 We're back with theCUBE at Falcon 2022, Dave Vellante and Dave Nicholson. We're at the Aria. We do, of course, a lot of events in Las Vegas. It's the place to do events. Dave, I think it's my six or seven time here this year. At least, I don't know, I lose track. Jeff Swain is here. He's the Vice President of Global Programs, Store and Tech Alliances at CrowdStrike. Jeff, good to see you again. We saw each other at Reinvent in July in Boston. Yes, Sam. It's great to see you again, Dave. Thank you very much. And we talked about making this happen. So thrilled to be here at CrowdStrike Falcon. We're going to talk today about the CrowdStrike XDR Alliance Partners. First of all, what's XDR? Well, I hope you're paying attention to George's keynote this morning, I guess. The one thing we know is that if you ask 10 or five people what XDR is, you'll get 10 answers. I like this answer. A holistic approach to endpoint security. It was good simple. That was a good one at Black Hat. But tell us about the XDR Alliance Partners program. Give us the update there. Yeah, so we spoke about it reinforced. The XDR program is really predicated on having a robust ecosystem of partners to help us share that telemetry across all of the different parts of our customer's environment. So we've done a lot of work over the last few weeks in trying to bolster that environment, specifically putting a lot of focus on firewall. You'll see that Cisco and Fortinet have both joined the XDR Alliance. So we're working on that right now. A lot of customer demand for firewall data into the telemetry set. Obviously it's a very rich data environment. There's a lot of logs on firewalls, and so it drives a lot of information that we can leverage. So we're continuing to grow that, and what we're doing is building out different content packs that support different use cases. So firewall is one, CASB is another, emails another, and we're building out the partner set right across the board. So it's been a great set of activity. So it's partners that have data. Yep. Probably some, you know, Joe Tucci, your old boss used to say that overlap is better than gaps. So sometimes there's competition, but that's from a customer standpoint, overlap is better than gaps. So as you mentioned, Cisco, Fortinet, and there are a number of others, they've got data, and they're going to pump it into your system. Our platform. And you've got the, in your platform, you've got the ability to ingest, you've got the cloud native architecture, you've got the analytics, and you've got the near real-time analysis capability, right? Augmented by people as well, which is a really important part of our value proposition, you know? It's not just reliant purely on AI, but we have a human aspect to it as well to make sure we're getting extremely accurate responses. And then the final phase is the response phase. So being able to take action on a CASB, for example, when we have a known bad actor operating in the cloud, is a really important, easy action for our customer to take that's highly valuable. You're talking about your threat-hunting capability. Right. And our Intel capability as well. We use all of that information, as well as the telemetry, to make sure we're making good, actionable decisions. Intel being machine intelligence, or human and machine? Human and machine intelligence, that we have a whole business that's out there gathering Intel. I believe you have to think to add a virus who runs that business. And you know, that Intel is critical to making good decisions for our customers. So the X and XDR is extended. Correct. Extending to things like firewalls, that's pretty obvious in the security space. Are there some less obvious data sources that you look to extend to at some point? Yeah, I think we're going to continually go with where the customer demand is. Firewalls is one of the first. And email is a very significant other one. You'll see that we're announcing support for Microsoft 365 as well as part of this announcement. But then we'll still grow out into the other areas. NDR is a specific area where we've already got a number of partners in that space. And we'll grow that as we go. I think one of the really exciting additional elements is the OCSF announcement we made at Reinforce, which also is a shared data schema across a number of vendors as well. So talking to Microsoft's point this morning in his keynote, it's really about the industry getting together to do better job for our customers. And XDR is the platform to do that. And CrowdStrike's way of doing it is the only really true, visible way for a customer to get their hands on all that information, and make the decision, see the good from the bad, and take the action. So I feel like we're really well placed to help our customers in that space. And Kevin Mandir referenced this too today, basically saying the industry's doing a better job of collaboration. Sometimes I'm skeptical because we've certainly seen people try to commercialize private information, private reports. But you're talking about some of your quasi-competitors, cooperatives actually partnering with you now. So that's a good indicator. I want to step back a little bit, talk about the macro. Big conversation on Wall Street. Everybody wants to talk about the macro, of course, for obvious reasons. We just published our breaking analysis talking about you guys potentially being a generational company and sort of digging into that a little bit. We've seen, you know, cyber investments hold up a little bit better, both in terms of customer spending and, of course, the stock market, better than tech broadly. So in that case, it would suggest that cyber investments are somewhat nondiscretionary. So that is my question. Are cyber investments nondiscretionary, if so, how? You know, I think George calls that out directly in our analyst reports as well, that we believe that cyber is a nondiscretionary spend, but I actually think it's more than that. I think in this current macroeconomic environment where CIOs and CISOs are being asked to sweat their assets for a significantly longer period of time, that actually creates vulnerabilities because they have older kit that's running for a longer period that they normally round out or churn out of their environment. They're not getting the investment to replace those laptops. They're