 From our studios, in the heart of Silicon Valley, Palo Alto, California, this is a CUBE Conversation. Hello everyone, welcome to this special CUBE Conversation here in our studios in Palo Alto, California. I'm John Furrier, host of theCUBE. We are two great guests for an exclusive interview. Abhijit Goh, CEO of Confluera, as well as John Thompson, venture partner at Lightspeed and personal investor, as well as the chairman of Microsoft. Abhijit, John, welcome to theCUBE. Thank you. John, good to see you again. Nice to be with you. So, hot startup, you're an investor, you're the chairman of the board of Microsoft, also investing, venture partner at Lightspeed. Got a hot start, you guys have a seed funding announcement. How much you guys have raised, tell us the story. Absolutely. So we have raised $9 million, and we are announcing that now. And this is our entry into the cybersecurity space to change the paradigm. Confluera is the first industry's platform to detect and respond to advance attacks in real time before the damage happens. So we love startups funding because it's a signal one when you have entrepreneurs inventing things. It's interesting, but what's also interesting about your company is the cast of characters are on the founding team, the origination story. John, you're an investor, but also the other co-founder is a big time entrepreneur. Absolutely. Tell the story, who else is involved, who's co-founding it, and who are the investors? Absolutely. So my co-founders are Bipol Sena, he's CEO at Rubrik. No one knows who he is. He's a big time. And Milai Mukherjee, he's our chief architect. So the story goes back, I mean I know Bipol from back in IIT Kharagpur, and we have stayed in touch, and we have talked about technology trends, ideas that come. So as this thing was emerging, we started talking about it, and it looked really promising. It seemed like we were really up to something, solving a problem that the industry faces today. So we got together, we pitched to Lightspeed, Lightspeed did series A funding for us, and then John, Frank Slutman and Lane Bess, they have also contributed to our series A. Yeah, I mean this is a great example of Silicon Valley in my opinion. You have two smart people went to school together, kind of knew each other, keep in touch, networking. You know networking, he knows storage, but he's not a storage company. Rubrik is not a storage company. It's a software company. With the cloud era that we're in now, the game is changing. John, you're the chairman of Microsoft, and you have all these big time members, Frank Slutman, Data Domain, Service Now, Snowflake. I mean the visibility of the kinds of pedigree of people you have involved is pretty impressive. What was attractive John for this investment? Obviously Lightspeed has got a great track record as a VC, and they kind of got a pulse there, but this is kind of a special company. Why the investment? Yeah, good question. The first and most common or important link for me was in fact Bipol. I had been involved with Bipol through our relationship at Rubrik, and he came to me one day and says, gee, I've got another idea of a new company that I've been involved with. And I said, okay, tell me about it. And he says, well, it's in the security space. And since you know a little bit about that, perhaps we should connect. And so he connected me with Abhijit, and from there we started to evolve the conversation about what is Confluary trying to do and how is that different than what's being done today in the security space? And the issue for me was twofold. As I said, yes, I'll make the investment. The first of which was the team themselves. For me, it's always about the founding team and the founding team's track record. But then, is it something unique and different? And what I believe the company is really trying to accomplish is a shift from real-time detection to real-time prevention. And what we tend to do in the security space is segment and isolate problem after problem after problem, and therefore to aggregate a view of what's going on in the enterprise across all of those stacks is never easy. It's okay if you want to do post-event incident response, but if you want to do real-time detection and prevention, boy, that's got to have a layer that is much different than what has evolved in the security space over the last five or 10 years. And how much did you dig in? Obviously, you must have rolled your sleeves up. Again, you have a security background, a lot of background in the computer industry, but how involved were you in the early stages? Well, in the early stages, for me, it's as much about the idea and the team as it is me getting in and wanting to argue with them about, gee, are you doing this the right way? At my core, I'm a sales and marketing guy, not a technologist. So I have to believe that the technologists that are in the room. You've got some two gurus. Okay, Jack. Exactly. But the TAM, I mean, the Market Opportunity. Well, no question about it, yeah. Well, think about it this way. Here's another way to approach the problem from the perspective of Confluera. If you look at a large enterprise, each and every one of them, particularly those that are in highly regulated