in live tech coverage. (pleasant music)

(bright music) >> Welcome back to AWS re:Invent. You're watching theCUBE. And we're here with Steve Mullaney, who is the president and CEO of Aviatrix. Steve, I got to tell ya, great to see you man. >> We started the whole pandemic, last show we did was with you guys. >> Steve: Don't say we started, we didn't start it. (steve chuckles) >> Right, we kicked it off (all cross talking) >> It's going to be great. >> Our virtual coverage, that hybrid coverage that we did, how ironic? >> Steve: Yeah, was as the world was shutting down. >> So, great to see you face to face. >> Steve: Great to see you too. >> Wow, so you're two years in? >> Steve: Two and a half years yeah. >> Started, the company was standing start $2 billion valuation, raised a bunch of dough. >> Steve: Yeah. >> That's good, you got to feel good about that. >> We were 38 people, two and a half years ago, we're now 400. We had a couple million in ARR, we're now going to be over a 100 million next year, next calendar year, so significant growth. We just raised $200 million, three months ago at a $2 billion valuation. Now have 550 customers, 54 of them are fortune 500, when I started two and a half years ago, we didn't have any fortune 500s, we had probably about a 100 customers. So, massive growth, big growth (indistinct). >> Awesome, I got to ask you, I love to ask CEO's, entrepreneurs, how did you know when to scale? >> You just know it, when you see it. (indistinct) Yeah, there's no formula, you just know it and what you look for is that point where you say, okay, we've now proven the model and until you do that you minimize things and we actually just went through this. We had 12 sales teams, four months ago, we now have 50. 50, five zero and it's that step function as a company, you don't want to linearly grow 'cause you want to hold until you say, it's happening. And then once you say it's happening, okay, the dogs are eating the dog food, this is good then you flip the other way, and then you say, let's grow as fast as we possibly can and that's kind of the mode we're in right now. >> Okay, You've... >> You just know it when you see it. >> Other piece of that is how fast do you scale? And now you're sort of doing that step function as your going. >> Steve: We are going as fast as we possibly can. >> Wow, that's awesome, congratulations and I know you've got to long way to go. So okay, let's talk about the big trends that you're seeing that Aviatrix has taken advantage of, maybe explain a little bit about what you guys do. >> Yeah. So we are, what I like to call Multi- Cloud Native Networking and Network Security. So, if you think of... >> David: What is multicloud native? You got to explain that. >> I got to to explain that. Here's what's happened, it's happening and what I mean by it's happening is, enterprises at two and a half years ago, this is why I joined Aviatrix, all decided for the first time, we mean it now, we are going into Cloud 'cause before that they were just mouthing it. And they said, "We're going into the Cloud." And oh by the way, I knew two and a half years ago of course it was going to be multicloud, 'cause enterprises run workloads where they run best. That's what they do, it's sometimes it's AWS, sometimes it's ads or sometimes it's Google, it's of course going to be multicloud. And so from an enterprise perspective, they love the DevOps, they love the simplicity, the automation, the infrastructure is code, the Terraform, that Cloud operational model, because this is a business transformation, moving to Cloud is not a technology transformation it's the business. It's the CEO saying we are digitizing we have an existential threat to the survival of our company, I want to grow a market share, I want to be more competitive, we're doing this, stop laying across the tracks technology people, will run you over, we're doing this. And so when they do that as an enterprise, I'm BNY Mellon, I'm United Airlines, you name it, your favorite enterprise. I need the visibility and control from a networking and network security perspective like I used to have on-prem. Now I'm not going to do it in the horrible complex operational model the Cisco 1994 data center, do not bring that crap into my wonderful Cloud, so that ain't happening but, all I get from the Native constructs, I don't get enough of that visibility and control, it's a little bit of a black box, I don't get that. So where do I get the best of the Cloud from an operational model, but yet with the visibility and control that I need, that I used to have on-prem from networking network security, that's Aviatrix. And that's where people find us and so from a networking and network security, so that's why I call it multicloud Native because what we do is, create a layer basically an abstraction layer above all the different Clouds, we create one architecture for networking and network security with advanced services not basic services that run on AWS, Azure, Google, Oracle, Ali Cloud, Top Secret Clouds, GovClouds, you name it. And now the customer has one architecture, which is what enterprises want, I want one network, I want one network security architecture, not AWS Native, Azure Native, Google Native. >> David: Right. >> We leverage those native constructs, abstract it, and then provide a single common architecture