not getting the investment to replace those servers. We have to sweat them for a little bit longer, which means they need to be on top of the security posture of those devices. So that means that we need the best possible telemetry that we can get to protect those in the best possible way. So I actually think, not only is it makes it nondiscretionary, it actually increases the business case for taking on a cyber project. And I buy that. I buy that the business case is better potentially for cyber. The business case of cyber is about risk reduction, right? It's about reducing expected loss. But at the same time, CISOs don't have an open wallet. They have to compete with other P&L managers. I also think the advantage for CrowdStrike, I'm getting deeper into the architecture and it's beginning to understand the power of a lightweight agent that can handle, I think you're up to 22 modules now. I've got questions on how you keep that lightweight. But nonetheless, if you can consolidate the point tools, which is one of the biggest challenges that SecOps teams face, that strengthens the ROI as well. Absolutely, and if you look at what George was saying this morning in the keynote, the combination of being able to provide tools not only to the SecOps team, but the ITOps team as well. Being able to give the ITOps team visibility on how many assets they have. I mean, these are simple questions that we should be able to answer. But often when we ask an operations leader, can you answer it? Sometimes it's hard for them. We actually have a lot of that information. So we're able to bring that into the platform. We're able to show them where the assets are, where the vulnerabilities are against those assets, and help ITOps do a better job as well as SecOps. So the case strength, as you said, the CSO can also be talking to the ITOps budget. The edge is getting more real. We're certainly hearing a lot about it. Now we're seeing a lot more. And you kind of get the near edge, it's like the Home Depot and the Lowe's stores. Okay, that, I can get a better handle on, okay, how do I secure that? I've got some standards, but it's the far edge. It's the OT piece of it that's sort of the brave new world. What are you seeing there? How do you protect those far flung estates? I think this gets back to the question of what's new and what's coming, and where do we see the next set of workloads that we have to tackle. When we came along, first instance, we were really doing a lot of the on-prem and known cloud infrastructure suites. Then we started really tackling the broader cloud market with tools and technology to give visibility and control of the overall cloud environment. OT represents that next big addressable market for us because there are so many questions around devices, where they are, how old they are, what they're running. So visibility into the OT network is extremely, extremely important. And the wall that has existed again between the CISO and the OT environments coming down, we're seeing closer and closer alignment between the security on both those worlds. So the announcement that we've made around extending our Falcon Discover product to be able to receive and understand device information from the OT network and bring it into the same console as the IT and the OT in the same console to give one cohesive picture of visibility of all of our devices is a major step forward for our customers and for the industry as well. And we see that being able to get the visibility will then lead us to a place of being able to build our AI models, build our response frameworks. So then we can go to a full EDR. And then beyond that, there's all the other things that CrowdStrike do so well. But this is the first step to really, the first step on control is visibility. And the OT guys are engineers. So they're obviously conscious of this stuff. It's more, again, you're extending that culture, isn't it? Yeah, yeah, yeah. Now, when you're looking at threats, you want to do things to protect against those threats. But how much of CrowdStrike's time is spent thinking about the friction that's involved in transactions? If I want to go to the grocery store, think of me as an endpoint. If I want to go to the grocery store, if I had to drive through three DUI checkpoints or car safety inspections, every time I went to the grocery store, I wouldn't be happy. As an endpoint, as an end user in this whole thing, ideally we'd be able just to be authenticated and then not have to worry about anything moving forward. Do you see that as your role, reducing friction? 100%. That's, again, one of the core tenants of why George founded the company. I mean, he tells the story of sitting on an airplane and seeing an executive who was also in the airplane trying to boot their machine up and trying to get an email out before the plane took off and watching the scanning happen, you know, old school virus scanning happening on the laptop and that executive not making it because, and he was like, in this day and age, how can we be holding people back with that much friction in their day to day life? So that's one of the, again, founding principles of what we do at CrowdStrike was the security itself needs to support business growth, support user growth and actually get out of the way of how people do things. And we've seen progression along that lines. I think the Zero Trust work that we're doing right now really helps with that as well. Our integrations into other companies that play within the Zero Trust space makes that a frictionless experience for the user. Because, yeah, we want to be there. We want to know everything that's happening but we don't want to see where we always want control points but that's the value of the telemetry we take. We're taking all the data so that we can see everything and then we pick what we want to review rather than having to do the checkpoint approach of stop here, now let me see your credentials, stop here and let me see your credentials because we have a full field of knowledge and information on what the device is doing and what the user is doing. We're able to then do the Trust with Verify style approach. So coming back to the Edge and IoT, bringing that Zero Trust concept to the Edge, you've got IT and OT. Okay, so that's a new constituency but you're consolidating that view. Your job gets