 Welcome back to San Francisco everybody. This is Dave Vellante for theCUBE and our coverage of RSA 2023. This is day three, hump day, it's Wednesday. We're going to be here all week. We're going through Thursday. We've been wall-to-wall coverage. Really excited to have Nayaki Nayar who's the CEO of Securonix, and Omer Singer who is head of cybersecurity strategy. It's no flake, both CUBE alum. Great to see you both again. Thanks for coming on. Thank you Dave, we are glad to be here and I'm a CUBE veteran now. Many times, you know. So I was going to ask you, so you know, you've been executive in the industry, obviously hot space, why did you decide to come lead Securonix? Yeah, you know, I will tell you, Securonix is in a very, very phenomenal space right now. You have been a leader in the entire SIM market for the last four years in a row in the Garden of Magic quadrant. And when you look at the entire market, SIM market, Dave, it's a five billion dollar market predicted to be approximately 10 plus billion by 2025, going at nice double-digit kegger. And we have a massive opportunity to go from where we are to a quarter billion or half a billion over the next two to three years. But we were at your event the other night and I was talking to some of the folks at your company and they were saying, Nayaki's coming in and really focusing us, laying out a vision, road map. I mean, that's kind of what you do. It's like your superpower. So that's kind of cool. Can you tell us a little bit about that? What can you tell us? Yeah, at this event, we actually rolled out our new vision, the vision and strategy for the next two to three years, which is what we call the unified defense SIM. And a big part of that strategy, Dave, is how we are partnering with Snowflake to be the data lake for us going forward. And with this partnership, our entire SIM as an offering will run on Snowflake's data lake. The security data lake will become the partner going forward offering this for all of our customers. That's a big one. You guys have a lot going on. I mean, you sort of flip to have an industry go to market structure. So we're just seeing all kinds of new industries pop up on the Snowflake data cloud. Security is obviously a key use case. How's that going? Give us the update on the uptake there. Yeah, so you remember we met back in June when we first announced the cybersecurity workload because we've had so many customers ask us, how can we use Snowflake to help scale our cybersecurity program? We've got all the security data that's overwhelming us. It's driving the costs through the roof. The data is very siloed, help us with it. And so we've been taking that very seriously and we've been collaborating with the Securonix team very closely. And what you mentioned is launching is both a product and it's a go to market effort where now when customers ask us, hey, can Snowflake help us with our security challenges at scale? We do have this way of bringing the work to the data and helping them to solve that on Snowflake. So you have all the data, tons of it. You've got the platform. So the idea obviously to put that data inside the platform or however you say that, bringing the platform to the data, right? The work to the data. This is kind of an interesting way to think about it because you're not necessarily, data's everywhere. So you guys got an interesting architecture but my question Nick is what does that enable you to do? Yeah. So when you look at from a customer perspective Dave, right? Customers run our entire Securonix SIM platform for detecting all the threats, for investigating those threats and responding to the threats. And with this new version, what we call the Unified Defense SIM with we running on Snowflake's data lake, it really helps our customers go from a seven days of hot search which used to be the offering that we had before to a full 365 days. None of the customers had 365 days before. So with this new offering, now customers can search full 365 days of hot search. And this capability Dave, there's no other vendor in the market has it. Massive comparative sensation for us right now. And you know what they were doing with the data before when it was let's say seven days in a hot it was then siloed in different places and Snowflake is all about breaking down those silos. So if we could do that for security teams and give them the confidence that there is one place that they know they can go to and they will find the security data that they need to answer their questions. That's a huge shift and a big relief for cybersecurity teams. Why couldn't they do it before? Was it just too expensive? Too complicated? It was very expensive before. I mean just doing, we had seven days of hot search, 90 days of warm search and everything was cold. And it was a lot of what was driven by the cost and the expense. But by moving to Snowflake, now we have broken down those tiers, right? There's no hot warm cold. There's one tier of all hot search and they get full 365 days and we are providing at a price point that is extremely price competitive in the market. Yeah. So a lot of conventional wisdom is always, well the