 Hello and welcome back to navigating the road to cyber resiliency. This is the summit made possible by Dell Technologies and this is the analyst angle, Rob Streche and Shelly Kramer, who are the two managing directors of theCUBE Research and Advisory. And of course, John Furrier. Guys, thanks for spending some time here. We're going to wrap up before we get to the ecosystem speaks. But Shelly, I want to start with you. You've been sort of monitoring throughout the day. You're just about to release a new podcast series with Joe Peterson, who's pretty deep engineering expert around cyber security. I know it's been an area that you've looked at for a while. What are your takeaways from this summit? What are the things that you learned that people should be aware of? You know, it's interesting. I feel like whenever I, first of all, it was a ton of great content, but I feel like every time I listen to these conversations, these are not new conversations. You know, we've been talking about the need for security to be a foundational element for years. We've been talking about observability. We've been talking about endpoint management. I mean, we've been talking about all of these things. And I think perhaps that the advent of Gen AI has maybe even sped up even more the need to get our arms around all this stuff. Because as you mentioned earlier, hackers aren't sitting around. I mean, they are looking for every opportunity to maximize opportunities. They're patient. In many instances, they're funded by nation states. So we have a lot of work to do. Yeah, and we found out from Wendy Whitmore, they take vacations just not when we're on vacation. They like to do things when we're on vacation. It's the hacking season. Absolutely. Well, you know, the sort of tongue-in-cheek joke is patch Tuesday is hack Wednesday. But that's the other thing that we're hearing is that the breakout time is compressing. So it's like down to hours, you know, sometimes even shorter. So speed really matters, doesn't it? Yeah, I think there's both the speed aspect and the longevity and how long these operators are in your environment and the fact that the regulations may or may not keep up with that. And when do you know if I, when do you even know that you've been attacked or you're in? And I think understanding that you still have to have those guardrails in place. It can't be a shift left or shift right type of thing. It has to be organizational. It has to take platform engineering into account because you have many different places to go now. John, I want to get your take on AI. I mean, it's something that you've, you've not only, you know, thought about it, written about it, you build it. How do you think it applies to security? We had SuperCloud earlier this year where the focus was on AI and security. In just a few short months, things have changed and things come into focus. What about AI? I think Shelly pointed out based on her research, it's the same conversations that's been upleveled with at Gen AI, changes the scope and changes the order of magnitude and the problem scope. So I think Gen AI totally changes the game on velocity. So for the good guys and bad guys, it also changes the organizational aspect too. Rob pointed that out in his comment. The organizations are struggling right now because things like the MGM hack are a combination of poor technology selection and just organizational mismanagement just from the pace of play of security. At AWS re-invent, if you remember, we interviewed their top security guy on theCUBE and Amazon now has one security organization for their entire company, not AWS, Amazon. And what that means is they're looking at it as a holistic thing, not a series of siloed CISOs. It's an organization across the entire company under Steve Schmidt, chief security officer. And what that points to is that the organization is zooming out to take a big step forward, right? So I think Gen AI is going to force organizations to think differently so they don't have the problem with the MGM. Rob Demsley pointed that out, who's the pioneer behind this program, that organizations have to decide and if they had Dell, they probably would have better recovery like CISOs did. So you start to see the organizational changes because Gen AI completely changes the pace of play. There is no app sec review for bad guys. They just launch. If it doesn't work, they launch again. So companies have to have a high bar. And so they're fighting organizational slow speed versus hacker speed. Again, hackers try it, it doesn't work. They go back to the well. And so their ability to throw stuff out at the wall is there. So again, this is the fight fire with fire. Zia pointed that out on the last analyst angle. So to me, Gen AI absolutely changes the pace of the attacks and gives the opportunity for the companies to defend themselves better. So it's going to be interesting to watch and how that changes the organization. You know, Shelly, I want to ask you because I think that when I think about the objectives of theCUBE research and I think about your background in customer experience, I think there's an opportunity and I'd love to get your thoughts on this on transforming the sock analyst experience. Listen to John talk about