harder, doesn't it? So talk about how you resolve that. Do the concepts that you apply to traditional IT endpoints apply at the Edge? So first things we have to do is gain the visibility and so the way in which we're doing that is effectively drawing information out from the OT environment by having a collector that's sitting there and bringing that into our console which then will give us the ability to run our AI models and our other indicators of attack or indicators of misconfiguration into the model so we can see whether something's good or bad. Whilst we're doing that obviously we're also working on building specific sensors that will then sit in OT devices down one layer down from rather being collected and pulled and brought into the platform being collected at the individual sensor level. When we have that completed and that requires a whole different ecosystem for us. It means that we have to engage with organizations like Rockwell and Siemens and Schneider because they're the people who own the equipment, right? And we have to certify with them to make sure that when we put technology onto their equipment we're not going to cause any kind of critical failure that could have genuine real-world physical disastrous consequences so we have to be super careful with how we build that which we're in the process of doing. Are the IOA signatures indicated as attack so I don't have to throw a dollar in the jar? Are the IOA signatures substantially similar at the edge? I think we'll learn as we go, first we have to gain the information and understand what good and bad looks like, what the kind of behaviors are there but what we will see is that as someone's trying to, if there's an actor making an attack we'll be able to see how they're affecting each of those endpoints individually whether they're trying to take some form of control whether they're switching them on and off in the edge and the far edge it's a little bit more binary in terms of the kind of function of the device it's is the valve open or is the valve closed? It's is the production line running or is the production not running? So we need to be able to see that it's more about protecting the outcomes there as well but again, you know it's about first we have to get the information that's what this product will help us do get it into the platform get our teams over the top of it learn more about what's going on there and then be able to take action But the key point is the architecture will scale and that's where the cloud native comes into it It'll scale but to your point about the lack of investment in infrastructure means older stuff, means potentially wider gaps, bigger security holes more opportunity for the security sector I buy that, that makes sense I think it's a valid argument when you out, when we loosely talk about internet of things, edge a lot of those things on the edge there's probably a trillion dollars worth of 100 year old garbage and I'm only slightly exaggerating on the trillion and the 100 years old a lot of those critical devices that need to be sensed that are controlling our electrical grid for example a lot of those things need to be updated so as you're pushing into that frontier are you extending out developer kits and APIs to those people as they're developing those new things? because some of the old stuff will never work and that's what we're seeing is that there is a movement within the industrial control side of things to actually start doing some simple things like removing the air gap from certain systems because we can build a system around it that's trustable and supportable so now we can get access there over a network over the internet to kind of control a valve set that's down a pipeline or something like that so there is willingness within the ecosystem that the IoT provider ecosystem to give us access to some of those controls which wasn't there which has led to some of these issues are we going to be able to get to all of them? No, we're going to have to make decisions based on customer demand based on where the big rocks lie and so we will continue to do that based on customer feedback again on what we see and the legacy air gaps in the OT worlds were by design for security reasons or just sort of I see because there was no way to do it before right so it was like lack of connectivity yeah so it was people felt more comfortable sending an engineer out into the field truck roll yeah yeah to do it rather than to and exactly that again going back to our macroeconomic situation you know it's a very expensive way of managing and maintaining your fleet if you have to send someone to it every time so there is a lot of there's a lot of customer demand for change and we're engaging in that change and we want to see a huge opportunity there coming back to the XDR Alliance because that's kind of where we started where do you want to see that go what's your vision for that? so the Alliance itself has been fundamental in terms of now where we go with the overall platform we are always constantly looking for customer feedback on where we go next on what additional elements to add that the Alliance members have been there's fantastic time and effort in terms of engaging with us so that we can build in responses to their platforms into what we do and they're seeing the value of it I feel that over the next you know over the next two year period we're going to see those our XDR Alliance and other XDR Alliance is growing out to get to each other and they will touch each other we will have to do it like this OCS project at AWS and as that occurs we're going to be able to focus on customer outcomes again if you listen to George you listen to Mike protecting the customer is the mission of CrowdStrike so I think that's core to that story what we will see now is it's a great vehicle for us to give a structured approach to partnership so we'll continue to invest in that we've got a pipeline of literally hundreds of partners who want to join we've just got to do that in a way that's consumable for us and consumable for the customer Jeff Swain thanks so much for coming back in theCUBE it was great to have you thanks guys, thank you okay and thank you for watching Dave Nicholson and Dave Vellante we'll be back right after this short break you're watching theCUBE from Falcon 22 in Las Vegas right back