foreign okay we're back at Falcon 2022 crowdstrike's big user conference first time in a couple of years obviously because of kova this is thecube's coverage Dave vellante and Dave Nicholson wall-to-wall coverage two days in a row Michael Rogers the series the newly minted vice president of global alliances at crowdstrike Michael first of all congratulations on the new appointment and welcome to the cube thank you very much it's an honor to be here so dial back just a bit like think about your first hundred days in this new role what was it like who'd you talk to what'd you learn wow well the first hundred days were filled with uh excitement uh I would say 18 plus hours a day getting to know the team across the globe a wonderful team across all of the partner types that we cover and um just digging in and spending time with people and understanding uh what the partner needs were and and and and it was just a it was a blur but a blast I agree with any common patterns that you heard that you could sort of coalesce around yeah I mean I think that uh really what a common thing that we hear at crowdstrike whether it's internal is extra external is getting to the market as fast as possible there's so much opportunity and every time we open a door the resource investment we need we continue to invest in resources and that was an area that we identified and quickly pivoted and started making some of those new investments in a structure of the organization how we cover Partners uh how we optimize uh the different routes to Market with our partners and yeah just a just a it's been a wonderful experience and in my 25 years of cyber security uh actually 24 and a half as of Saturday uh I can tell you that I have never felt and had a better experience in terms of culture people and a greater mission for our customers and our partners you'll Max funny a lot of times Dave we talk about this is we you know we learned a lot from Amazon AWS with the cloud you know taking something you did internally pointing it externally to Pizza teams there's shared responsibility model we talk about that and and one of the things is blockers you know Amazon uses that term blocker so were there any blockers that you identified that you're you're sort of working with the partner ecosystem to knock down to accelerate that go to market well I mean if I think about what we had put in place prior and I had the benefit of being vice president of America's prior to the appointment um and had the pleasure of succeeding my dear friend and Mentor Matthew Pauley um a lot of that groundwork was put in place and we work collectively as a leadership team to knock down a lot of those blockers and I think it really as I came into the opportunity and we made new Investments going into the fiscal year it's really getting to Market as fast as possible it's a massive Target addressable market and identifying the right routes and how to how to harness that power of we to drive the most value to the marketplace yeah what is it what does that look like in terms of alliances alliances can take a lot of shape we've we've talked to uh service providers today as an example um our Global Systems integrators in that group also what what is what does the range look like yeah I mean alliances at crowdstrike and it's a great question because a lot of times people think alliances and they only think of Technology alliances and for us it spans really any and all routes to Market it could be your traditional solution providers which might be regionally focused it could be nationally focused larger solution providers or Lars as you noted service providers and telcos global system integrators mssps iot Partners OEM Partners um and store crouchstrike store Partners so you look across that broad spectrum and we cover it all so the mssps we heard a lot about that on the recent earnings call we've heard this is a consistent theme we've interviewed a couple here today what's driving that I mean is it the fact that csos are just you know drowning for talent um and why crowdstrike why is there such an affinity between mssps and crowdstrike yeah a great question we um and you noted that uh succinctly that csos today are faced with the number one challenge is lack of resources and cyber security the last that I heard was you know in the hundreds of thousands like 350 000 and that's an old stat so I would venture to Guess that the open positions in cyber security are north of a half a million uh as we sit here today and um service providers and mssps are focused on providing service to those customers that are understaffed and have that Personnel need and they are harnessing the crowdstrike platform to bring a cloud native best of breed solution to their customers to augment and enhance the services that they bring to those customers so partner survey what tell us about the I love surveys I love data you know this what was the Genesis of the survey who took it give us the breakdown yeah that's a great question no uh nothing is more important than the feedback that we get from our partners so every single year we do a partner survey it reaches all partner types in the uh in the ecosystem and we use the net promoter score model and so we look at ourselves in terms of how we how we uh rate against other SAS solution providers and then we look at how we did last year and in the next year and so I'm happy to say that we increased our net promoter score by 16 percent year over year but my philosophy is there's always room for improvement so the feedback from our partners on the positive side they love the Falcon platform they love the crowdstrike technology they love the people that they work with at crowdstrike and they like our enablement programs the areas that they like us to see more investment in is the partner program uh better and enhanced enablement making it easier to work with crowdstrike and more opportunities to offer services enhance services to their customers dramatic differences between the types of Partners and and if so you know why do you think those were I mean like you mentioned you know iot Partners that's kind of a new area you know so maybe maybe there was less awareness there were there any sort of differences that you noticed by type of partner I would say that you know the areas or the part the partners that identified areas for improvement were the partners that that uh either were new to crowdstrike or they're areas that we're just investing in uh as as we expand as a company and a demand from the market is you know pull this thing into these new routes to Market um not not one in particular I mean iot is something that we're looking to really blow up in the next uh 12 to 18 months um but no no Common Thread uh consistent feedback across the partner base speaking of iot he brought it up before it's is it in a you see it as an adjacency to i-team it seems like it and OT used to never talk to each other and now they're increasingly doing so but they're still it still seems like different worlds what have you found and learned in that iot partner space yeah I mean I think the key and we the way we look at the journey is it starts with um Discovery discovering the assets that are in the OT environment um it then uh transitions to uh detection and response and really prevention and once you can solve that and you build that trust through certifications in the industry um you know it really is a game changer anytime you have Global in your job title first word that comes to mind for me anyway is sovereignty issues is that something that you deal with in this space uh in terms of partners that you're working with uh focusing on Partners in certain regions so that they can comply with any governance or sovereignty yeah that's that's a great question Dave I mean we have a fantastic and deep bench on our compliance team and there are certain uh you know parameters and processes that have been put in place to make sure that we have a solid understanding in all markets in terms of sovereignty and and uh where we're able to play and how that were you North America before or Americas uh Americas America so you're familiar with the sovereignty issue yeah a little already Latin America is certainly uh exposed me plenty of plenty of that yes 100 so you mentioned uh uh Tam before I think it was total available Market you had a different word for the t uh total addressable Mark still addressable Market okay fine so I'm hearing Global that's a tam expansion opportunity iot is definitely you know the OT piece and then just working better um you know better Groove swing with the partners for higher velocity when you think about the total available total addressable market and and accelerating penetration and growing your Tam I've seen the the charts in your investor presentation and you know starts out small and then grows to you know I think it could be 100 billion I do a lot of Tam analysis but just my back a napkin had you guys approaching 100 billion anyway how do you think about the Tam and what role do Partners play in terms of uh increasing your team yeah that's a great question I mean if you think about it today uh George announced on the day after our 11th anniversary as a company uh 20 000 customers and and if you look at that addressable Market just in the SMB space it's north of 50 million companies that are running on Legacy on-prem Solutions and it really provides us an opportunity to provide those customers with uh Next Generation uh threat protection and and detection and and response partners are the route to get there there is no doubt that we cannot cover 50 50 million companies requires a span of of uh of of of a number of service providers and mssps to get to that market and that's where we're making our bets what what's an SMB that is a candidate for crowdstrike like employee size or how do you look at that like what's the sort of minimum range yeah the way we segment out the SMB space it's 250 seats or endpoints and below 250 endpoints yes right and so it's going to be fairly significant so math changes with xdr with the X and xdr being extended the greater number of endpoints means that a customer today when you talk about total addressable Market that market can expand even without expanding the number of net new customers is that a fair yeah Fair assessment yep yeah you got that way in that way but but map that to like company size can you roughly what's the what's the smallest s that would do business with crowdstrike yeah I mean we have uh companies as small as five employees that will leverage crowd strike yeah 100 and they've got hundreds of endpoints oh no I'm sorry five uh five endpoints is oh okay so it's kind of 250 endpoints as well like the app that's the sweets that's it's that's kind of the Top Line we look at and then we focus oh okay when we Define SMB it's below so five to 250 endpoints right yes and so roughly so you're talking to companies with less than 100 employees right yeah yeah so I mean this is what I was talking about before I say I look around the the ecosystem myself it kind of reminds me of service now in 2013 but servicenow never had a SMB play right and and you know very kind of proprietary closed platform not that you don't have a lot of propriety in your platform you do but you they were never going to get down Market there and their Tam is not as big in my view but I mean your team is when you start bringing an iot it's it's mind-boggling it's endless how large it could be yeah all right so what's your vision for the Elevate program partner program well I I look at uh a couple things that we've we've have in place today one is um one is we've we've established for the first time ever at crowdstrike the Alliance program management office apmo and that team is focused on building out our next Generation partner program and that's you know processes it's you know uh it's it's ring fencing but it's most important importantly identifying capabilities for partners to expand to reduce friction and uh grow their business together with crowdstrike we also look at uh what we call program Harmony and that's taking all of the partner types or the majority of the partner types and starting to look at it with the customer in the middle and so multiple partners can play a role on the journey to bringing a customer on board initially to supporting that customer going forward and they can all participate and be rewarded for their contribution to that opportunity so it's really a key area for us going forward Hub and spoke model with the center of the that model is the customer you're saying that's good okay so you're not like necessarily fighting each other for for a sort of ownership of that model but uh cool Michael Rogers thanks so much for coming on thecube it was great to have you my pleasure thank you for having me you're welcome all right keep it right there Dave Nicholson and Dave vellante we'll be right back to Falcon 22 from the Aria in Las Vegas you're watching thecube foreign [Music]

(air whooshing) (cymbal crashing) >> Hello everybody, I'm John Furrier, host of theCUBE. Join us for the season two, episode four of the ongoing series, The AWS Startup Showcase. For this episode, it's all about cybersecurity, hackers, super hackers, super cloud, all 10 companies presenting are the latest, hottest companies in cybersecurity startups. Of course, John Ramsey will be keynoting. He's the vice president of AWS, a security team. And of course, we've got great expert panels with the heroes, Liz Rice from Open Source, talking about kernaling in Linux kernal, security programming to best practices for CSOs. If you're a CSO or CXO, check it out.

>>Welcome back to Boston. Everybody watching the cubes coverage, OFS reinforce 22 from Boston, Atlanta chow lobster, the SOS a ruin in my summer, Andy and Smith is here is the CMO of laminar. Andy. Good to see you. Good >>To see you. Great to be >>Here. So laminar came outta stealth last year, 2021, sort of, as we were exiting the isolation economy. Yeah. Why was laminar started >>Really about there's there's two mega trends in the industry that, that created a problem that wasn't being addressed. Right? So the two mega trends was cloud transformation. Obviously that's been going on for a while, but what most people doesn't don't realize is it really accelerated with COVID right? Being all, everybody having to be remote, et cetera, various stats I've read like increased five times, right? So cloud transformation are now you are now problem, right? That's going on? And then the other next big mega trend is data democratization. So more data in the cloud than ever before. And this is, this is just going and going and going. And the result of those two things, more data in the cloud, how am I securing that data? You know, the, the, the breach culture we're in like every day, a new, a new data breach coming up, et cetera, just one Twitter, one yesterday, et cetera. The, those two things have caused a gap with data security teams and, and that's what he >>Heard at attract. Yeah. So, you know, to your point and we track this stuff pretty carefully quarterly, and you saw, it was really interesting trend. You actually saw AWS's growth rate accelerate during the pandemic. Absolutely. You know? Absolutely. So you're talking about, you know, a couple of hundred billion dollars for the big four clouds. If you, if you include Alibaba and it's still growing at 35, you know, 40% a year, which is astounding, so, okay. So more cloud, more data. Explain why that's a, a problem for practitioners. >>Yeah, exactly. The reality is in, in the security, what, what are we doing? What all the security it's about protecting your data in the end, right? Like, like we're here at this at, at reinforce all these security vendors here really it's about protecting your data, your sensitive data. And, but what, what had been happening is all the focus was on the infrastructure, the network, et cetera, et cetera, and not as much focus, particularly on the data and, and the move to the cloud gave the developers and the data scientists, way more power. They don't longer have to ask for permission. And so they can just do what they want. And it's actually wonderful for the business. The business is moving faster, you spin up applications sooner, you get new, new insights. So all those things are really great, but because the developer has so much power, they can just copy data over here, make a backup over here, new et cetera. And, and security has no idea about all these copies of the, of the data that are out there. And they're typically not as well protected as that main production source. And that's the gap that >>Exists. Okay. So there was this shift from sort of perimeter hardening the perimeter, hardening the infrastructure and, and now your premises, it's moving to the data we saw when, when there was during the pandemic, there was definitely a shift to end point security. There was a shift to cloud security rethinking the network, but it was still a lot of, you know, kind of cha chasing the whackamole and people have talked about this is a data problem for years. Yeah. But it was, it's taken a while for, for companies, for the technology industry to, to come at it. You guys are one of the first, if not the first. Yeah. Why do you think it took so long? Is this cuz it's really hard. >>Yeah. I mean, it, it's hard. You need to focus on it. The, the traditional security has been around the network and the box, right. And those are still necessary. It's important to, you know, your use identity to cover the edge, to, to make sure people can't get into the box, but you also have to have data. So what, what happens is there's really good solutions for enterprise data security, looking at database, you know, technology, et cetera. There are good solutions for cloud infrastructure security. So the CSP of the world and the CWPP are protecting containers, you know, protecting the infrastructure. But there really wasn't much for cloud everything you build and run in the cloud. So basically your custom application, your custom applications in the IAS and PAs environments, there really wasn't anything solving that. And that's really where laminar is focused. >>Okay. So you guys use this term shadow data. We talk about shadow. It what's shadow data. >>Yeah. So what we're finding at a hundred percent of our customer environments and our POVs and talking to CISOs out there is that they have these shadow data assets and shadow data elements that they have no clue that existed. So here's the example. Everybody knows the main RDS database that is in production. And this is where, you know, our, our data is taken from. But what people don't realize is there's a copy of that. You know, in a dev environment, somebody went to run a test and they was supposed to be there for two weeks. But then that developer left forgot, left it there. They left the company, oh, now it's been there for two years that there was an original SQL database left over from a lift and shift project. They got moved to RDS, but nobody deleted that thing there, you know, it's a database connected to an application, the application left, but that database, that abandoned database is still sitting. These are all real life customer examples of shadow data that we run into. And there's, and what the problem is that main production data store is secured pretty well. It's following all your policies, et cetera. But all these shadow data resources are typically less well protected unmonitored. And that is what the attackers are after. >>So you're, you know, the old, the, the Watergate follow the money, you're following the data, >>Following the data. >>How do you follow that data if there's so much of it, it, and it's, you know, sometimes, you know, not really well understood where it is. How do you know where >>It is? Yeah. It's the beauty of partnering with somebody like AWS, right? So with each of the cloud providers, we actually take a role in your cloud account and use the APIs from the cloud provider to see all the changes in all the instances are going on. Like it is, the problem is way more complicated in the cloud because I mean, AWS has over 200 services, dozens of ways to store data, right. It's wonderful for the developer, but it's very hard for the security practitioner. And so, because we have that visibility through the cloud provider's APIs, we can see all those changes that are happening. We can then say, ah, that's a data store. Let me go analyze, make a copy, have a snapshot of that and do the analyzing of that data right inside our customer's account without pulling the data out. And we have complete visibility to everything. And then we can give that data catalog over to the customer. >>All right. I gotta ask you a couple Colombo questions. So if you know, we talk about encryption, everything's encrypted everything. If, if the data is encrypted, why then would I need laminar? >>Because I mean, we'll make sure that the data's encrypted okay. Right. Often. So it's not supposed to be and not right. Two is, we're gonna tell you what type of data is inside there. Oh, is this, is this health information? Is it personal identify information? Is it credit cards? You know, et cetera, C so we'll classify the data for you. We will also, then there's things like retention, period. How long should we, I hold onto that data, all the things about what are, who has access, what's the exposure level for that data. And so when you, when you think about data security posture, what's the posture of that data you're looking at at those data policies. It's something that has been very well defined and written down. But in the past, there was just no way to go verify that those, that, that, that policy is actually being followed. And so we're doing that verification automatically. >>So without the context, you can't answer those other questions. So you make sure it's encrypted. If it's not, or you can at least notify me that it's not, you don't do the encryption. Right. Or do you, >>We don't do it ourselves, but we can give you here. Here's the command in and the Amazon to go encrypt it >>Right. Then I can automate that. And then the classification is key because now you're telling me the context. So I can say, okay, apply this policy to that data, retain it for this long, get rid of it after X number of years, or if it's work, process, get rid of it now. Yeah. And then who should have access to that data. And so you can help at least inform how to enforce those policies. >>Exactly. And so we, we, we call it guided remediation because what we're, you know, talking to a CISO, they're like, I need 400 more alerts, like a hole in the head like that. Doesn't do me any good. If you can't tell me how to resolve the, the, the, this security gap that I have or this, then it doesn't do any good. And, and the first, first it starts with who do I need to go talk to? Right. So they have hundreds, if not thousands of developers. Oh, great. You found this issue. I, I, I don't know who to go. Like, I can't just delete it myself, but I need to go talk to somebody really, should this be deleted? We need, do we really, really need to hold onto this? So we, we help guide who the data owner is. So we give you who to talk to. You, give you all the context. Here's the data, here's the data asset that it's in. Here's our suggestion. Here's the problem. Here's our suggestion for >>Solution. And you started the company on AWS >>Started on AWS. Absolutely. >>So what's of course it's best cloud and why not start there? So what's the relationship like, I mean, how'd you get started? You said, okay, Hey, we're we got an idea for a company. We're gonna build it on AWS. We're gonna become a customer. We're gonna, you know, >>We actually, so insight partners is our main investor. Yeah. And they were very helpful in giving us access to literally hundreds of CSOs, who we had conversations with before we actually launched the company. And so we did some shifting and to, to figure out our exact use case. But by the time we came to market, it was in February this year, we actually GAed the product that, where like product market fit nailed because we'd had so many conversations that we knew the problem in the market that we needed to solve. And we knew where we needed to solve it first. And, and the, the, the relationship we AWS is great. We just got on the marketplace, just became a, a partner. So really good. Good >>Start. So I gotta ask you, so I always ask this question. So how do you actually know when you have product market fit? >>You it's about those conversations. Right. You know, so like, I I've been to lots of startups and sometimes you're you're, you, you each have a conversation and then they, they saying, oh, well kind of want this. And we kind of like that. And so it, the more conversations you have, the more, you know, you're solving a real problem. Right. And, and, and, and, and you re react to what that, what that prospect is telling you back and, or that advisor or that whoever we're talking to. And, and every single one of the CISO conversations we had was I don't have a good inventory of my data in the cloud. >>The reason I asked that, cause I always ask the startups, like, when do you scale? Cause I think startups sometimes scale too fast. They try to scale too fast, they'll hire 50 sales people. And then they, you know, churn, you know, they, they got a 50% churn, but they're trying to optimize their go to market when they got 50% of their customers are gonna leave. So it's, it's gotta be the sequential thing. So, so you got product market fit. So are, are you in the scaling phase >>Now? We are. Yeah. Yeah, yeah. So now it's about how quickly can we deliver? We, we we're ramping customer base significantly. And, and you know, we've got a whole go to market team in, you know, sales and marketing in the us and, and often off to the races >>And you just run on AWS or you run another clouds. >>It's multi-cloud so AWS, Azure, GCP, et cetera. >>Okay. So then my least my next question is it sort of, you can do this within each of the individual clouds today. Do you see a day and maybe it's here today is where you can create a single experience across those clouds >>Today. It's a single experience across cloud. So our SaaS, we have our SaaS portion runs in AWS, but the actual data analysis runs in each cloud provider. So AWS, Azure, GCP and snowflake too, actually. >>Ah, okay. So I come through your whatever portal, like if I can use that term. Yep. And that's running on AWS. Yes. You're SAS, as you say, and then you go out to these other environments, GCP, Azure, AWS itself, and snowflake. Yep. And I see laminar, is that right? Or >>There's a piece running inside our customer's environment. Okay. So, so we have a customer, they, the, we have, we get a role inside of their cloud account or read only role inside of their cloud account. And we spin up serverless functions in that cloud account. That's where all the analysis happens. And that's why we don't take any data out of the environment. So it all stays there. And, and therefore we don't, we don't actually see the data outside of the environment. Like, I, I can tell you there's a metadata comes out. I can tell you, there are credit cards inside that data store, but I can't tell you exactly which credit card it is cuz I don't know. So all the important actions happens are there and just the metadata metadata comes out. So we can give you a cross cloud dashboard of all your sensitive data. >>And of course, so take the example of snowflake. They're going across clouds, they're building what we call super cloud sort of, of a layer that floats on top. You're just sort of going wherever that data goes. >>Yeah, exactly. So, so each of there's a component that lives in the customer's environment in the, in those multi-cloud environments and then a single view of the world dashboard that is our SaaS component that runs an AWS. So >>You guys are, is, am I correct? You're series a funded >>Series, a funded yeah, exactly. >>And, and already scaling to go to market. Yeah. Which is, which is early to scale. Right. I mean you've got startup experience. Right? >>Absolutely. >>How does it compare? >>Well, what was amazing here was access. I mean, really it was through the relationship with insight. It was access to the CISOs that I had never had at any of the other startups I was with. You're trying to get meetings, you're meeting with a lot of practitioners, you know, et cetera. But getting all those conversations with buyers was, was super valuable for us to say, ah, I know I'm solving a real problem that has value that they will pay for. Right. And, and, and so that, that was a year and a half probably still of all that work going on. We just, just waited to GA until we understood the market >>Better. Yeah. Insight. They're amazing. The way to talk about scaling. I mean, they've just the last 10 years that comp that, that PE firm has just gone wild in terms of just their, their philosophy, their approach, their cadence, their consistency. And now of course their portfolio. >>Yeah. And, and they started doing a little bit earlier and earlier stage. I mean, I, I always think of them as PE too, but you know, they, they did our seed round. Right. They did our a round and, and they're doing earlier stages, but particularly what they saw in Laar was exactly what we started this conversation with. They saw cloud transformation speeding up, they saw data democratization happening. They're like, we need to invest in this now because this is a now a problem to solve. >>Yeah. It's interesting. Cuz when you go back even pre 2010, you talk to, you know, look at insight, they would wait. They would invest in companies unless there was, you know, on the way to five plus million dollar ARR, they weren't doing seed deals. Totally. Like they saw, wow, these actually can be pretty lucrative and we can play and we have a point of view and yeah. So cool. Well, congratulations. I'll give you the final word. What, what should we be watching for from, from Laar as sort of, you know, milestones that you guys want to hit and, and indicators of success. >>Yeah. Now it's all about growth partnerships, you know, integrations with, with other of the players out here. Right. And so, you know, like scaling our AWS partnership is one of the key aspects for us. And so, you know, just look for, look for the name out there and, and you'll start, you'll start to see it a lot more. And, and if, if you have the need, you know, come look us up. Laar security.com. >>Awesome. Well thanks very much for coming to Cuban. Good luck. Appreciate it. All right. >>Wonderful. Thanks. You're >>Welcome. All right. Keep it right there, everybody. This is Dave ante. We'll be back right after this short break from AWS reinvent 2022 in Boston. You're watching the cue.