AI. AI is going to change. I mean, we always hear about how they're like air traffic controllers and their eyes are bleeding. But do you think that the industry can bring, you know, best in class consumer customer experience that we've seen evolve over the last decade to the sock analyst? Well, I think we have to. I mean, you know, it's funny when you were talking, John, I just had a vision in my head of a game of whack-a-mole, you know? And that's what I think it must feel like to be a CISO right now. Like, oh crap, what's going on here? You know, and that's really where Gen AI plays such an important role. And I think really having the right technology solutions in place and the right support is super important. I think though beyond just the sock operations and the CISO, this is a board level issue. And when I was preparing for a webcast that I did this weekend, that's not yet live, I came across some interesting information. It was a research that was done by a VC firm, Night Dragon, with the Diligent Institute, which is a software company. And the research that they released did it, they did an analysis of the board competition of the S&P 500. And those boards, 88% of the directors on those boards of some of the biggest companies in the world had no directors with cybersecurity experience. So we're operating in a realm of people making decisions at the highest levels within our organizations have no real knowledge, certainly no expertise. And so, you know, but they're making policies and leadership decisions and things like that. So I think that we need to start there and understand that this is a top down and organization wide issue. And yes, we can provide better support, but it also comes with senior leadership really understanding the severity of this issue. And playing off of that. And I think going towards how you were talking about Gen AI, changing things and how whack-a-mole and all of the different things that keep popping up. I think it goes back to some of the stuff we talk about with the data silos that are out there and how getting control across all of those data silos and having an understanding of what's a known good state. How do you get to a minimally viable company? And that becoming a board level thing. What is a minimally viable company look like? And being able to say, yes, I've gone in clean room this I've gone and understood where I can go and actually recover too. I've done all of this. And cybersecurity at least, and we've seen it from a perspective of how many people actually have done tabletop experiments in the past year. It's super low, single-digit percentages. And if you haven't even done that at the tabletop, how do you know you can actually go recover to a known good place for your minimally viable company? That came up in our, a mandian customer on threat detection, the tabletop exercises are critical. We go back to theCUBE, 2012 timeframe, big data in 2010 with Hadoop and we've been on that big data wave. Almost every year it's been, security is a data problem. So, okay, it's been kind of, it is a data problem. I get that. Now you've been the Gen AI piece and that says, okay, Gen AI is leveraging the data. So to me, the platform engineering conversation combined with cloud next gen scale and the Gen AI to me is the perfect storm for organizations to look at, that's why I brought the Amazon thing to look at how they're organized, assuming that AI will be an augmentation to help do some heavy lifting, do the compliance reporting, that's always part of the board level. So helping out on little stuff like that, but also automating some of the defenses. So I think- And point management, all that. I think this is going to be a confluence of those three elements. Platform engineering goes to data, okay, data engineering, engineering specifically, not data science, data engineering. And then the Gen AI, I say, I won't say weapon, but it can be weaponized for good and because it's being weaponized for bad. That's going to be interesting to see how the apps respond to that. I think you see cloud native community, Rob, probably move away from talking about Kubernetes as it gets boring and standard to how that's going to be augmenting the platform engineering conversation. Well, I think this is a data problem and it's like there's too much data. You get all these false positives. It's very hard to do what we do in the cube and we've been doing it since we've saved since 2010, extracting the signal from the noise, which is our tagline. But so I think that AI, there's a promise that it can potentially help with that problem, but there's just so much data. It's hard to get fidelity out of that data. Does AI change that, Rob, in your view? I think it helps. I think it starts, it's a portion of the answer. And I think it goes back to, it's not only how much data it's, how long you keep it for, where do you store it, how do you understand it? Because it may be that the attacks mutate over time or the time may be way more condensed. In this time, we may be talking minutes where they, something fails, they try a different one and they have access now using Gen AI on their side to actually mutate their attacks very quickly. So you're fighting fire with fire as Zia talked about