with demand services, irrespective of what Cloud you're on. >> Dave, I've been saying this for a couple of years now, that Cloud Native... >> Does that make sense Dave? >> Absolutely. >> That abstraction layer, right? And I said, "The guys who do this, who figure this out are going to make a lot of dough." >> Yeah. >> Snowflakes obviously doing it. >> Yeah. >> You guys are doing it, it's the future. >> Yeah. >> And it's really an obvious construct when you look back at the world of call it Legacy IT for a moment... >> Steve: Yeah. >> Because did we have different networks to hookup different things in a data center? >> No, one network. >> One network of course. I don't care if the physical stack comes from Dell, HP or IBM. >> Steve: That's right, I want an attraction layer above that, yeah. >> Exactly. >> So the other thing that happens is, everybody and you'll understand this from being at Oracle, everybody wants to forget about the network. Network security, it's down in the bowels, it's like plumbing, electricity, it's just, it has to be there but people want to forget about it and so you see Datadog, you see Snowflake, you see HashiCorp going IPO in early December. Guess what? That next layer underneath that, I call it the horsemen of the multicloud infrastructure is networking and network security, that's going to be Aviatrix. >> Well, you guys make some announcements recently in that space, every company is a security company but you're really deep into it. >> Well, that's the interesting thing about it. So I said multicloud Native Networking and Network Security, it's integrated, so guess where network security is going to be done in the Cloud? In the network. >> David: Network. >> Yeah in the network. >> What a strange concept but guess what on-prem it's not, you deflect traffic to this thing called a firewall. Well, why was that? I was at Synoptics, I was at Cisco 'cause we didn't care about network security, so that's why firewall companies existed. >> Dave: Right. >> It should be integrated into the infrastructure. So now in the Cloud, your security posture is way worse than it was on-prem. You're connected to the internet by default so guess what? You want your network to do network security, so we announced two things in security; one, we're now a security competency partner for AWS, they do not give that out lightly. We were networks competency four years ago, we're now network security competency. One of the few that are both, they don't do that, that took us nine months of working with them to get there. And they only do that for the people that really are delivering value. And then what we just announced what we call, 'ThreatIQ with ThreatGuard.' So again, built into the network because we are the network, we understand the traffic, we're the control plane and the data plane, we see all traffic. We integrate into the network, we subscribe to threat databases, public databases, where we see what are the malicious IPS. If we have any traffic anywhere in your overall, and this is multicloud, not just AWS, every single Cloud, if we see that malicious traffic going some into IP guess what? It's probably BIT Mining, Bitcoin, crypto mining, it's probably some sort of data ex filtration. It could be some tour thing that you're connected to, whatever it is, you should not have traffic going. And so we do two things we alert and we show you where that all is and then with ThreatGuard, we actually will do a firewall rule right at that gateway, at that point that it's going out and immediately gone. >> You'll take the action. >> We'll take the action. >> Okay. >> And so every single customer, Dave and David, that we've shown this new capability to, it lights up like a Christmas tree. >> Yeah al bet. Okay, but now you've made some controversial statements... >> Steve: Which time? >> Okay, so you said Cisco, I think VMware... >> Dave: He's writing them down. >> I know but I can back it up. >> I think you said the risk, Cisco, VMware and Arista, they're not even in the Cloud conversation now. Arista, Jayshree Ullal is a business hero of mine, so I don't want to... >> Steve: Yeah, mine too. >> I don't want to interrogate her, she's awesome. >> Steve: Yeah. >> But what do you mean by that? Because can't Cisco come at this from their networking perspective and security and bring that in? What do you mean by they're not in the Cloud conversation? >> They're not in the conversation. >> David: Okay, defend that. >> And the reason is they were about four years ago. So when you're four years ago, you're moving into the Cloud, what's the first thing you do? I'm going to grab my CSR and I'm going to try to jam it in the Cloud. Guess what? The CSR doesn't even know it's in the Cloud, it's looking for ports, right? And so what happens is the operational model is horrendous, so all the Cloud people, it just is like oil and water, so they go, oh, that was horrendous. So no one's doing that, so what happens in the Cloud is they realize the number one thing is the Cloud operational model. I need that simplicity, I have to be a single Terraform provider, infrastructure is code. Where do I put my box with my wires? That's what the on-prem hardware people think. >> David: The selling ports your saying? >> The selling boxes. >> David: Yeah. >> And so they'll say, "Oh, we got us software version of