 We're back at AWS re-invent 2021. You're watching theCUBE. We're here live, one of the first live events, very few live events this year. It's the biggest hybrid event really of the year, of the season. Hopefully it portends a great future. We don't know, it's a lot of uncertainty, but AWS said they're going to go for it close to 30,000 people here. Chris Weiburg is here. He's the product VP of product marketing at Cohesity. Chris, great to see you face-to-face, man. It's great to see you live again, Dave. You're saying, yeah. Over the last couple of years, we've had a lot of virtual meet-up hang-out. We talk every other quarter. So it's great to see you. Wow, we were talking before the show. Well, we didn't really know what it was going to be like. I don't think AWS knew. It's like everything these days. You know, we did our own virtual event back in October because that was the time, and this is the first thing we've been back to live. And I was wondering what's going to be like when I show up, but it's great to see all the folks that are here. Yeah, so I could see the booth. You guys have had some good traffic. We have. A lot of customers here, obviously huge ecosystem. This, you know, the quote-unquote flywheel keeps going. Yeah. You and I had a conversation recently about data management. It's something that you guys have put a stake in the ground. Absolutely. Saying, you know, we're not just backup. We're data management. It's fuzzy to a lot of people. We've had that conversation, but you're really starting to, through customer feedback, hone that message and the product portfolio. So let's start from the beginning. What is data management to Cohesity? Well, so for us, it's about the data lifecycle, right? And you heard a little bit about this actually during the keynote today, right? When you think about the various services you need to apply to data along the way, to do basic things like protect it, be able to make sure you can recover from disasters, obviously deal with security today, given the prevalence of ransomware out there. All the way down to at the end, how do you get more value out of it? And we do that in some cases with our friends from AWS using some of their AI ML services. So yeah. Right, so your view of data, I mean, it doesn't, it kind of stops at the database, right? Underneath, there's an adjacency to security that we've talked about. Yeah, very much. Data protection is now becoming an increasingly important component of a security strategy. It is. It's not a direct security play, but it's just the same way that it's not just the SecOps team has to worry about security anymore. It's kind of other parts of the organization. Talk about that a little bit. Yeah, well, we actually had a customer advisory board about two months or so ago now. We talked to many of our customers there. One of them, I won't name him, a large financial institution. We asked them, you know, where do we stand in your spend these days? And he said, well, I'll tell you a while back, about a year ago, having new backup and recovery as a starting point was kind of on the wish list. And he said, today it's number two. And I said, well, why? He said, well, because of ransomware, right? You'll be able to come back from that. And I asked, well, great, what's number one? He said, well, endpoint security. So there you are, number one and number two, right? Top of mind for customers these days in dealing with really the scourge that's affecting so many organizations out there. And I think exactly to, I think where you're going, you're starting to see these teams work together in a way that perhaps they hadn't before, right? You've got the SecOps team, you've got the IT operations team. And while exactly your point, we don't position ourselves as just a data security company. That's part of what we do. We are part of that strategy now, where if you have to think about the various stages in dealing with that, defending your backups, because that's often the first point of attack now for the bad guys, being able to detect what's going on through AI and anomaly detection and such. And then being able to rapidly recover, right? In the recover phase, that's not something that security guys spend time on necessarily, but it's important for the business to be able to bring themselves back when they're subject to an attack. And that's where we come in in spades, right? Yeah, so the security guys are busy trying to figure out, okay, what happened? How do we stop it from happening again? There's another business angle which is, okay, how do we get back up and running? How much data did we lose? Ideally none. How fast can we get it back up? That's another vector that's now becoming part of that broader security stack. That's right, I mean, I think if you look at the traditional NIST cybersecurity framework, right? Stage five has always been the recover piece. And so this is where we're working with some of the players in the security space. You may have seen an announcement we did with Cisco around Secure X recently, where we're working together, not only to unite two tribes within large organizations, right, the SecOps and ITOps guys, but then bringing vendors together because it's through that that really, we think we're going to solve that problem best. Before we get into the portfolio and I want