and you look at that not only happening in the core but out at the edge, as we talked about earlier in the day. And when you start to look at products and how products are engineered and how do you keep bioses and OSs and all of that, the entire stack free and clear so that you're not reinfecting it without knowing it. That kind of stuff is still not a Gen AI problem necessarily, but it's looking at the different fingerprints extracting the signal out of the noise and going about that. That's why when we were talking about it earlier about SecOps and AIOps and I also put observability into kind of that triad of things coming together so that you understand where things are and it's organizational at that time. I mean, I find Dave that this is an interesting topic because part of this event that's clever is the title navigating the road to cyber resilience. And it's from Dell data protection but also data recovery is the big topic, right? So it's not so much data protection. Then we had Palo Alto networks on their threat management. So I think the combination of threat management, data protection as not either or they're both kind of coming together, brings together this whole customer problem which is they're kind of just trying to discover the road. So like Dell's already navigating it but I think the customers are trying to discover what is my strategy? What is the architecture going to look like? How do I organize my people? And then how do I use Gen AI in there to help me? But in the meantime, I'm flying the airplane at 35,000 feet. I got to still do protection and recover. So it's kind of an interesting problem that's happening in real time. I think that's gonna be the big challenge is that what is the road? What is that road? Yeah, and I think that we did, I did some research in partnership with Dell. It was done, the study was done in late 2019 and published in 2020. And I cite this all the time because I think it's so interesting. The thing of it is, we don't know what we don't know, okay? So when we asked senior leaders and IT leaders and CISOs about their security operations and their visibility into their security operations, many of them said they used a security framework. They knew that they had experienced breaches. They knew how many breaches a month that they were seeing, thwarting, that sort of thing. So 75% of enterprises who utilize security frameworks said they experienced a breach. 51% of the enterprises that responded to our survey said that they don't use a security framework and they hadn't had any breaches. Well, the reality of it is that, like, you don't know. You're not looking. Whiskily ignorant. Right, but I think that speaks to what you're saying too. Like, if you're not looking, if you don't have real-time visibility, if you don't have observability in there, which you mentioned is a part of this equation, there's stuff going on you have no idea about. In this world, there are those who have suffered breaches and those who don't know they've suffered. Exactly, and those who are going to suffer a breach because it's inevitable. I think the other big thing that I took away from this whole series is just during episode one, episode two, culminating in the summit, the nature of ransomware has evolved just in this short timeframe, right? And you heard Palo Alto today, Wendy Whitmore, talking about, no longer is it just spearfishing, it's these mass vulnerabilities. For the first time it took over the top spot. That's what, you know, her comment was really notable. I mean, Dave, it's lucrative. Ransomware is highly effective. Absolutely. They have teams of companies underground doing this, the big tam there, and they get the ransomware and they lock it up and they start for cash. I would even say that stay tuned for some of the stuff from the ecosystem coming up, because even in some of those discussions, ransomware used to go from really being poorly written or having comments in it and things of that nature, and we start to get into that now with the advent of Gen AI and being able to do that, you can actually produce really smooth, really clean ransomware that doesn't have a lot of fingerprints leading back to you, but it leads to Gen AI. And I think that kind of information and that kind of trail is becoming even more difficult. So being able to be prepared ahead of time. It's becoming democratized. Well, I mean, any knucklehead can be a ransomware. Well, that's the whole point of- Well, they sell ransomware as a service. Ransomware's a service. What is that? No barriers, no negotiations for you. No barriers to entry. And Dave, like we always say in the podcast, we don't really argue. We also agree it's the same thing. AI is a productivity opportunity and guess who's more productive, the bad guys. So, I mean, they're just getting better. And to your point, I mean, this is like the smarter, faster ransomware. So again, that's why I think the recovery thing is so interesting to me. Dell's nailing the recovery piece and it's not data protection, because that's on one side, but the recovery is the central conversation. Right. And I think it also talks to some of the things we've already heard around the different frameworks and how you apply them. And taking a step