hi everybody welcome back to boston you're watching thecube's coverage of reinforce 2022 last time we were here live was 2019. had a couple years of virtual merit bear is here she's with the office of the cso for aws merit welcome back to the cube good to see you thank you for coming on thank you so much it's good to be back um yes cso chief information security officer for folks who are acronym phobia phobic yeah okay so what do you do for the office of the is it ciso or sizzo anyway ah whatever is it sim or theme um i i work in three areas so i sit in aws security and i help us do security we're a shop that runs on aws i empathize with folks who are running shops it is process driven it takes hard work but we believe in certain mechanisms and muscle groups so you know i work on getting those better everything from how we do threat intelligence to how we guard rail employees and think about vending accounts and those kinds of things i also work in customer-facing interactions so when a cso wants to meet awssc so that's often me and then the third is product side so ensuring that everything we deliver not just security services are aligned with security best practices and expectations for our customers so i have to ask you right off the bat so we do a lot of spending surveys we have a partner etr i look at the data all the time and for some reason aws never shows up in the spending metrics why do you think that is maybe that talks to your strategy let's double click on that yeah so first of all um turn on guard duty get shield advanced for the you know accounts you need the 3k is relatively small and a large enterprise event like this doesn't mean don't spend on security there is a lot of goodness that we have to offer in ess external security services but i think one of the unique parts of aws is that we don't believe that security is something you should buy it's something that you get from us it's something that we do for you a lot of the time i mean this is the definition of the shared responsibility model right everything that you interact with on aws has been subject to the same rigorous standards and we aws security have umbrella arms around those but we also ensure that service teams own the security of their service so a lot of times when i'm talking to csos and i say security teams or sorry service teams own the security of their service they're curious like how do they not get frustrated and the answer is we put in a lot of mechanisms to allow those to go through so there's automation there are robots that resolve those trouble tickets you know like and we have emissaries we call them guardian champions that are embedded in service teams at any rate the point is i think it's really beautiful the way that customers who are you know enabling services in general benefit from the inheritances that they get and in some definition this is like the value proposition of cloud when we take care of those lower layers of the stack we're doing everything from the concrete floors guards and gates hvac you know in the case of something like aws bracket which is our quantum computing like we're talking about you know near vacuum uh environments like these are sometimes really intricate and beautiful ways that we take care of stuff that was otherwise manual and ugly and then we get up and we get really intricate there too so i gave a talk this morning about ddos protection um and all the stuff that we're doing where we can see because of our vantage point the volume and that leads us to be a leader in volumetric attack signatures for example manage rule sets like that costs you nothing turn on your dns firewall like there are ways that you just as a as an aws customer you inherit our rigorous standards and you also are able to benefit from the rigor with which we you know exact ourselves to really you're not trying to make it a huge business at least as part of your your portfolio it's just it's embedded it's there take advantage of it i want everyone to be secure and i will go to bad to say like i want you to do it and if money is a blocker let's talk about that because honestly we just want to do the right thing by customers and i want customers to use more of our services i genuinely believe that they are enablers we have pharma companies um that have helped enable you know personalized medicine and some of the copic vaccines we have you know like there are ways that this has mattered to people in really intimate ways um and then fun ways like formula one uh you know like there are things that allow us to do more and our customers to do more and security should be a way of life it's a way of breathing you don't wake up and decide that you're going to bolt it on one day okay so we heard cj moses keynote this morning i presume you were listening in uh we heard a lot about you know cool tools you know threat detection and devops and container security but he did explicitly talked about how aws is simplifying the life of the cso so what are you doing in that regard and what's that that's let's just leave it there for now i talk to c sales every day and i think um most of them have two main concerns one is how to get their organization to grow up like to understand what security looks like in a cloudy way um and that means that you know your login monitoring is going to be the forensics it's not going to be getting into the host that's on our side right and that's a luxury like i think there are elements of the cso job that have changed but that even if you know cj didn't explicitly call them out these are beauties things like um least privilege that you can accomplish using access analyzer and all these ways that inspector for example does network reachability and then all of these get piped to security hub and there's just ways that make it more accessible than ever to be a cso and to enable and embolden your people the second side is how csos are thinking about changing their organization so what are you reporting to the board um how are you thinking about hiring and um in the metrics side i would say you know being and i get a a lot of questions that are like how do we exhibit a culture of security and my answer is you do it you just start doing it like you make it so that your vps have to answer trouble tickets you may and and i don't mean literally like every trouble ticket but i mean they are 100 executives will say that they care about security but so what like you know set up your organization to be responsive to security and to um have to answer to them because it matters and and notice that because a non-decision is a decision and the other side is workforce right and i think um i see a lot of promise some of it unfulfilled in folks being hired to look different than traditional security folks and act different and maybe a first grade teacher or an architect or an artist and who don't consider themselves like particularly technical like the gorgeousness of cloud is that you can one teach yourself this i mean i didn't go to school for computer science like this is the kind of thing we all have to teach ourselves but also you can abstract on top of stuff so you're not writing code every day necessarily although if you are that's awesome and we love debbie folks but you know there's there's a lot of ways in which the machine of the security organization is suggesting i think cj was part to answer your question pointedly i think cj was trying to be really responsive to like all the stuff we're giving you all the goodness all the sprinkles on your cupcake not at all the organizational stuff that is kind of like you know the good stuff that we know we need to get into so i think so you're saying it's it's inherent it's inherently helping the cso uh her life his life become less complex and i feel like the cloud you said the customers are trying to become make their security more cloudy so i feel like the cloud has become the first line of defense now the cso your customer see so is the second line of defense maybe the audit is the third line what does that mean for the role of the the cso how is that they become a compliance officer what does that mean no no i think actually increasingly they are married or marriable so um when you're doing so for example if you are embracing [Music] ephemeral and immutable infrastructure then we're talking about using something like cloud formation or terraform to vend environments and you know being able to um use control tower and aws organizations to dictate um truisms through your environment you know like there are ways that you are basically in golden armies and you can come back to a known good state you can embrace that kind of cloudiness that allows you to get good to refine it to kill it and spin up a new infrastructure and that means though that like your i.t and your security will be woven in in a really um lovely way but in a way that contradicts certain like existing structures and i think one of the beauties is that your compliance can then wake up with it right your audit manager and your you know security hub and other folks that do compliance as code so you know inspector for example has a tooling that can without sending a single packet over the network do network reachability so they can tell whether you have an internet facing endpoint well that's a pci standard you know but that's also a security truism you shouldn't have internet facing endpoints you don't approve up you know like so these are i think these can go in hand in hand there are certainly i i don't know that i totally disregard like a defense in-depth notion but i don't think that it's linear in that way i think it's like circular that we hope that these mechanisms work together that we also know that they should speak to each other and and be augmented and aware of one another so an example of this would be that we don't just do perimeter detection we do identity-based fine-grained controls and that those are listening to and reasoned about using tooling that we can do using security yeah we heard a lot about reasoning as well in the keynote but i want to ask about zero trust like aws i think resisted using that term you know the industry was a buzzword before the pandemic it's probably more buzzy now although in a way it's a mandate um depending on how you look at it so i mean you anything that's not explicitly allowed is denied in your world and you have tools and i mean that's a definition if it's a die that overrides if it's another it's a deny call that will override and allow yeah that's true although anyway finish your question yeah yeah so so my it's like if there's if there's doubt there's no doubt it seems in your world but but but you have a lot of capabilities seems to me that this is how you you apply aws internal security and bring that to your customers do customers talk to you about zero trust are they trying to implement zero trust what's the best way for them to do that when they don't have that they have a lack of talent they don't have the skill sets uh that it and the knowledge that aws has what are you hearing from customers in that regard yeah that's a really um nuanced phrasing which i appreciate because i think so i think you're right zero trust is a term that like means everything and nothing i mean like this this notebook is zero trust like no internet comes in or out of it like congratulations you also can't do business on it right um i do a lot of business online you know what i mean like you can't uh transact something to other folks and if i lose it i'm screwed yeah exactly i usually have a water bottle or something that's even more inanimate than your notebook um but i guess my point is we i don't think that the term zero trust is a truism i think it's a conceptual framework right and the idea is that we want to make it so that someone's position in the network is agnostic to their permissioning so whereas in the olden days like a decade ago um we might have assumed that when you're in the perimeter you just accept everything um that's no longer the right way to think about it and frankly like covid and work from home may have accelerated this but this was ripe to be accelerated anyway um what we are thinking about is both like you said under the network so like the network layer are we talking about machine to machine are we talking about like um you know every api call goes over the open internet with no inherent assurances human to app or it's protected by sig v4 you know like there is an inherent zero trust case that we have always built this goes back to a jeff bezos mandate from 2002 that everything be an api call that is again this kind of like building security into it when we say security is job zero it not only reflects the fact that like when you build a terraform or a cloud formation template you better have permission things appropriately or try to but also that like there is no cloud without security considerations you don't get to just bolt something on after the fact so that being said now that we embrace that and we can reason about it and we can use tools like access analyzer you know we're also talking about zero trust in that like i said augmentation identity centric fine grained controls so an example of this would be a vpc endpoint policy where it is a perm the perimeter is dead long live the perimeter right you'll have your traditional perimeter your vpc or your vpn um augmented by and aware of the fine-grained identity-centric ones which you can also reason about prune down continuously monitor and so on and that'll also help you with your logging and monitoring because you know what your ingress and egress points are how concerned should people be with quantum messing up all the encryption algos oh it's stopping created right okay so but we heard about this in the keynote right so is it just a quantum so far off by the time we get there is it like a y2k you're probably not old enough to remember y2k but y2k moment right i mean i can't take you anywhere what should we um how should we be thinking about quantum in the context of security and sure yeah i mean i think we should be thinking about quantum and a lot of dimensions as operationally interesting and how we can leverage i think we should be thinking about it in the security future for right now aes256 is something that is not broken so we shouldn't try to fix it yeah cool encrypt all the things you can do it natively you know like i love talking about quantum but it's more of an aspirational and also like we can be doing high power compute to solve problems you know but like for it to get to a security uh potentially uh vulnerable state or like something that we should worry about is a bit off yeah and show me an application that can yeah and i mean and i think at that point we're talking about homomorphic improvements about another thing i kind of feel the same way is that you know there's a lot of hype around it a lot of ibm talks about a lot you guys talked about in your keynote today and when i really talk to people who understand this stuff it seems like it's a long long way off i don't think it's a long long way off but everything is dog years in tech world but um but for today you know like for today encrypt yourself we will always keep our encryption up to standard and you know that will be for now like the the industry grade standard that folks i mean like i i have i have never heard of a case where someone had their kms keys broken into i um i always ask like awesome security people this question did you like how did you get into this did you have like did you have a favorite superhero as a kid that was going to save the world i um was always the kid who probably would have picked up a book about the cia and i like find this and i don't remember who i was before i was a security person um but i also think that as a woman um from an american indian family walking through the world i think about the relationship between dynamics with the government and companies and individuals and how we want to construct those and the need for voices that are observant of the ways that those interplay and i always saw this as a field where we can do a lot of good yeah amazing merritt thanks so much for coming on thecube great guest john said you would be really appreciate your time of course all right keep it ready you're very welcome keep it right there this is dave vellante for the cube we'll be right back at aws reinforced 2022 from boston keep right there [Music]

>> From theCUBE Studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE in ETR. This is "Breaking Analysis" with Dave Vellante. >> Cisco is a company at the crossroads. It's transitioning from a high margin hardware business to a software subscription-based model, which also should be high margin through both organic moves and targeted acquisitions. It's doing so in the context of massive macro shifts to digital in the cloud. We believe Cisco's dominant position in networking combined with a large market opportunity and a strong track record of earning customer trust, put the company in a good position to capitalize on cloud momentum. However, there are clear challenges ahead for Cisco, not the least of which is the growing complexity of its portfolio, a large legacy business, and the mandate to maintain its higher profitability profile as it transitions into a new business model. Hello and welcome to this week's Wiki-bond cube insights powered by ETR. In this breaking analysis, we welcome in Zeus Kerravala, who's the founder and principal analyst at ZK Research, long time Cisco watcher who together with me crafted the premise of today's session. Zeus, great to see you welcome to the program. >> Thanks Dave. It's always a pleasure to be with you guys. >> Okay, here's what we're going to talk about today, set the agenda. The catalyst for this session, Zeus and I attended Cisco's financial analyst day. We received a day and a half of firehose presentations, drill downs, interactions, Q and A with Cisco execs and one key customer. So we're going to share our takeaways from these sessions and add our additional thoughts. Now, in particular, we're going to talk about Cisco's TAM, its transformation to a subscription-based model, and how we see that evolving. As always, we're going to bring in some ETR spending data for context and get Zeus' take on what that tells us. And we'll end with a summary of Cisco's cloud strategy and outlook for how it could win in the cloud. So let's talk about Cisco's sort of structure and TAM opportunities. First, Zeus, Cisco has four main lines of business where it's organized it's executives around sort of four product areas. And it's got a large service component as well. Network equipment, SP routing, data center, collaboration that security, and as I say services, that's not necessarily how it's going to market, but that's kind of the way it organizes its ELT, its executive leadership team. >> Yeah, the in fact, the ELT has been organized around those products, as you said. It used to report to the street three product segments, infrastructure platforms, which was by far the biggest, it was all their networking equipment, then applications, and then security. Now it's moved to five new segments, secure agile networks, hybrid work, end to end security, internet for the future and optimized app experiences. And I think what Cisco's trying to do is align their, the way they report along the lines of the way customers buy. 'Cause I think before, you know, they had a very simplistic model before. It was just infrastructure, apps, and security. The ELT is organized around product roadmap and the product innovation, but that's not necessarily the way customers purchase things and so, purchase things so I think they've tried to change things a little bit there. When you look at those segments though, you know, by, it's interesting. They're all big, right? So, by far the biggest distilled networking, which is almost a hundred billion dollar TAM as they reported and they have it growing a about a 9% CAGR as reported by other analyst firms. And when you think about how mature networking is Dave, the fact that that's still growing at high single digit CAGR is still pretty remarkable. So I think that's one of those things that, you know, watchers of Cisco historically have been calling for the network to be commoditized for decades. For as long as I've been watching Cisco, we've been, people have been waiting for the network to be commoditized. My thesis has always been, if you can drive enough innovation into things, you can stave off commoditization and that's what they've done. But that's really the anchor for them to sell all their other products, some of which are higher margin, some which are a little bit sore, but they're all good high margin businesses to your point. >> Awesome. We're going to dig into that. So, so they flattened the organization when Geckler left. You've got Todd Nightingale, Jonathan Davidson, Liz Centoni, and Jeetu Patel who we heard from and we'll make some comments on what we heard from them. One of the big takeaways at the financial analysts meeting was on the TAM, as you just mentioned. Liz Centoni who also is heavily involved in strategy and the CFO Scott Herren, showed this slide, which speaks to the company's TAM and the organizational structure that you were just talking about. So the big message was that Cisco has got a large and growing market, you know, no shortage of available market. Somewhere between eight and 900 billion, depending on which of the slides you pull out of the deck. And ironically Zeus, when you look at the current markets number here on the right hand side of this slide, 260 billion, it just about matches the company's market cap. Maybe an interesting coincidence, but at any rate, what was your takeaway from this data? >> Well, I think, you know, the big takeaway from the data is there's still a lot of room ahead for Cisco to grow, right? Again, this is a, it's a company that I think most people would put in the camp of legacy IT vendor, just because of how long they've been around. But they have done a very good job of staving off innovation. And part of that is just these markets that they play in continue to grow and they continue to have challenges that they can solve. I think one of the things Cisco has done though, since the arrival of Chuck Robbins, is they don't fight these trends anymore, Dave. I know prior to Chuck's arrival, they really fought the tide of software defined networking and you know, trends like that, and even cloud to some extent. And I remember one of the first meetings I had with Chuck, I asked him about that and he said that Cisco will never do that again. That under his watch, if customers are going through a market transition, Cisco wants to lead them through it, not try and hold them back. And I think for that reason, they're able to look at, all of those trends and try and take a leadership position in them, even though you might look at some of those and feel that some of them might be detrimental to Cisco's business in the short term. So something like software defined WANs, which you would throw into secure agile networks, certainly doesn't, may not carry the same kind of RPOs and margins with it that their traditional routers did, but ultimately customers are going to buy it and Cisco would like to be the ones to sell it to them. >> You know, you bring up a great point. This industry is littered, there's a graveyard of executives who fought the trend. Many people, some people remember Ken Olson of Digital Equipment Corporation. "Unix is snake oil," is what he said. IBM mainframe guys said, "PCs are a toy." And of course the history, they were the wrong side of history. The other big takeaway was the shift to software in subscription. They really made a big point of this. Here's a chart Cisco showed a couple of times to make the point that it's one of the largest software companies in the world. You know, in the top 10. They also made the point that Chuck Robbins, when he joined in 2015, and since that time, it's nearly 4x'ed it's subscription software revenue, and roughly doubled its software sales. And it now has an RPO, remaining performance obligations, that exceeds 30 billion. And it's committing to grow its subscription business in the forward-looking statements by 15 to 17% CAGR through 25, which would imply about a doubling of these, the blue lines. Zeus, it's unclear if that forward-looking forecast is just software. I presume it includes some services, but as Herren pointed out, over time, these services will be bundled into the product revenue, same way SAS companies do it. But the point is Cisco is committed, like many of their peers, to moving to an ARR model. But please, share your thoughts on Cisco's move to software subscriptions and how you see the future of consumption-based pricing. >> Yeah, this has been a big shift for Cisco, obviously. It's one that's highly disruptive. It's one that I know gave their partners a lot of angst for a long time because when you sell things upfront, you get a big check for selling that, right? And when you sell things in a subscription model, you get a much smaller check for a number of months over the period of the contract. It also changes the way you deal with the customer. When you sell a one-time product, you basically wipe your hands. You come back in three or four years and say, "it's time to upgrade." When you sell a subscription, now, the one thing that I've tried to talk to Cisco and its partners about is customers don't renew things they don't use. And so it becomes incumbent on the partner, it becomes incumbent upon Cisco to make sure that things that the customer is subscribing to, that they do use. And so Cisco's had to create a customer success organization. They've had to help their partners create those customer success organizations. So it's really changed the model. And Cisco not only made the shift, they've done it faster than they actually had originally forecast. So during the financial analyst day, they actually touted their execution on software, noting that it hit it's 30% revenue as percent of total target well before it was supposed to, it's actually exceeded its targets. And now it's looking to increase that to, it actually raised its guidance in this area a little bit by a few percentage points, looking out over the next few years. And so it's moved to the subscription model, Dave, the thing that you brought up, which I do see as somewhat of a challenge is the shift to consumption-based pricing. So subscription is one thing in that I write you a check every month for the same amount. When I go to the consumption-based pricing, that's easy to do for cloud services, things like WebEx or Duo or, you know, CloudLock, some of the security products. That that shift should be relatively simple. If customers want to buy it that way. It's unclear as to how you do that when you're selling on-prem equipment with the software add-on to it because in that case, you have to put metering technology in to understand how much they're using. You have to have a minimum baseline to start with. They've done it in some respects. The old HCS product that they sold, the Telcos, actually was sold with a minimum commit and then they tacked on a utilization on top of that. So maybe they move into that kind of model. But I know it's something that they've, they get asked about a lot. I know they're still thinking about it, but it's something that I believe is coming and it's going to come pretty fast. >> I want to pick up on that because I think, you know, they made the point that we're one of the top 10 software companies in the world. It's very difficult for hardware companies to make the transition to software. You know, HP couldn't do it. >> Well, no one's done it. >> Well, IBM has kind of done it, but they really struggle. It's kind of this mishmash of tooling and software products that aren't really well-integrated. But, I would say this, everybody now, Cisco, Dell, HPE with GreenLake, Lenovo, pretty much all the traditional hardware players are trying to move to an as a service model or at least for a portion of their business. HPE's all in, Dell transitioning. And for the most part, I would make the following observation. And I'd love to get your thoughts on this. They're pretty much following a SAS like model, which in my view is outdated and kind of flawed from a customer standpoint. All these guys say, "Hey, we're doing this because "this is what the customers want." I think the cloud is really a true consumption based model. And if you look at modern SAS companies, a lot of the startups, they're moving to a consumption based model. You see that with Snowflake, you see that with Stripe. Now they will offer incentives. But most of the traditional enterprise players, they're saying, "Okay, pay us upfront, "commit to some base level. "If you go over it, you know, "we'll charge you for it. "If you go under it, you're still going to pay "for that base level." So it's not true consumption base. It's not really necessarily the customer's best interest. So that's, I think there's some learnings there that are going to have to play out. >> Yeah, the reason customers are shying away from that SAS type model, I think during the pandemic, the one thing we learned, Dave, is that the business will ebb and flow greatly from month to month sometimes. And I was talking with somebody that worked for one of the big hotel chains, and she was telling me that what their CRM providers, she wouldn't tell me who it was, except said it rhymed with Shmalesforce, that their utilization of it went from, you know, from a nice steady level to spiking really high when customers started calling in to cancel hotel rooms. And then it dropped down to almost nothing as we went through that period of stay at home. And now it's risen back up. And so for her, she wanted to move to a consumption-based model because what happens otherwise is you wind up buying for peak utilization, your software subscriptions go largely underutilized the majority of the year, and you wind up paying, you know, a lot more than you need to. If you go to more of a true consumption model, it's harder to model out from a financial perspective 'cause there's a lot of ebbs and flows in the business, but over a longer period of time, it's more cost-effective, right? And so the, again, what the pandemic taught us was we don't really know what we're going to need from a consumption standpoint, you know, nevermind a year from now, maybe even six months from now. And consumption just creates a lot more flexibility and agility. You can scale up, you can scale down. You can bring in users, you can take out users, you can add consultants, things like that. And it just, it's much more aligned with the way businesses are run today. >> Yeah, churn is a silent killer of a software company. And so there's retention is the key here. So again, I think there's lots of learning. Let's put Cisco into context with some of its peers. So this chart we developed compares five companies to Cisco. Core Dell, meaning Dell, without VMware. VMware, HPE, IBM, we've put an AWS, and then Cisco as, IBM, AWS and Cisco is the integrated plays. So the chart shows the latest quarterly revenue multiplied by four to get a run rate, a three-year growth outlook, gross margin percentage, market cap, and revenue multiple. And the key points here are that one, Cisco has got a pretty awesome business model. It's got 60% gross margin, strong operating margins, not shown here, but in the mid twenties, 25%. It's got a higher growth rate than most of its peers. And as such, a much better, multiple than say, for instance, Core Dell gets 33 cents on the revenue dollar. HPE is double that. IBM's below two X. Cisco's revenue multiple rivals VMware, which is a pure software company. Now in a large part that's because VMware stock took a hit recently, but still the point is obvious. Cisco's got a great business. Now for context, we've added AWS, which blows away any company on this chart. We've inferred a market cap of nearly 600 billion, which frankly is conservative at a 10 X revenue multiple given it's inferred margins and growth rate. Now Zeus, if AWS were a separate company, it could have a market cap that approached 800 billion in my view. But what does this data tell you? >> Well, it just tells me that Cisco continues to be a very well-run company that has staved off commoditization, despite the calling for it for years. And I think the big lesson, and I've talked to financial analysts about this over the years, is that if, I don't really believe anything in this world is a commodity, Dave. I think even when Cisco went to the server market, if you remember back then, they created a new way of handling memory management. They were getting well above average margins for service, albeit less than Cisco's network margins, but still above average for server margins. And so I think if you can continue to innovate, you will see the margin stay where they are. You will see customers continue to buy and refresh. And I think one of the challenges Cisco's had in the past, and this is where the subscription business will help, is getting customers to stay with the latest and greatest. Prior to this refresh of network equipment, some of the stuff that I've seen in the fields, 10, 15 years old, once you move to that sell me a box and then tack on the subscription revenue that you pay month by month, you do drive more consistent refresh. Think about the way you just handle your own mobile phone. If you had to go pay, you know, a thousand dollars every three years, you might not do it at that three-year cycle. If you pay 40 bucks a month, every time there's a new phone, you're going to take it, right? So I think Cisco is able to drive greater, better refresh, keep their customers current, keep the features in there. And we've seen that with a lot of the new products. The new Cat 9,000, some of the new service provider products, the new wifi products, they've all done very well. In fact, they've all outpaced their previous generation products as far as growth rate goes. And so I think that is a testament to the way they've run the business. But I do think when people bucket Cisco in with HP and Dell, and I understand why they do, their businesses were similar at one time, it's really not a true comparison anymore. I think Cisco has completely changed their business and they're not trying to commoditize markets, they're trying to drive innovation and keep the margins up, where I think HP and Dell tend to really compete on price versus innovation. >> Well, and we are going to get to this point about the tailwinds and headwinds and cloud, and how Cisco to do it. But, to your point about, you know, the cell phone analogy. To the extent that Cisco can make that seamless for customers could hide that underlying complexity, that's going to be critical for the cloud. Now, but before we get there, I want to talk about one of the reasons why Cisco such a high multiple, and has been able to preserve its margins, to your point, not being commoditized. And it's been able to grow both organically, but also has a strong history of M and A. It's this chart shows a dominant position in core networking. So this shows, so ETR data within the Fortune 500. It plots companies in the ETR taxonomy in two dimensions, net score on the vertical axis, which is a measure of spending velocity, and market share on the horizontal axis, which is a measure of presence in the survey. It's not like IDC market share, it's mentioned market share if you will. The point is Cisco is far and away the most pervasive player in the market, it's generally held its dominant position. Although, it's been under pressure in the last few years in core networking, but it retains or maintains a very respectable net score and consistently performs well for such a large company. Zeus, anything you'd add with respect to Cisco's core networking business? >> Yeah, it's maintained a dominant network position historically. I think part of because it drives good products, but also because the competitive landscape, historically has been pretty weak, right? We saw companies like 3Com and Nortel who aren't around anymore. It'll be interesting to see moving forward now that companies like VMware are involved in networking. AWS is interested in networking. Arista is a much stronger company. You know, Juniper bought Mist and is in better position. Even Extreme Networks who most people thought was dead a few years ago has made a number of acquisitions and is now a billion dollar company. So while Cisco has done a great job of execution, they've done a great job on the innovation side, their competitive landscape, looking out over the next five years, I think is going to be more difficult than it has been over the previous five years. And largely, Dave, I think that's good for Cisco. I think whenever Cisco's pressed a little bit from competition, they tend to step on the innovation gas a little bit more. And I look back and even just the transition when VMware bought Nicira, that got Cisco's SDN business into gear, like nothing else could have, right? So competition for that company, they always seem to respond well to it. >> So, let's break down Cisco's net score a little bit. Explain why the company has been able to hold its spending momentum despite its large size. This will give you a little insight to the survey. So this chart shows the granular components of net score. The lime green is new adoptions to Cisco. The forest green is spending more than 6%. The gray is flat plus or minus 5%. The pink is spending drops by more than 5%. And the red is we're chucking the platform, we're getting off. And Cisco's overall net score here is 25%, which for a company of its size speaks to the relationships that it has with customers. It's of course got a fat middle in the gray area, like all sort of large established companies. But very low defections as well, it's got low new adoptions. But very respectable. So that is background, Zeus. Let's look at spending momentum over time across Cisco's portfolio. So this chart shows Cisco's net score by that methodology within the ETR taxonomy for Cisco over three survey periods. And what jumps out is Meraki on the left, very strong. Virtualization business, its core networking, analytics and security, all showing upward momentum. AppD is a little bit concerning, but that could be related to Cisco's sort of pivot to full stack observability. So maybe AppD is being bundled there. Although some practitioners have cited to us some concerns in that space. And then WebEx at the end of the chart, it's showing some relative strength, but not that high. Zeus, maybe you could comment on Meraki and any other takeaways across the portfolio. >> Yeah, Meraki has proven to be an excellent acquisition for Cisco. In fact, you might, I think it's arguable to say it's its best acquisition in history going all the way back to camp Kalpana and Grand Junction, the ones that brought up catalyst switches. So, in fact, I think Meraki's revenue might be larger than security now. So, that shows you the momentum it has. I think one of the lessons it brought to Cisco was that simpler is better, sometimes. I think when they first bought Meraki, the way Meraki's deployed, it's very easy to set up. There's a lot of engineering work though that goes into making a product simple to use. And I think a lot of Cisco engineers historically looked at Meraki as, that's a little bit of a toy. It's meant for small businesses, things like that, but it's not for enterprise. But, Rocky's done a nice job of expanding the portfolio, of leveraging the cloud for analytics and showing you a lot of things that you wouldn't necessarily get from traditional networking equipment. And one of the things that I was really delighted to see was when they put Todd Nightingale in charge of all the networking business, because that showed to me that Chuck Robbins understood that the things Meraki were doing were right and they infuse a little bit of Meraki into the rest of the company. You know, that's certainly a good thing. The other areas that you showed on the chart, not really a surprise, Dave. When you think of the shift hybrid work and you think of the, some of the other transitions going on, I think you would expect to see the server business in decline, the storage business, you know, maybe in a little bit of decline, just because people aren't building out data centers. Where the other ones are related more to hybrid working, hybrid cloud, things like that. So it is what you would expect. The WebEx one was interesting too, because it did show somewhat of a dip and then a rise. And I think that's indicative of what we've seen in the collaboration space since the pandemic came about. Companies like Zoom and RingCentral really got a lot of the headlines. Again, when you, the comment I made on competition, Cisco got caught a little bit flat-footed, they've caught up in features and now they really stepped on the gas there. Chuck joked that he gave the WebEx team a bit of a blank check to go do what it had to do. And I don't think that was a joke. I think he actually did that because they've added more features into WebEx in the last year then I think they did the previous five years before that. >> Well, let's just drill into video conferencing real quick here, if we could. Here's that two dimensional view, again, showing net score against market share or pervasiveness of mentions, and you can see Microsoft Teams in the upper right. I mean, it's off the chart, literally. Zoom's well ahead of Cisco in terms of, you know, mentions presence. And that could be a spate of freemium, you know, but it's basically a three horse race in this game. And Cisco, I don't think is trying to take Zoom head on, rather it seems to be making WebEx a core part of its broader collaboration agenda. But Zeus, maybe you could comment. >> Well, it's all coming together, right? So, it's hard to decouple calling from video from meetings. All of the vendors, including Teams, are going after the hybrid work experience. And if you believe the future is hybrid and not just work from home, then Cisco does have a pretty interesting advantage because it's the only one that makes its own end points, where Teams and Zoom doesn't. And so that end to end experience it can deliver. The Microsoft Teams one's interesting because that product, frankly, when you talk to users, it doesn't have a great user score, like as far as user satisfaction goes, but the one thing Microsoft has done a very good job of is bundling it in to the Office365 licenses, making it very easy for IT to deploy. Zoom is a little bit in the middle where they've appealed to the users. They've done a better job of appealing to IT, but there is a, there is a battleground now going on where video's not just video. It includes calling, includes meetings, includes room systems now, and I think this hybrid work friend is going to change the way we think about these meeting tools. >> Now we'd be remiss if we didn't spend a moment talking about security as a key part of Cisco's business. And we have a graphic on this same kind of X, Y. And it's been, we've seen several quarters of growth. Although, the last quarter security growth was in the low single digits, but Cisco is a major player in security. And this X, Y graph shows, they've got both a large presence and a solid spending momentum. Not nearly as much momentum as Okta or Zscaler or a CrowdStrike and some of the smaller companies, but they're, these guys are on a rocket ship, but others that we featured in these episodes, but much more than respectable for Cisco. And security is critical to the strategy. It's a big part of the subscriber base. And the last thing, Zeus, I'll say about Cisco made the point in analyst day, that this market is crowded. You can see that in this chart. And their goal is to simplify this picture and make it easier for customers to secure their data and apps. But that's not easy, Zeus. What are your thoughts on Cisco's security opportunities? >> Yeah, I've been waiting for Cisco go to break up in security a little more than it has. I do think, I was talking with a CSO the other day, Dave, that said to me he's starting to understand that you don't have to have best of breed everywhere to have best in class threat protection. In fact, there's a lot of buyers now will tell you that if you try and have best of breed everywhere, it actually creates a negative when it comes to threat protection because keeping all the policies and things up to date is very, very difficult. And so the industry is moving more to a platform model, right? Now, the challenge for Cisco is how do you get that, the customer to think of the network as part of the platform? Because while the platform model, I think, is starting to gain traction, FloridaNet, Palo Alto, even McAfee, companies like that also have their own version of a security platform. And if you look at the financial performance of companies like FloridaNet and Palo Alto over the past, you know, over the past couple of years, they've been through the roof, right? And so I think an interesting and unique challenge for Cisco is can they convince the security buyer that the network is as important a part of that platform as any other component? If they can do that, I think they can break away from the pack. If not, then they'll stay mixed in with those, you know, Palo, FloridaNet, Checkpoint, and, you know, and Cisco, in that mix. But I do think that may present their single biggest needle moving opportunity just because of how big the security TAM is, and the fact that there is no de facto leader in security today. If they could gain the same kind of position in security as they have a networking, who, I mean, that would move the needle like no other market would. >> Yeah, it's really interesting that they're coming at security, obviously from a position of networking strength. You've got, to your point, you've got best of breed, Okta in identity, you got CrowdStrike in endpoint, Zscaler in cloud security. They're all growing like crazy. And you got Cisco and you know, Palo Alto, CSOs tell us they want to work with Palo Alto because they're the thought leader and they're obviously a major player here. You mentioned FloridaNet, there's a zillion others. We could talk all day about security. But let's bring it back to cloud. We've talked about a number of the piece in Cisco's portfolio, and we haven't really spent any time on full stack observability, which is a big push for Cisco with AppD, Intersight and the ThousandEyes acquisition. And that plays into this equation. But my take, Zeus, is Cisco has a number of cloud knobs that it can turn, it sells core networking equipment to hyperscalers. It can be the abstraction layer to connect on-prem to the cloud and hybrid and across clouds. And it's in a good position with Telcos too, to go after the 5G. But let's use this chart to talk about Cisco's cloud prospects. It's an ETR cut of the cloud customer spending. So we cut it by cloud customers. And they're are, I don't know, 800 or so in the survey. And then looking at various companies performance within that cut. So these are companies that compete, or in the case of HashiCorp, partner with Cisco at some level. Let me just set this up and get your take. So the insert on the chart by the way shows the raw data that positions each dot, the net score and the shared n, i.e. the number of accounts in the survey that responded. The key points, first of all, Azure and AWS, dominant players in cloud. GCP is a distant third. We've reported on that a lot. Not only are these two companies big, they have spending momentum on their platforms. They're growing, they are on that flywheel. Second point, VMware and Cisco are very prominent. They have huge customer bases. And while they're often on a collision course, there's lots of room in cloud for multiple players. When we plotted some other Cisco properties like AppD and Meraki, which as we said, is strong. And then for context, we've placed Dell, HPE, Aruba, IBM and Oracle. And also VMware cloud and AWS, which is notable on its elevation. And as I say, we've added HashiCorp because they're critical partner of Cisco and it's a multi-cloud play. Okay, Zeus, there's the setup. What does Cisco have to do to make the cloud a tailwind? Let's talk about strategy, tailwinds, headwinds, competition, and bottom line it for us. >> Yeah, well, I do think, well, I talked about security being the biggest needle mover for Cisco, I think its biggest challenge is convincing Wall Street in particular, that the cloud is a tailwind. I think if you look at the companies with the really high multiples to their stock, Dave, they're all ones where they're viewed as, they go along with the cloud ride, Right? So the, if you can associate yourself with the cloud and then people believe that the cloud is going to, more cloud equals more business, that obviously creates a better multiple because the cloud has almost infinite potential ahead of it. Now with respect to Cisco, I do think cloud has presented somewhat of a double-edged sword for Cisco. I don't believe the current consumption model for cloud is really a tailwind for Cisco, not really a headwind, but it doesn't really change Cisco's business. But I do think the very definition of cloud is changing before our eyes, Dave. And it's shifting away from centralized clouds. If you think of the way customers bought cloud before, it might have used AWS, it might've used Azure, but it really, that's not really multi-cloud, it's just multiple clouds in which I put things in these centralized resources. It's shifting more to this concept of distributed cloud in which a single application can be built using resources from your private cloud, for AWS, from Azure, from Edge locations, all the cloud providers have built their portfolios to support this concept of distributed cloud and what becomes important there, is a highly agile dynamic network. And in that case with distributed cloud, that is a tailwind for Cisco because now the network is that resource that ties all those distributed cloud components together. Now the network itself has to change. It needs to become a lot more agile and microservices and container friendly itself so I can spin up resources and, you know, in an Edge location, as fast as I can on-prem and things like that. But I do think it creates another wave of innovation and networking, and in that case, I think it does act as a tailwind for Cisco, aside from just the work it's done with the web scalers, you know, those types of companies. So, but I do think that Cisco needs to rethink its delivery model on network services somewhat to take advantage of that. >> At the analyst meeting, Cisco made the point that it does sell to the hyperscalers. It talked about the top six hyperscalers. You know, you had mentioned to me, maybe IBM and Oracle were in there. I always talk about four hyperscalers and only four, but that's fine. Here's my question. Practitioners have told me, buyers have told me, the more money and more workloads I put in the cloud, the less I spend with Cisco. Now, even though that might be Cisco gear powering those clouds, do you see that as a potential threat in that they don't own that relationship anymore and value will confer to the cloud players? >> Yeah, that's, I've heard that too. And I don't, I believe that's true when it comes to general purpose compute. You're probably not buying as many UCS servers and things like that because you are putting them in the cloud. But I do think you do need a refresh the network. I think the network becomes a very important role, plays a very important role there. The variant, the really interesting trend will be, what is your WAM look like? Do you have thousands of workers scattered all over the place, or do you just have a few centralized locations? So I think also, you know, Cisco will wind up providing connectivity within the cloud. If you think of the transition we've seen in other industries, Dave, as far as cloud goes, you think of, you know, F5, a company like that. People thought that AWS would commoditize F5's business because AWS provides their own load balancers, right? But what AWS provides is a very basic, very basic functionality and then use F5's virtual edition or a cloud edition for a lot of the advanced capabilities. And I think you'll see the same thing with the cloud that customers will start buying versions of Cisco that go in the cloud to drive a lot of those advanced capabilities that only Cisco delivers. And so I think you wind up buying more Cisco over time, although the per unit price of what you buy might be a little bit lower. If that makes sense here. >> It does, I think it makes a lot of sense and that fits into the cloud model. You know, you bring up a good point, the conversation with the customer was Rakuten. And that individual was essentially sharing with us, somebody was asking, one of the analysts was asking, "Well, what about the cloud guys? "Aren't they going to really threaten the whole Telco "industry and disrupt it?" And his point was, "Look at, this stuff is not trivial." So to your point, you know, maybe they'll provide some basic functionality. Kind of like they do in a lot of different areas. Data protection is another good example. Security is another good example. Where there's plenty of room for partners, competitors, of on-prem players to add value. And I've always said, "Look, the opportunity "is the cloud players spend 100 billion dollars a year "on CapEx." It's a gift to companies like Cisco who can build an abstraction layer that connects on-prem, cloud for hybrid, across clouds, out to the edge, and really be that layer that is that layer that takes advantage of cloud native, but also delivers that experience, I don't want to use the word seamlessly, but that experience across those clouds as the cloud expands. And that's fundamentally Cisco's cloud strategy, isn't it? >> Oh yeah. And I think people have underestimated over the years, how hard it is to build good networking products. Anybody can go get some silicon and build a product to connect two things together. The question is, can you do it at scale? Can you do it securely? And lots of companies have tried to commoditize networking, you know, White Boxes was looked at as the existential threat to Cisco. Huawei was looked at as the big threat to Cisco. And all of those have kind of come and gone because building high quality network equipment that scales is tough. And it's tougher than most people realize. And your other point on the cloud providers as well, they will provide a basic level of functionality. You know, AWS network equipment doesn't work in Azure. And Azure stuff doesn't work in Google, and Google doesn't work in AWS. And so you do need a third party to come in and act as almost the cloud middleware that can connect all those things together with a consistent set of policies. And that's what Cisco does really well. They did that, you know back when they were founded with routing protocols and you can think this is just an extension of what they're doing just up at the cloud layer. >> Excellent. Okay, Zeus, we're going to leave it there. Thanks to my guest today, Zeus Kerravala. Great analysis as always. Would love to have you back. Check out ZKresearch.com to reach him. Thank you again. >> Thank you, Dave. >> Now, remember I publish each week on Wikibond.com and siliconangle.com. All these episodes are available as podcasts, just search "Braking Analysis" podcast, and you can connect on Twitter at DVallante or email me David.Vallante@siliconangle.com. Thanks for the comments on LinkedIn. Check out etr.plus for all the survey action. This is Dave Vallante for theCUBE insights powered by ETR. Be well and we'll see you next time. (light music)