industries, will have literally 100 to 200 security products deployed in their environment. And it doesn't necessarily mean that the source of insight from each of those products is shared in such a way that you can do something in real time. The source of insight is post-incident, not real-time as the incident is occurring. And there's been acquisitions. We saw phantom got acquired by Splunk. That's log file, extraction, post-president. I was an investor in phantom. And so as Splunk acquired phantom, one of the things that triggered my investment here was, aha, what they're trying to do is real-time incident prevention, not detection or understanding of what the incident was. It's the holy grail. Abhijit, talk about the problem statement, specifically under the hood. What's the problem statement you guys are solving technically? And how does that render as an impact to the customer? Absolutely. So today, the attack surface is really large. The attacker can, there are many ways of getting in. But once they get in, it's really about that progression. It's a life cycle from that initial foothold to the final target. It's a process of privileged escalations, lateral movement, creating more ingress points to get in. So when that progression happens, this, the manifestation is separated in time. It appears on different machines. And there is nothing deterministic out there to put all of that together. But in fact, the thing is that everything is related through system events end of the day. So that's what we do. We take those system events and create this causal map of activity that is happening. One after the other. And that lets us create, understand this progression. And it also lets us take results from different sources, map it to that activity continuation and figure out a sequence as it is. Where in the stack are you operating? Network layer, through the application, what specific do you go? So we are at the operating system there. Okay. As you're down and dirty. Okay. So talk about the value of the customer now. It saves them time. Is it alerts from alerts? And again, real time is really hard problem. What's the value to the customer? Absolutely. So any of these breaches, they are in fact multi-stage attacks. And today there is nothing out there to detect a progression like this. So that is number one. This is actually about detecting these breaches and understanding where the attacker is live right now and respond and prevent that attack from going forward. Other things are that in fact, the visibility today is collected into log stashes. There is alert fatigue. People don't have time and it cannot be investigated through manual triage. So. So one of the things where we've been, we've talked a lot on theCUBE is malware, that's idle, you know, just sitting dormant and then it waits. So this, at real time, it's kind of an interesting term. You got breach, but it's hiding, but it's still got to get out and do some damage. Absolutely. Is that kind of what you guys are helping solve? Because once they start moving around, you see them or what? As that happens, we see the behavioral manifestation. That's where the value is. Exactly. And we figure that out. And what happens in this phase of the life cycle is that the attacker trips many wires and there are signals coming from different sources. It needs to be put together. Okay. So let's do a little role play here. I'm the CISO big time company. John, you're the sales marketing guy pitching me the product. You're the SC guru. Buy it now. Why do I want to work with you? I have so many products. I got so many people pitching me products. What are you selling me? Why should I work with a startup like you guys? What's the value? What's the pitch? Absolutely. Yeah, so you have following challenges. Number one, you cannot, with all these products together, you cannot detect a multi-stage attack progression. You have, your team is facing alert fatigue. You are dealing with siloed security solutions which cannot be brought into a single context. And today, you suffer from disruption to business when you want to apply security response. So you don't have these solutions. That's why you are talking to us. We get into your environment. We detect an attack progression like that. We take all your results, apply it contextually, and give them the right home for producing valuable security solutions. So you guys go out there and essentially stitch it all together? Absolutely. Almost like the old network management discovery days. Identify what's out there. Give a surface area kind of a dashboard. Is it a dashboard? Is it a? Yeah, so we have a user interface through which the customer gets in and they see the overall security posture of the environment. They basically see attacks as they are emerging in real time. We show the progression and then they can dig deeper into it. We tell them about what response to take from there because we are showing the entire history as it has evolved and we are showing the live footprint of the attacker that they need to act against. You know, I've done a lot of interviews going back to the Hadoop days and the big data fields. This is data problem security. You all kind of know that. It's kind of not new