it, it runs as a VM, it has no idea it's in the Cloud." It is not Cloud Native, I call that Cloud naive, they don't understand so then the model doesn't work. And so then they say, "Okay, I'm not going to do that." Then the only other thing they can do, is they look at the Cloud providers themselves and they say, "All right, I'm going to use Native constructs, what do you got?" And what happens basically is the Cloud providers say, "Well, we do everything and anything you'll ever need and networking and network security." And the customers, "Oh my God, it's fantastic." Then they try to use it and what they realize is you get very basic level services, and you get no visibility and control because they're a black box, you don't get to go in. How about troubleshooting, Packet Captures, simple things? How about security controls, performance traffic engineering, performance controls, visibility nothing, right? And so then they go, "Oh shit, I'm an enterprise, I'm not just some DevOps Danny three years ago, who was just spinning up workloads and didn't care about security." No, that was the Cloud three years ago. This is now United, BNY, Nike. This is like elite of elite. So when my VC was here, he said, "It's happening." That's what he meant, it's happening. Meaning enterprises, the dogs are eating the dog food and they need visibility and control, they cannot get it from the Cloud providers. >> It's happening in early days Dave. >> So Steve, we're going to stipulate that you can't jam this stuff into Cloud, but those dinosaurs are real and they're there. Explain how you... >> Steve: Well you called them dinosaurs not me but they're roaming the earth and they're going to run out of food pretty soon. (all laughing) The comet hit the earth. >> Hey, they're going to go down fighting. (all laughing) >> But the dinosaurs didn't all die the day after the comet hit the earth... >> Steve: That's right. >> They took awhile. >> Steve: They took a while. >> So, how are you going to saddle them up? That's the question because you're... >> Steve: It's over there walking dead, I don't need to do anything. >> Is it the captain Kirk to con, let them die. >> Steve: Yeah. >> Because you're in the Cloud, you're multicloud... >> Steve: Yeah. >> That's great, but 80% of my IT still on-prem and I still have Cisco switches. Isn't that just not your market or? >> When IBM and DEC did we have to do anything with IBM and DEC in the 90s, early 90s, when we created BC client server, IP architectures? No, they weren't in the conversation. >> David: Yeah. >> So, we dint compete with them, just like whatever they do on-prem, keep doing it, I wish you the best. >> But you need to integrate with them and play with them. >> Steve: No. >> Not at all? >> No, no we integrate, here is the thing that's going to happen, so to the on-prem people, it's all point of reference. They look at Cloud as off-prem, I'm going to take my operational model on-prem and I'm going to push it into the Cloud. And if I push it into multiple Clouds, they're going to call that multicloud, see we are multicloud. You're pushing your operational model into the Cloud. What's happening is Cloud has won, it won two and a half years ago with every enterprise. It's like a rock in the water. And what's going to happen is that operational model is moving out to the edge, it's moving to the branch, it's moving to the data center and it's moving into edge computing. That's what's happening... >> So outpost, so I put an outpost in my data center... >> Outpost looks like... >> Is that Aviatrix? >> Absolutely, we're going to get dragged with that... >> Dave: Okay, alright. >> Because we're the networking and network security provider, and as the company pushes out, that operational model is going to move out, not the existing on-prem OT, IT branch office then pushing in. And so, what's happening is you're coming at it from the wrong perspective. And this wave is just going to push over and so I'm just following behind this wave of AWS and Azure and Google. >> Here's the thing, you can do this and you don't have a bunch of legacy deductible debt... >> Steve: Yeah. >> So you can be Cloud Native, multicloud native, I think you called it? >> Steve: Yeah, yeah. >> I love it, you're building castles on the sand. >> Steve: Yeah. >> Jerry Chen's thing. >> Steve: Yeah. >> Now, the thing is, today's executives, they're not as naive as Ken Olsen, UNIX as, "Snake oil," who would need a PC, so they're not in denial. >> They're probably not in denial, yeah. >> Right, and so they have some resources, so the problem is they can't move as fast as you can. So, you're going to do really well. >> Steve: Yeah. >> I think they'll eventually get there Steve, but you're going to be, I don't know how many, four or five years ahead, that's a nice lead. >> That's a bet I'll take any day. >> David: Then what you don't think they'll ever get there? >> No, 10 years. (steve laughing) >> Okay, but they're not going out of business. >> No, I didn't say that. >> I know you didn't. >> What they're doing, I wish them all the best. >> Because a lot of their customers move... >> I don't compete with them. >> Yeah. We were out of time. >> Yeah. >> What did you mean by AWS is like Sandals? You mean like cool like Sandals? >> Steve: Oh, no, no, no. I don't want to... >> You mean like the vacation