>>mhm >>Hello and welcome to this cube conversation here in Palo alto California, I'm john for a year host of the cube, we're here with a great guest Jt gear, Ceo and founder and ops Hot Startup. Jt Welcome to the cube conversation. >>Hey, that sound, thanks for having me. It sounds like we know each other, we used to run into each other at meat out. So yeah, >>it's fun to talk to you because I know you're, you know, scratching the devops it from the beginning before devops was devops before infrastructure of code was infrastructure as code. All that's played out. So it's really a great ride. I know you had a good time doing it a lot of action though. If you look at devops it's kind of like this new, I won't say devops two point because it kind of cliche but you're starting to see the mature ization of companies besides the early adopters and the people who are hardcore adopting and they realize this is amazing and then they? Re platform in the cloud and they go great, let's do more and next thing, you know, they have an operations issue and they got a really kind of stabilize and then also not break anything. So this is kind of the wheelhouse of what you guys are doing in ops reminds me of no ops, no operations, you know, we don't want to have a lot of extra stuff. This is a big thing. Take a but take them in to explain the company, you're what you guys stand for and what you're all about. >>Yeah, so you know, our main focus is more on the operation side, so, you know the reason why you move to cloud or the reason why you have devops practices, you want to go fast. Um but you know when you're building cloud infrastructure, you have to make trade offs right? You have to maybe some environment, maybe you have to optimize for S L A. And maybe another workload, you have to optimize for um you know, maybe costs, right? So what we're on a mission to do is to make sure that companies are able to make the right trade offs, right? We help companies to make sure all their workload, every single resource in the cloud is aligned with the business needs, you know, so we do a lot of cool things by like, you know, bringing accountability mapping and we're close to different genes. But yeah, the end goal is, can we make sure that every single resource on data Bs is aligned with the business needs >>and they're also adding stuff. Every reinvent zillion more services get announced. So a lot, a lot of stuff going on, I gotta ask you while I got you here, what is the definition of cloud apps these days, from your standpoint and why is it important? A lot of folks are looking at this and they want to have stable operations. They love the cloud really can't deny the cloud value at all. But cloud ops has become a big topic. What is cloud apps and why is it important. >>Right? I mean, first of all, Like you just mentioned, right? Like Amazon keeps on launching more services. It's over 200. So the environment is very complex, Right? And then mm complexity within the services is uh pretty uh you really need to be the main expert for example, know everything about do So, you know, our question to us is, let's say if you find a critical issue, uh let's say you want to uh you know, enable multi AZ on your RDS for example. Uh and it's critical because you know, you're running a uh high availability workloads on AWS. How do you follow up on that right to us. Operation is how do you build a cloud backlog? How do you prioritize, how do you come together as a team to actually remediate those issues? No one is tackling that job, everyone's surfaces like, hey, here's 1000 things that are wrong with your environment. No one is focused on like how do you go from these issues to prioritization to backlog to actually coming together as a team. You know, I've been fixing some of those issues. That's that's what operation means is >>I know it's totally hard because sometimes I don't even know what's going on. I gotta ask you why, why is it harder now? Why are people, I mean I get the impression that people like looking the other way? I hope it goes the problem kind of goes away. What are the challenges? What's the big blocker from getting at the root cause or trying to solve these problems? What's the big thing that's holding people back? >>Yeah, I mean, when I first got into, you know, I t you know, I was working in data center and every time we needed a server, you know, we have to ask for approvals, right? And you finally got a server, but nowadays anyone could provision resources. And normally you have different people within the team's provisioning resources and you can have hundreds of different teams who are provisioning resources. So the complexity uh and the speed that we are, you know, provisioning resources across multiple people, it just continues to go higher and higher. So that's why uh you know, on the surface it might look that hey, this, you know, maybe the biggest instance uh is, you know, aligned with the business needs, you know, looking at the changes, it's hard to know, are those aligned with the business? They're not? So that's that's that's where the complexity and player. >>So the question I get a lot from people we talk about devops and cloud, cloud apps or cloud management or whatever kind of buzz words out there, it kind of comes down to cloud apps and cloud management seems to be the category, people focus on. How is cloud ops different then? Say the traditional cloud management and what impact does it have for customers and why should they care and what do they need an option. >>Right. So one of the things we do uh and and we do think that cloud operation is sort of an evolution from cloud management. We make sure that Every single resource 1st, first of all blondes and workload. So and you know, workload could be a group of microservices uh and then uh you know every single workload has owners like define owners who are responsible for making sure they managed budget that they're responsible for security that normally doesn't exist. Right? Cloud is this black box, you know where multiple people are provisioning resources, you know, everyone tries to sort of build sort of a structure to kind of see like what are these resources for? What are these resources for as part of onboarding to end up? So what we do, we actually, you know, analyze all your metadata. We create like 56 workloads and then we say here is a bucket where there's there, this is totally unassigned, right? And then we actually walked them through assigning different roles and also we walk them through to kinda looking under this unallocated resources and assign resources for those as well. So once you're done, every single resource has clear definition, right? Is this a compliant? Uh you know hip hop workload, what are the run books, what is this for? John I don't know if he heard that before. Sometimes there are workloads running and how people don't know, I don't even know who is the owner, right? So after you're done with an office and after you're managing and uh, you know, uh, managing your workload on and off, you have full visibility and clear understanding of what are the. It's funny, it's >>funny you mentioned the workloads being kind of either not knowing the owners, but also we see people um, with the workloads sometimes it's like throwing a switch and leaving the hose on the water on. And next thing you know, they get the bill. They're like, oh my God, what happened? Why did I leave? What, what is this? So there's a lot of things that you could miss. This brings up the point you just said and what you said earlier aligning resources across the cloud uh and and having accountability. And then you, you mentioned at the top of this interview that aligning with the business needs. I find that fastest. I would like to take him in to explain because it sounds really hard. I get how you can align the resources and do some things, identify what's going on, accountability kind of map that that's, that's good tech. How does that, how do you get that to the alignment on the business side. >>Yeah. I mean we start by, first of all, like I said, you know, we use machine learning to play these workloads? And then we asked basic questions about the workload. You know, what is this workload for? Uh Do you need to meet with any kind of compliance is for this workload? Uh What is your S. O. A. For this workload? You know, depending on that. We we make recommendations. Uh So we kind of ask those questions and we also walk them through where they create roles. Like we asked who was responsible for creating budgets or managing security for this workload and guess what also the you know the bucket where resources are allocated for. We ask for you know, owners for that as well like in this bucket who's the owner for who's going to monitor the budget and things like that. So you know we asked, you know, we start by just asking the question, having teams complete that sort of information and also you know, why do you a little bit more information on how this aligns with the business needs? You know, >>talk about the complexity side of it. I love that conversation around the number of services. You said 200 services depending how you count what you call services in the thousands of so many different things uh knobs to turn on amazon uh web services. So why are people um focused on the complexity and the partnering side? Because you know, it's the clouds at E. P. I. Based system. So you're dealing with a lot of different diverse resources. So you have complexity and diversity. Can you talk me through how that works? Because that's that seems to be a tough beast to tame the difference between the complexity of services and also working with other people. >>Yeah for sure like this this normal to have um you know maybe thousands of lambda functions in their application. We're working with a customer where within last month there were nine million containers that launched and got terminated right there, pretty much leveraging, auto scaling and things like that. So these environments are like very complex. You know, there's a lot of moving pieces even, you know, depending on the type of services they're using. So again what we do, you know we when we look at tags and we look at other variables like environments and we look at who's provisioning resources, those resources and we try to group them together and that way there's accountability uh you know if the cost goes up for one workload were able to show that team like your cost is going up uh And also we can show uh unallocated bucket that hey within last week Your cost is you know, $4,000 higher in the unallocated bucket. Where would you like to move this these resources to just like an ongoing game. You >>know, you know jt I was talking with my friend jerry Chen is that Greylock partners is a V. C. Has been on the cube many times a couple of years ago. We're talking about how you can build a business within the cloud, in the shadows of the clouds, what he called it, but I called it more the enabling side and and that's happened now, you're seeing the massive growth. I'm also talking to some C X O C IOS or CSOs and they're like trying to figure out which companies that are evolving and growing to be to buy from, get to get the technology. Uh and they always say to me john I'm looking for game changing kind of impact. I'm looking for the efficiency and you know, enablement, the classic kind of criteria. So how would you guys position yourself to those buyers out there that might want to look at you guys as a solution and ups what game changing aspect of what you do is out there, how would you talk to that that C I O or C. So or buyer um out in the end the enterprise and the thieves ran his piece. What would you say to them? >>Yeah, I think the biggest uh advantage and I think right now it's a necessity, you hear these stories where, you know, people provision resources, they don't even know which project is it for. It's just very hard to govern the cloud environment, but I believe we're the only tool. Mhm where you want to compromise on the speed, right? The whole reason um cloud but they want to innovate faster. No one wants to follow that. Right? But I think what's important. We need to make sure everything is aligned with the business value. Uh, we allow people to do that. You know, we, we, we can both fast at the same time. You can have some sort of guard rails. So there are proper ownership. There's accountability. People are collaborating and people are also rightsizing terminating resources, they're not using. It's like, you know, I think if companies are looking for a tool that's gonna drive better accountability on how people build and collaborate on cloud, I think reply the best solution. >>So people are evolving with the cloud and you mentioned terminating services. That's a huge deal in cloud. Native things are being spun up and turned off all the time. So you need to have good law, You have a good visibility, observe ability is one of the hottest buzzwords out there. We see a zillion companies saying, hey, we're observe ability, which is to me is just monitoring stuff. They can sure you're tracking everything. So when you have all this and you start to operationalize this next gen, next level cloud scale, cost optimization and visibility is huge. Um, what is the, what is the secret sauce uh, for that you guys offer? Because the change management is a big 12 teams are changing too cost team accountability. All this is kind of, it's not just speeds and feeds, there's, it's kind of intersection of both. What's your take on that reaction to that? >>Yeah, I think it's the Delta. Right? So change management, What you're really looking for is not a, like a fire hose, you're looking for. What changed what the root cause who did it, what happened? Right. Because it's totally normal for someone to provision maybe thousands or even millions containers. But how many of those got shut down? What is the delta and uh, you know, if there is a, there is an anomaly, what is the root cause? Right? Uh, how we fix it. So you know the way we've changed managers, change management is a lot different. We really get to the root cause analysis and we really help companies to make, really show what changed and how they can take action to a media. But if there were issues, >>I want to put a little plug in for you guys. I noticed you guys have a really strong net promoter score. You have happy customers also get partners. A lot of enablement there. You kind of got a lot of things going on. Um, explain what you guys are all about. How did you get here? What's the day in the life of a customer that you're serving? Why then why are the scores so high? Um, take us through a use case of someone getting that value. >>Yeah. So I, I come from like a consulting background, john so you know, I was migrating companies to read the Bs when the institute was in beta and then I, you know, founded a consulting company over 100 employees. Really successful interview. S premier partner called in clouds. And so Enos was born there because because you know it was, it was born out a consulting company, there are a lot of other partners who are leveraging the tools to help their customers and it goes back to our point earlier, john like amazon has to wonder services, right? We are noticing customers are open to work with partners and uh you know with different partners that really helped them to make sure they're making the right decisions when they are building on cloud. So a lot of the partners, a lot of the consulting companies are leveraging uh and hopes to deliver value to their customers as far as uh you know how we actually operate. You know, we pay attention to uh you know what, what customers are looking for, what, where are the next sort of challenges uh you know, customers are facing in a cloud environment world like super obsessed, you know, like we're trying to figure out how do we make sure every single resource is aligned with the business value without slowing companies down so that really drives us, we're constantly welcome customers to stay true to the admission >>and that's the ethos of devops moving fast. The old quote Mark Zuckerberg used to have move fast, break stuff and then he revised it to move move fast and make it stable, which is essentially operational thing. Right, so you're starting to see that maturity, I noticed that you guys also have a really cool pricing model, very easy to get in and you have a high end too. So talk us through about how to engage with you guys, how do people get involved? Just click and just jump in there, buying software buying services, take a minute to explain how people can, can work with you. >>Yeah, it's just, it's just signing up on our site, you know, our pricing is tier model, uh you know, once you sign up, if you do need help with, you know, remediating high risk issues we can bring in partners, we have a strong partner ecosystem. Uh we could definitely help you do interviews to the right partners but it's as simple as just signing up and just taking me out. First thing I guess. >>Jt great chatting with you have been there from early days of devops, born in the field, getting, getting close to the customers and you mentioned ec two and beta, they just celebrate their 15th birthday and I remember one of my starts that didn't actually get off the off the blocks, they didn't even have custom domains at that time was still the long remember the long you are else >>everything was ephemeral like when you restart server, everything will go away a cool >>time. And I just remember saying to myself man, every entrepreneur is going to use this service who would ever go out and buy and host the server. So you were there from the beginning and it's been great to see the success. Thanks for coming on the cube >>all That's >>okay. Jt thanks so much as a cube conversation here in Palo alto. I'm john for your host. Thanks for watching. Mhm.