information. Everyone knows that. What we're finding though is that as data tsunami comes in, more data is better telemetry for security. Absolutely. It works better. This has been a problem for some CISOs and companies where they want more data. So sharing data has been a conversation. For you guys to be effective, I'd imagine that you got to have that visibility into all the data. What about the objection of it's not all available? You're only seeing what you can see. How do you respond to that one? So which is where we get deployed in the overall environment? We are looking at that assets and we are looking at the interesting information in there which can particularly describe this attack progression. To us, that is the most important factor. We are not looking at content. We are not looking inside network traffic or files. We are looking for information to describe this causal map of activity. What's your partners and who's your competitors? So for us, since we are able to build a map like this, for us partners will be anybody who produces a result which we can map to that, that trail that we have. And maybe who's specific we like. It could be firewalls. Just a mini global system integrator, hardware manufacturers. It could be firewalls, it could be interviruses, heads, anybody who's producing a result that we can use. So you think you can play in an ecosystem? We can, so that's why we are a platform. We are building this real-time ability to detect progressions and take other results to produce this holistic result. John, I want to get your thoughts as a historian and also as an active investor, also chairman of the Board of Microsoft because you have some visibility into the big picture here. Over the years, you have these inflection points. Mainframe, mini computers, PC, internet working. Now you've got cloud. Changes the game at many levels. People, the developer equations changing. Stacks are changing. How people are deploying. Applications are changing. Security certainly has been impacted. And this has been a discussion around security can't be security for the cloud and security for on-prem premises. It's got to be frictionless around both environments because you don't want to fork technologies. What's your view of the directionally correct vector that companies should be thinking about when they look at the cloud and cloud security? Because it's not just cloud anymore. You still got the on-premise, multi-cloud, hybrid cloud is clearly going to be an architecture. Framework for cloud companies will be deploying their IT and cyber. What's in your view on this? Because this is the big architectural conversation. Well, I think it's very true or clear that every large enterprise is going to move some percentage of their workload to the cloud. The question is how much and over what period of time? We are at the very, very early stages, obviously, in this migration. And so it's more about what functionality does your cloud deliver juxtaposition to every other one that's available, if you will, in the marketplace. And I think some of the things that Microsoft has done themselves vis-a-vis open source has certainly made them a more attractive platform for many, if you will, across the industry. That being said, the same is true for security. I mean, security has become a very, very hot investment opportunity for every venture capital firm in the world, and many of them have invested in all of these little point product solutions that have solved real problems for customers. But as the complexity of the attacks grows, as the frequency of the attacks grows, as the scale of the infrastructure continues to expand to be not just on-prem, but on-prem and cloud, having a common platform to allow you to understand what is going on with the events and incidents that are occurring within your ecosystem becomes critically important. And if you can translate that into something that is real-time prevention, as opposed to real-time detection, that is huge in my opinion. I'm going to come to you in a second on the network traffic as it traverses outside the enterprise. It's not their network anymore, so we'll get to that in a second. But I want to stay on this thread about Microsoft because you brought up a good point about open source. We were commenting before we came on here, and people who know theCUBE know, I've been talking about Microsoft in a very big way around how successful you guys have been as a digitally transformation. Obviously, Saty Natela, he's been on theCUBE before, before he became CEO. But you commented about how capable he was, but you look at the stock price and the performance of Microsoft, everyone's all going gaga over. The performance of the company. You guys have successfully digitally transformed. I've said on camera, publicly, I can't point to one thing that I can say that they, that was a big product launch or a big new announcement that made them change. And you kind of schooled me on that. I want you to share your thoughts because there is one thing that they did that enabled, besides all the cultural stuff, share the schooling that you did. I think the real issue is if you would reflect on Saty's evolution as a part of the Microsoft team, he ran the search