to talk about how you've evolved that, let's talk a little about ransomware. It's in the news. I just wrote a piece recently and just covered some of the payments that have made. I mean, I think the biggest is 40 million, but many tens of millions in here. And it was one case, I think it was the Irish Health Service, did not pay, they just thus far hasn't paid, but it's costing them $600 million to recover as the estimate. So this is serious threat. And as I've said many times on theCUBE, I think that anybody can be a ransomwareist. I go on the dark web. I say. Ransomware is a service, right? Right, ransomware is a service. Hey, can you set up a help desk for me to help me negotiate? And I got a, I'm going to put a stick into a server. And, you know, I hope that individual gets arrested, but you never know. Okay, so now it's top of mind. What are you guys doing? First of all, what are you seeing from customers? How are they responding? What are you guys doing to help? Yeah, well, I think you're right. First of all, it's just a huge problem. And I think that the latest stat I saw is something like every 11 seconds, there's a new attack because I can go into your point with a credit card, sign up as a service, and then, you know, launch an attack. And the average payment is around 4.2 million or such, but there's some that are obviously lots bigger. And I think what's challenging is beyond the costs of recovering and of itself is there's also the issue around brand and reputation and customer service and all these downstream effects that I think, you know, the IT guys don't think about necessarily. We talked to one customer, a regional hospital, where the gentleman there told me that what he's starting to see after the fact is now you've actually got class action suits from patients coming after them saying like, hey, you let my data get stolen, right? Can you imagine? No, IT guys thinking about that. So the cost is huge. And so it's not just an issue, I think, that was once upon a time just for IT ops or sec ops or the CIO even. It's even past the board level now, if you can imagine. It's something that general public worries about and we actually did a survey recently where we asked people on the consumer side, are you more or less likely to do business with companies if you know they've been subject to ransomware attacks? And they said, no, we're concerned about that. We're more reticent to do business with people as consumers if they're not doing the right things to defend their business against ransomware. Fascinating, right? It's a long path to tipping point where this is an IT only issue. So high level strategy. So we talk about things like air gaps. When I talk about your service to ensure immutability. Yeah. So at a 50,000 foot level, what's the strategy that I want to get into specifics of? Sure, well, let's talk a little bit about sort of the evolution of the nature of attacks, right? So once upon a time, this is in the distant past now, the bad guys used to come after your production data, right? And so that was pretty easy to fix with companies like us just restore from backup. They got a little smarter. Let's call that ransomware 2.0, right? Or now they say, let's go after the backup first and encrypt to destroy that. And so there, to your point, you need immutability down to the file system level. So you can't destroy the backups. You got to defend the backup data itself. And increasingly we're seeing people take in isolation in a different way than they used to. So you probably recall the sort of standard 321 rule, right? Yeah, sure. Where the one traditionally met, take that data off-site on magnetic tape, send it to Iron Mountain, for example, and then get the data back when I need it. Well, you know, if your business is at risk, trying to recover from tape, it just takes too long. Like, there's just no reason. It can be weeks. It can be weeks. And you got to locate the tapes, you got to ship them, then you got to do the restore and just because of the physical media and nature, it takes a while. So what we're starting to see now is people figuring out how to use the cloud as a way to do that and be able to have effectively that one copy stored off-site, right? In a different media and use the cloud for that. And so one of the things we announced actually back in our show in October was a new service that allows you to do just that. We're calling it, for now, Project Fort Knox. We're not sure if that name's going to work globally, right? But the idea is a bunker, an isolated copy of the data in the cloud that's there that can restore quickly. Now, is it as fast as having a local replica? Copy of course not, right? But it's way better than tape. And this is a way to really give you that sort of extra layer of insurance on top of what you're already doing probably to protect your data. And I think that's the way to think of it. It's an extra layer. It's not like, hey, do this instead of tape. You're still going to do tape, you know? Just in cases. And there's some that'll still do that. For all sorts of reasons, including compliance and governance and regulatory ones, right? Yeah, and even disaster recovery scenarios of the worst case, I hope I never have to go to it. Yeah, you could go to the cloud. That's right. So local copy is the best. If that's not