>>Welcome back to the doctor khan cube conversation. Dr khan 2021 virtual. I'm john for your host of the cube of mulch, Donny co founder and CTO and see so for accurate hot startup hot company. Uh, thanks for coming on the cube for dr continent and talking cybersecurity and cloud native. Super important. Thanks for coming on, >>appreciate john. Thanks for having me. >>So here dr khan. Obviously the conversations around developer experience, um, making things more productive. Obviously cloud scale cloud native with docker containers with kubernetes all lining up right in line with the trend that's now going mainstream and all commercial enterprises. I mean developer productivity security is a huge times thing if you don't get it right. So, you know, shifting left is that everyone's talking about, but this is a huge challenge. Can you, can you talk about what you guys do at your company and specifically why it relates to this conversation for developers at dr khan. >>Sure. Um, so john as we understand today, there are millions of uh, you know, code comments that are happening in cloud native environments on daily basis. Um, you know, in a recent report, Airbnb reported, they've checked in 125,000 plus times ham charts in an ear. And what that means is that, you know, the guitars revolution is here. Uh, and that also means that, well, you got your kubernetes clusters sinking up with infrastructure as code, such as ham chart customized and yarrow files right almost several times a day now, what that also means is that the opportunity to make sure that your clusters are being deployed securely by these infrastructure as code templates and deployment has called template is available before the deployment happens and not after the deployment. Also, in order to reduce the cost or detecting security challenges. The best option and opportunity is during the development time and during the deployment time, which is the pipeline time and that's what we offer. We shift your cloud, native security posture detection to left. We detect all your security posture related issues while the code is in development in the design phase as well as while it is about to get deployed, that is within the guitars pipelines or your traditional develops pipelines and not only with detect where we sell feel the code as well, specifically infrastructure as code. So we detect the problems and we fix the problem by generating the remediation code which we like to call it as remediation is called. The detection mechanisms like all this policy is called. That's the primary use case that we offer. We help developers reduce the cost of remediation and also meantime to the mediations for security problems >>and actually see them a boatload of hassle to going back and figure out how they wrote the code at that time. And kind of what happened always is a problem. Um, I gotta Okay, so I'm gonna get into this policy is code. You mentioned that also you mentioned Getafe's revolution. Let's get to that in a second. But first I want you to explain to the folks what is cloud native security and what does that mean? And what kind of attacks emerge as that surface area becomes apparent? >>Absolutely. So cloud native security is a very interesting new paradigm. Uh it's not just related with one single control pain like take, for example, Cuban haters, it's not just that, it's also the supply chain elements that go into the deployment of your cloud native clusters. Like see if kubernetes cluster you need to secure not just the application code which is running inside your container images, but also the container image itself, then the pod, then the name space, then the cluster. And also you need to do all the other cyber hygienic, high generated things that we were doing previously. So it's so much of complexity because availability of different control planes, you need to be able to make sure that you are doing security, not just right, but at a very, very cost effective in a very, very cost effective manner. And the kind of attacks that we are predicting we're going to see in cloud native world are going to be very different from what we have seen so far. Especially there's a new attack type that I am have coined. I call that as cloud native waterhole attack. What it means is that imagine that most of the cloud native infrastructures are developed out of a lot of different open source components and pieces. So imagine you're pulling up a container image from a open source container agency and that continued which contains a man there container image can directly land into your cluster and not only can enter into your so called secure cluster environment. Usually the cluster control planes are not exposed to internet but deployment of one supply chain element like a Mallory's container image and exposed to an entire cluster. And that's what is waterhole attack when it comes to chlorinated water hole attacks to supply chains. So these are some very innovative and noble attacks that you know, we Uh you know, predict are going to come to our weigh in next 12-18 months. >>So you say it's a waterhole attack. That's the that's the coin term that you've made. So basically what you're saying is the container could be infected with all the properties that is containing into a secure cluster. It's almost been penetrated like malware would or spear phishing attack, it targets the cluster and then infects it. >>So not only that because your continuing images that you're pulling in um from your registries registries can be located anywhere right? If you do not do proper sanitization and checking off your supply chain components such as a continuing image, it can land insecure zones like this. So not only in a cluster, it can become part of a system named space very soon and and that's where the risks are that, you know, you had a parameter, you know, at least of some sort when it was non cloud native environments. And now you have a kind of false sense of security that I have equivalent is cluster, which sort of air gap in one way like there's no exposure to internet of the control plane control being a P. I. Is not supposed to Internet, that doesn't mean anything. A container enters into your cluster can take over the entire cluster. >>All right, so that's cool. So I love that attacks kind of attack. So back to cloud native security definition. So you're defining cloud native security as cloud native clusters. Is it specific around kubernetes or what specifically the cloud native security? What's the category? If the if water holds the attack vector, what's cloud native security means? >>So what it means is that you need to worry about multiple different control planes in a cloud native environment. It's not just a single control pain that you have to worry about. You have to worry about your uh as I said, kubernetes control plane, you have service measures on top of it, You could have server less layers on top of it and when you have to worry about so many different control pains, but it also means is that the security needs to become part of and has to get baked into the entire process of building cloud native environment, not afterthought or it shouldn't happen after the fact. >>See the containers for containers that watch the containers security for the security to watch the security. So you get so let's get we'll get to that. I want to get back to the solution, but one more thing. Um this one piece. So your c so um there you have a lot of shops in there from your background, I know that. Um So if if people out there, other Csos are looking at expanding, You know, day one day 2 ongoing, you know, ai ops get upstate to operate what everyone call it cloud native environments. How do they consider figuring out how to deploy and understand cloud need to secure? What do they have to do if you're a c So knowing what, you know, what steps are you taking? >>Yeah, it's funny that, you know, there's a big silo today between the sea, so organizations and the devops and get ops teams. Uh so the number one priority, in my opinion, that the sea so s uh you know, have to really follow is having visibility into the uh developers. So developers who are developing not just code but also infrastructure as code. So there is a slight difference between writing python code versus writing uh say ham charts or customized templates. Right? So you need as a see saw, you know, see so our needs to have full visibility into Okay, out of 100 developers, how many do I have who are writing deployment as code? And then how many of them are continuously checking in code and introducing security issues? Those issues have to be visualized while the issues are written in code and as they are getting checked into the repositories, so catch the security issues while the code is getting checked into the repository. And the next best stages catch the issues while the pipelines are picking up the code from the repository. So sisters needs to have visibility into this. I call it as shift left visibility for CSOS. So sisters need to know, okay, what are my top 10 developers who are writing infrastructure as code? How many of those developers are committing wonderful code. How many of these pull requests which have been raised have got security violations? How many of them have been fixed and how many have not been fixed? That's what is the visibility that can uh you know, provide opportunities to seize organizations to >>react and more things to put KPI S around two to understand where the gaps are and where the potential blind spots are. Okay, shift left visibility to see. So if you've got the get ups revolution, you got the waterhole attacks. You have multiple control planes obviously complex. The benefits of cloud native though are significant and people doing modern applications are seeing that. So clearly this is direction that everyone's going. The consensus is clear. So how do you solve this? You mentioned policy as code. I'm kind of connecting the dots here. If I'm going to understand what's going on in real time as the code is in flight as it's checking in. For instance, this is kind of in the pipeline as you say. So this has to be solved. What is the answer to this? Because it's clearly the way people want it. No one wants to come back and say we got hacked or development being pulled off task to figure out what they fixed or didn't do what's the policy is code angle? >>So um you know, of course, you know, there could be more than one ways to solve this problem. The way we are solving this problem is that first thing we are bringing all top type of infrastructure as code and the control planes into a single uniform format, which we like to call it as cloud, as code. The reason why we do that so that we can normalize the representation of these different data sets in one single normalized format. And then we apply open policy agent which is a C N C F uh graduated project, which is kind of the de facto standard to do any kind of policy is called use cases in the cloud native world today. So we apply open policy agent to this middleware that we create, which basically brings all these different control plane data, all the different infrastructures code into anomalous format. We apply O P A and we use policies to apply uh Opie on this data this way. What happens is that we write, for example, we want to write a policy, you don't want certain parts to be exposed to Internet in a given name space. You can write such a policy. This policy, you can run on life cluster as well as on the hand charts, which is your development side of the artifact. Right. Because we're bringing both these datasets into middleware. So in short, one of the solutions that we are proposing is that different control planes, different infrastructures, code has to be brought into a normalized format. And then you apply frameworks like Opie a open policy agent to achieve your policy is called use cases. >>What is the attraction for this direction? O. P. A. In particular obviously controlled planes. I get that. I can see the benefit of having this abstraction away with the normalization. I think that would enable a lot of innovation on top of it. Um Makes a lot of sense, totally cool. What's the attraction? What's the vibe? Are people reacting to this? Uh Some people might say whoa hold on, you're taking on too much uh your eyes are bigger than your stomach. You're taking on too much territory. Whoa, slow down. I can I I want to own that control plane. There's a lot of people trying to own the control plane. So again it's a little bit of politics here. What's your what's your thoughts on the momentum? What's the support, what's it look like? >>Yeah, I think you are getting it right, the political side of things. So, um, you know, one responses that, look, we have launched our open source project contour a scan uh last year and uh you know, we're doing pretty well. It's a full opium based uh in a project which allows you to do policies code on not only new cloud control planes, like, you know, kubernetes and others, but also the traditional control planes provided by CSP s like cloud security, cloud service providers. So parents can can be used not just for hand charts and customized, but also for terra form. What we are uh promoting is open culture. With scan. We want community to contribute, become part of it. Um yes, we are promoting a middleware here uh but we want to do it with the help of the community and our reaction what we're getting is very very good. We are in our commercial offering also we use opa we have good adoption going on right now. We believe will be able to uh you know with the developer community, you have this thing going for us. >>I love cloud as code. It's so much more broader than infrastructure as code and I'll see the control plane benefits. You know when I talk to customers, I want to get your reaction to this because I really appreciate your experience and and leadership here. I talked to customers all the time and I wont say name, I won't name names but they're big, big and fintech and you'll big and life sciences in other areas. They all say we want to bring best to breed together but it's too hard to make it all work. We can get it done, but it's a lot of energy. So obviously building code and getting into production that is just brute force. Anyway, they got to get that done and they're working on their pipe lining. But getting other best of breed stuff together and making it work is really hard. Does this solve that? Do you, are you helping solve that problem? Is this an integration opportunity? >>Yes, that and that is true and we have realized it, you know, uh long back. So that's why we do not introduce any new tooling into the existing developer workflows, no new tool whatsoever. We integrate with all existing developer workflows. So if you are a, you know, modern uh, you know, get off shop and you're using flux or Argo, we integrate terrace can seamlessly integrated flux in Argo, you don't even get to know that you already have what policy is called enabled if you're using flux Argo or any equivalent, you know, getups, toolkit. Likewise, if you are using any kind of uh, you know, say existing developer pipeline or workflows such as, you know, the pipelines available on guitar, get lab, you know, get bucket and other pipelines. We seamlessly integrate our motor is very, very simple. We don't want to introduce one more two for developers, we want to introduce one more per security. We want to get good old days, >>no one wants another tool in the tool shed. I mean it's like, it's like really like the tool shit, they get all these tools laying around. But everyone again, this is back to the platform wars in the old days when I was younger. Breaking into the early days of the web platforms were everything you have to build your own proprietary platform Wasn't some open source being used, but mostly it was full stack. Now platforms are inter operating with hybrid and now Edge. So I want to get your thoughts on and I'm just really a little bit off topic. But it's kind of related. How should companies think about platform engineering? Because you now have the cloud scale, which in a way is half a stack. You don't really if you're gonna have horizontal scalability and you're gonna have these kind of unified control planes and infrastructure as code. Then in a way you don't really need that full stack developer. I mean I could program the network. I don't need to get into the weeds on that. I got now open policy agent on with terrorists. Can I really can focus on developing this is kind of like an OS concept. So how should companies think about platforms and hiring platform engineers and and something that will scale and have automation and all the benefits and goodness of the cloud scale. >>Yeah, I mean you actually nailed it when you began uh we've been experienced since we've been experiencing now since last at least 18 months that and if I were specifically also, I'll touch based on the security side of things as well. But platform engineering and platforms, especially now everything is about interoperability and uh, what we have started experiencing is that it has to be open. The credibility any platform can gain is only through openness interoperability and also neutrality. If these three elements are missing, it's very hard to push and capture the mind share of the users to adopt the platform. And why do you want to build a platform to actually attract partners who can build integrations and also to build apps on top of it or plug ins on top of it? And that can only be encouraged if there is, you know, totally openness, key components have to be open source, especially in security. I can give you several examples. The future of security is absolutely open source, the credibility cannot be gained without that. A quick example of that is cystic. I mean, who thought they were gonna be pulling such a huge, you know, funding round, of course that all is on the background of Falco, Right? So what I'm trying to play and sing and same for psyllium, Right? So what I'm clearly able to see is the science are that especially in cybersecurity community, you are delivering open source based platforms, you will have the credibility because that's where you will get the mindshare developers will come and you know, and work with you of course, you know, I have no shame naming fellow vendors right, who are doing this right and this is the right way to do it. >>Yeah. And I think it's it's totally true and you see the validation on that just to verify your point out that we have a little love fest here on open source, it's pretty obvious the the end user communities are controlled not the hard core and users like the hyper scholars, you know, classic enterprises are are starting not only contribute participate but add value more than they've ever have. The question I want to ask you is okay. I totally agree on open as data becomes super important because remember data is only as good as what you have and the more data the better the machine learning the better the data scale, um, sharing is important. So open sharing kind of ties into open source. What's your thoughts on data? Data policy, is this going to extend out into data control planes? What's your thoughts there? I'd love to get your input. >>We are a little little bit early in that thought. I think it's gonna take a little while uh for you know, the uh for the industry bosses to come to terms to that uh data lakes and uh you know, data control planes eventually will open up. But you know, I I see there is resistance in that space today uh but eventually it's gonna come around. You know, that has because that would be the next level of openness, you know, once the platforms uh in a mature as an example right today. Um you want to write uh you know, any kind of say policies for your same products, right. Uh you have the option available to write policies and customized, you know, languages. But then many platforms are coming up which are supporting policy is developed in in languages which are open and that's data which is going to open up, you know very soon. So you will not be measured in terms of how many policies you have as a product, but you will be measured. Can you consume? Open policies are not so i that it is going to go there, it's going to take a little while, but I think he is going to move that. >>It makes sense. Get the apparatus built on the infrastructure side. Once you have some open policy capability that's going to build an abstraction on top of it, then you can program data to be more policy driven or dynamic based upon contextual behavioural dynamics. So it makes a lot of sense. Oh, great insight here, love the conversation, Congratulations on your success. Love the vision. Love the openness. I'll see. We think uh data as code is big too. Obviously media's data where CUBA is open. We have we have the same philosophy. So thanks for sharing. Love the vision. Take a minute to plug the company. What are you guys looking to do? Uh you guys hiring, take a minute to put the plug out for the for the company? >>Absolutely. We are absolutely hiring great ingenious, you know, a great startup mind folks who want to come and work for a very, very innovative environment. Uh we are very research and development, you know driven and have brought various positions available today. Um we are trying to do something which has not been attempted before. Our focus is 100% on reducing the cost of security. And uh you know, in order to do that, you really have to do things that previously were not in development environments. And that's where we're going. We're open source uh, you know, open source initiatives, big open source lovers and we welcome people come in and apply our positions, >>reduce the cost of security, do the heavy lifting for the customer with code and have great performance, that's the ultimate goal. Great stuff. Cloud need security, threat modeling, deV stickups, shifting left in real time. You guys got a lot of hard problems you're attacking? >>Um well, you know, some of the good things uh that we're doing is also because of the team that we have right. Most of our co team comes from very heavy threat modeling, threat analysis and third intelligence background. So we have we're blending a very unique perspective of allowing developers to tackle the threats, which they're not supposed to even understand how they work. We do the heavy lifting from threat intelligence point of view, we just let the developers work on the code that we generate for them to fix those threats. So we're shipping threat intelligence and threat modeling also to left. Uh we're one of the first companies to create threat models just out of infrastructure is called, we read your infrastructure as code and we create a digital twin of your cloud late at one time, even before it has been actually built. So we do some of those things which we like to call it just advanced bridge card prediction where we can predict whether you have reach parts a lot in your runtime environment that would have been committed. >>And then the Holy Grail obviously the automation and self healing um is really kind of where you've got to get to. Right, that's the whole that's the whole ballgame, right? They're making that productive. Oh, thank you for coming on a cube here. Dr khan 2021 sharing your insights, co founder and CTO and see so. Oh much Danny. Thank you for coming on. I appreciate it, >>monsieur john thank you for having >>Okay Cube coverage of Dr Khan 2021. Um your host, John Fury? The Cube. Thanks for watching. Yeah.

from the cube studios in palo alto in boston bringing you data-driven insights from the cube and etr this is breaking analysis with dave vellante the convenience of online access to bank accounts payment apps crypto exchanges and other transaction systems has created enormous risks which the vast majority of individuals either choose to ignore or simply don't understand the internet has become the new private network and unfortunately it's not so private apis scripts spoofing insider crime sloppy security hygiene by users and much more all increase our risks the convenience of cloud-based services in many respects exacerbates the problem but software built in the cloud is a big part of the solution hello everyone and welcome to this week's wikibon cube insights powered by etr in this breaking analysis we'll try to raise awareness about a growing threat to your liquid assets and hopefully inspire you to do some research and take actions to lower the probability of you losing thousands hundreds of thousands or millions of dollars let's go back to 2019 in an event that should have forced us to act but for most of us didn't in september of that year jack dorsey's twitter twitter account was hacked the hackers took over his account and posted racial slurs and other bizarre comments before twitter could regain control of the account and assure us that this wasn't a system-wide attack most concerning however was the manner in which the attackers got a hold of dorsey's twitter account they used an increasingly common and relatively easy to execute technique referred to as a sim hijack or a sim swap the approach allows cyber thieves to take control of a victim's phone number now they often will target high-profile individuals like ceos and celebrities to embarrass or harass them but increasingly they're going after people's money of course now just in the past month we've seen a spate of attacks where individuals have lost cash it's a serious problem of increasing frequency so let's talk a little bit about how it works now some of you are familiar with this technique but most people that we talk to either aren't aware of it or aren't concerned you should be in a sim hack like this one documented on medium in may of 2019 four months prior to the dorsey attack the hackers who have many of your credentials that have likely been posted on the dark web they have your email they have your frequently used passwords your phone number your address your mother's maiden name name of your favorite pet and so forth they go in and they spoof a mobile phone carrier rep into thinking that it's you and they convince the agent that they've switched phones or have some other ruse to get a new sim card sent to them or they pay insiders at the phone carrier to steal sim card details hey 100 bucks a card big money now once in possession of the sim card info the attacker now can receive sms messages as part of two-factor authentication systems that are often used to verify identity they can't use face id on mobile but what they can do is go into your web account and change the password or other information the website then sends an sms and now the attacker has the code and is in then the individual can lock you out and steal your money before you even know what hit you all right so what can you do about it first there's no system that is hack proof if the bad guys want to get you and the value is high enough they will get you but that's the key roi what's roi simply put it's a measure of return derived from dividing the value stolen by the cost of getting that value it's benefit divided by cost so a good way to dissuade a criminal is to increase the denominator if you make it harder to steal the value goes down the roi is less here's a layered system shared by jason floyer the son of our very own david floyer smart dna there so we appreciate his contribution to the cube the system involves three layers of protection first you got to think about all the high value online systems that you have here are just a few you got bank accounts you have investment accounts you might have betting sites that has cash in it e-commerce sites and so forth now many of these sites if not most will use sms-based two-factor authentication to identify you now that exposes you to the sim hack the system that jason proposes let's start in the middle of this chart the first thing is you got to acknowledge that the logins that you're using to access your critical systems are already public so the first thing you do is to get a in quotes secure email in other words one that no one knows about and isn't on the dark web find a provider that you trust maybe the one maybe one that doesn't sell ads but that look that's your call or maybe go out and buy a domain and create a private email address now the second step is to use a password manager now for those who don't know what that is you're probably already using one that comes with your chrome browser for example and it remembers your passwords and autofills them now if you on your iphone if you're an iphone user go to settings passwords and security recommendations or if you're on an android phone open your chrome app and go to settings passwords check passwords you're likely to see a number of recommendations as in dozens or maybe even hundreds that have been compromised reuse passwords and or or are the subject of a data breach so a password manager is a single cloud-based layer that works on your laptop and your mobile phone and allows you to largely automate the creation management and maintenance of your online credentials now the third layer here involves an external cloud-based or sometimes app-based two-factor authentication system that doesn't use sms one that essentially turns your phone into a hardware authentication device much like an external device that you would use like a yubikey now that's also a really good idea to use as that third layer that hardware fob so the system basically brings together all your passwords under one roof under one system with some layers that lower the probability of your money getting stolen again it doesn't go to zero percent but it's dramatically better than the protection that most people have here's another view of that system and this venn the password manager in the middle manages everything and yes there's a concern that all your passwords are in one place but once set up it's more secure than what you're likely doing today we'll explain that and it'll make your life a lot easier the key to this system is there's there's a single password that you have to remember for the password manager and it takes care of everything else now for many password managers you can also add a non-sms based third-party two-factor authentication capability we'll come back and talk about that in a moment so the mobile phone here uses facial recognition if it's enabled so it would require somebody they had either have you at gunpoint to use your phone and to stick it in front of your face to get into your accounts or you know eventually they'll become experts at deep fakes that's probably something we're going to have to contend with down the road so it's the desktop or laptop via web access that is of the greatest concern in this use case this is where the non-sms-based third-party two-factor authentication comes into play it's installed on your phone and if somebody comes into your account from an unauthorized device it forces a two-factor authentication not using sms but using a third-party app as you guessed it is running in the cloud this is where the cloud creates this problem but it's also here to help solve this problem but the key is this app it generates a verification code that changes on your phone every 20 seconds and you can't get into the website without entering that auto generated code well normal people can't get in there's probably some other back door if they really want to get you but i think you see that this is a better system than what 99 of the people have today but there's more to the story so just as with enterprise tech and dealing with the problem of ransomware air gaps are an essential tool in com combating our personal cyber crime so we've added a couple of items to jason's slide so the this air gap and the secure password notion what you want to do is make sure that that password manager is strong and it's easy for you to remember it's never used anywhere except for the password manager which also uses the secure email now if you've set up a non s if you've set up a two factor authentication sms or otherwise you're even more protected non-sms is better for the reasons we've described now for your crypto if you got a lot first of all get out of coinbase not only does coinbase gouge you on transaction costs but we'd recommend storing a good chunk of your crypto in an air-gapped vault now what you want to do is you want to make a few copies of this critical information you want to keep your secure password on you in one spot or memorize it but maybe keep a copy in your wallet your physical wallet and put the rest in a fireproof filing cabinet and a safety deposit box and or fire proof lock a lock box or a book in your library but but have multiple copies that somebody has to get to in order to hack you and you want to put also all your recovery codes so when you set all this up you're going to get recovery codes for the password manager in your crypto wallets that you own yeah it gets complicated and it's a pain but imagine having 30 percent or more of your liquid assets stolen now look we've really just scratched the surface here and you you're going to have to do some research and talk to people who have set this stuff up to get it right so figure out your secure email provider and then focus on the password manager now just google it and take your time deciding which one is the best for you here's a sample there are many some are free you know the better ones are for pay but carve out a full day to do research and set up your system take your time and think about how you use it before pulling the trigger on these tools and document everything offline air gap it now the other tooling that you want to use is the non-sms based third-party authentication app so in case you get sim hacked you've got further protection this turns your phone into a secure token generator without using sms unfortunately it's even more complicated because not only are there a lot of tools but not all your financial systems and apps we will support the same two-factor authentication app your password manager for example might only support duo your crypto exchange might support authy but your bank might only support symantec vip or it forces you to have a key fob or use sms so it's it's a mishmash so you may need to use multiple authentication apps to protect your liquid assets yeah i'm sorry but the consequences of not protecting your money and identity are worth the effort okay well i know there's a deviation from our normal enterprise tech discussions but look we're all the cios of our respective home i.t we're the network admin the storage admin the tech support help desk and we're the chief information security officer so as individuals we can only imagine the challenges of securing the enterprise and one of the things we talk about a lot in the cyber security space is complexity and fragmentation it's just the way it is now here's a chart from etr that we use frequently which lays out the security players in the etr data set on two dimensions net score or spending velocity in the vertical axis and market share or pervasiveness within the data set on the horizontal now for change i'm not going to elaborate on any of the specific vendors today you've seen a lot of this before but the chart underscores the complexity and fragmentation of this market and this is just really literally one tiny subset but the cloud which i said at the outset is a big reason that we got into this problem holds a key to solving it now here's one example listen to this clip of dave hatfield the longtime industry exec he's formerly an executive with pure storage he's now the ceo of laceworks lace work a very well-funded cloud-based security company that in our view is attacking one of the biggest problems in security and that's the fragmentation issue that we've often discussed take a listen so at the core of what we do you know you know it's um it's really trying to merge when we look at we look at security as a data problem security and compliance is the data problem and when you apply that to the cloud it's a massive data problem you know you literally have trillions of data points you know across shared infrastructure that we you need to be able to ingest and capture uh and then you need to be able to process efficiently and provide context back to the end user and so we approached it very differently than how legacy approaches have been uh in place you know largely rules-based engines that are written to be able to try and stop the bad guys and they miss a lot of things and so our data-driven approach uh that we patented is called uh polygraph it's it's a security architecture and there are three primary benefits it does a lot of things but the three things that we think are most profound first is it eliminates the need for you know dozens of point solutions um i was shocked when i you know kind of learned about security i was at symantec back in the day and just to see how fragmented this market is it's one of the biggest markets in tech 124 billion dollars in annual spend growing at 300 billion dollars in the next three years and it's massively fragmented and the average number of point solutions that customers have to deal with is dozens like literally 75 is the average number and so we wanted to take a platform approach to solve this problem where the larger the attack service that you put in the more data that you put into our machine learning algorithms the smarter that it gets and the higher the efficacies look hatfield nailed it in our view i mean the cloud and edge explodes the threat surface and this becomes a data problem at massive scale now is lace work going to solve all these problems no of course not but having researched this it's common for individuals to be managing dozens of tools and enterprises as hatfield said 75 on average with many hundreds being common the number one challenge we hear from csos and they'll tell you this is a lack of talent lack of human skills and bandwidth to solve the problem and a big part of that problem is fragmentation multiple apis scripts different standards that are constantly being updated and evolved so if the cloud can help us reduce tooling creep and simplify and automate at scale as the network continues to expand like the universe we can keep up with the adversaries they're never going to get ahead of them so look i know this topic is a bit off our normal swim lane but we think this is so important and no people that have been victimized so we wanted to call your attention to the exposure and try to get you to take some action even if it's baby steps so let's summarize you really want to begin by understanding where your credentials have been compromised because i promise they have been just look at your phone or look into your browser and see those recommendations and you're going to go whoa i got to get on this at least i hope you do that now you want to block out an entire day to focus on this and dig into it in order to protect you or your and your family's assets there's a lot of stake here and look one day is not going to kill you it's worth it then you want to begin building those three layers that we showed you choose a private email that is secure quote-unquote quote-unquote research the password manager that's find the one that's going to work for you do you want one that's web-based or an app that you download how does the password manager authenticate what do the reviews say how much does it cost don't rush into this you may want to test this out on a couple of low risk systems before fully committing because if you screw it up it's really a pain to unwind so don't rush into it then you want to figure out how to use your non-sms based two-factor authentication apps and identify which assets you want to protect you don't want to protect everything do you really care about your credentials on a site where you signed up years ago and never use it anymore it doesn't have any credit cards in it just delete it from your digital life and focus on your financial accounts your crypto and your sites where your credit card or other sensitive information lives and can be stolen also it's important to understand which institutions utilize which authentication methods really important that you make sure to document everything and air gap the most sensitive credentials and finally you're going to have to keep iterating and improving your security because this is a moving target you will never be 100 protected unfortunately this isn't a one-shot deal you're going to do a bunch of work it's hard but it's important work you're going to maintain your password you're going to change them every now and then maybe every few months six months maybe once a year whatever whatever is right for you and then a couple years down the road maybe two or three years down the road you might have to implement an entirely new system using the most modern tooling which we believe is going to be cloud-based or you could just ignore it and see what happens okay that's it for now thanks to the community for your comments and input and thanks again to jason floyer whose analysis around this topic was extremely useful remember i publish each week on wikibon.com and siliconangle.com these episodes are all available as podcasts all you can do is research breaking analysis podcasts or you can always connect on twitter i'm at d vallante or email me at david.velante siliconangle.com of course i always appreciate the comments on linkedin and clubhouse follow me so you're notified when we start a room and riff on these topics don't forget to check out etr.plus for all the survey data this is dave vellante for the cube insights powered by etr be well and we'll see you next time