data gets old and then it's not useful. That's not the case in security, is it? No, data is king, right? Data is the new oil. So while we have all the security data, we also do believe the actual data storage itself is not a comparative sensation. Of course, Snowflake does that beautifully. But where Securonix's comparative strength is, is in threat content. So as a part of the unified defense sim, we've also released what we call threat content as a service. Where not only we as Securonix are contributing more and more threat content on our platform, but we are also opening up where our customers and partners can contribute threat content. Similar to, let me give you a very simple example, Dave. You know, if you think of from a Netflix perspective, Netflix doesn't differentiate because of the platform. It really differentiates by the content it delivers, right? So think of it that way. It's not just a platform and the data. It really is a threat content that we deliver on top of this platform that truly sets us apart. We have a very, very strong threat research lab at Securonix, the most advanced with research lab that we release threat content very, very proactively and timely for our customers to take advantage of. The value of all of that content is multiplied when you can apply it across a year's worth of data rather than, okay, great research. Now you apply it to maybe a week's window. That's limited, right? And it limits the value. And that's where Snowflake can focus on being the best data platform. And Securonix can focus on doing that research and having the content to apply across that really 365 day window. So the platform's an enabler. So what are the other things? I mean, Snowflake boiling it down. It's hard to get here but it's simple and you can share data, right? And so how is that data sharing, data sharing that's governed in Securonix, how is that of a benefit to customers in the context of security in that use case? Yeah, so I mean, in addition to what we call the threat content as a service, right? Which is a big part of our unified defense system. Another thing that we have also rolled out is what we call peer-to-peer collaboration, right? Where we are enabling customers to collaborate with each other on this threat content and threat intel. And just to give you an example, let's say if there are two airline companies, American Airlines and United Airlines, they will compete with each other on airlines as a business but when it comes to cybersecurity, they would want to share content, right? Or share intel and the platform enables them to do that peer-to-peer collaboration. That's another big way. In fact, this is what we call, we can help them proactively defend any threats by collaborating with each other and being ahead of the competitors. What is the state of collaboration in the industry today? I mean, the example Neaki just gave is, I think that's probably pretty common, but how about even amongst the technology? Well, first of all, how common is that? And then what about amongst the technology industry? There was, I know several years ago, there was attempts, we have a private data set. We're going to try to monetize that private data set. And that caused a lot of criticism. And I think that's changed, but as a security pro, I'm interested in that. I'll tell you what I'm excited about. I think once all this data is in the data cloud and it could be shared, data includes the insights on the data, things like what are the KPIs, the metrics with which the security program is being measured. If I can start sharing that, maybe anonymized, maybe governed sufficiently, now I can see how's my program faring compared to my cohorts, compared to my industry, and that's super valuable for a security leader to know how are they doing compared to others? So that kind of data sharing doesn't really exist today. And I think there's a lot of demand for that kind of data sharing. And once everything is happening in the data cloud, it then becomes feasible from a technological perspective. Well, part of the problem is, how do you share that data securely? I mean, you could call your friend up and say, hey, this is what we're seeing. No, no, no, there's a platform that enables them to share it and most securely. So in other words, you could say, all right, I'm going to grant access to my colleague, who maybe, we use GitHub for allowing customers to share that kind of data. I mean, we're going to a lot more technical leaders in that, but that's very, I would say in the very initial stages, Dave, where we have seen that requests come from a lot of our customers to enable them to do it. And we are slowly but surely releasing more and more of that functionality for our customers to be able to collaborate with each other on that. So the threat content as a service, what is that? How do I consume that as a customer? There are a lot of use cases that we deliver on a very periodically basis in a timely manner that customers have access. Well, as we release it, we release it into our customers' landscape so the customers can start using it and start leveraging it for hunting. Yeah, for, yeah, it's