there, you've got your air gap copy in the cloud. If that's not there, for some crazy reason. We have a whole matrix we've been sharing with our customers recently with the different options, right? And it's actually really interesting, the conversation that occurs between the IT operations folks and the SecOps folks back to that. So some SecOps folks, if they could, they just unplug everything from the network. It's safe, right? But we can't really do business that way. So it's always a balance of what's the return that you need, and by return I mean coming back from an attack or disaster, versus a security. And so again, think of this as an extra layer that gives you that ability to sleep better at night knowing that you've got a third, a tertiary copy stored somewhere off-site in a different media, but you can bring it back at the same time. How have you evolved your portfolio to deal with both the data management trends that we talked about and the cyber threats? Yeah, well, a number of things. So amongst the other announcements that we made back in October is DR, right? So DR is not a security thing per se. You know, who gets paged when something goes wrong. It's not the InfoSec guys for DR, it's the ITOps guys. And so we've always had that capability, but one of the things we announced is be able to do that to the cloud now in AWS. So instead of site to site, being able to do it site to cloud, and for some organizations, that is all about being able to maybe eliminate a secondary site, you know, smaller organizations. Others that are larger enterprises, they probably have a hybrid strategy where that's a part of their strategy now. And the value there is it's an OPEX cost, right? It's not CAPEX anymore. And so again, you lower your cost of operations. So that's one thing in the data management side. On the security side, another thing we announced was yet another service that runs in AWS that we call Cohesity Data Govern. And this is a way to take a look at your data before something ever occurs. One of the key things in dealing with ransomware is hygiene, is prevention, right? And so you sort of have classically security folks that are trying to protect your data. And then another set of folks, certainly large enterprise, that are more on the compliance regulatory front, wanting to know where your PII is, your private sensitive data. And we believe those things need to come together. So this data govern product actually does that. It takes a look at first classifying your data and then being able to detect anomalies in terms of who's coming in from where to get to it to help you proactively understand what's at threat. And first of all, where your crown jewels really are and make sure you're protecting those appropriately and maybe modifying access policies you have set up in your existing native applications, right? So it's a little bit of awareness, a little bit of prevention. And then when things start to go wrong, another layer that helps you know what's going on. I love that. The other side of the coin I made, I can get privacy as a service along with my data protection as a service. Now that's a better model. Tight on time. So the last question, the ecosystem. So you mentioned endpoint security. I know identity access is cloud security and since the remote work has really escalated. Talk about the ecosystem and some of the partnerships that you're enabling, API integrations. Yeah, totally. So you know, we have this, this is what we call our threat defense model. It's got four layers to it. One is the core is all about resiliency. You need to assume failure. We have, you know, the ability to fail, fail over, fail back down our file system. It has to be immutable to keep the bad guys out. You have to have encryption, basic things like that. The next layer, particularly in this world of zero trust, right, is you have to have various layers, access control, obvious things like multi-factor authentication, role-based access control, as well as things like quorum features. It's the two keys in the safety deposit box to unlock it. But that's not enough. The third layer is this AI powered anomaly detection and being able to do data classification and such. But then the fourth layer, and this is beyond just us, is the ability to easily integrate in that ecosystem, right? So I'll go back to the Cisco example I gave you before. We know that despite having our own admin console, there's no sec-opt person that's going to be looking at that, right? They're going to look at something like a secure X or maybe a Palo Alto XOR. And be able to, you know, pull signals from different places, including endpoints, including firewalls. You're going to feed that. Exactly, so we'll send signals over to that. They can get a better view. And then because we're all API based, they can actually invoke the remedy on their side and initiate the workflow that then triggers out to do the right thing from a data protection standpoint and recovery standpoint. Well, it's great to have you here. Thanks so much for coming on and see you in the evolution of, yes, absolutely. Hopefully we'd do this a lot in 2022, Chris. Absolutely, looking forward to it. All right, me too. All right, thank you for watching. This is theCUBE's coverage, AWS re-invent. We are the leader in high tech coverage. We're right back.