(Upbeat Music) >> Commvault was an idea that incubated as a project inside of Bell Labs, one of the most prestigious research and development organizations in the world, back in the day. It became an official company in 1996, and Commvault just celebrated its 25th anniversary As such, Commvault has had to reinvent itself many times over the past two and a half decades from riding the waves of the very early PC networking era to supporting a rich set of solutions for the evolving enterprise. This includes things like cloud computing, ransomware, disaster recovery, security compliance, and pretty much all things data protection and data management. And with me to talk about the company, its vision for the future with also a voice of the customer are three great guests. Isabelle Guis is the Chief Marketing Officer of Commvault, Manoj Nair is the GM of Metallic, and Tim Carben is a Principal Systems Engineer with Mitchell International. Folks, welcome to the Commvault power panel. Come inside theCUBE. It's awesome to have you. [Isabelle] Great to be here today. >> All right. First of all, I got to congratulate you celebrating 25 years. That's a long time, not a lot of tech companies make it that far and are still successful and relevant. So Isabelle, maybe you could start off. What do you think has been the driving factor for your ability to kind of lead through the subsequent technological waves that I alluded to upfront? >> So well, 25 years is commendable but we are not counting success in number of years. We're really counting success in how many customers we've helped over those years. And I will say what has been the driving matter for us as who that, has been innovating with our customers. You know, we were there every step of the way when they migrate to hybrid cloud. And now as they go to multi-cloud in a post COVID world where they have to win gold you know, distributed workforce, different types of workloads and devices, we all there too. We assess workload as well. So the innovation keep coming in, thanks to us listening to our customer and then, adding needs that change over the last 25 years and probably for the next 25 as well. You know, we want to be here for customer was thinking that data is an asset, not a liability. And also making sure that we offer them a broad range of use cases to quote why things simple because the world is getting too complex for them. So let's take the complexity on us. >> Thank you for that. So Manoj, you've riffed on the cube before about, you know putting on the binoculars and looking at the future. So, let's talk about that. Where do you see the future for this industry? What are some of the key driving factors that matter? >> It's great to be back on theCUBE. You know, we see our industry no different than lots of other industries. The SaaS Model is rapidly being adopted. And the reason is, you know customers are looking for simplicity, simplicity not just in leveraging, you know the great technology that Commvault has built, but in the business model and the experience. So, you know, that's one of the fastest growing trends that started in consumer apps and other applications, other B to B apps. And now we're seeing it in core infrastructure like data management, data protection. They're also trying to leverage their data better. Make sure it's not fragmented. So how do you deliver more intelligent services? You know, securing the data, insights from the data, transforming the data, and that combination, you know, our ability to do that in a multi-cloud world like Isabelle said, now with increasing edge work loads. Sometimes, you know, our customers say their data centers has a new edge too. So you kind of have this, you know, data everywhere workloads everywhere, yet the desire to deliver that with a holistic experience, we call it the 'power of bank'; the ability to manage your data and leverage the data with the simple lesson without compromise. And that's really what we're seeing as part of the future. >> Okay. I don't know if all want to come back to you and double click on that, but I want to introduce Tim to the conversation here. You bring in the voice of the customer, as they say. Tim, my understanding is Mitchell has been a Commvault customer since the mid-2000s. So, tell us why Commvault, what has kept you with the company for more than 15 years? >> Yeah, we are, it was what, 2006 when we started. And really what it all boils down to it, it's just as Isabel said, innovation. At Mitchell, we're always looking to stay ahead of the trend. And, you know, just to like was mentioned earlier, data is the most important part here. Commvault provides us peace of mind to protect and manage our data. And they do data protection for all of our environments right now. We've been a partner to help in navel our digital transformation including SaaS and cloud adoption. When we start talking about the solutions we have, I mean we of course started in 2006. I mean, this was version version 6 if I remember right. This predates me at the company. Upgraded to seven, eight, nine, we brought in ten, brought in eleven, brought in HyperScale, and then moved on to bring in the Metallic. And Commvault provides the reason for this. I guess I should say is, Commvault provides a reliable backup but most importantly, recovery. Rapid recovery. That's what gives me confidence. That's what helps me sleep better at night. So when I started looking at SaaS as a differentiator to protect our 036 environments or 065 environments, Metallic was a natural choice. And the one thing I wanted to add to that is, it came out cheaper than us building it ourselves. When you take into account resources as well as compute and storage. So again, just a natural choice. >> Yeah. As the saying goes back up as one thing, recovery's everything. Isabelle. Yeah, we've seen the SaaSification of the enterprise. Particularly, you know from the app side. You came from Salesforce. So you, the company that is the poster child for SaaS. But my question is what's catalyzing this shift and why do you think data protection is ready to make the move? >> Well, there's so many good things and that's that. As you know, you remember when people started moving to the cloud and transforming their CAPEX into OPEX. Well SaaS bring yet another level of benefits. IT, we know always has to do more with less. And so SaaS allows you to, once you set up, you've got all the software upgrades automatically without you know, I think it's, why it works. You can better manage your cash flow, because you pay as you grow. And also you have a faster time to value. So all of this at help, the fast adoption and I will tell you today I don't think there is a single customer who doesn't have at least one SaaS application because they have things of value of this. Now, when it comes to backup and recovery everybody's at different stages. You still have On-Premises, you have cloud, there's SaaS, there's Workloads devices. And so what we think was the most important was to offer a broad choice of delivery model being able to support them if they want a software subscription, if they want an integrated appliance, or if they want SaaS as a service model, and also some of our partners actually delivering this in a more custom and managed way as well. So offering choice, because everybody is at a different stage on this journey. When it comes to data management and protection, I actually, you know, I think team is the example of taking full advantage of this bold choice. >> Well, you mentioned Tim that you leaned into Metallic. We have seen the SaaS everywhere. We used to have a email server, right? I mean, you know, On-Prem, that just doesn't happen anymore. But how was Mitchell International thinking about SaaS? Maybe you could share your, from your customer perch, what you're seeing. >> Well, what's interesting about this is, Mitchell is been providing SaaS for a long time. We are a technology company and we do provide solutions, SaaS solutions, to our customers. And this makes it so important to be able to embrace it because we know the value behind it. We're providing that to our customers. And when I look at what Commvault is doing I know that Commvault is doing the same thing. They're providing the SaaS Model as a value to their customers. And it's so important to go with this because we keep our environments cutting edge. As GDPR says, You need to have a cutting edge environment. And if you don't, if you cannot check that box you do not move forward. Commvault has that. And this is one less thing that I have to worry about when choosing Metallic to do my backup of O365. >> So thank you for that, Tim. So Manoj, thinking about what you just heard from Isabelle and Tim, you know, kind of fitting into a company's cloud or hybrid cloud, more importantly, strategy, you were talking before about this. "And", in other words, it's not an either or it's not a zero sum game. It's simpatico, if you will. I wonder if you could elaborate. >> Yeah, no The Power of And, Dave, I'm very proud of that. You know, when I think of The Power of And I think of actually folks like Tim, our customers and Commonwealth first, right. And, and really that, that need for choice. So for example, you know, customers on various different paths to the cloud we kind of homogenize it and say, they're on a cloud journey or they're on a digital transformation journey, but each journey looks different. And so part of that, "And", as Isabella was saying, is really the ability to meet them where they are in that journey. So for example, you know, do you, go in there and say, Hey, you know what, I'm going to be some customers 100% multi-cloud or single cloud even. And that includes SaaS applications and my infrastructure running as a service. So there's a natural fit there saying great all your data protection. You're not going to be running software appliances for that. So you've got to data protection, data management as a service that Metallic is the able to offer across the whole S state. And that's, you know, that's probably a small set of customers, but rapidly growing. Then you see a lot more customers were saying I'm going to do away as you're talking about but the emails are where I'm going to move to office 365, leverage the power of teams. And there's a Shared Responsibility Model there which is different than an On-Prem data protection use case. And so they're, they're able to just add on Metallic to the existing Commonwealth environment, whether it's a Commonwealth software or HyperScale, and connect the two. So it's a single integrated experience. And then you kind of go to the other end of the spectrum and say, great customers all in on a SaaS delivered data protection, as you know, and you hear a lot from a lot of your guests and we hear from our customers, there's still a lot of data sitting out there, you know, 90 plus percent of workloads and data centers increasing edge data workloads. And if you were to back up one of those data workloads and say that the only copy can be in the cloud, then that would take like a 10 day recovery isolation. You know, we have some competitors who say that then that's what they have. Our flexibility, our ability to kind of bring in the Hyper-Scale deployment and just, you know, dock it into Metallic, and have a local copy, instant recovery, SLA, remote, you know, backup copy in the cloud for ransomware, or your worst case scenario. That's the kind of flexibility. So all those are scenarios we're really seeing with our customers. And that's kind of really the power advantage. A very unique part of our portfolio, but, you know, companies can have portfolio products, but to have a single integrated offering with that flexibility, that kind of, depending on the use case, you can start here and grow into a different point. That's really the unique part of the power event. Yeah, 10 day RTO just doesn't cut it, but Timmy, maybe you could weigh in here. Why, What was the catalyst for you adopting Metallic and maybe you could share what was the business impact there? >> Well, the catalyst and impact, obviously two different things. The catalyst, when we look at it, there was a lot of what are we going to do with this? We have an environment, we need to back it up, and how are we going to approach this? So we looked at it from a few different standpoints, and of course, when it boils down to it, one of the major reasons was the financial. But when we started looking at everything else that we have available to us and the flexibility that Commvault has in rolling out new solutions, this really was a no brainer at this point. We are able to essentially back up new features and new products, as soon as they're available. Within our Metallic environment, we are running the activate. We are running the the self-service for the end users to where they can actually recover their own files. We are adding the teams into it to be able to recover and perform these backups for teams. And I want to step aside really quick and mentioned something about this because I'd been with, you know, Metallic for a long time and I'd been waiting for this. We've been waiting for an ability to do these backups and anyone I know Manoj knows that I've been waiting for it. And you know, Commvault came back to me a while back and they said, we just have to wait for the API. We have to wait for Microsoft releases. Well, I follow the news. I saw Microsoft released the API, and I think it may have been two days later. Good. Commvault reached out to me and said, Hey we got it available. Are you ready to do this? And that sort of turned around that sort of flexibility being on top of new applications with that, with Salesforce, that is, you know, just not necessarily the reason why I adopted Metallic but one of those things that puts a smile on my face because I adopted Metallic. >> Well, that's an interesting story. I mean, you get the SDKs and if you're a leader you get them, you know, you can put the resources on it and you're ready when, when the product, you know, comes to GA. Manoj, I wonder if we could talk about just the notion of backing up SaaS, part of the announcements today included within Metallic included backup and offerings for Dynamics 365. But my question is why support Dynamics specifically in SaaS apps generally? I mean, customers might say, doesn't my SaaS provider protect my data? Why do I need a third party? And, and the second part of that question is why Commvault? >> Dave a great question as always. I'll start with the second part of the question. It's really three words the Shared Responsibility Model. And, you know, a lot of times our customers as they go into the cloud model they really start understanding that there is something that you're getting a lot of advantages the certain things you don't have to do, but the Shared Responsibility Model is what every cloud and SaaS provider will indoctrinate in its S&As. And certainly the application data is owned by the customer. And the meaning of that is not something that, you know, some SaaS provider can understand. And so that requires specialized skills. And that's a partnership. We've done this now very successfully with Microsoft and LG 65, we've added support for Salesforce, and we see a rapid customer adoption because of that Shared Responsibility Model. If you have, some kind of, an admin issue as we have seen in the news somebody changed their team setting and then lost all their chat. And then that data is discoverable. And you, the customer is responsible for making sure that data is discoverable or ransomware attacks. Again, recovering that SaaS data is your responsibility because the attack could be coming in from your instance not from the SaaS provider. So those are the reasons. Dynamics is, you know, one of the fastest growing SaaS applications from a business applications perspective out there. And as we looked at our roadmap, and you look at at the right compliment, what is the right adjacency, we're seeing this part of Microsoft's Business Application Suite growing, you know, as millions of users out there and it's rapidly growing. And it's also integrated with the rest of the Microsoft family. So we're now, you know, proud to say that we support all three Microsoft clouds, Microsoft Azure, or 365, Dynamics. Those applications are increasingly integrated so we're seeing commonality in customer base and that's a business critical data. And so customers are looking to manage the data, have solutions that they can be sure they can leverage. It's not just protecting data from worst-case scenarios. In the case of some of the apps like Dynamics, we offer a support, like setting up the staging environment. So it's improving productivity of the application admins, and that's really kind of that the value we're bringing able to bring to the table. >> Yeah. You know, that Shared Responsibility Model. I'm glad you brought that up because I think it's oftentimes misunderstood but when you talk to CSOS, they understand it well. They'll tell you the shared responsibility is my responsibility. You know, maybe the cloud provider will secure the object storage bucket for the physical space, but it's on me. So that's really important. So thank you for that. Isabelle, last question, the roadmap, you know, how do you see Commvault's, Metallic SaaS portfolio evolving? What can you tell us? >> Oh, well, it's, it has a big strategic, you know, impact on Commvault for sure on the first portfolio first because of all of our existing customers as you mentioned earlier, 25 years, it's a lot of customers are somehow some workload as SaaS. And so the ability without, you know, adding more complexity without adding another vendor just to be able to protect them in one take, and as teams they bring a smile to his face is really important for us. The second is also a lot of customers come to Commvault for Metallic. This is the first time enter the Commvault community and Commvault family. And as they start protecting their assessed application they realize that they could leverage the same application to protect their own premised data as well. So back to The Power of And, and without writing off their past investments, you know, going to the cloud at the pace they want. So from that perspective, there is a big impact on our customer community the thing is that Metallic it brings I don't know Manoj is way too humble, but, you know, he don't go to this customer every quarter. And, you know, we have added 24 countries to the portfolio, to the product. So we see a rapid adoption. And so obviously back to your question, we see the impacts of Metallic growing and growing fast because of the market demand, because of the rapid innovation we can take the Commvault technology and put it in the SaaS model and our customers really like it. So I'm very excited. I think it's going to be, you know, a great innovation, a great positive impact for customers, and our new customers we're welcoming, which by the way I think half, Manoj correct me, but I think half of the Metallic customer at Commvault and the other half are new to our family. So, they're very bullish about this. And it's just the beginning, as you know, we are 25 years old, or sorry, 25 years young, and looking forward to the next 25. >> Well, I can confirm, you know, we have a data partner survey, partner ETR, Enterprise Technology Research, and I was looking at the Commvault data and it shows within the cloud segment, when you cut the data by cloud, you're actually accelerating, the spending momentum is accelerating. And I think it's a function of, you know, some of the acquisitions you've made, some of the moves you made in integration. So congratulations on 25 years and you know, you're riding the correct wave, Isabelle, Manoj, Tim, thanks so much for coming in theCUBE. It was great to have you. >> Thank you. >> Thank you Dave. >> I really appreciate it. >> And thank you everybody for watching. This is Dave Vellante for theCUBE. We'll see you next time. (Upbeat Music)

from the cube studios in palo alto in boston bringing you data-driven insights from the cube and etr this is breaking analysis with dave vellante the pandemic not only accelerated the shift to digital but also highlighted a rush of cyber criminal sophistication collaboration and chaotic responses by virtually every major company in the planet the solar winds hack exposed supply chain weaknesses and so-called island hopping techniques that are exceedingly difficult to detect moreover the will and aggressiveness of well-organized cyber criminals has elevated to the point where incident responses are now met with counterattacks designed to both punish and extract money from victims via ransomware and other criminal activities the only upshot is the cyber security market remains one of the most enduring and attractive investment sectors for those that can figure out where the market is headed and which firms are best positioned to capitalize hello everyone and welcome to this week's wikibon cube insights powered by etr in this breaking analysis we'll provide our quarterly update of the security industry and share new survey data from etr and thecube community that will help you navigate through the maze of corporate cyber warfare we'll also share our thoughts on the game of 3d chest that octa ceo todd mckinnon is playing against the market now we all know this market is complicated fragmented and fast moving and this next chart says it all it's an interactive graphic from optiv a denver colorado based si that's focused on cyber security they've done some really excellent research and put together this awesome taxonomy and mapped vendor names therein and this helps users navigate the complex security landscape and there are over a dozen major sectors high-level sectors within the security taxonomy in nearly 60 sub-sectors from monitoring vulnerability assessment identity asset management firewalls automation cloud data center sim threat detection and intelligent endpoint network and so on and so on and so on but this is a terrific resource and can help you understand where players fit and help you connect the dots in the space now let's talk about what's going on in the market the dynamics in this crazy mess of a landscape are really confusing sometimes now since the beginning of cyber time we've talked about the increasing sophistication of the adversary and the back and forth escalation between good and evil and unfortunately this trend is unlikely to stop here's some data from carbon black's annual modern bank heist report this is the fourth and of course now vmware's brand highlights the carbon black study since the acquisition and it catalyzed the creation of vmware's cloud security division destructive malware attacks according to the recent study are up 118 percent from last year now one major takeaway from the report is that hackers aren't just conducting wire fraud they are 57 of the bank surveyed saw an increase in wire fraud but the cyber criminals are also targeting non-public information such as future trading strategies this allows the bad guys to front run large block trades and profit it's become very lucrative practice now the prevalence of so-called island hopping is up 38 from already elevated levels this is where a virus enters a company's supply chain via a partner and then often connects with other stealthy malware downstream these techniques are more common where the malware will actually self-form with other infected parts of the supply chain and create actions with different signatures designed to identify and exfiltrate valuable information it's a really complex problem of major concern is that 63 of banking respondents in the study reported that responses to incidents were then met with retaliation designed to intimidate or initiate ransomware attacks to extract a final pound of flesh from the victim notably the study found that 75 percent of csos reported to the cio which many feel is not the right regime the study called for a rethinking of the right cyber regime where the cso has increased responsibility in a direct reporting line to the ceo or perhaps the co with greater exposure to boards of directors so many thanks to vmware and tom kellerman specifically for sharing this information with us this past week great work by your team now some of the themes that we've been talking about for several quarters are shown in the lower half of the chart cloud of course is the big driver thanks to work from home and the pandemic to pandemic and the interesting corollary of course is we see a rapid rethinking of endpoint and identity access management and the concept of zero trust in a recent esg survey two-thirds of respondents said that their use of cloud computing necessitated a change in how they approach identity access management now as shown in the chart from optiv the market remains highly fragmented and m a is of course way up now based on our research it looks like transaction volume has increased more than 40 percent just in the last five months so let's dig into the m a the merger and acquisition trends for just a moment we took a five month snapshot and we were able to count about 80 deals that were completed in that time frame those transactions represented more than 20 billion dollars in value some of the larger ones are highlighted here the biggest of course being the toma bravo taking proof point private for a 12 plus billion dollar price tag the stock went from the low 130s and is trading in the low 170s based on 176 dollar per share offer so there's your arbitrage folks go for it perhaps the more interesting acquisition was auth 0 by octa for 6.5 billion which we're going to talk about more in a moment there's more private equity action we saw as insight bought armis and iot security play and cisco shelled out 730 million dollars for imi mobile which is more of an adjacency to cyber but it's going to go under cisco's security and applications business run by g2 patel but these are just the tip of the iceberg some of the themes that we see connecting the dots of these acquisitions are first sis like accenture atos and wipro are making moves in cyber to go local they're buying secops expertise as i say locally in places like france germany netherlands canada and australia that last mile that belly-to-belly intimate service israel israeli-based startups chalked up five acquired companies in the space over the last five months also financial services firms are getting into the act with goldman and mastercard making moves to own its own part of the stack themselves to combat things like fraud and identity theft and then finally numerous moves to expand markets octa with zero crowdstrike buying a log management company palo alto picking up devops expertise rapid seven shoring up its kubernetes chops tenable expanding beyond insights and going after identity interesting fortinet filling gaps in a multi-cloud offering sale point extending to governance risk and compliance grc zscaler picked up an israeli firm to fill gaps in access control and then vmware buying mesh 7 to secure modern app development and distribution services so tons and tons of activity here okay so let's look at some of the etr data to put the cyber market in context etr uses the concept of market share it's one of the key metrics which is a measure of pervasiveness in the data set so for each sector it calculates the number of respondents for that sector divided by the total to get a sense for how prominent the sector is within the cio and i.t buyer communities okay this chart shows the full etr sector taxonomy with security highlighted across three survey periods april last year january this year in april this year now you wouldn't expect big moves in market share over time so it's relatively stable by sector but the big takeaway comes from observing which sectors are most prominent so you see that red line that dotted line imposed at the sixty percent level you can see there are only six sectors above that line and cyber security is one of them okay so we know that security is important in a large market but this puts it in the context of the other sectors however we know from previous breaking analysis episodes that despite the importance of cyber and the urgency catalyzed by the pandemic budgets unfortunately are not unlimited and spending is bounded it's not an open checkbook for csos as shown in this chart this is a two-dimensional graphic showing market share in the horizontal axis or pervasiveness and net score in the vertical axis net score is etr's measurement of spending velocity and we've superimposed a red line at 40 percent because anything over 40 percent we consider extremely elevated we've filtered and limited the number of sectors to simplify the graphic and you can see in the sectors that we've highlighted only the big four four are above that forty percent line ai containers rpa and cloud they exceed that sort of forty percent magic water line information security you can see that is highlighted and it's respectable but it competes for budget with other important sectors so this of course creates challenges for organization because not only are they strapped for talent as we've reported they like everyone else in it face ongoing budget pressures research firm cybersecurity ventures estimates that in 2021 6 trillion dollars worldwide will be lost on cyber crime conversely research firm canalis pegs security spending somewhere around 60 billion dollars annually idc has it higher around 100 billion so either way we're talking about spending between one to one point six percent annually of how much the bad guys are taking out that's peanuts really when you consider the consequences so let's double click into the cyber landscape a bit and further look at some of the companies here's that same x y graphic with the company's etr captures from respondents in the cyber security sector that's what's shown on the chart here now the usefulness of the red lines is 20 percent on the horizontal indicates the largest presence in the survey and the magic 40 percent line that we talked about earlier shows those firms with the most elevated momentum only microsoft and palo alto exceed both high water marks of course splunk and cisco are prominent horizontally and there are numerous companies to the left of the 20 percent line and many above that 40 percent high water mark on the vertical axis now in the bottom left quadrant that includes many of the legacy names that have been around for a long time and there are dozens of companies that show spending momentum on their platforms i.e above single digits so that picture is like the first one we showed you very very crowded space but so let's filter it a bit and only include companies in the etr survey that had at least a hundred responses so an n of a hundred or greater so it's a little easy to read but still it's kind of crowded when you think about it okay so same graphic and we've superimposed the data that determined the plot position over in the bottom right there so it's net score and shared n including only companies with more than 100 n so what does this data tell us about the market well microsoft is dominant as always it seems in all dimensions but let's focus on that red line for a moment some of the names that we've highlighted over the past two years show very well here first i want to talk about palo alto networks pre-covet as you might recall we highlighted the valuation divergence between palo alto and fortinet and we said fortinet was executing better on its cloud strategy and palo alto was at the time struggling with the transition especially with its go to market and its sales force compensation and really refreshing its portfolio but we told you that we were bullish on palo alto networks at the time because of its track record and the fact that cios consistently told us that they saw palo alto as a thought leader in the space that they wanted to work with they said that palo alto was the gold standard the best especially larger company cisos so that gave us confidence that palo alto a very well-run company was going to get its act together and perform better and palo alto has just done just that as we expected they've done very well and they've been rapidly moving customers to the next generation of platforms and we're very impressed by the company's execution and the stock has generally reflected that now some other names that hit our radar and the etr data a couple of years ago continue to perform well crowdstrike z-scaler sales sail point and cloudflare a cloudflare just reported and beat earnings but was off the stock fell on headwinds for tech overall the big rotation but the company is doing very well and they're growing rapidly and they have momentum as you can see from the etr data and we put that double star around proof point to highlight that it was worthy of fetching 12 and a half billion dollars from private equity firm so nice exit there supporting the continued control consolidation trend that we've predicted in cyber security now let's turn our attention to octa and auth zero this is where it gets interesting and is a clever play for octa we think and we want to drill into it a bit octa is acquiring auth zero for big money why well we think todd mckinnon octa ceo wants to run the table on identity and then continue to expand his tam he has to do that to justify his lofty valuation so octa's ascendancy around identity and single sign sign-on is notable the fragmented pictures that we've shown you they scream out for simplification and trust and that's what octa brings but it competes with some major players most notably microsoft with active directory so look of course microsoft is going to dominate in its massive customer base but the rest of the market that's like jump ball it's wide open and we think mckinnon saw the opportunity to go dominate that sector now octa comes at this from an enterprise perspective bringing top-down trust to the equation and throwing a big blanket over all the discrete sas platforms and unifying employee access octa's timing was perfect it was founded in 2009 just as the massive sasification trend was happening around crm and hr and service management and cloud etc but the one thing that octa didn't have that auth 0 does is serious developer chops while octa was crushing it with its enterprise sales strategy auth 0 was laser focused on developers and building a bottoms up approach to identity by acquiring auth0 octa can dominate both sides of the barbell and then capture the fat middle so yes it's a pricey acquisition but in our view it's a great move by mckinnon now i don't know mckinnon personally but last week i spoke to arun shrestha who's the ceo of security specialist beyond id they're a platinum services partner of octa and there a zero trust expert he worked for octa for a number of years and shared with me a bit about mckinnon's style and think big approach arun said something that caught my attention he said firewalls used to be the perimeter now people are and while that's self-serving to octa and probably beyond id it's true people apps and data are the new perimeter and they're not in one location and that's the point now unfortunately i had lined up an interview with dia jolly who was the chief product officer at octa in a cube alum for this past week knowing that we were running this segment in this episode but she unfortunately fell ill the day of our interview and had to cancel but i want to follow up with her and understand how she's thinking about connecting the dots with auth 0 with devs and enterprises and really test our thesis there this is a really interesting chess match that's going on let's look a little deeper into that identity space this chart here shows some of the major identity players it has some of the leaders in the identity market and there's a breakdown of etr's net score now net score comprises five elements the lime green is we're adding the platform new the forest green is we're spending six percent or more relative to last year the gray is flat send plus or minus flat spend plus or minus five percent the pinkish is spending less and the bright red is where exiting the platform retiring now you subtract the red from the green and that gets you the result for net score which you can see superimposed on the right hand chart at the bottom that first column there the far column is shared in which informs and indicates the number of responses and is a proxy for presence in the market oh look at the top two players in terms of spending momentum now sales sale point is right there but auth 0 combined with octa's distribution channel will extend octa's lead significantly in our view and then there's microsoft now just a caveat this includes all of microsoft's security offerings not just identity but it's there for context and cyber arc as well includes its acquisition of adaptive but also other parts of cyberarks portfolio so you can see some of the other names that are there many of which you'll find in the gartner magic quadrant for identity and as we said we really like this move by octa it combines positive market forces with lead offerings from very well-run companies that have winning dna and passionate people now to further emphasize emphasize what what's happening here take a look at this this chart shows etr data for octa within sale point and cyber arc accounts out of the 230 cyber and sale point customers in the data set there are 81 octa accounts that's a 35 overlap and the good news for octa is that within that base of sale point in cyber arc accounts octa is shown by the net score line that green line has a very elevated spending and momentum and the kicker is if you read the fine print in the right hand column etr correctly points out that while sailpoint and cyberarc have long been partners with octa at the recent octane 21 event octa's big customer event the company announced that it was expanding into privileged access management pam and identity governance hello and welcome to coopetition in the 2020s now our current thinking is that this bodes very well for octa and cyberark and sailpoint well they're going to have to make some counter moves to fend off the onslaught that is coming now let's wrap up with what has become a tradition in our quarterly security updates looking at those two dimensions of net score and market share we're going to see which companies crack the top 10 for both measures within the etr data set we do this every quarter so here on the left we have the top 20 sorted by net score or spending momentum and on the right we sort by shared n so again top 20 which informs shared end and forms the market share metric or presence in the data set that red horizontal lines those two lines on each separate the top 10 from the remaining 10 within those top 20. in our method what we do is we assign four stars to those companies that crack the top ten for both metrics so again you see microsoft palo alto networks octa crowdstrike and fortinet fortinet by the way didn't make it last quarter they've kind of been in and out and on the bubble but you know this company is very strong and doing quite well only the other four did last quarter there was same four last quarter and we give two stars to those companies that make it in both categories within the top 20 but didn't make the top 10. so cisco splunk which has been steadily decelerating from a spending momentum standpoint and z-scaler which is just on the cusp you know we really like z-scaler and the company has great momentum but that's the methodology it is what it is now you can see we kept carbon black on the rightmost chart it's like kind of cut off it's number 21 only because they're just outside looking in on netscore you see them there they're just below on on netscore number 11. and vmware's presence in the market we think that carbon black is really worth paying attention to okay so we're going to close with some summary and final thoughts last quarter we did a deeper dive on the solar winds hack and we think the ramifications are significant it has set the stage for a new era of escalation and adversary sophistication now major change we see is a heightened awareness that when you find intruders you'd better think very carefully about your next moves when someone breaks into your house if the dog barks or if you come down with a baseball bat or other weapon you might think the intruder is going to flee but if the criminal badly wants what you have in your house and it's valuable enough you might find yourself in a bloody knife fight or worse what's happening is intruders come to your company via island hopping or inside or subterfuge or whatever method and they'll live off the land stealthily using your own tools against you so they can you can't find them so easily so instead of injecting new tools in that send off an alert they just use what you already have there that's what's called living off the land they'll steal sensitive data for example positive covid test results when that was really really sensitive obviously still is or other medical data and when you retaliate they will double extort you they'll encrypt your data and hold it for ransom and at the same time threaten to release the sensitive information to crushing your brand in the process so your response must be as stealthy as their intrusion as you marshal your resources and devise an attack plan you face serious headwinds not only is this a complicated situation there's your ongoing and acute talent shortage that you tell us about all the time many companies are mired in technical debt that's an additional challenge and then you've got to balance the running of the business while actually affecting a digital transformation that's very very difficult and it's risky because the more digital you become the more exposed you are so this idea of zero trust people used to call it a buzzword it's now a mandate along with automation because you just can't throw labor at the problem this is all good news for investors as cyber remains a market that's ripe for valuation increases and m a activity especially if you know where to look hopefully we've helped you squint through the maze a little bit okay that's it for now thanks to the community for your comments and insights remember i publish each week on wikibon.com and siliconangle.com these episodes they're all available as podcasts all you do is search breaking analysis podcast put in the headphones listen when you're in your car out for your walk or run and you can always connect on twitter at divalante or email me at david.valante at siliconangle.com i appreciate the comments on linkedin and in clubhouse please follow me so you're notified when we start a room and riff on these topics and others and don't forget to check out etr.plus for all the survey data this is dave vellante for the cube insights powered by etr be well and we'll see you next time [Music] you

