 Welcome back everybody to SuperCloud 3 where we're digging into the intersection of cybersecurity, cloud and AI and it's our pleasure to welcome investor, entrepreneur and CEO of Rubrik, Bipol Sinha. Bipol, great to have you back in theCUBE. It's been a while. Thank you Dave for this opportunity. I always appreciate you speaking with you. Yeah, so this is a third in our series of SuperCloud and CrossCloud and I'd be interested in your sort of SuperCloud story and how you're thinking about cyber or how the business is changing. If you look at the traditional cyber security industry it has focused on prevention of attacks and collectively we all spend $150 billion to prevent attack but we all know prevention is not 100% otherwise there will be no news of cyber attacks. So businesses and everybody has to think about another strategy that is the complement to the prevention strategy and that in our mind is the resilience so that you can continue to operate the business even in presence of a cyber breach and the combination of the prevention plus the resilience is the complete cyber strategy zero trust end to end. So in our mind, what you call SuperCloud is truly this data and applications scattered all over the place from your private data center to public cloud providers to SaaS platforms and how do you secure that data and make that data available to the right user at the right time on the right platform for the right duration so that they can drive fundamental resiliency because if your data is available you can reconstitute the business, restore the business and keep going. So in some ways digital economy, digital lives that we are all living cyber is a tax to our digital economy and as long as we can keep the tax low we can continue to deliver digital goods and services to our customers, partners the whole ecosystem and grow this economy. So our job is to combine this prevention strategy with resilience strategy across SuperCloud multi-cloud world to deliver fundamental business resilience. Yeah, so thank you for that setup. So when you think about this notion of data being the digital representation of your business the stakes are getting higher and higher. The problem is cybersecurity so complicated. How do you simplify? How do you think about the future of cyber in terms of making it simpler for people to at least defend? If you think about the world today the world today is folks accessing services and the jobs of the CIOs and CISOs is how do they constitute and create a portfolio of services whether the services comes from their own private ownership and maintenance of applications and data or the services can come from cloud or SaaS but they have to create this portfolio of services to reduce the risk and propel the business power. Now the question is that this portfolio of services if you fast forward 10 years is going to be how do we access or allow business users the access to this portfolio of services and what are the data that are living in these services? So the cybersecurity industry will have these two major components. So when I say access it means that networking, endpoint, authentication, access management and the data is all about user and data interaction. So as long as we can secure access and data we can secure the digital future we can secure the digital life and that's where the cyber industry is going and everything will boil down to access and data. Okay, so it's an access problem and a data problem. I like the way you sort of frame that. Now you think about rubric, do you transition from really a data backup, recovery, DR, data management company really leaning in to cybersecurity. I remember RSA, you guys were all over the place right at the corner of Howard Street you had a really big presence and made it known that you're in directly in this business. What were the most significant sort of findings and challenges that you faced in aligning sort of those traditional competencies with this new direction and actually how new was it? Was it more just sort of a natural progression? I wonder if you could just explain that for the audience. The backup and recovery industry was created to solve for human error recovery or the natural disaster recovery. And these two incidents are not very common. They are very infrequent but for compliance governance reason you need to have that infrastructure. But in the last 10 years the biggest disaster is cyber disaster. And this is the core data strategy for every enterprise every IT department. And our goal was to transform the legacy backup and recovery into a data security platform that not only drives the traditional backup recovery capabilities but fundamentally gives cyber resilience and cyber recovery because that's the number one use case that's the number one use. So if you think about businesses and how critical data is data is the most critical asset of any organization. So if we can drive the data security provide resilience to the business then the business essentially becomes resilient and they can operate even in the presence of breaches because breaches will happen is inevitable. So the question is that can you continue to operate? And that's where we saw the opportunity in rubric that's what that's the vision we are driving. We are already the largest data security company and we believe that there is an opportunity to really create this cyber resilience future based on the data security strategy. And when you think about risk models is the classic risk models you got frequency and probability and then the degree of impact and you're right when it's a disaster it's like very high impact but low probability might have to happen once every 10 years and that's sort of how you plan for it. Cyber completely changes that equation. It's like high frequency, high probability high impact all the time. So you really have to increase much greater granularity and flexibility and responsiveness. So I'm interested in how you do that across clouds. Like if you could talk specifically about kind of your deployment model you've got the scale out