business, he ran the enterprise infrastructure business, he ran the cloud business. And so his knowledge about kind of broad compute, enterprise level compute, is certainly much, much more robust than many of the candidates, external candidates we looked at, that's point one. Point two was as he looked at where Microsoft was and where its most relevant competitor was for him and the cloud, the difference between the size and scale of their infrastructure as a service footprint was so massively different than Microsoft's. And so when he had his first developer conference after becoming CEO and he stands on stage and says, Microsoft loves Linux. I mean, that's something that never would have been done by the prior regime by any stretch of the imagination. So that simple change followed by the acquisition of LinkedIn that really was a very different platform than anything that they'd ever done before, followed by the acquisition of GitHub, which is all about open source development platforms, if you will. And so I think he's done a remarkable job of shifting subtly the focus of the company away from Windows, but more toward today's compute environment. Big Bang, we got in and launched this new shiny toy. He said open source was going to be the catalyst. And just to put an explanation on that, we covered his, when he open sourced, a lot of data stuff to open compute before he became CEO. That was again the tell sign of what now is a digital transformation. This is an example of digital transformation. Well, this is also an example of how the industry has changed because the monetization of the industry in the past for many companies was all about my IP portfolio, not just what I can sell to end users. And when you embrace open source, it's not about the strength of your IP portfolio from simply a financial point of view. It's more about the strength of your IP portfolio and the usage perspective. You know, I've been involved with Microsoft going back to when I was in college in the 80s and I was been following and been part of my own jobs there, been tracking them. Developers has been part of their key value chain. So open source obviously makes a lot of sense and strategically it wasn't just a Hail Mary. It totally made sense from a company standpoint that was levered there. So I want to ask both of you guys, as the cloud continues to take territory around and what it enables, combined with how enterprises are going to be running their business both on premise and in the cloud, you look at the developer environment, you're seeing a lot more enterprises bringing developers back in. They outsource everything in the 80s and 90s, 2000s to consulting firms to run their IT. Now they're rebuilding. And so you're seeing security companies and some kind of bringing that core competency back in house with cloud, the developer equation has changed. So how has the developer equation changed for security? And in general IT, I'd love to get you guys thoughts on this. Yeah, absolutely. So today the attack vectors around applications. I mean, that is huge, right? And the developers would like to be in control of that. The thing is that whatever they can do, there is still a large surface around it. And once the escapes happen, they need a last line of defense, right? I mean, the application can be compromised. Now from there, what happens? And that's where our value comes in, that yes, there is a vulnerability you may introduce. Once the developers get a last line of defense or a security net like that, they can feel more comfortable about that. So networking was a problem with the developer. Active Developers aren't networking guys, we know that. Dev Ops kind of solved that with the cloud. Are you saying that this is like a security, similar paradigm happening in the security space? Absolutely, yeah. So security has to go with application development. And that, it cannot become a roadblock to the development, it's all about DevSecOps. It has to be- So you see developers liking your platform? Yeah, we definitely feel that something that is integrated in that way into their development environment and gives them that security, it's a huge boost. Your thoughts on the developer value chain? The developer world has essentially embraced open source to the point where, pick a number, 99, 99 point, 99 point point are all on open source platforms. And it's as much about the rate and pace with which they want to move things for their organization. And if I can write a little piece of code and attach it to something that's already been written and works, boy, that accelerates my ability to deliver functionality for my organization. So the embracement of open source by the developer community is all about improving the pace of execution and quite frankly, the performance and reliability of the end product. It's an interesting point, John, because a lot of the pundits would say early on with cloud computing, oh, it's not secure. Actually, clouds turn out to be more secure than on-prem, some say, given all the attack vectors and phishing and everything else. Same with open source, turns out open source is actually more secure because you have a lot more collective intelligence going in, a lot more complexity