>>mhm Yes. Hello and welcome back to the cubes coverage of red hat summit 2021 virtual. I'm john for your host of the cube and cube coverage here with matt Hicks. Executive vice president of products and technologies at red hat cuba lum I've been on many times, knows the engineering side now running all the process of technologies matt. Great to see you. Thanks for coming on remote. I wish we were in real real life in person. I RL but doing it remote again. Thanks for coming on. >>Hey, thanks thanks for having me today. >>Hey, so what a year you know, um, I was just talking to a friend and another interview with the red hat colleagues. Chef on your team in 2019 I interviewed Arvin at IBM right before he bought red hat and you smile on his face and he wasn't even ceo then um, he is such a big fan of cloud native and you guys have been the engine underneath the hood if you will of IBM this transformation huge push now and with Covid and now with the visibility of the post Covid, you're seeing cloud Native at scale with modern applications just highly accelerated across the board In almost every industry, every vertical. This is a very key trend. You guys at the, at the center of it always have been, we've been covering you for many years, interesting time and so now you guys are really got the, got the formula at red hat, take us through the key transit you see on this wave for enterprises and how is red hat taking that, taking that through? >>Yeah, no, absolutely. It has been, it's been a great ride actually. I remember a couple years ago standing on stage with Arvin prior to the acquisition. So it's been uh, it's been a world one but I think if we look at Really would emerge in 2020, we've seen three trends that we hope we're gonna carry through in 2021 just in a better and better year for that. That the first is open hybrid cloud is really how customers are looking to adapt to change. They have to use what they have um assets they have today. On premise, we're seeing a lot of public cloud adoption that blend of being hybrid is just, it is a reality for how customers are having to deliver a edge computing I think is another area I would say uh the trend is really not going to be a fad or a new, you know, great texture. Um the capabilities of computing at the edge, whether that is automotive vehicles, radio access network capabilities to five G. It's pretty astounding at this point. So I think we're gonna see a lot of pushing edge computing for computing, getting closer to users. Uh but then also the choice aspect we're seeing with Ceos, we often talk about technology is choice, but I think the model of how they want to consume technology has been another really strong trend in 2020. Uh We look at this really is being able to deliver a cloud managed services in addition to technology that ceos around themselves. But those, those will probably be the three that stand out to me at least in 2020 we've seen, >>so matt take us through in your minds and red hats, perspective the workloads that are going to be highlighted in this cloud native surge that's happening. We're seeing it everywhere. You mentioned edge industrial edge to consumer Edge to lightweight, edge, massive new workloads. So take us through how you see kind of the existing workloads evolving and potentially new workloads that emerging. >>Yeah. So I think um you know first when you talk about edge workloads a big umbrella but if you look at data driven workloads, especially in the machine learning artificial intelligence spectrum of that, that's really critical. And a reason that those workloads are important is five G. Aside for now when you're running something at the edge you have to also be able to make decisions pretty well at the edge. And that that is that's where your data is being generated and the ability to act on that closely. Whether that's executing machine learning models or being able to do more than that with A I. That's going to be a really really critical workload. Uh huh. Coupled to that, we will see I think five G. Change that because you're going to see more blending in terms of what can you draw back to uh closer to your data center to augment that. So five G will shift how that's built but data driven workloads are going to be huge then I think another area will see is how you propagate that data through environment. Some Kafka has been a really popular technology will actually be launching a service in relation to that. But being able to get that data at the edge and bring it back to locations where you might do more traditional processing, that's going to be another really key space. Um and then we'll still have to be honest, there is still a tremendous amount of work loads out there that just aren't going to get rebuilt. And So being able to figure out how can you make them a little more cloud native? You know, the things your companies have run on for the last 20 years, being able to step them closer to cloud native, I think it's going to be another critical focus because he can't just rewrite them all in one phase and you can't leave them there as well. So being able to bridge shadow B T to >>what's interesting if folks following red hat, No, no, you guys certainly at the tech chops you guys have great product engineering staff been doing this for a long time. I mean the common Lennox platform that even the new generation probably have to leave it load limits on the server anymore. You guys have been doing this hybrid environment in I T for I T Sloan for decades. Okay. In the open, so, you know, it's servers, virtualization, you know, private, public cloud infrastructures and it's been around, we've been covering it in depth as you know, but that's been, that's a history. But as you go from a common Lennox platform into things with kubernetes as new technologies and this new abstraction layers, new control plane concept comes to the table. This need for a fully open platform seems to be a hot trend this year. >>How do you >>describe that? Can you take a minute to explain what this is, this is all about this new abstraction, this new control plane or this open hybrid cloud as you're calling? What is this about? What does it mean? >>Yeah, no, I'll do a little journey that she talked about. Yeah. This has been our approach for almost a decade at this point. And it started, if you look at our approach with Lennox and this was before public clouds use migrants existed. We still with Lennox tried to span bare metal and virtualized environments and then eventually private and public cloud infrastructure as well. And our goal there was you want to be able to invest in something, um, and in our world that's something that's also open as in Lennox but be able to run it anywhere. That's expanded quite a bit. That was good for a class of applications that really got it started. That's expanded now to kubernetes, for example, kubernetes is taking that from single machines to cluster wide deployments and it's really giving you that secure, flexible, fast innovation backbone for cloud native computing. And the balance there is just not for cloud native, we've got to be able to run traditional emerging workloads and our goal is let those things run wherever rail can. So you're really, you're based on open technologies, you can run them wherever you have resources to run. And then I think the third part of this for us is uh, having that choice and ability to run anywhere but not being able to manage. It can lead to chaos or sprawl and so our investments in our management portfolio and this is from insights the redhead advanced cluster management to our cluster security capabilities or answerable. Our focus has been securing, managing and monitoring those environments so you can have a lot of them, you can run where you want, but she just sort of treat it as one thing. So you are our vision, how we've executed up to this point has really been centered around that. I think going forward where you'll see us um really try to focus is, you know, first you heard paul announced earlier that we're donating more than half a billion dollars to open. I would cloud research and part of this reason is uh running services. Cloud native services is changing. And that research element of open source is incredibly powerful. We want to make sure that's continuing but we're also going to evolve our portfolio to support this same drive a couple areas. I would call out, we're launching redhead open shift platform plus and I talked about that combination from rail to open shift to being able to manage it. We're really putting that in one package. So you have the advanced management. So if you have a huge suites of cloud native real estate there, you can manage that. And it also pushes security earlier into the application, build workflows. This is tied to some of our technology is bolstered by the stack rocks acquisition that we did. Being able to bring that in one product offering I think is really key to address security and management side. Uh we've also expanded Redhead insights beyond Rehl to include open shift and answerable and this is really targeted it. How do we make this easier? How do we let customers lean on our expertise? Not just for Lennox as a service, but expand that to all of the things you'll use in a hybrid cloud. And then of course we're going to keep pushing Lennox innovation, you'll see this with the latest version of red hat enterprise, like so we're gonna push barriers, lower barriers to entry. Uh But we're also going to be the innovation catalyst for new directions include things like edge computing. So hopefully that sort of helps in terms of where, where we started when it was just Lennox and then all the other pieces were bringing to the table and why and some new areas. Uh We're launching our investment going forward. >>Yeah, great, that's great overview. Thanks for taking the time to do that. I think one of the areas I that's jumping out at me is the uh, advanced cluster management work you guys are doing saw that with the security peace and also red hat insights I think is is another key one and you get to read that edge. But on the inside you mentioned at the top of this interview, data workloads pretty much being, I mean that pretty much everything, much more of an emphasis on data. Um, data in general but also, you know, serve abilities a hot area. You know, you guys run operating system so you know, in operating systems you need to have the data, understand what's being instrumented. You gotta know that you've got to have things instrument and now more than ever having the data is critical. So take us through your vision of insights and how that translates. Because he said mentions in answerable you're seeing a lot more innovations because Okay I got provisions everything that's great. Cloud and hybrid clouds. Good. Okay thumbs up everyone check the box and then all of a sudden day too As they call day two operations stuff starts to, you know, Get getting hairy, they start to break. Maybe some things are happening. So day two is essentially the ongoing operational stability of cloud native. You need insights, you need the data. If you don't have the data, you don't even know what's going on. You can't apply machine learning. It's kind of you if you don't get that flywheel going, you could be in trouble. Take me through your vision of data driven insights. >>Yeah. So I think it's it's two aspects. If you go to these traditional traditional sport models, we don't have a lot of insight until there's an issue and I'm always amazed by what our teams can understand fix, get customers through those and I think that's a lot of the success red hats had at the same note, we want to make that better where if you look at real as an example, if we fixed an issue for any customer on the planet of which we fix a lot in the support area, we can know whether you're going to hit that same issue or not in a lot of cases and so that linkage to be able to understand environments better. We can be very proactive of not just hey apply all the updates but without this one update, you risk a kernel panic, we know your environment, we see it, this is going to keep you out of that area. The second challenge with this is when things go do break or um are failing the ability to get that data. We want that to be the cleanest handshake possible. We don't want to. Those are always stressful times anyway for customers being able to get logs, get access so that our engineering knowledge, we can fix it. That's another key part. Uh when you extend this to environments like open shift things are changing faster than humans can respond in it. And so those traditional flows can really start to get strained or broken broken down with it. So when we have connected open shift clusters, our engineering teams can not only proactively monitor those because we know cooper net is really well. We understand operators really well. Uh we can get ahead of those issues and then use our support teams and capabilities to keep things from breaking. That's really our goals. Finding that balance where uh we're using our expertise in building the software to help customers stay stable instead of just being in a response mode when things break >>awesome. I think it's totally right on the money and data is critical in all this. I think the trust of having that partnership to know that this pattern recognition is gonna be applied from the environment and that's been hurting the cybersecurity market people. That's the biggest discussion I had with my friends and cyber is they don't share the data when they do, things are pretty obvious. Um, so that's good stuff there and then obviously notifications proactive before there's a cause or failure. Uh great stuff. This brings up a point that paul come here, said earlier, I want to get your reaction to this. He said every C. I. O. Is now a cloud operator. >>That's a pretty bold >>statement. I mean, that's simply means that it's all cloud all the time. You know? Again, we've been saying this on the queue for many years, cloud first, whatever people want to call it, >>what does that actually >>mean? Cloud operator, does that just mean everything's hybrid? Everything's multiple. Cloud. Take me through an unpacked what that actually means? >>Yeah. So I think for the C I O for a lot of times it was largely a technology choice. So that was sort of a choice available to them. And especially if you look at what public clouds have introduced, it's not just technology choice. You're not just picking Kafka anymore. For example, you really get to make the choice of do I want to differentiate my business by running it myself or is this just technology I want to consume and I'm going to consume a cloud, native service and other challenges come with that. It's an infrastructure, not in your control, but when you think about a ceo of the the axes they're making decisions on, there are more capabilities now and I think this is really crucial to let the C i O hone in on where they want to specialist, what do they want to consume, what do they really want to understand, differentiate and Ron? Um and to support this actually, so we're in this vein, we're going to be launching three new managed cloud services and our our focus is always going to be hybrid in these uh but we understand the importance of having managed cloud services that red hat is running not the customers in this case. So one of those will be red hat open shift streams for Patrick Kafka. We've talked about that, that data connectivity and the importance of it and really being able to connect apps across clouds across data centers using Kafka without having to push developers to really specialize in running. It is critical because that is your hybrid data, it's going to be generated on prim, it's going to be generated the edge, you need to be able to get access to it. The next challenge for us is once you have that data, what do you do with it? And we're launching a red hat open shift data science cloud service and this is going to be optimized for understanding the data that's brought in by streams. This doesn't matter whether it's an Ai service or business intelligence process and in this case you're going to see us leverage our ecosystem quite a bit because that last mile of AI workloads or models will often be completed with partners. But this is a really foundational service for us to get data in and then bring that into a workflow where you can understand it and then the last one for us is that red hat open shift api management and you can think of this is really the overseer of how apps are going to talk to services and these environments are complex, their dynamic and being able to provide that oversight up. How should my apps be consuming all these a. P. S, how should they be talking? How do I want to control? Um and understand that is really critical. So we're launching these, these three and it fits in that cloud operator use, we want to give three options where you might want to use Kafka and three Scale technologies and open data hub, which was the basis of open shift data sides, but you might not want to specialize in running them so we can run those for you and give you as a C. I. O. That choice of where you want to invest in running versus just using it. >>All right, we're here with matt Hicks whose executive vice president prospect technology at red hat, matt, your leader at red hat now part of IBM and continues to operate um in the red hat spirit, uh innovating out in the open, people are wearing their red hat uh hoodies, which has been great to see. Um I ask every executive this question because I really want to get the industry perspective on this. Um you know, necessity is the mother of invention as the saying goes and, you know, this pandemic was a challenge for many In 2020. And then as we're in 2021, some say that even in the fall we're gonna start to see a light at the end of the tunnel and then maybe back to real life in 2022. This has opened up huge visibility for CSOS and leaders and business in the enterprise to say, Hey, what's working, what do we need? We didn't prepare for everyone to be working at home. These were great challenges in 2020. Um, and and these will fuel the next innovations and achievements going forward. Um again necessity is the mother of all invention. Some projects are gonna be renewed and double down on some probably won't be as hybrid clouds and as open source continues to power through this, there's lessons to be learned, share your view on what um leaders in in business can do coming out of the pandemic to have a growth strategy and what can we learn from this pandemic from innovation and and how open source can power through this adversity. >>Yeah. You know, I think For as many challenging events we had in 2020, I think for myself at least, it it also made me realize what companies including ourselves can accomplish if we're really focused on that if we don't constrain our thinking too much, we saw projects that were supposed to take customers 18 months that they were finishing in weeks on it because that was what was required to survive. So I think part of it is um, 2020 broke a lot of complacency for us. We have to innovate to be able to put ourselves in a growth position. I hope that carries into 2021 that drives that urgency. When we look at open source technologies. I think the flexibility that it provides has been something that a lot of companies have needed in this. And that's whether it could be they're having to contract or expand and really having that moment of did the architectural choices, technology choices, will they let me respond in the way I need? Uh, I'm biased. But first I think open models, open source development Is the best basis to build. That gives you that flexibility. Um, and honestly, I am an optimist, but I look at 2021, I'm like, I'm excited to see what customers build on sort of the next wave of open innovation. I think his life sort of gets back to normal and we keep that driving innovation and people are able to collaborate more. I hope we'll see a explosion of innovation that comes out and I hope customers see the benefit of doing that on a open hybrid cloud model. >>No better time now than before. All the things are really kind of teed up and lined up to provide that innovation. Uh, great to have you on the cube. Take a quick second to explain to the folks watching in the community What is red hat 2021 about this year? And red hat someone, I'll see. We're virtual and we're gonna be back in a real life soon for the next event. What's the big takeaway this year for the red hat community and the community at large for red hat in context of the market? >>You know, I think redhead, you'll keep seeing us push open source based innovation. There's some really exciting spaces, whether that is getting closer and closer towards edge, which opens up incredible opportunities or providing that choice, even down to consumption model like cloud managed services. And it's in that drive to let customers have the tools to build the next incredible innovations for him. So, And that's what summit 2021 is going to be about for us, >>awesome And congratulations to, to the entire team for the donation to the academic community, Open cloud initiative. And these things are doing to promote this next generation of SRS and large cloud scale operators and developers. So congratulations on that props. >>Thanks john. >>Okay. Matt Hicks, executive vice president of products and technology. That red hat here on the Cube Cube coverage of red hat 2021 virtual. I'm John Ferrier. Thanks for watching. Yeah.

>>from >>Around the globe. It's the cube with digital coverage of IBM think 2021 brought to you by IBM. >>Welcome back to the cubes ongoing coverage of IBM Think 2021 virtual cube, you know, the pandemic has caused us to really rethink this this whole concept of operational resilience and we're gonna dig into that and talk about the importance of constructing a holistic resilience plan and get the perspective of some really great domain experts. Alan Downs is the vice president, global Cloud security and resiliency services at IBM and he's joined by MS Michelle what? Weston who is the director of cloud security and resiliency offerings at IBM folks. Welcome to the cube. Thanks for coming on. >>Thank you. >>Now before we get into it, I said IBM but I want to ask you, alan about an announcement you made last month about Kendrell new spin out from IBM. What can you tell us? >>Very excited about the name? I think there's a lot of meaning in the name centered around new growth and censored around partnership and relationship. So if you look at the name that was announced I think it really does typify what we set out to be as a trusted partner in the industry. All born around new growth centered around strong partnership and relationship. So very pleased and excited and look forward to the opportunity we have going forward. >>Yeah congratulations on that. Had some clarity martin schroder. New ceo Cubillan. Great executive love it. So good luck. Um Alan let me stay with you for a second. I mean operational resilience it means different things to different people and we know from speaking with C. IOS in our community during the pandemic. It doesn't just mean disaster recovery. In fact a lot of C. I. O. Said that their business continuing strategy were too focused on on D. R. Ellen. What does operational resilience mean from your perspective? >>So I'll answer it this way. Operational resiliency risk is defined as the quantifiable steps that any client needs to take in order to respond, recover from an unplanned outage. It sits squarely within operational risk. And if you think about it, operational risk is the kind of non financial element of risk. And defined within that category, operational resiliency risk is trying to identify those steps both pre active and reactive that a client needs to consider that they would have to take in the event of an unplanned disruption or an unplanned outage that would impact their ability to serve their clients or to serve their organization. That's how I define operational resiliency risk. >>Great and I wonder Michelle if you can add to that but I think you know I sometimes say that the pandemic was like a forced march to digital and part of that was business resilience. But You know, where do we go from here? You know, we had 14 months shoved into our face and now we have some time to think about. So how should clients think about evolving their strategies in this regard? >>Yeah, Well, certainly with respect to what was called Newco now, Kendrell, um our approach has been advisory led. Uh we will help clients along this journey. Uh, one thing that I'd like to point out in one of the journeys that we've been taking over the last couple of years is it really is about security and resiliency together. If you think of that planning and how to mitigate your operational risk, the security and resiliency go hand in hand through the same people within the organization that are planning for that and worried about it. And so we had already started about three years ago to pull the two together and to have a unified value proposition for clients around security and resiliency, both being advisory lead, doing everything for a client from project based to the digital consumption world which we know clients live in today to a fully managed service all around security and resiliency together. >>Yeah, so I mean it's really important topic. I mean you heard Chair Powell last month. He was he was on 60 minutes saying well yeah worried about inflation, were way more worried about security. So so alan you know, were let's say you're in the virtual, you know, conference room with the board of directors. What's that conversation like? Uh where does it start? >>I think there is a huge concern right now with regard to security and obviously resiliency as well. But if you just think about what we've all been through and what's transpired in the last 12 months, the what we call the threat landscape has broadened significantly and therefore clients have had to go through a rapid transformation not just by moving employees to home base, but also their clients having a much higher expectation in terms of access to systems, access to transactions which are all digital. So you referred to it earlier. But the transformation, our clients have had to go on driving a higher dependence on those systems that enable them to serve their clients digitally and enable them to allow the employees to work remotely in this period has increased the dependencies that they have across the environment that are running many of the critical business processes. So the discussion in the boardroom is very much are we secure? Are we safe? How do we know how safe and secure and resilient should we be? And based on that fact about how safe and secure should we be? Where are we today as an organization? And I think these are the questions that are at the boardroom is basically from a resiliency security perspective, where should we be that supports our strategy vision and our client expectation? And then the second question is very much where are we today? How do we know that we are secure? How do we know that we can recover from any unplanned or unforeseen disruption to our environments? >>So Michelle, I mean I just mentioned the threat surface is expanding and we're just getting started, everybody's like crazy about five G leaning in the edge Iot and that's just uh this could be orders of magnitude by the end of the decade compared to where it is today. So how do you think about the key steps that organizations should should take to ensure operational resilience, you know, not only today, but also putting in a road map. >>Yeah, yeah. And and one thing that we do know from our clients is those that have actually planned for resiliency and security at the forefront. They tend to do that more effectively and more efficiently. Um It's much better to do that than to try to do that after an outage. You certainly learn a lot. Um but that's not the experience that you want to go through. You want to have that planning and strategy in the forefront. As Alan said in terms of the threat vector, the pandemic brought that on as well. We saw surgeons Of cyberattacks, opportunistic attacks. Um you know, we saw the best of people in the pandemic as well as the worst in people. Some of those attacks were on agencies that we're trying to recover. We're trying to treat the public with respect to the COVID-19 pandemic. So none of us can let our guard down here. I think we can anticipate that that's only going to increase. And with the emergence of these new technologies like cloud, we know that there's been such a massive benefit to clients. In fact those that were cloud enabled to sustain their businesses during the pandemic full stop. But with that comes a lot more complexity. Those threat vectors increase five G. I expect to be the same. So again, resilience and security have never been more relevant. More important, we see a lot of our clients putting budget there and those that plan for it with a strategic mindset and understand that whatever they have today may be good enough, but in the future they're going to have to invest and continue to evolve that strategy. Are those that have done the best. >>Yeah, the bolt on strategy doesn't doesn't really work that well, but and I wonder if you think about when we talk to CSOS for example, and you ask them what's your biggest challenge? They'll say things like lack of talent. We got too many tools. It's just as we're on the hamsters on wheels. So I would think that's, you know, unfortunately for some, but it's good for your, your business. That's that's a dynamic that you can help with. I mean you're a services organization, you got deep expertise in this. So I wonder if you could, could talk a little bit about that, that lack of talent, that skills gap and how you guys address that. >>I think this is really the fit for managed services providers like Kendrell, um, certainly with some of our largest clients, if we look at Peta as an example, that notion of phone a friend is really important when it starts to go down and you're not sure what you're gonna do next. You want the expertise, you want to be able to phone someone and you want to be able to rely on them to help you recover your most critical data. One of the things clients have also been asking us for is a vaulted capability, almost like the safe deposit box for your data and your critical applications. Being able to put them somewhere and then in the event of needing to recover, um, you certainly could call someone to help you do exactly that >>Ellen. I wonder if you can address this. I mean, I like IBM I was I'm a customer. I trust IBM. What's your relationship? Are you still gonna, you know, be able to allow me to tap the pieces that that I like and maybe you guys can be more agile in some respects, maybe you can talk about that a little bit. >>She has Sure, Dave and many of our clients, we have a long history with a very positive experience of delivering, you know, market leading and high high quality of services and product the relationship continue. So we will remain very close to IBM and we will continue to work with many of IBM's customers as will IBM work with our customers going forward. So the relationship, I believe whilst a different dynamic will continue and I believe engenders an opportunity for growth and you know, we mentioned earlier the very name signifies the fact that it's new growth and I do think that that partnership will continue and we'll continue together to deliver the type of service, the quality of products and services that our clients have, you know, enjoyed from IBM over the last number of years, >>Michelle my, one of my takeaway from your earlier comments as you guys are hands on consultative in nature. Um, and I think about the comment I made about a lot of Ceo said we were way too d our focus. But when I think about d are a lot of times it was a checkbox to the board. Hey, we got it. But it was last time you tested it. Well, we don't test it because it's too risky to test. You know, we, we do fail over, but we don't fail back because it's just too risky. Can I stress test, you know, my environment, we, at the point now where technology and expertise will allow us to do that is that part of what you bring to the table? >>It is exactly exactly what we bring to the table. So from a first of all, from a compliance and regulatory perspective, you no longer have that option. A lot of the auditors are asking you to demonstrate your d our plan. We have technology and I think we've talked about this before about the automation that we have in our portfolio with resiliency orchestration that allows you to see the risk in your environment on a day to day basis. Proactively manage it. I tried to recover this, there's a there's a failure and then you're able to proactively address it. I also give the example from a resiliency orchestration perspective in this very powerful software automation that we have for D. R. We've had clients that have come in scheduled A. D. R. Test, it was to be all day they've ordered in lunch And the D. R. test fail over failed back took 22 minutes and lunch was canceled. >>I love >>it. Very powerful and very powerful with an auditor. >>That's awesome. Okay guys, we've got to leave it there. Really great to get the update. Best of luck to you and congratulations. Thanks for coming on. >>Thank you so much >>and thank you for watching. This is Dave Volonte for the cubes continuous coverage of IBM think 2021 right back. >>Mhm.

[Music] from the cube studios in palo alto in boston bringing you data-driven insights from the cube and etr this is breaking analysis with dave vellante top security pros indicate that the solar winds hack on top of the pandemic have further heightened a change in how they think about security not only musciso secure an increasingly distributed workforce and network infrastructure but they now must be wary of software code coming from reputable vendors including the very patches designed to protect them against cyber attacks hello everyone and welcome to this week's wikibon cube insights powered by etr in this breaking analysis we'll summarize cso sentiments from a recent etr venn session and provide our quarterly update of the cyber security sector now in an upcoming episode we'll be inviting eric bradley of etr to provide deeper analysis and insights on these trends but we wanted to give you a preliminary preview of what's happening in the sector as we start off 2021. now the solar winds attack was like nothing we've ever seen before it's been covered quite widely in the press but in case you don't know the details solarwinds is a company that provides software to monitor many aspects of largely on-prem infrastructure including things like network performance log files configuration data storage servers and the like now as with all software companies solarwinds sends out regular updates and patches hackers were able to infiltrate the update and trojanize the software meaning when customers installed the updates the malware just went along for the ride now the reason this is so insidious is that often hackers they're going to target installations that haven't installed patches or updates and identified vulnerabilities in the infrastructure that haven't been addressed doors that are open that haven't been closed if you will now here the very code designed to protect against the breach actually facilitated that breach now according to experts this was quite a sophisticated attack that most believe was perpetrated by the russian hacker group cozy bear an advanced persistent threat or apt as classified by the u.s government now it's suspected that somehow they fished their way into a github repo and stole username and password access to allow them to penetrate the supply chain of software that's delivered over the internet but public information on this attack it's still spotty people are still learning now what is known is that the attackers have been lurking since march of last year and they exfiltrated lots of information from the u.s government and many other high-profile companies now here's what the csos and the etr van had to say about it let me just read some of the quotes the impact of this breach is profound it really turned a lot of heads and conventions about cyber security i don't think this threat has been exaggerated in the media we're now in a situation where we have to monitor the monitors this attack didn't have any signatures of a previous attack so you got down to the code level 80 to 90 of that code is being downloaded from the internet it's bringing devops security processes and making us rethink how to reinvent security and i'll add my business friend val berkovici said to me on twitter last year that he thinks the government hack is going to have permanent implications on how organizations approach cyber security it seems these cisos agree now the one question is what can be done about this and when you talk to security pros they'll definitely tell you they're rethinking security practices but look there's only so much you can do here's a tag cloud summarizing some of what we hear in the cube community and in the venn from etr practitioners you hear a lot about xero trust many csos are really leaning into identity access management and pam and mandates around two-factor authentication we've talked a lot about firms like octa sale point cyber arc software and microsoft is coming up more and more in this conversation especially as octa is seen as setting a price umbrella there's definitely some frustration amongst csos about octa's pricing strategies and auth 0 which does authentication as a service that's hitting our radar as well now of course endpoint security is something we've talked a lot about as the work from home trend hit during the pandemic it's become much much more important and you can see in the growth of crowdstrike and as you see in a moment we're getting some traction with vmware and carbon black in the survey data and of course titanium is another company that we've talked about csos look they're not just going to rip out what they have so companies like cisco especially with umbrella and duo they come up in the conversation as does palo alto networks we've said many times palo alto is seen as a thought leader csos like them they also like fortinet especially those that may be more cost cost conscious we see that a lot in mid-market and so on with analytics micro-segmentation cloud security with z-scaler and even rpa to automate certain tasks uipath has come up in the conversation more and more in a security context so you look at this tag cloud and there's no one answer as is often the case case with cyber security lots of tools lots of disciplines and a very capable adversary who has learned to as they say live off the land using your own infrastructure and tooling against you now the common narrative is that security is a top priority with cios and csos and budgets are going to be up so let's take a look at that well kind of here's a chart that shows the net scores or spending momentum for various sectors of the etr tech taxonomy and we've highlighted the information security segment yes it's up relative to the october survey but it really doesn't stand out i mean everything's up as we've reported coming off a down year in tech spending minus four percent last year and we're forecasting a plus six to seven percent increase this year really depending on on the pace of their recovery but the point is cyber is one of many budget organizations and organizations they're simply not going to open up a blank check to the cso now part of the reason is they're heavily invested in cyber this graphic shows several sectors in context and we've highlighted security in the red box the vertical axis that shows spending velocity and the horizontal axis is market share or presence in the data set and you can see the security it's got a big presence it's pervasive of course but it lags some of the top sectors in terms of spending velocity because look organizations they've got lots of priorities and as you'll see in a moment this space like most mature markets has some companies with off the charts spending patterns and others that lag so let's dig into that a little bit here you see that same xy graphic and we've plotted a number of security players so there's a couple of points here that we want to make first microsoft as usual is off the charts to the right and amazingly has a net score of 48 percent so highly elevated octa continues to lead this pack in net score as it has the last several surveys it's got a net score of 61.5 percent up from last quarter survey octa crowdstrike cyberark fortinet proof point and splunk are all up nicely from last quarter's survey we also really want to highlight carbon black the company's net score last quarter was 23.9 percent with 134 mentions in this quarter its net score shot up to nearly 38 so a very meaningful and noticeable move for vmware's 2.1 billion dollar acquisition that it made in the summer of 2019. so a number of companies that have momentum which stems from a rebound in tech spending but also a shift in security spend that we've highlighted and you can see a couple of legacy security firms that are also there in the chart losing momentum we've highlighted fireeye and rsa okay so now let's dig deeper into the data and the vendor performance here's a view of the data that we first showed you in 2019 it shows the net score and the shared n which identifies the number of mentions within the sector and it's an indicator of presence in the marketplace the leftmost chart is sorted by netscore and the right-hand chart is sorted by shared n so to make this chart you had to have at least an n of 50 in the survey again you can see octa sale and sale point lead in net score and microsoft has the biggest presence in the right hand side along with cisco and palo alto and something we started two years ago was if a vendor shows up in the top 10 for both net score and shared n we anointed them with four stars so these are the four star companies microsoft palo alto octa and crowdstrike which crouch by the way it fell off but it's back on and i think that was probably a survey anomaly because based on the company's financials there has been no loss of momentum for crowdstrike and we give two stars to those companies that make the top 20 in both categories so cisco because of umbrella and duo splunk proofpoint fortinet z z-scaler cyborg and carbon black vmware carbon black is new to the two-star list due to its rapid rise in net score that we just talked about now just a quick aside on carbon black at vmworld 2019 pat gelsinger told john furrier and me that he felt like he got a great deal picking up carbon black for 2.1 billion dollars now his logic was in part based on the valuation of crowdstrike at the time which is of course carbon black competitor crowdstrike as you can see on this chart had a valuation that was at nine times higher than that of carbon black and you can see from the trailing 12-month revenue that crowdstrike was a significantly larger company by more than 100 million dollars in revenue so the real story though was the company's growth crowdstrike at the time was growing much much faster than carbon black at more than a hundred percent compared to carbon blacks 22 roughly now in vmware's recent earnings call they said that carbon black had good bookings performance so who knows exactly what that means but if it were more than 22 my guess is that vmware vmware would have been more effusive in its commentary so let's assume that since the acquisition carbon black growth has been flattish you know maybe down maybe up but probably flat so vmware they're figuring out how to integrate the company and we think that as it does that it's going to use its channel of distribution and global presence to really drive carbon black sales now nonetheless we would still peg carbon black's valuation of having increased pretty substantially since the time of the acquisition perhaps in the three to five billion range we don't know for sure so but a nice pickup in our view for vmware and it'll likely grow from here based on the etr data then that's very encouraging for carbon black now let's look at how the valuations in this sector have changed since before covid here's an updated view of our valuation matrix since just before the pandemic hit in the u.s as you can see the s p is up 16 from that time frame the nas composite up 43 percent wow now look at the others only splunk really hasn't seen a huge uptick in valuation but the others have either risen noticeably like proof point cyber arc sail point they bounced up like palo alto or fortinet or exploded like crowd chat octa and z scalar you combine all these and you're talking about 114 billion dollar increase in market cap for these so one would think carbon black as a vmware asset has done pretty well along with these names and we would expect that the tech spending rebound this year combined with the heightened concerns over the solar winds hack and the tectonic shifts from the accelerated work from home and digital business transformations will continue to bode well for many of these names for quite some time all right let's wrap it up with some of the things we're watching in this space as we exit the pandemic and experience a new digital reality cyber threats have never been greater look each january if you look back on the prior year you'd be able to say the same thing for the last couple of decades and the reality is the budgets and spending on cyber they're asymmetric to the economic risks we just don't spend enough and probably can't spend enough to solve this problem csos they have to balance their legacy legacy install base security infrastructure with the shift to zero trust accelerated endpoint new access management challenges the ever expanding cloud and dot dot dot lack of talent remains the single biggest challenge for organizations which are stretch thin making investments in automation a trend that is not going to abate anytime soon in cyber all the cliches apply there is no silver bullet there is no rest for the weary the adversary they are well funded and extremely capable and they only have to succeed once to create a business disaster for an organization that has to succeed every day 24 hours a day so expect more of the same with no end in sight in terms of complexity fragmentation and whack-a-mole approaches to fighting cyber crime i hate to say this but it just means the fundamentals for the sector just keep getting better and better sorry okay that's it for this week remember all these episodes are available as podcasts wherever you listen so please subscribe i publish weekly on wikibon.com and siliconangle.com and don't forget to check out etr.plus for all the survey data and the analytics i appreciate the comments on my linkedin post you can dm me at [Music] you