highly distributed architecture is it a single global instance across clouds or do you instantiate your stack in multiple regions? How does it actually work? We are very aligned to your vision for super cloud. In fact, the rubric security cloud that is the single place to manage and secure all you data across all you data states across all the clouds whether it's SaaS on premises or like large cloud service providers is a single place to manage it all. So in some ways we are delivering super cloud security super cloud data security. So what we do is the all the brain of the data security lives in rubric security cloud and we keep the data next to the application so that we can do fast recovery upon a cyber incident. And that is the vision but you manage everything with a policy driven platform so that you don't have to worry about whether your M365 getting protected with the same frequency and retention and resilience as your AWS RDS resource or your private data center VMware resource all protected with a single policy engine across everything. And that single policy engine is how is that how you create not only a consistent experience across clouds but synchronizing data because if you're distributed and you're close to the application you have the possibility of being out of sync do you have to have magic that figures that out? Is that right? Is that how you do it? So policy engine was our core innovation in rubric and you are 100% right because you need to have consistency in terms of and clubbing of different applications together in terms of how you secure the data and how you create a consistent data outcome so that you can restart a distributed application. And we do all of that with rubric security cloud but the most important innovation for us was making sure that all of your data is protected with zero trust architecture and that was the core innovation of rubric plus the policy engine and plus the threat intelligence and event response that is built right into our platform. So what we really did was we took the concept of backup and recovery and took the concept of cyber security and data protection combined the two into a single platform that not only drives the classic backup recovery but through a policy engine and automation it really brings the threat intelligence and event response. So let's talk a little bit about AI cloud is code code is now natural language and the adoption of AI and LLMs and cyber security is increasing obviously at a very rapid pace. How are you specifically integrating AI into your cyber security solutions? And maybe you could share what unique advantages this brings to your customers and to rubric from a differentiator standpoint. The AI is a groundbreaking opportunity for the whole industry. We just announced a partnership with Microsoft and a product integration where we bring rubric security cloud plus Microsoft Sentinel plus the open AI Azure services together to really simplify cyber remediation, cyber recovery and really lower the barrier to entry for somebody to really perform a cyber remediation, cyber recovery operations. And it shows that if you look at like there are a million open jobs on cyber security there is a severe talent shortage. If we can apply artificial intelligence for generative AI to lower the barrier and automate the cyber security response it's a significant leap. But on the other side, generative AI is also helping people bad people create more malware attack, more ransomware attack you have ransomware as a service that the bad players are actually renting to create more attacks. So in some way we have to fight fire with fire and in this world of machine to machine attack we have to deploy generative AI technology to really automate our security operations and really comprehend the cyber attacks because it has gone beyond human comprehension and the only way we can comprehend is to augment our understanding with machine intelligence and that's where the world is going. So do you think, and we've been asking everybody this and we get some interesting answers ultimately do you think AI is going to be a greater benefit to the defenders or the attackers? There is no finish line here and it'll be a cat and mouse game they will have a upper hand the bad players will have an upper hand and then good guys will come in and fix it and then it'll continue. Look, at the end of the day as I was saying before like cyber attacks is like attacks you cannot avoid it there's no way that you can say I can prevent 100% you have to manage it this is a risk management function and as long as your risk is acceptable and low you can continue to operate. So businesses have to understand what assets they have what is the content of the asset and what is happening to those assets and make sure that they have a comprehensive strategy on prevention to resilience. So I'm curious if you mentioned Microsoft before of course they're an investor in the company and you as a former investor and sort of now you're an entrepreneur risk taker and I know your story a little bit and you had the nice cushy job at Oracle and then decided we talked to you way back when Nutanix was reaching escape velocity so when you see what happened the AI shot heard around the world and what Microsoft has done with open AI that basically leapfrogged from a business model standpoint everybody I mean, it's actually quite remarkable I'd love to get your thoughts on how you see the landscape with your investor hat on. I mean what is most interesting is that we all are in the technology industry one step away from the greatest leap or the greatest disappointment and the think about like Microsoft a 40 year old company that is really defining the next biggest possibly the biggest frontier of our lifetime and really creating product and defining that landscape. So we are now in this world of compressed time to scale and decay compressed innovation cycle and we all have to think about like what is the next thing that has not been invented yet or known yet broadly speaking that can create this disproportionate