place? >> Have you ever been to Sandals? >> I never done it. What do you mean by that? >> There coming, there coming. Which version of sandals (indistinct)? (people cross talking) >> This is for an enterprise by the way, and look, Sandals is great for a lot of people but if you're a Cloud provider, you have to provide the common set of services for the masses because you need to make money. And oh, by the way, when you go to Sandals, go try it, like get a bottle of wine, they say, "We got red wine or white wine?" "Oh, great, what kind of red wine?" "No, red wine and it's in a box." And they hope that you won't know the difference. The problem is some people in enterprises want Four Seasons, so they want to be able to swipe the card and get a good bottle of wine. And so that's the thing with the Cloud, but the Cloud can't offer up a 200 bottle of wine to everybody. My mom loves box wine, so give her box wine. Where ISBs like us come in, is great but complimentary to the Cloud provider for that person who wants that nice bottle of wine because if AWS had to provide all this level of functionality for everybody, their instant sizes would be too big, >> Too much cost for that. (people cross talking) You're right on. And as long as you can innovate fast and stay ahead of that and keep adding value... >> Well, here's the thing, they're not going to do it for multicloud either though. >> David: I wouldn't trust them to do it with multicloud. >> No. >> David: I wouldn't. >> No enterprise would and I don't think they would ever do it anyway. >> That makes sense. Steve, we've got to go man. You're awesome, love to have you on theCUBE, come back anytime. >> Awesome, thank you. >> All right, keep it right there everybody. You're watching theCUBE, the leader in enterprise tech coverage. (bright music)

(upbeat music) >> Hey, welcome to theCUBE's coverage of AWS re:Invent 2021. I'm Lisa Martin, and I'm pleased to be joined by Jessica Alexander, who is the VP of Cloud Solutions Sales and Alliances at CrowdStrike. Jessica, welcome to the program. >> Thank you, Lisa. It's great to be here. >> So we're going to unpack a lot today, some news, what's going on with the threat landscape, what you're seeing across industries, but I want to get started talking a little bit about your team. As I mentioned, VP of Cloud Solutions Sales and Alliances. Talk to me about your team because you have a unique GTM here that I'd like to get into. >> Sure. Thank you, Lisa. Well, we recently launched our new cloud security products, Cloud Workload Protection and Horizon earlier this year. So we wanted to make sure that we accelerated our entry into this new product market, this new addressable market, and so we established not only a cloud sales specialist team that helps our core sellers as well as our partners sell our new cloud security products but we also wanted to make sure it was tightly integrated and aligned with our Cloud Alliances so specifically our co-sell relationship and partnership that we have with AWS. >> Got it. Let's talk about some of the things you mentioned, Aksino acceleration entering into the market. We saw a lot of acceleration in the last 20 months and counting, especially with respect to cloud adoption, digital transformation, but also the threat landscape things have accelerated. Wanted to get some information from you on what you've seen. We've seen and talked to a lot of folks on ransomware stats, you know, it's up nearly 11x in the first half of '21, but you guys have some unique stats and insights on that. Talk to me about what CrowdStrike is seeing with respect to that threat landscape and who it's impacting. >> Sure. You know, we have a unique perspective. CrowdStrike has millions of sensors out in our customer environments, they're feeding trillions of events into the cloud and we're able to correlate this data in real time, so this gives us a very unique perspective into what's happening in adversary activity out in the world. We also get feeds from our incident response teams that are actively responding to issues, as well as our Intel operatives out in the world. So, you know, we correlate these three sources of data into our threat graph in the cloud powered by AWS, which gives us very good insights into activity that we're seeing from an adversary perspective. So we also have a group called the OverWatch team, they are 24 by seven, you know, humans monitoring our cloud and monitoring our customer's networks to detect or, you know, get pre-breach activity information. And what they're seeing is that, you know, over this last year, an adversary is able to enter a network and move laterally into that network within one hour and 32 minutes. Now, you know, this is really fast, especially when you consider that in 2020, that average was four hours and 37 minutes for a threat actor to move laterally, you know, infiltrate a network and then move laterally. So, you know, the themes that we're seeing are adversaries are getting a lot faster and a lot more efficient, and, you know, as more companies are moving to remote work environments, you know, setting up virtual infrastructure for employees to use for work and productivity, you know, that threat landscape becomes more critical. >> Right? It becomes more critical. It becomes bigger. And of course we are in this work from anywhere environment