>>on the globe. It's the Cube with digital coverage of AWS reinvent 2020 sponsored by Intel, AWS and our community partners. Hello and welcome back to the Cubes Live coverage Cube live here in Palo Alto, California, with the Virtual Cube this year because we can't be there in person. I'm your host, John Fairy year. We're kicking off Day two of the three weeks of reinvent a lot of great leadership sessions to review, obviously still buzzing from the Andy Jassy three. Our keynote, which had so many storylines, is really hard to impact. We're gonna dig that into into into that today with Jerry Chan, who has been a Cube alumni since the beginning of our AWS coverage. Going back to 2013, Jerry was wandering the hallways as a um, in between. You were in between vm ware and V C. And then we saw you there. You've been on the Cube every year at reinvent with us. So special commentary from you. Thanks for coming on. >>Hey, John, Thanks for having me and a belated happy birthday as well. If everyone out there John's birthday was yesterday. So and hardest. Howard's working man in technology he spent his entire birthday doing live coverage of Amazon re events. Happy birthday, buddy. >>Well, I love my work. I love doing this. And reinvent is the biggest event of the year because it really is. It's become a bellwether and eso super excited to have you on. We've had great conversations by looking back at our conversations over the Thanksgiving weekend. Jerry, the stuff we were talking about it was very proposed that Jassy is leaning in with this whole messaging around change and horizontal scalability. He didn't really say that, but he was saying you could disrupt in these industries and still use machine learning. This was some of the early conversations we were having on the Cube. Now fast forward, more mainstream than ever before. So big, big part of the theme there. >>Yeah, it z you Amazon reinvent Amazon evolution to your point, right, because it's both reinventing what countries are using with the cloud. But also what Amazon's done is is they're evolving year after year with their services. So they start a simple infrastructure, you know, s three and e c. Two. And now they're building basically a lot of what Andy said you actually deconstructed crm? Ah, lot of stuff they're doing around the call centers, almost going after Salesforce with kind of a deconstructed CRM services, which is super interesting. But the day you know, Amazon announces all those technologies, not to mention the AI stuff, the seminar stuff you have slack and inquired by Salesforce for $27.7 billion. So ah, lot of stuff going on in the cloud world these days, and it's funny part of it, >>you know, it really is interesting. You look up the slack acquisition by, um, by Salesforce. It's interesting, you know, That kind of takes slack out of the play here. I mean, they were doing really well again. Message board service turns into, um, or collaboration software. They hit the mainstream. They have great revenue. Is that going to really change the landscape of the industry for Salesforce? They've got to acquire it. It opens the door up from, or innovation. And it's funny you mention the contact Center because I was pressing Jassy on my exclusive one on one with him. Like they said, Andy, my my daughter and my sons, they don't use the phone. They're not gonna call. What's this? Is it a call center deal? And he goes, No, it's the It's about the contact. So think about that notion of the contact. It's not about the call center. It's the point of contact. Okay, Linked in is with Microsoft. You got slack and Salesforce Contact driven collaboration. Interesting kind of play for Microsoft to use voice and their data. What's your take on that? >>I think it's, um you know, I have this framework. As you know, I talked my friend systems of engagement over systems intelligence and systems record. Right? And so you could argue voice email slack because we're all different systems of engagement, and they sit on top of system of record like CRM customer support ticketing HR. Something like that. Now what sells first did by buying slack is they now own a system engagement, right? Not on Lee is slack. A system engagement for CRM, but also system engagement for E. R. P Service. Now is how you interact with a bunch of applications. And so if you think about sales for strategy in the space, compete against Marcus Soft or serves now or other large AARP's now they own slack of system engagement, that super powerful way to actually compete against rival SAS companies. Because if you own the layer engagement layer, you can now just intermediate what's in the background. Likewise, the context center its own voice. Email, chat messaging, right? You can just inter mediate this stuff in the back, and so they're trying to own the system engagement. And then, likewise, Facebook just bought that company customer a week ago for a billion dollars, which also Omni Channel support because it is chat messaging voice. It's again the system engagement between End User, which could be a customer or could be employees. >>You know, this really gonna make Cit's enterprise has been so much fun over the past 10 years, I gotta say, in the past five, you know, it's been even more fun, has become or the new fun area, you know, And the impact to enterprise has been interesting because and we're talking about just engaging system of record. This is now the new challenge for the enterprise. So I wanna get your thoughts, Jerry, because how you see the Sea, X O's and CSOs and the architects out there trying to reinvent the enterprise. Jassy saying Look and find the truth. Be on the right side of history here. Certainly he's got himself service interest there, but there is a true band eight with Cove it and with digital acceleration for the enterprise to change. Um, given all these new opportunities Thio, revolutionize or disrupt or radically improve, what's the C. C X's do? What's your take on? How do you see that? >>It's increasingly messy for the CXS, and I don't I don't envy them, right? Because back in the day they kind of controlled all the I t spend and kind of they had a standard of what technologies they use in the company. And then along came Amazon in cloud all of sudden, like your developers and Dio Hey, let me swipe my credit card and I'm gonna access to a bunch of a P I s around computing stories. Likewise. Now they could swipe the credit card and you strike for billing, right? There's a whole bunch of services now, so it becomes incumbent upon CSOs. They need Thio new set of management tools, right? So not only just like, um, security tools they need, they need also observe ability, tools, understanding what services are being used by the customers, when and how. And I would say the following John like CSOs is both a challenge for them. But I think if I was a C X, so I'll be pretty excited because now I have a bunch of other weapons and other bunch of services I could offer. My end users, my developers, my employees, my customers and, you know it's exciting for them is not only could they do different things, but they also changed how their business being done. And so I think both interact with their end users. Be a chat like slack or be a phone like a contact center or instagram for your for your for your kids. It's actually a new challenge if I were sick. So it's it's time to build again, you know, I think Cove it has said it is time to build again. You can build >>to kind of take that phrase from the movie Shawshank Redemption. Get busy building or get busy dying. Kinda rephrase it there. And that's kind of the theme I'm seeing here because covert kind of forced people saying, Look, this things like work at home. Who would have thought 100% people would be working at home? Who would have thought that now the workloads gonna change differently? So it's an opportunity to deconstruct or distant intermediate these services. And I think, you know, in all the trends that I've seen over my career, it's been those inflection points where breaking the monolith or breaking the proprietary piece of it has always been an opportunity for for entrepreneur. So you know, and and for companies, whether you're CEO or startup by decomposing and you can come in and create value E I think to me, snowflake going public on the back of Amazon. Basically, this is interesting. I mean, so you don't have to be. You could kill one feature and nail it and go big. >>I think we talked to the past like it's Amazon or Google or Microsoft Gonna win. Everything is winner take all winner take most, and you could argue that it's hard to find oxygen as a start up in a broad platform play. But we think Snowflake and other companies have done and comes like mongo DB, for example, elastic have shown that if you can pick a service or a problem space and either developed like I p. That's super deep or own developer audience. You can actually fight the big guys. The Big Three cloud vendors be Amazon, Google or or market soft in different markets. And I think if you're a startup founder, you should not be afraid of competing with the big cloud vendors because there there are success patterns and how you can win and you know and create a lot of value. So I have found Investor. I'm super excited by that because, you know, I don't think you're gonna find a company takedown Amazon completely because they're just the scale and the network effects is too large. But you can create a lot of value and build Valuable comes like snowflake in and around the Amazon. Google Microsoft Ecosystem. >>Yeah, I want to get your thoughts. You have one portfolio we've covered rock rock set, which does a lot of sequel. Um, one of your investments. Interesting part of the Kino yesterday was Andy Jassy kind of going after Microsoft saying Windows sequel server um, they're targeting that with this new, uh, tool, but, you know, sucks in the database of it is called the Babel Fish for Aurora for post Chris sequel. Um, well, how was your take on that? I mean, obviously Microsoft big. Their enterprise sales tactics are looking like more like Oracle, which he was kind of hinting at and commenting on. But sequel is Lingua Franca for data >>correct. I think we went to, like, kind of a no sequel phase, which was kind of a trendy thing for a while and that no sequel still around, not only sequel like mongo DB Document TV. Kind of that interface still holds true, but your point. The world speaks sequel. All your applications be sequel, right? So if you want backwards, compatibility to your applications speaks equal. If you want your tire installed base of employees that no sequel, we gotta speak sequel. So, Rock said, when the first public conversations about what they're building was on on the key with you and Me and vent hat, the founder. And what Rock said is doing their building real time. Snowflake Thio, Lack of better term. It's a real time sequel database in the cloud that's super elastic, just like Snowflake is. But unlike snowflake, which is a data warehouse mostly for dashboards and analytics. Rock set is like millisecond queries for real time applications, and so think of them is the evolution of where cloud databases air going is not only elastic like snowflake in the cloud like Snowflake. We're talking 10 15 millisecond queries versus one or two second queries, and I think what any Jassy did and Amazon with bowel officials say, Hey, Sequels, Legal frank of the cloud. There's a large installed base of sequel server developers out there and applications, and we're gonna use Babel fish to kind of move those applications from on premise the cloud or from old workload to the new workloads. And, I think, the name of the game. For for cloud vendors across the board, big and small startups thio Google markets, often Amazon is how do you reduce friction like, How do you reduce friction to try a new service to get your data in the cloud to move your data from one place to the next? And so you know, Amazon is trying to reduce friction by using Babel fish, and I think it is a great move by them. >>Yeah, by the way. Not only is it for Aurora Post Chris equal, they're also open sourcing it. So that's gonna be something that is gonna be interesting to play out. Because once they open source it essentially, that's an escape valve for locking. I mean, if you're a Microsoft customer, I mean, it ultimately is. Could be that Gateway drug. It's like it is ultimately like, Hey, if you don't like the licensing, come here. Now there's gonna be some questions on the translations. Um, Vince, um, scuttlebutt about that. But we'll see it's open source. We'll see what goes on. Um great stuff on on rocks that great. Great. Start up next. Next, uh, talk track I wanna get with you is You know, over the years, you know, we've talked about your history. We're gonna vm Where, uh, now being a venture capitalist. Successful, wanted Greylock. You've seen the waves, and I would call it the two ways pre cloud Early days of cloud. And now, with co vid, we're kind of in the, you know, not just born in the cloud Total cloud scale cloud operations. This is kind of what jazz he was going after. E think I tweeted Cloud is eating the world and on premise and the edges. What it's hungry for. It kind of goof on mark injuries since quote a software eating the world. This is where it's going. So it's a whole another chapter coming. You saw the pre cloud you saw Cloud. Now we've got basically global I t everything else >>It's cloud only I would say, You know, we saw pre cloud right the VM ware days and before that he called like, you know, data centers. I would say Amazon lawns of what, 6 4007, the Web services. So the past 14 15 years have been what I've been calling cloud transition, right? And so you had cos technologies that were either doing on migration from on premise and cloud or hybrid on premise off premise. And now you're seeing a generation of technologies and companies. Their cloud only John to your point. And so you could argue that this 15 year transitions were like, you know, Thio use a bad metaphor like amphibians. You're half in the water, half on land, you know, And like, you know, you're not You're not purely cloud. You're not purely on premise, but you can do both ways, and that's great. That's great, because that's a that's a dominant architecture today. But come just like rock set and snowflake, your cloud only right? They're born in the cloud, they're built on the cloud And now we're seeing a generation Startups and technology companies that are cloud only. And so, you know, unlike you have this transitionary evolution of like amphibians, land and sea. Now we have ah, no mammals, whatever that are Onley in the cloud Onley on land. And because of that, you can take advantage of a whole different set of constraints that are their cloud. Only that could build different services that you can't have going backwards. And so I think for 2021 forward, we're going to see a bunch of companies or cloud only, and they're gonna look very, very different than the previous set of companies the past 15 years. And as an investor, as you covering as analysts, is gonna be super interesting to see the difference. And if anything, the cloud only companies will accelerate the move of I t spending the move of mawr developers to the cloud because the cloud only technologies are gonna be so much more compelling than than the amphibians, if you will. >>Yeah, insisting to see your point. And you saw the news announcement had a ton of news, a ton of stage making right calls, kind of the democratization layer. We'll look at some of the insights that Amazon's getting just as the monster that they are in terms of size. The scope of what? Their observation spaces. They're seeing all these workloads. They have the Dev Ops guru. They launched that Dev Ops Guru thing I found interesting. They got data acquisition, right? So when you think about these new the new data paradigm with cloud on Lee, it opens up new things. Um, new patterns. Um, S o. I think I think to me. I think that's to me. I see where this notion of agility moves to a whole nother level, where it's it's not just moving fast, it's new capabilities. So how do you How do you see that happening? Because this is where I think the new generation is gonna come in and be like servers. Lambs. I like you guys actually provisioned E c. Two instances before I was servers on data centers. Now you got ec2. What? Lambda. So you're starting to see smaller compute? Um, new learnings, All these historical data insights feeding into the development process and to the application. >>I think it's interesting. So I think if you really want to take the next evolution, how do you make the cloud programmable for everybody? Right. And I think you mentioned stage maker machine learning data scientists, the sage maker user. The data scientists, for example, does not on provisioned containers and, you know, kodama files and understand communities, right? Like just like the developed today. Don't wanna rack servers like Oh, my God, Jerry, you had Iraq servers and data center and install VM ware. The generation beyond us doesn't want to think about the underlying infrastructure. You wanna think about it? How do you just program my app and program? The cloud writ large. And so I think where you can see going forward is two things. One people who call themselves developers. That definition has expanded the past 10, 15 years. It's on Lee growing, so everyone is gonna be developed right now from your white collar knowledge worker to your hard core infrastructure developer. But the populist developers expanding especially around machine learning and kind of the sage maker audience, for sure. And then what's gonna happen is, ah, law. This audience doesn't want to care about the stuff you just mentioned, John in terms of the online plumbing. So what Amazon Google on Azure will do is make that stuff easy, right? Or a starved could make it easy. And I think that the move towards land and services that moved specifically that don't think about the underlying plumbing. We're gonna make it easy for you. Just program your app and then either a startup, well, abstract away, all the all the underlying, um, infrastructure bits or the big three cloud vendors to say, you know, all this stuff would do in a serverless fashion. So I think serverless as, ah paradigm and have, quite frankly, a battlefront for the Big Three clouds and for startups is probably one in the front lines of the next generation. Whoever owns this kind of program will cloud model programming the Internet program. The cloud will be maybe the next platform the next 10 or 15 years. I still have two up for grabs. >>Yeah, I think that is so insightful. I think that's worth calling out. I think that's gonna be a multi year, um, effort. I mean, look at just how containers now, with ks anywhere and you've got the container Service of control plane built in, you got, you know, real time analytics coming in from rock set. And Amazon. You have pinned Pandora Panorama appliance that does machine learning and computer vision with sensors. I mean, this is just a whole new level of purpose built stuff software powered software operated. So you have this notion of Dev ops going to hand in the glove software and operations? Kind of. How do you operate this stuff? So I think the whole new next question was Okay, this is all great. But Amazon's always had this problem. It's just so hard. Like there's so much good stuff. Like, who do you hired operate it? It is not yet programmable. This has been a big problem for them. Your thoughts on that, >>um e think that the data illusion around Dev ops etcetera is the solution. So also that you're gonna have information from Amazon from startups. They're gonna automate a bunch of the operations. And so, you know, I'm involved to come to Kronos Fear that we talked about the past team kind of uber the Bilson called m three. That's basically next generation data dog. Next generation of visibility platform. They're gonna collect all the data from the applications. And once they have their your data, they're gonna know how to operate and automate scaling up, scaling down and the basic remediation for you. So you're going to see a bunch of tools, take the information from running your application infrastructure and automate exactly how to scale and manager your app. And so AI and machine learning where large John is gonna be, say, make a lot of plumbing go away or maybe not completely, but lets you scale better. So you, as a single system admin are used. A single SRE site reliability engineer can scale and manage a bigger application, and it's all gonna be around automation and and to your point, you said earlier, if you have the data, that's a powerful situations. Once have the data can build models on it and can start building solutions on the data. And so I think What happens is when Bill this program of cloud for for your, you know, broad development population automating all this stuff becomes important. So that's why I say service or this, You know, automation of infrastructure is the next battleground for the cloud because whoever does that for you is gonna be your virtualized back and virtualized data center virtualized SRE. And if whoever owns that, it's gonna be a very, very strategic position. >>Yeah, it's great stuff. This is back to the theme of this notion of virtualization is now gone beyond server virtualization. It's, you know, media virtualization with the Cube. My big joke here with the Q virtual. But it's to your point. It's everything can now be replicated in software and scale the cloud scale. So it's super big opportunity for entrepreneurs and companies. Thio, pivot and differentiate. Uh, the question I have for you next is on that thread Huge edge discussion going on, right. So, you know, I think I said it two years ago or three years ago. The data center is just a edges just a big fat edge. Jassy kind of said that in his keynote Hey, looks at that is just a Nedum point with his from his standpoint. But you have data center. You have re alleges you've got five G with wavelength. This local zone concept, which is, you know, Amazon in these metro areas reminds me the old wireless point of presence kind of vibe. And then you've got just purpose built devices like cameras and factory. So huge industrial innovation, robotics, meet software. I mean, whole huge edge development exploding, Which what's your view of this? And how do you look at that from? Is an investor in industry, >>I think edges both the opportunity for start ups and companies as well as a threat to Amazon, right to the reason why they have outposts and all the stuff the edges if you think about, you know, decentralizing your application and moving into the eggs from my wearable to my home to my car to my my city block edges access Super interesting. And so a couple things. One companies like Cloudflare Fastly company I'm involved with called Kato Networks that does. SAS is secure access service edge write their names and the edges In the category definition sassy is about How do you like get compute to the edge securely for your developers, for your customers, for your workers, for end users and what you know comes like Cloudflare and Kate have done is they built out a network of pops across the world, their their own infrastructure So they're not dependent upon. You know, the big cloud providers, the telco providers, you know, they're partnering with Big Cloud, their parting with the telcos. But they have their own kind of system, our own kind of platform to get to the edge. And so companies like Kato Networks in Cloud Player that have, ah, presence on the edge and their own infrastructure more or less, I think, are gonna be in a strategic position. And so Kate was seen benefits in the past year of Of of Cove it and locked down because more remote access more developers, Um, I think edge is gonna be a super great area development going forward. I think if you're Amazon, you're pushing to the edge aggressively without post. I think you're a developer startup. You know, creating your own infrastructure and riding this edge wave could be a great way to build a moat against a big cloud guy. So I'm super excited. You think edge in this whole idea of your own infrastructure. Like what Kato has done, it is gonna be super useful going forward. And you're going to see more and more companies. Um, spend the money to try to copy kind of, ah, Cloudflare Kato presence around the world. Because once you own your own kind of, um, infrastructure instead of pops and you're less depend upon them a cloud provider, you're you're in a good position because there's the Amazon outage last week and I think like twilio and a bunch of services went down for for a few hours. If you own your own set of pops, your independent that it is actually really, really secure >>if you and if they go down to the it's on you. But that was the kinesis outage that they had, uh, they before Thanksgiving. Um, yeah, that that's a problem. So on this on. So I guess the question for you on that is that Is it better to partner with Amazon or try to get a position on the edge? Have them either by you or computer, create value or coexist? How do you see that that strategy move. Do you coexist? Do you play with them? >>E think you have to co exist? I think that the partner coexist, right? I think like all things you compete with Amazon. Amazon is so broad that will be part of Amazon and you're gonna compete with and that's that's fair game, you know, like so Snowflake competes against red shift, but they also part of Amazon's. They're running Amazon. So I think if you're a startup trying to find the edge, you have to coexist in Amazon because they're so big. Big cloud, right, The Big three cloud Amazon, Google, Azure. They're not going anywhere. So if you're a startup founder, you definitely coexist. Leverage the good things of cloud. But then you gotta invest in your own edge. Both both figure early what? Your edge and literally the edge. Right. And I think you know you complement your edge presence be it the home, the car, the city block, the zip code with, you know, using Amazon strategically because Amazon is gonna help you get two different countries, different regions. You know you can't build a company without touching Amazon in some form of fashion these days. But if you're a star found or doing strategically, how use Amazon and picking how you differentiate is gonna be key. And if the differentiation might be small, John. But it could be super valuable, right? So maybe only 10 or 15%. But that could be ah Holton of value that you're building on top of it. >>Yeah, and there's a little bit of growth hack to with Amazon if you you know how it works. If you compete directly against the core building blocks like a C two has three, you're gonna get killed, right? They're gonna kill you if the the white space is interest. In the old days in Microsoft, you had a white space. They give it to you or they would roll you over and level you out. Amazon. If you're a customer and you're in a white space and do better than them, they're cool with that. They're like, basically like, Hey, if you could innovate on behalf of the customer, they let you do that as long as you have a big bill. Yeah. Snowflakes paying a lot of money to Amazon. Sure, but they also are doing a good job. So again, Amazon has been very clear on that. If you do a better job than us for, the customer will do it. But if they want Amazon Red Shift, they want Amazon Onley. They can choose that eso kind of the playbook. >>I think it is absolutely right, John is it sets from any jassy and that the Amazon culture of the customer comes first, right? And so whatever is best for the customer that's like their their mission statement. So whatever they do, they do for the customer. And if you build value for the customer and you're on top of Amazon, they'll be happy. You might compete with some Amazon services, which, no, the GM of that business may not be happy, but overall. Net Net. Amazon's getting a share of those dollars that you're that you're charging the customer getting a share of the value you're creating. They're happy, right? Because you know what? The line rising tide floats all the boats. So the Mork cloud usage is gonna only benefit the Big Three cloud providers Amazon, particularly because they're the biggest of the three. But more and more dollars go the cloud. If you're helping move more. Absolute cloud helping build more solutions in the cloud. Amazon is gonna be happy because they know that regardless of what you're doing, you will get a fraction of those dollars. Now, the key for a startup founder and what I'm looking for is how do we get mawr than you know? A sliver of the dollars. How to get a bigger slice of the pie, if you will. So I think edge and surveillance or two areas I'm thinking about because I think there are two areas where you can actually invest, own some I p owned some surface area and capture more of the value, um, to use a startup founder and, you know, are built last t to Amazon. >>Yeah. Great. Great thesis. Jerry has always been great. You've been with the Cube since the beginning on our first reinvented 2013. Um, and so we're now on our eighth year. Great to see your success. Great investment. You make your world class investor to great firm Greylock. Um great to have you on from your perspective. Final take on this year. What's your view of Jackie's keynote? Just in general, What's the vibe. What's the quick, um, soundbite >>from you? First, I'm so impressed and you can do you feel like a three Archy? No more or less by himself. Right then, that is, that is, um, that's a one man show, and I'm All of that is I don't think I could pull that off. Number one. Number two It's, um, the ability to for for Amazon to execute at so many different levels of stack from semiconductors. Right there, there there ai chips to high level services around healthcare solutions and legit solutions. It's amazing. So I would say both. I'm impressed by Amazon's ability. Thio go so broad up and down the stack. But also, I think the theme from From From Andy Jassy is like It's just acceleration. It's, you know now that we will have things unique to the cloud, and that could be just a I chips unique to the cloud or the services that are cloud only you're going to see a tipping point. We saw acceleration in the past 15 years, John. He called like this cloud transition. But you know, I think you know, we're talking about 2021 beyond you'll see a tipping point where now you can only get certain things in the cloud. Right? And that could be the underlying inference. Instances are training instances, the Amazons giving. So all of a sudden you as a founder or developer, says, Look, I guess so much more in the cloud there's there's no reason for me to do this hybrid thing. You know, Khyber is not gonna go away on Prem is not going away. But for sure. We're going to see, uh, increasing celebration off cloud only services. Um, our edge only services or things. They're only on functions that serve like serverless. That'll be defined the next 10 years of compute. And so that for you and I was gonna be a space and watch >>Jerry Chen always pleasure. Great insight. Great to have you on the Cube again. Great to see you. Thanks for coming on. >>Congrats to you guys in the Cube. Seven years growing. It's amazing to see all the content put on. So you think it isn't? Just Last point is you see the growth of the curve growth curves of the cloud. I'd be curious Johnson, The growth curve of the cube content You know, I would say you guys are also going exponential as well. So super impressed with what you guys have dealt. Congratulations. >>Thank you so much. Cute. Virtual. We've been virtualized. Virtualization is coming here, or Cubans were not in person this year because of the pandemic. But we'll be hybrid soon as events come back. I'm John for a year. Host for AWS reinvent coverage with the Cube. Thanks for watching. Stay tuned for more coverage all day. Next three weeks. Stay with us from around the globe. It's the Cube with digital coverage of aws reinvent 2020 sponsored by Intel >>and AWS. Welcome back here to our coverage here on the Cube of AWS.