as a subscription. And I was impressed. I saw a demo of this yesterday and what Securonix is doing now is they're actually checking to see where are your gaps and where is your security program maybe missing a certain data source or missing a certain detection that it should have and then being able to deliver that to the customer based on what they've identified as a gap. I mean, that's really valuable. Is the outcome for customers that they can now, you mentioned proactive defense, I think you called it. So is that the outcome that you're trying to achieve that they can defend now proactively as opposed to hey, there's a fire, put it out? That is the whole point, right? Enabling our customers to be proactive in defending against threats is the ultimate goal. And every time we deliver new and latest content, I think that really helps them get closer and closer together and it's a peer collaboration also helps. But a bigger part of the entire platform, Dave is also getting them the full visibility into what we call the threat coverage, right? Where are they in their coverage for the MITRE framework or the NIST framework? That's another big part of the entire platform where it's not just an experience for the analysts that we want to deliver but also extending that to a CXO or a CSO experience where they can see from a full coverage perspective where they are in their entire maturity framework, yeah. Now you sit on some boards, right? What's the board level coming? I remember having this conversation with Robert Gates, mid last decade of the former Defense Secretary who also sits on a lot of boards and he's like, absolutely it's a board level issue. Now he's sitting on some big companies, right? Is it become mainstream at the board level? Yeah, you know, cyber security is no longer just a CIO or a CSO issue anymore for every large enterprise. It has become a board topic. Every public board is now required, especially the audit committees are now required, to disclose if there is any significant reach within four business days. And yes, I do sit on a couple of public boards. I'm on audit committee also. And the CSOs are now required to come present every quarter, every board meeting, where they are in their entire journey, especially in everyone is using different frameworks, but NIST framework is one thing that I've seen most of the CSOs use to present that to the board and come back and share that with the board, right? What are those conversations like? Because when I get into, I mean, I've been in this business a long time and I'm no SecOps pro, but I can absorb technology pretty well. And your eyes just bleed when you get the acronyms and the complexity. I mean, it's so when somebody goes into the anatomy of a hack, it's like, wow, I got to read that again over and over. So what is there education going on at the board level? Is it like, how are they able to absorb such complexity? Or is it just at a high level? How does that dynamic work? Well, that is why every board is now required. I mean, they are really hunting for industry experts. CSOs to be on their board also to provide that expert guidance. But there's definitely a lot of education happening. NACD is providing a lot of education around that. But also boards are now following certain frameworks. NIST framework is one of the frameworks that most boards are following to understand where the company is in their maturity framework, right? So that makes it a little easier for boards to follow and understand. But again, I agree with you. It's a complex topic for any board to really get into the details. But most boards are, I would say, doing a lot of work around it. But you got to speak wallet here, business, right? You can't be... So I get it. So it's a maturity model. Here's where we are, and here's where we want to get. Here's how long it's going to take. This is what it's going to cost. Here's the risks of this scenario. Things like that, right? Yeah, and I think this is also part of cybersecurity, joining the modern data stack and security leaders being able to use the same kind of tooling that maybe sales leaders or marketing leaders have been using, right? Like BI tools to see how are we doing not just at a quarterly board review, but day to day, right? Being able to follow along. Once all the security data is in your data cloud, now you can use BI tooling to see all of that together in one place. And we've really then kind of brought cybersecurity into the fold the way the rest of the company gets insights from data. They will all say this, you know, when you look at the space, cybersecurity, it's a very fragmented market, right? The number of tools, technologies, products, tech stacks that every customer has or every large enterprise has is very, I call it the Frankenstein's mess. So having a security data lake, this partnership that we are doing with Snowflake, it really helps customers bring all that security data into one single holistic data lake, provide the insights, right? And get the insights that they're looking for, but truly now extend that insights beyond just a stock analyst to a CXO level. I mean, it really brings a