that's going to last or some amount of it will persist permanently. So what you're saying is you're seeing a 4x increase in the speed with which adversaries can get in and laterally move within a network, so dramatically faster in a year over year period, where, so there's been so much flux in every market and of course in our lives, what are some of the things that you're helping customers do to combat this growing challenge? >> Well, it really goes back to being predictive and having that real time snapshot of what's going on and being able to proactively reach out to customers before anything bad happens and, you know, we're also seeing that ransomware continues to be an issue for customers, so, you know, having the ability to prevent these attacks and ransomware from happening in the first place and really taking the advantage that an adversary may have from a speed or intelligence perspective, taking that advantage away by having the Falcon Platform actively monitoring our customer environments is a big advantage. >> So let's talk about, speaking of advantages, what are you guys announcing at re:Invent this year? >> Sure. Well, we have two new service integrations with Amazon EKS, AWS Outpost and AWS Firelands to talk about this year. The cool thing is that, you know, customers are going to get our wonderful breach protection that we have, you know, the gold standard of breach protection, they'll have that available on various cloud services. And what it does is it provides consistent security and simplified operational management across AWS services, as customers extend those from public cloud to the data center, to the edge. And you know, the other great benefit is that it accelerates threat hunting, so we were talking about, you know, being able to predict and see what adversaries are doing. You know, one of the great customer benefits is that they can do that with their own teams and be able to do that on a cloud infrastructure as well. >> And how much of the events of the last 20 months was a catalyst or were catalysts for these integrations that you just mentioned? I imagine the threat landscape growing ransomware becoming a 'when we get hit not if' would have been some of those catalysts. >> Well, you know, we're seeing that the adoption of cloud services, especially for end user computing is growing much faster than traditional on-prem desktops, laptops, as people continue to work remotely and customers need to be, or corporations need to be efficient at how they manage end user computing environments. So, you know, we are seeing that adversary activity is picking up, they're getting smarter about, you know, leveraging cloud services and potential misconfigurations, there're really four key areas that we see customers struggle with, whether it be, you know, the complexity of cloud services, whether it be shadow IT, and a lot of the security folks don't necessarily know where all the cloud services are being deployed, then you've got, you know, kind of the advanced techniques that adversaries are using to get into networks. And then, you know, last but certainly not least is skills shortage. We're finding that a lot of customers want a turnkey solution, where they don't have to have a team of cloud security specialists to respond or handle any misconfigurations or issues that come up. They want to have a turnkey solution, a team that's already watching and reaching out to them to say, "Hey, you may want to look into XYZ and update a policy, or, you know, activate this new, you know, this feature in the platform." >> Yeah. That real time, the ability to have something that's turnkey is critical in this day and age where things are moving so quickly, there's so much being accelerated, good stuff and bad stuff. But also you mentioned that cybersecurity skills gap, which is in its, I think it's in its fifth year now, which is a big challenge for organizations as this scattered, work from anywhere persists as does the growth of the threat landscape. Let's get into now, for, you mentioned the adoption of cloud services has gone up considerably in this interesting time period, how is CrowdStrike helping customers do that securely, migrate from on-prem to the cloud with that security and that confidence that their landscape is protected? >> Yeah, well, we find obviously in the shared responsibility model, the great thing is that, you know, CrowdStrike and AWS team up to help, you know, customers have a better together experience as they migrate to the cloud. AWS is obviously responsible for the security of the cloud and customers are responsible for the security in the cloud. And in speaking with our customers who are moving or have moved to cloud services, and they really want a trusted and simple platform to use when securing their data and applications. So what, you know, they also have hybrid environments that can get complex to support, and, you know, we want to be able to provide them with a unified platform, a unified experience, regardless of where the workload is running or what services that it's using. You know, they have that unified visibility and protection across all of the cloud workloads. We're also, you know, seeing that, especially the reason we're doing this great integration with Outpost and EKS Anywhere is that customers are, you know, taking their cloud