from the cube studios in palo alto in boston bringing you data driven insights from the cube and etr this is breaking analysis with dave vellante over the past 150 days virtually everybody that i know in the technology industry has become an expert on covid in some way shape or form we've all lived the reality that covet 19 has accelerated by at least two years many trends that were in motion well before the virus hit the cyber security sector is no exception and one of the best examples where we have witnessed the accelerated change hello everyone and welcome to this week's episode of wikibon cube insights powered by etr in this breaking analysis we'll update you on the all-important security sector which remains one of the top spending priorities for organizations and i want to give you a shout out to my colleague eric bradley from etr who gave me some really good data and some macro insights as well as some anecdotal data from csos for this episode let's take a look at the big picture first now for many years we've talked about the shifting patterns in networking moving from what's often referred to as a north-south architecture meaning a hierarchical network that supports you know age-old organizational structures well today the network is flattening into what they often refer to as an east-west model and the moat or perimeter it's been vaporized the perimeter is now wherever the user is and users are at home or they're at their beach houses thanks to kovid now this is a bad actor's dream as the threat surfaced has expanded by orders of magnitude and as we've said in the past the adversary is well funded extremely capable and highly motivated because the roi of infiltration and exfiltration is outstanding the cso's job quite simply stated is to lower that return on investment now the other big trend that we see is that the cloud and sas are reducing reliance on hardware-based solutions like traditional firewalls because so many workers are now at home they're in their accessing sensitive data identity and endpoint security are exploding xdr or extended detection and response and zero trust networks are on the rise organizations are increasingly relying on analytics and automation to detect and remediate threats you know alerts just don't cut it anymore i need action and so to do so they're turning to a number of best of breed point products that have the potential to become the next great security platforms and this is setting up an epic battle between hot startups that are growing very very quickly and entrenched incumbents that really aren't going to go down without a fight finally while security is clearly a top spending priority customers and their cfos continue to be somewhat circumspect with respect to how much they allocate toward security budgets especially in the context of a shrinking i.t spending climate that we have said is dropping between five and eight percent in 2020. now security is critical but even in these times spending is governed by these tight budgets well cyber remains a top category in the etr taxonomy in terms of its presence in the data set what this chart tells us is that cios and i.t buyers have other priorities that they have to fund this data shows a comparison of net scores over three survey dates october of last year april and july net score remember is an indicator of momentum which is calculated by subtracting the percent of customers spending less on the technology from those spending more it's more complicated than that but that's that's the basics and you can see that at a 29 net score the security sector is just one of many priorities that i.t buyers face now remember this is the july survey and it's asking customers are you planning to spend more or less in the second half of 2020 relative to the first half and it's a forward-looking metric so what may be happening here is that the height of the lockdown and in the u.s anyway and the pivot to work from home organizations were spending heavily and are now fine-tuning those investments and maybe addressing other digital priorities let's look back and do some pre and post-covet assessments of various players within the etr data set i'm gonna go fairly quickly through these next slides but i want to give you a perspective as to how the security landscape and the vendor momentum has changed in the past eight months first i'm going to take you back to the january data set we actually originally did this exercise last year and then we updated it right at the beginning of 2020. the chart shows the top-ranked cyber security companies based on two metrics the left-hand side sorts the data and ranks companies based on net score or spending momentum and the right-hand side shows the ranking by shared n which is a measure of the pervasiveness of a company in the data set i.e the number of mentions that they get in the sector and what we did is we gave four stars to those companies that showed up in the top of both of those rankings and two stars to those that were close so you can see that microsoft splunk palo alto and proofpoint as well as octa and crowdstrike and then we added z scalar in january as new and then cyber arc software all got four stars then we gave cisco and fortinet two stars now this next chart shows the same thing at the height of the u.s lockdown now you may say okay what's the difference there's still microsoft palo alto proof point octa cyber arc z scaler and crowdstrike at four stars with cisco and fortnite having two star stars splunk fell off but that's it well what's different is instead of making the cut the top 22 which we did last time we narrowed it down to the top ten in order for a company to make that grade so if we had done that in january octa crowdstrike zscaler and cyberark they wouldn't have made the cut but in april they did as their presence in the dataset grew and we strongly believe this is a direct result of the work from home pivot crowdstrike endpoint octa identity access management z-scaler cloud security and they're disrupting traditional appliance-based firewalls now just to note we placed dell emc which was rsa and ibm in the list just for context now let's take a look at the most recent july survey now a lot of i'm out on a limb a little bit here because many of these companies they haven't reported yet so we don't have full visibility on their business outlook but we show the same data for the most recent survey the red line that you see there is the top 10 cutoff point and you can see splunk which didn't make the cut in april is back on the four-star list it's very possible buyers took a pause last quarter and focused attention on work from home but splunk continues to impress as it shifts toward the subscription model that we've talked about in the past splunk has a very strong hold on the sim space but everyone wants a piece of splunk especially some of the traditional firewall companies who they're seeing their hardware business dying so we're watching the competition from these players but also some other players like tennable now proof point fell off the four-star list because its net score didn't make the top ten crowdstrike cyber arc and zscaler also fell back because they dropped below the top 10 in shared in but we still really like these companies and expect them to continue to do well you know it could be some anomalies in the survey but we're trying to be as transparent as possible with you share the data listen to it interpret it and really adjust our models accordingly each quarter now let me make a few points and try to interpret what might be happening here first i want to point out octa pops to the top of the net score ranking overtaking crowdstrike's momentum from the last survey now one customer in the financial services sector told eric bradley on a recent then we're seeing amazing things from octa but the traditional firewall companies are stepping into identity they may not be best of breed but they have a level of integration and that's appealing to this individual this person also specifically called out palo alto and fortinet is trying to encroach on that space so keep your eyes on that now crowdstrike has declined noticeably which surprised us z z scalar is actually showing more momentum relative to the last survey so that's a positive palo alto and microsoft are consistently holding serve and continue to be leaders proof point and cyber arc are showing a bit of a velocity drop and sales point and tenable are also catching our attention in this survey and of course sales sale point which is identity management had a great quarter and reinstituted its guidance giving us the benefit of hindsight on its performance so it was actually pretty easy to give them two stars now just a side note by the way we've cut the data here with those companies that have more than 50 mentions in the sector we didn't do that the first time we did this we allowed companies with less than 50. so we're trying to tighten that up a bit so we still maintain strongly that you're seeing cloud endpoint and identity as the big security themes here csos need tools to be responsive they don't want to just get an alert secops pros would rather immediately shut off access and risk pissing off a user than getting hacked and companies are increasingly turning to ai to detect and they're relying on automation to remediate or protect and fence off critical resources let's now look at the two players or players in our two-dimensional view followers of this program know that we like to plot vendors within a sector across two of our favorite metrics net score or spending momentum which is a simple metric that tracks those spending more versus less on the technology and market share which measu measures a vendor's pervasiveness in the data set and it's calculated by taking the number of mentions a vendor gets within a sector divided by the total responses what we show here are the key security players that we've highlighted over the last several quarters let me start with microsoft microsoft has consistently performed well in the security sector as well as other parts of the etr taxonomy as you know they have a huge presence in the survey which is indicated on the horizontal axis and you can see they have a very solid net score which is shown on the y-axis impressive for a company their size now one interesting thing is you don't see aws in this chart and it's because aws and microsoft at least so far have somewhat different strategies with respect to security microsoft with its long application software history and sas presence across office 365 and sharepoint etc with active directory has been really focused on selling security solutions to directly protect its apps they have offerings like defender atp which is advanced threat protection sentinel which is microsoft sim cloud offering azure identity access management and the company's really going hard after this space now aws of course prioritizes security but they don't show an etr data set the same way microsoft does it's almost like aws is hiding in plain sight look aws has always put a great deal of emphasis on security and securing its infrastructure like the s3 buckets and it's you know it announced iam for ec2 way back in 2012. and last year at its reinforced conference you saw an impressive focus on security in a burgeoning security ecosystem in fact when you think of getting started in aws you really think about three things ec2 s3 and iam so i'd expect to see aws really become more prominent over time in the data set now i'll spend a minute talking about octa for the first time since we've been analyzing the security space with etr data octa has the highest net score at 58 percent it had consistently been crowdstrike with this moniker and the momentum lead the company though is dropped in this quarter survey and that's something that we're watching and by the way we're not implying that octa and crowdstrike are direct competitors they're not now as you can see nonetheless that crowdstrike z scalar and sales point sale sale point show very elevated net scores and we've plotted tenable here which is also showing some strength so you can see the respective positions of proof point and fortinet these are more mature companies they were founded in the early part of the century so you'd expect them to have somewhat lower net scores given their history and maturity and then there's cisco they've got a huge presence in the data and big in security cisco's doing really well in that space it consistently grows its security business in the double digits each quarter and it's a real feather in the cisco portfolio cap this is important because cisco's traditional hardware business continues to come under pressure splunk we talked about a lot and it's no surprise at their leadership position but i want to talk a little bit more about palo alto networks here's a company that we've talked about quite a bit in the past they are a tier one player in security they got great service csos want to work with them because they are thought leaders they're like a gold standard and have an impressive portfolio of great solutions but their traditional firewall business is coming under pressure for the reasons that we discussed earlier now palo alto has expanded its portfolio into the cloud and with prisma the company's suite of security services it will maintain a leadership position in our view but palo alto networks as we've discussed had some missteps with its product transition its sales execution and some of some challenges with its pricing models and it hurt their stock price but we've always said that they would work through these issues and that that was a buying opportunity the other thing about palo alto is you know they're considered the expensive choice you got to pay for that gold standard but that's what customers you know will tell us and so you're paying up for those top tier offerings but that's a sort of two-edged sword for palo alto here's an example why people often compare fortinet to palo alto and as we've shared in previous segments the valuation divergence between palo alto and fortinet where the the latter was making a smoother transition to its future and people often tell us that fortinet well you know maybe it's considered not as elite as palo alto they are a value choice their stuff just works and fortinet is a great alternative to palo alto and that has served them very well now let's take a closer look at the valuations of some of these companies we started off this segment by saying that the pandemic has affected every sector and especially cyber security so the next chart that we're showing here is the progression of key valuation metrics since earlier this year what we show are the valuations of nine of the companies in the sector since mid-february the data tracks their respective valuations their revenue multiples their growth rates in both value and revenue revenue growth is shown in the last column for the most recent quarterly report now the companies in red have yet to report the report any day now so he said i'm flying a little bit blind here and we'll have to take a look after the earnings to see how the survey data aligns with the actual results but let me make a few points here first here's the s p in nasdaq performance you see it in february in june and august pandemic recession what are you talking about you'd never know it looking at this data the nasdaq especially is up 14 said since mid february which is quite astounding next i want to come back to the discussion about palo alto and fortinet fortinet already has reported this quarter and palo alto has not but you can see based on the revenue multiples highlighted in red that the valuation divergence is starting to shrink a little bit and we'll see if that holds up after palo alto reports now the big eye popper in this chart is the valuation increases from february to august for octa crowdstrike and z scalar 52 67 and 104 percent increase respectively now you can't say we didn't warn you that these companies were all well positioned when we reported last year and in our january episode but i did say actually to be honest in the last episode that these three i thought were getting a little expensive that was a couple months ago and since then they've continued to run up so if you've been waiting for an entry point based on my advice well i'm sorry for that but look at the revenue multiples look at the expansion in the orange octa goes from 34x to 52x crowdstrike from 39x to 66x z scalar 25x to 43x i mean wow let's see what happens after these three report by this time i would have hoped that they'd taken a little breather maybe over the summer and you could have jumped in to these stocks but they just keep going up and despite the decline in net score for crowdstrike i still really like all three of these companies and feel that they're very well positioned from a product standpoint and customer feedback perspective and finally i want to mention sale point which we said last time was one to watch sale point crushed its quarter bringing in some large deals and providing forward guidance nearly a 50 percent valuation increase since february in a revenue multiple expansion from last quarter where the street last quarter wasn't really thrilled with their numbers but identity management is hot and so now is sales point from the streets perspective the last thing i'll say here is watch the growth rates expectations are very high for some of these companies and the street will cream any of them that misses now that may be your opportunity to jump in because i like these companies i think they're disruptors but as always do your research and watch out for the big whales trying to freeze the markets on these guys all right let's wrap up we've covered a lot of ground today and surf the landscape a little bit so look the trend is plain as day the move to sas is entrenched and by the way this isn't necessarily all good news for buyers cios and cfos tell me that the dark side of capex to opex is unpredictable bills but the flexibility and business value gained is outweighing the downside and every vendor in this space is transitioning into a sas and annual recurring revenue model we believe the remote work trend is here to stay organizations are re-architecting their business around work from home and we think that they're seeing some real benefits they've made investments and it's driving new modes of work and productivity they're not just going to throw away those investments why should they what just to go back to the old way it's not going to happen and if we as we've said previously look the internet it's like the new private network so you've got a question vpns and sd-wan they start to look like stop gaps and of course you know the cloud endpoint security cloud-based iam they are clearly winning in the marketplace you know we're also seeing new security regimes emerge where the cso and the secops team are not this island we we've seen even some csos falling back under the cio which used to be taboo he used to be thought of that's like the fox guarding the hen house but this idea of shared responsibility is not just between the cloud providers and the secops teams because security is a board level priority everyone in the business is becoming more aware more attuned and despite the millennials fascination with and undotted courage when it comes to tick tock i digress now the last two points are interesting i remember reading a post by john oltzek who was an esg security analyst and he predicted last year that integrated suites would win out over the buffet of point products on the market and you know generally i i agreed with that assessment but look at least in the near term and probably mid-term that doesn't seem to be happening as we we've seen these hot companies really take off the ones that we've highlighted now these companies have ambitions beyond selling products and they would bristle at me lumping them into point products their boards are going after platform plays so they're on a collision course with each other and the big guys this should be fun to watch because the big integrated companies are well funded they got great cash flow they got large customer bases and and i've said they're not going down without a fight so i would expect eventually there's going to be more of an equilibrium to what seems to be right now a bifurcated and unbalanced market today so you're going to see more m a activity expect that however at these valuations some of these companies that we've highlighted they're becoming acquisition proof as such they'd better keep innovating or they're going to be in big trouble all right that's it for today remember these episodes are all available as podcasts wherever you listen so please subscribe i publish weekly on wikibon.com we've added in the wikibon menu bar a breaking analysis link that has all the episodes in there i also publish on siliconangle.com so check that out and please do comment on my linkedin posts don't forget to check out etr.plus for all the survey action get in touch on twitter i'm at d vellante or email me at david.vellante at siliconangle.com this is dave vellante for the cube insights powered by etr thanks for watching everybody be well and we'll see you next time [Music] you

>>Fly from San Francisco. It's the cube covering RSA conference, 2020 San Francisco brought to you by Silicon angle media. >>Welcome back everybody. Jeffrey here with the cube. We're at RSA 2020, downtown San Francisco and Moscone center, 40,000 professionals in the security industries, the biggest security event in the world. I'm pretty sure, certainly the biggest one in the U S we're excited to have somebody who's been running around taking care of these problems and talking to customers for a very long time. It's got a great longterm perspective. We're happy to have him. Jonathan, new wind, the VP global field say-so team for fortunate. Jonathan, great to see you. So you said you've been coming to this show for a long, long time. Love to get kind of your impressions that the human element is the theme. Yeah, well, sheer, you know, I, I think, uh, it's changing. It's uh, the attendance is broken out by very senior people who've been here for, you know, multiple events and then a whole new slew of people are coming into the industry, right. >>And there's a lot of excitement. It's, um, there's a little bit less of a buzz. It just seems it's a little bit less people here this year because of the virus scare. Um, but overall I think that the themes are pretty consistent, which is kind of tragic that the themes are consistent year after year because this suggests that not a lot has changed despite the $130 billion and it works with purity span. You know, absolutely complexity. Uh, everyone is telling me about how to solve complexity, how to do more with less, uh, how to do more with less and fewer people and how to get their arms around this vast volume of data that's being generated. And there's a lot of talk about automation and AI, uh, but much more practical, less buzzwords and more practical solutions. And yet still tons of new vendors, right? Tons of new opportunities. >>You know, I don't know what the final count is on the vendor side, but it's a really large number and you go off into the corners to the EDBD little, little, a little mini boost is still a time of innovation. So I think that people trying to move the ball. So I think when the first show first started, there were less than a less than 500 vendors, I think in the industry back in 2007 I think today we're North of of 5,000 and it's probably 8,000 or about 5,000 vendors in the immediate vicinity here. But just go around the corner and there are dozens of others having their own events and the neighboring hotels and restaurants. It's astounding the number of different point products are still coming into the industry and, and, and that really suggests that we haven't gotten our arms around integrating all of this technology. >>And it's just another level of complexity. So what do you tell your friends on the buy side, right? Who know you and say, say Jonathan, I'm going, I'm going to RSA. How in the heck am I supposed to navigate not only the show specifically, but kind of this vendor landscape and then make sense of it all? I'm telling him to look for vendors that are partners that have a longterm perspective and that do the integration for you. You know, one of the things coming from an operational background, as I talked to other CSOs, like our job is to operate technology. It really isn't about integrating technology. It really isn't about OAA and product. I want to focus my budget and my resources on operating technologies and manage risk. So I look for partners and mentors like, like Fordanet that has a fabric with 258 plus different products and vendors that are already integrated out of the box. >>I'm looking for someone that solves complexity rather than a specific problem or specific threat vector. And I'm really looking for some of that helps me understand and manage risk because that's the object of the exercise in cybersecurity today. It's not about compliance, it's about compliance, it's about security, it's about resilience, but a reasonable level of care in managing risk. Right. And yeah, it's, it's a great topic cause I was thinking that kind of in terms of insurance. Yeah. In terms of, you know, how much do you spend and you can't insure everything to 100% right. So it's going to be some number less than that. Everybody else needs a piece of the pie. But how do you make those kinds of trade offs, investment versus risk? Because you can't absolutely protect everything. It makes no sense. So I think that value of it comes back to the CSO and his or her team. >>It's a very human decision. Uh, there is no prescriptive definition of what reasonable care is. You know, outside of one statement by Kamala Harrison, she was the state's attorney in California here, which is the CIS 20 is the minimum level of reasonable care. And so now we have to understand how do we define what is reasonable, what is the risk appetite or tolerance for a company? And once you identify those things, what are the controls and mitigation measures that you're gonna have in place to mitigate those risks? And then what's left is residual risk. And that's a hard decision. How much will you absorb? How much will you transfer, uh, and how much will you just tolerate? Um, but it's really no longer just about compliance, uh, and it's no longer just about having a security or continuity or resilience about all of those things. At a reasonable level. >>Right. It's interesting as pulling up Winnie Naylor from, from Cisco gave one of the early ketos and she talked about, you know, really this security profession, embracing those pesky people that keep clicking on links because really they're the people that can, that have the data around the specific, um, applications and specific assets that the company has to kinda have that informed decision as to what is it worth to protect and do we need to protect it? Do we need to protect them more? Can we let this thing go a little bit? Yeah. I think the human element is the hardest part, you know, in mind at this conference and its theme, that human element. The hardest part about this job is that it's not just mechanical issues on routing issues and networking issues, but it's about dealing with all types of humans, innocent humans that do strange and bad things unknowingly. >>And then malicious people who do very bad things that by design. And so the research suggests that no matter what we do in security awareness training, some 4% of our employee base will continually fail security awareness tests. Well, we fished actively. And so one of the things that we need to do is use automation and intelligence so that you could comb through all of that data and make a better informed decision about what risks you're going to mitigate, right? And for this 4% that are habitually abusing the system and can't be retrained while you can isolate them, right, and make sure that they're, they're separated and they're not able to, uh, to do things that may harm the organization. Right. The other human element is the people on the security teams, right. And it's a tough resource. There aren't enough of them. And, and, and historically, they'd been the ones that, that integration point between all these different systems and it's a highly stressful job. >>You know, there was a Forbes article that said 17% of all CSOs are functional alcoholics. I mean, I mean, and they met as a 17 for 17%. One of every six CSOs medicates himself or herself with alcohol. And medicate is a very specific term of art. It doesn't mean recreational drinking means you are a functional alcoholic and that tells you about the level of stress and complexity. You know, in this job, our research suggests that the average CSO lifespan is somewhere on the low end of about 12 months on the high end, somewhere about 24. You know, in their role or in their profession, their role and their current job, their current gig, they're not lasting more than than two years. Uh, the sheer complexity and stress of the job and you know, and, and those, of course, 24 months, three of those months are just orientation cause that gives you an idea. >>It's a level of stress and complexity that the average CSO is going to face here. Right. So really begs for a lot more automation, a lot more automation on the defense side. It does, it, it makes for a lot more automation. And how do you help those teams cope with a massive levels of complexity and data that's coming out of these digitized and digitally transformed enterprises, right? And when you think about each person's going to generate three to five terabytes of data per person per day, uh, and that computing is going to change in the next three to five years. Right now 85% of computing and data generated comes from traditional it functions as you move into 5g and edge based computing, the vast majority of data generating computing will be done on the edge. So the level of complexity, the number of technologies and devices that we're going to have to monitor is only going to expand, right? >>Right, right. And the speed of those transactions and the speed of the potential harm. So marry that against the research data says that 99% of the attacks could have been mitigated through simple intermediate controls and that the patches, the signatures were readily available. And so the thing to contemplate as we go into this heightened level of complexity and expansion of our computing environment is we're missing the basics today, right? Right. If 99% of the successful attacks are based upon exploits that are known that the signatures are available in the patches available for then a year, what are we going to do when everything else becomes even more complex, more sophisticated. Yeah. That's funny. That was part of, of of raw heats keynote, uh, to kick off the whole thing is he said, you know, we as security professionals like to focus on the complex, we like to focus on the, the ornate and the, and the super sophisticated attacks on the reality is the vast majority and we're just coming right in the normal side door that they've been coming in all along. >>And one thing I decided during my time at the Verizon data breach investigations report was a 77% of all the breaches were not identified by the security team. They were identified by law enforcement. And so 77, 77% of the case. So let's, so let's say you've got a CIS admin that that goes out and accesses financial information before the earnings call and does insider trading. And it's the sec that calls the FBI. And then it's the FBI that calls you and said, by the way, your CIS admin is going to be charged with insider trading. And that's how they know that there's been a compromise out. And in many cases, what does that tell you? Despite $130 billion of network security spend this year alone, that's seven out of 10 data breaches will be identified by law enforcement and not the security team. Yeah. So that tells you that not the security law enforcement team, either it's the FBI or the sec hires the cl service and it just says that security is so complex that until we find ways like the FORNAS security fabric to automate and to manage complexity in an integrated way, you know, that's the, that's the leading edge indicator that I look for is that at what point do security teams identify more data breaches then law enforcement and the victims and they're way behind at this point? >>I think so, unfortunately. Yes. That's crazy. So, um, but there's a lot more AI now that you guys can use to write on the good guys side. But how does that really square the circle when you're saying so many of it just comes through the simple approaches because of lack of visibility. Uh, SOC teams are overwhelmed by the volume of data. And so the way to address the volume and variety and velocity of data is to use artificial intelligence to use a machine to make human decisions and behavior at machine speed. And so when we launched our 40 AI product offering and the virtual security analysts, you know, the research that we did suggest that is he pivoted a five SOC analysts. And so that's one way of helping SOC teams that are overwhelmed by the volume of data that are understaffed, to use artificial intelligence to distill out from all of that, that data, that useful patterns, and to marry that with our Florida guard intelligence, say, okay, this is the techniques, tactics and procedures most likely associated with this threat vector right now, escalate that to a human to make a decision on whether you want to mitigate that. >>And once you decide to mitigate that, use the automated and integrated capabilities of the fabric to make an efficient and effective, uh, mitigation, uh, of that incident. Right? Yeah. Yeah. That's interesting. You bring up the sec case. We had a conversation earlier today where we were talking about deep fakes. Yeah. If somebody had the use case that, you know, what, if you just had a pretty straight forward, deep fake of some executive from some companies saying something to move the market and you drop that into the, uh, into the social stream three minutes before the close on a Friday, you get a play off the off the margin leverage. Nobody gets to really investigate the thing until the four minutes are over. Markets are closed, right? You get a significant financials damage in a situation like that, not even really directly impacting the company system. Right. >>So you're, you're hitting on the fact that we are more interconnected than ever and that the traditional compensating controls that we would have used to mitigate that type of risk is not, not as effective. And so, you know, that's going to be a challenge moving forward. Everything is going to be more interconnected, accelerated and decisions will be driven by data. So it's all of those things will drive complexity. So maybe next year when we talk again, we'll see it and see that. But I'm a little, one of the reasons I'm, you know, I have a credit freeze personally is that I'm aware of things like, like deep fakes, uh, impersonations moving my identities. So having a credit freeze allows, allows me to know that no one can leverage my credit even if they have my data. Right. Interesting. So thanks. Question. We sit down here a year from now, uh, without the benefit of 20, 20 hindsight. >>Yeah. You know, what do you think the themes are going to be? What, what do you see as kind of this kind of short term move in the market based on some of these factors that you've identified? I think, uh, more automation, more uh, artificial intelligence ways of automating the traditional process was insecurity. The secondarily, I think there's going to be the rising awareness of edge based computing and smart systems, autonomous level five vehicles that are networked and rather than a sensory based awareness, smart homes, smart industrial applications, uh, that computing will be done on the edge increasingly and those industrial applications, that 85% of the data computer will be done there. And that increasingly the cloud will become a repository for, for, uh, for storage and correlation. But the actual computing and actuation will be done on the edge. And so as 5g takes hold, you're going to see tremendous transformations in our society and our economy and how we conduct commerce, how we communicate. >>Uh, and that leads some more complexity. That's why, that's why I'm so focused on helping organizations getting security right now before that next onslaught of complexity hits us. It's coming. It is the five G IOT thing is, is just around the corner. The look at the telcos, there is a very specific reason why they're investing literally hundreds of billions of dollars into five G and the tremendous societal and economic changes that that will bring in infrastructure, communications and security will have to stay pace with that. One of the things that we're going to see moving forward is that the digital infrastructure is only successful only as successful as a security is. And I think we'll, we should see a breakdown in the traditional operational silos in network operations and security operations as Michelle Dennett. He said earlier on the air, if you cannot protect, you should not connect. But unfortunately people are still connecting before they're ready to. Absolutely. Well, hopefully there'll be a little bit more circumspect going forward. We'll try Jonathan, thanks for, uh, for taking a few minutes and sharing your perspective. Really appreciate it. Always a fun time. Alright, Jonathan, I'm Jeff. You're watching the cube where at RSA 2020 from downtown San Francisco. Thanks for watching. We'll see you next time.