opportunity and Microsoft to Satya's credit took a big bet and that bet was about AI's power to augment human intelligence and how do you bring that power in the form of co-pilot across the gamut of applications so that you lower the barrier and gives this knowledge to every person in the world and in some ways, Genitive AI has marked the end of the knowledge economy and now we are in the intuition economy because anybody anywhere in the world have the knowledge of what has happened so far. Now the game is what could you create based on that knowledge? So I think, you know, your pivot to cybersecurity has got a lot of attention in the market and now you've got this, we've been talking about the heterogeneity inherent in multi-cloud environments and then you got cyber threats that are evolving. This is just the unbelievable cat like you said, cat and mouse game, unprecedented rates. So how does Rubrik specifically stay ahead of these emerging threats, especially those, you know, whether it's related to ransomware, et cetera, but what measures do you have in place and whether it's part of the ecosystem or partnerships to adapt and swiftly respond to these threats? Okay, the thing is that one company cannot alone solve this problem and there is no silver bullet to this problem. So businesses have to have comprehensive strategy around making sure that the basic hygiene is done. In our own Rubrik Zero Lab reports, what we found was two-third of the attacks are known problems that people didn't patch. Only one-third of the attack is zero day. So think about it like the attacks are attacking our psychological issues where we click on an offer without thinking or we don't patch because we procrastinate. So the focus on fundamental hygiene, education, and making sure that we have the full integration and visibility across different tools that we are all using to be able to see end to end. I think the number one thing in cyber is visibility and control. And as long as an ecosystem of cybersecurity companies, if we deliver that visibility and control from data to infrastructure, that has been the traditional cybersecurity was infrastructure. We are bringing the data intelligence to it. That's where the answer ends. Yeah, great, thank you for that. And I want to end back on AI. As the CEO, how do you think about the future of AI in cyber? You know, it's we've been using a lot of analogies BIPL this week in the super cloud, the Netscape moment or even maybe better iPhone when you had the flip phone and then you saw the iPhone. Wow. But at the same time, when you go back and look at the initial browser, you know, or dial up modems or the first iPhone even, we think many think people think that we're going to look back at what chatGPT was and is in 2023 and say, wow, 10 years from now, five years from now, wow, did we come a long way? So as a CEO, how do you see the future of AI in cyber? Can you share any thinking or initiatives that Rubrik's working on that are going to leverage further AI in your future? So Rubrik uses AI to derive security intelligence from data. So we have been doing this for several years and we continue to use, make use of Genetic AI and other technology because most of the threats are about data sensitivity, which has huge language impact. But overall, if you take a step back and think about this AI Genetic AI moment, to me, it feels like we are living in 1999 where people intuitively grasp the power of internet, but the use cases and killer applications were still getting developed and people took many different approaches and many different angles to the problem or to take advantage of internet and 90% of those experiments failed. Few of them survived. So there was a huge run up. Then there was a crash and then there was a renaissance. That's the nature of the technology. So we are living in the 99 moment of Genetic AI. Lot of experiments, lot of ideas. Most of them will fail. Some of them will survive. There will be a crash. More applications will be developed than and then there will be a renaissance. But that is the natural cycle. You cannot short circuit and that's how it'll be. But what is very interesting is that fast forward five, 10 years from today, it'll change our lives. I have one more question. You just made me think of when John Furrier and I were debating on one of the cube podcasts recently, you know, whether or not this was like the internet in that you basically just described it. You had a few companies, you know, obviously the, you know, Amazon, eBay was another one that sort of survived that crash. Most went out of business, but you had incumbents that took massive advantage of the internet. I mean, take a company like Dell, they just supercharged their direct sales model. How do you see this era? Did you see it more like the internet or even, you know, some folks argue, well, no, it's more like the sort of PC wave where everything's going to get disrupted. How do you see it? I see it like an equal opportunity for incumbents as well as the startups. Because incumbents through few cycles have learned that they cannot stay away or look at the new technology as a toy. Because in the past, they looked at new technologies as a toy and that led to the disruption. So the incumbents are more prepared, more careful. And if you see the number of generative AI announcements from large players, it's astounding because the technology is still early. The models are still hallucinating, but still there's so much focus and attention. So in my mind, some of the incumbents will take advantage of it and become stronger. Some of the incumbents will go away. A lot of startup experiment will fail. Some of them will succeed, but don't kid ourselves. We are going to have our lives changed. Bippo, I don't know why we don't have you on more. I hope we can do this again soon. It was great having you. Thank you. Thanks, Dave. All right, and thank you for watching. Keep it right there for more content from SuperCloud 3 live in the Palo Alto studios and of course on demand at theCUBE.net. Right back.