services out to their data centers as well as to the edge locations and branch offices, so they want to be able to run EKS on their own infrastructure. So it's important that customers have that portability that regardless of whether it's a laptop or an EC2 instance or an EKS container, you know, they have that portability throughout the continuum of their cloud journey. >> That continuum is absolutely critical as we, you know, talk about cloud and application or continuum from the customer's perspective, the cloud continuum is something that is front and center for customers, I imagine in every industry. >> Oh, for sure, 'cause every industry is adopting cloud maybe at a different speed, maybe for different applications, but, you know, everybody's moving to the cloud. >> So talk to me about what you're announcing with AWS, let's get into a little bit about the partnership that CloudStrike and AWS have, let's unpack that a bit. >> Sure. You know, we've been an AWS advanced technology partner for over five years. We've had our products, we now have six of our CrowdStrike products listed on AWS Marketplace. We're an active co-sell partner and, you know, have our security competency and our well-architected certification. And really it's about building trust with our customers. You know, AWS has a lot of wonderful partner products for customers to use and it's really about building trust that, you know, we're validated, we're vetted, we have a lot of customers who are using our products with AWS, and, you know, I think it's that tight collaboration, for example, if you look at what we're doing with Humio, we've implemented a quick start program, which AWS has to get customers quickly deployed with an integration or a new capability with a partner product. And what this does is it spins up a quick cloud formation template, customer can integrate it very quickly with the AWS Firelands and then, you know, all that log information coming from the AWS containers is easily ingested into the Humio platform. And so, you know, it really reduces the time to get the integration up and running as well as pulling all that data into the Humio platform so that customers can, like we said earlier, go back and threat hunt across, you know, different cloud service components in a quick and easy way. >> Quick and easy is good as is faster time to value. You mentioned the word trust, and, you know, we talk about trust, we've been talking about it for years as it relates to technology, but I'm curious, Jessica, in the last year and a half, if your customer conversations have changed, is trust now even more important than ever as there are so many things in flux, have you noticed any sort of change there in your customer conversations? >> Well, you know, I think trust is extensible. And over the last 10 years, CrowdStrike's done a really great job of building customer trust. And, you know, we started out as, you know, kind of primarily EDR and we've moved into prevention and now we're moving into identity protection and XDR so, you know, I see a pattern that, you know, we've built this amazing core of trust across our existing customers, and as we offer more capabilities, whether it be, you know, cloud security or XDR, identity protection, you know, customers trust us and so they're very willing to say, "ah well, I want to try out these new capabilities that CrowdStrike has because we trust you guys, you know, you've done a lot to protect our brand and, you know, really make our internal teams a lot more efficient and a lot smarter." So, you know, I think while trust is important, it's also something that we get to carry forward as we enter new markets and continue to innovate and provide new capabilities for our customers. >> And really extending that trusted, valued partner relationship that you've already established with customers in every industry. So where can customers go? So the joint GTM customers, and you said products available in the AWS marketplace, but where do you recommend customers go to learn more about how they can work with these joint solutions that CrowdStrike and AWS have together? >> Absolutely. We have a landing page on AWS, if you Google AWS and CrowdStrike, whether it be marketplace or EKS Anywhere, Amazon outposts, we're on all the joint product pages with Amazon, as well as always going to crowdstrike.com and looking up our cloud security products. >> Got it. And last question for you, Jessica, summarize the announcement in terms of business outcomes that it's going to enable your joint customers to achieve. >> Absolutely. You know, I think it goes back to probably the primary reason is complexity. And, you know, with complexity comes risk and blind spots so being able to have a unified platform that no matter where the workload is, or the employee may be, they are protected and have, you know, a unified platform and experience to manage their security risk. >> Excellent. Jessica, thank you so much for coming on the program today, sharing with me, what's new with CrowdStrike, some of the things that you're seeing, and what you're helping customers to accomplish in a very dynamic environment, we appreciate your time and your insights. >> Thank you for having me, Lisa. >> For Jessica Alexander, I'm Lisa Martin, and you're watching theCUBE's coverage of AWS re:Invent 2021. (gentle music)