lot of structure to that fragmentation that is in the market, right? Is there a go-to-market relationship? Yeah, we are actually, we are going to be going to market together because now we have embedded our Snowflake data lake into our stack jointly. Customers have a choice to bring their own Snowflake or they can buy the entire embedded Snowflake offering from us and yes, both of our go-to-market teams are going together. Okay, so an obvious target is to go to Snowflake customers and say, hey, what are you doing for security? We can help. Absolutely. Or if you're not a Snowflake customer, we have embedded that stack, right? We're seeing a tremendous amount of SIM migrations. A lot of our customers are trying to figure out their strategy. And so if they can take that opportunity of rethinking their SIM strategy to align that with how the rest of the company handles data and go with this approach where it's a very seamless integration, that just makes all the sense of the world and it's very cost-effective, which counts now, right? You do need to think about that, the bottom line, how much you're going to be spending on this as the amount of data scales up and we can deliver on that for our customers. So, thinking about the cost-effectiveness, you've got the marginal economics of adding this use case are not huge. It's basically staining up another virtual warehouse. And it's the architecture, right? The separation of storage from compute here plays a very key role that the SIMs that try to be vertically integrated and try to solve the data challenge themselves, they just can't deliver that kind of cost-effectiveness. So, if I'm a snowflake customer, what do I have to do to get up and running? And I don't want to know if I'm not a snowflake customer, what's the experience like? So, in both ways, if a customer is an existing snowflake customer, they can run our entire SIM on their snowflake. We call it bring your own snowflake, right? So, that is already available. But if a customer doesn't have snowflake and they can buy the entire stack from us with snowflake embedded into it and they can run that too, right? So, we have both the offerings and in both cases, like I said, customers can do a full 365 days of hot search. It's a single tier model. There's no hot, warm, cold. Thread content as a service is automated, it's available in the platform with the peer-to-peer collaboration. And I can't say enough about the competitive differentiation we bring in with a unified experience. This is something, Dave, we have UEBA, we have SIM, we also have SOAR into the platform so that customers have a full, what we call end-to-end experience for detecting the threats, investigating them, and also providing a full end-to-end response, right? So, it's a big one for us. You're here meeting with customers, you're obviously talking to them about this capability, what's their response, what's going to be their experience and how do they take advantage of this? What's that on-ramp work? We just had a big launch event yesterday and we had a lot of customers, it was sold out, we had to- We were turning people away at the door. We had to turn people away from the luncheon because we couldn't accommodate everyone. So, it was a phenomenal- You love that problem. Yeah, we was a phenomenal- I've been on the other side of that too. Yeah, phenomenal success, I would say. And every customer that we have talked to, that's truly excited about the partnership. I mean, that's one, they're extremely excited about going from that 365 days of hot search. I think that's something that they had been asking us and I know that we delivered, it's a big, massive benefit for them. And the journey ahead with this whole unified defense sim that we just launched, a lot of good excitement. Every customer that we talked to now can start benefiting from this new vision that we have just launched. How unique is this? We are the only one right now, to be very honest. In fact, I shared in the launch, how we stack up against all the other sim vendors with the 365 days of hot search, the single tier storage, with the Thread Corner service, peer-to-peer collaboration, built in so. When you look at all of the key capabilities that any customer would want, we are the primary leading vendor in the entire stack right now. It's fantastic. Congratulations and best of luck to both of you. We'll see you at the Snowflake Summit, I hope. Thank you, yeah. We will definitely be there at the Snowflake Summit. End of June in Vegas, at Caesar's Forum. It's going to be Fire Marshall Full. It was full last year, I know it's growing. And we had to go into the overflow for the keynotes. It was good, I'm going to have to get there early this year. Absolutely, look forward to it. Like I said, I'm a veteran of CUBE, so I'm allowed to be on the session. Great, let's make it happen. We're there, I think, for the least three days, wall-to-wall, so it'll be good. All right, guys, thanks so much. Appreciate it. All right, thank you for watching. Keep it right there. Dave Vellante, John Furrier's in the house. The CUBE's coverage of RSA 2023 continues right after this short break.