back and looking at it, it can't just be about, resilience is about trying to stop it, but being prepared on the other side when something does go bump in the night with one of your applications. As we heard, 80% of people really looked at it. They had very low expectations that they could actually recover all their mission critical applications to get back to a minimally viable company. When you start to look at that and you say, okay, did I implement the NIST framework? Did I start to look at some of these other frameworks that are out there, Atlas and others? Did I start to go and use Zero Trust? How do you pair that with? It can't be a, I just did this and I'm good. It's an all above strategy that brings cyber resilience and cybersecurity together. Well, and you heard from Gil Hecht who came in from Israel. That was really fascinating to me because storage systems that are working properly, they do a good job of recovering, but when they've been attacked and you have to recover from all these different piece parts of discontinuous data, it's a really complicated matter. So they created this offering called Storage Guard, which I think resells or makes part of their solution. That is a really specialized capability that not a lot of people have. I mean, it's just not something that is easy to develop off the shelf. And so it's taken years and years of experience to actually develop something like that. And then of course to apply it is critical to your business. Well, Rob Demsley talked about the ecosystem where I think it's a big point that's going to be bigger. You know, I remember when we were talking with General Keith Alexander Day back a couple of years ago, data sharing was a big, you start sharing the data. I think because these products are always going to be intertwined with cloud and on edge and on premises, the multi-vendor ecosystem, data sharing, understanding how their environment's going to be big. I was hearing a story, I won't say the name of the company, but they have a back end system, they're in a category and they're doing good. Turns out you can load on Chrome, Chrome extension that basically logs passwords. Well, some companies don't even store passwords or get, hey, we have your all your company's passwords. That's not even related to the company. And so these vectors are coming in, these attack vectors to get stuff. So I think there can be more emphasis on ecosystem, who's partnering with who. That's going to be a big part of, I think the evaluation in my opinion, because you start to see the interactions with the data. Well, and you have all this distributed infrastructure. We've been talking about cloud, we've been talking about data centers, edge, a data protection, backup and recovery, business resilience, super cloud has to emerge because you're not going to have stovepipes, I hope for cloud and another stovepipe for your data center and another stovepipe for your IOT and Edgeworth. That's not going to succeed, right? It's got to be a comprehensive solution. And you know, I mean, we've been talking about knocking down silos for the last decade across all organizations of all sizes. And so this is not any different. It has to be connected. Yeah, I think exactly how you go about that and which silos I think, again to our rants on platform engineering and how it's the new IT and how it goes across and where you're bringing security and resilience needs to be from the time you code the app to the time you've run the app. And it can't be just day two. You can't just slap it on. You have to think about it. And that's the processes and the people, not just the technology. And I think that's what I've really liked about today is we're talking a lot about the people and the processes and we're going to continue that with the ecosystem after this. Okay, well, let's talk about that. Up next is the ecosystem does speak, as Rob just said. We've got execs from DXC, Kindrel and ATO. So you've got these major service providers that are giving their perspective. And they're in the front lines, they're seeing this. Then we have Brent Ellis and Elizabeth Preston from Forrester. They've discussed the economics of cyber recovery solutions. They're super intelligent and detailed analysts. Great to have them on. And then I've been teasing a lot in this series, Mark E. Sorensen wrote a book, Restaurant in Jaffa. And guys, he talks about the fragile nature of critical infrastructure and how relatively trivial it is to hack that. And of course it's fiction, but it weaves in a lot of nonfiction and it's quite enlightening. Then David Strom, the cyberjournalist for SiliconANGLE tells it like it is. And then we close with Dr. Tony Bryson, who's the CISO of the town of Gilbert, Arizona, which is really a city, it's quite a large town. This is the third in our series of really focusing on this really important issue of cyber resiliency. So check out theCUBE.net and SiliconANGLE.com and theCUBE Research, which is formerly Wikibon. And we want to thank Dell for making this series possible. Thanks to all our guests. And guys, thank you for helping us wrap up AnalystANGLE. And thank you for watching. This is Dave Vellante for John Furrier, Rob Streche and Shelly Kramer. Enjoy the rest of the show.