that could be used as a way to kind of make it more secure. So I got to ask you guys, with that notion, if security is built in, what does it look like? So that's what we're hearing, just build it in. Like I'm a developer, I don't want to be a security guy. Who do I call for that? I want to build it in, I want, I don't want to worry about it. That's the number one question. How do you build in security? Right, yeah. So it has to be part of the ecosystem. The infrastructure has to support that. The reason you say that the cloud is more secure is because so much of the security has been built into the infrastructure. What we are saying is that there is still an important gap that is left. You need to look at the problem throughout as an infrastructure-wise problem, in terms more holistically, in terms of taking all these signals together and making sense of that. So that more we can add to the cloud, security we can add to the cloud infrastructure, better that is. Absolutely agree. John, you sit on the board of Microsoft, you're here in all those conversations. You probably got the conversation committee, you got strategy. Obviously Microsoft's been very successful with the cloud and with their transformation for open source reasons. But also they had a lot of infrastructure. They were running, again, MSN, all the search, all the browsers all around the country, they had a global footprint. So they brought that together, I get that. But they're now competing on a lot of deals in these modern deals, whether it's DOD deal with Jedi to large enterprise deals. They're not losing, winning. What is it? I wish we could say we never lost. Well, you guys do lose, and I'm not winning everything, but surely we got the collaboration, a big announcement we saw on the news today, a $2 billion deal of AT&T. Congratulations on that. So again, big cloud win, wins are happening. Oracle's not having the same luck. And other companies have abandoned the cloud, HPE, Dell Technologies, Cisco. They don't have clouds. They're like, we can't do the cloud. So the cloud is kind of having a shakeout. Success form is all about agility and being successful. What's your thoughts? What's the success? Yeah, well, I think Microsoft has always had a, what I would call a two-tier or two-stage strategy. They've always had a infrastructure strategy and an app strategy. And the infrastructure candidly got somewhat constrained as open source started to evolve and as the cloud evolution really, really did pick up. So unless they were willing to embrace that, they were going to be stuck simply in the app tier. The great fortune that they had was the wisdom to be able to recognize that I could shift office to the cloud and it would prove the value and reliability of my cloud platform in an application area that may not be about revenue this minute. And therefore, its sensitivity may not be quite the same, but I could prove my reliability and performance in that app that's so critical to every employee in your organization. And the classic system software, app software suite, the cloud is essentially an operating system which validates all of our predictions. Thank you very much. The cloud is an operating system, it's a system. Correct. It's a distributed system. That's correct. Okay, now back to the security for you guys just to kind of wrap this up. You got the nine million dollars in funding, you got the cloud as it basically a distributed operating environment. You got on-premise contained system. Is the enterprise just an edge now because you got IoT edge, you got 5G coming? Again, the service area is not getting smaller, it's getting bigger, there's no perimeter anymore. This is the big problem. It is, it is definitely, it's a huge problem. And that is where the approach of extending the scope of security, right? Not have point solutions, not have narrow visibility. You got to increase that. You're going to increase your visibility, you need to increase the sources from which you can take relevant information. So that is crucial for- And you think as it gets bigger, you can have a low latency, real-time attack alert system? Absolutely, so we are- Prevention system, sorry. Yeah, so we are architected that way, right? We are taking relevant information into our central processing system. We have a distributed ledger-based architecture which can deterministically stitch things together in presence of massive scale. We are built like that. John, you're obviously like a coach for a lot of startups. You're like a legendary coach for tech startups. You got Frank Slutman. You got a lot of people, Bipple's a co-founder. You got Lightspeed, ExperienceBC. What's the coaching advice these guys? Run hard, hire fast. What's the playbook? What are you guys coaching the team to do? Well, for me, with any of these early-stage companies that I get involved in, it's all about focus and execution. And the team that stays focus and executes most consistently on that focus is almost always the team that wins. And so as I look at what Abhijit and the team at Kung Fu Era are doing, how focused are you? Have you really defined what it is you're trying to get done? And are you executing well against that focus day in and day out? And candidly, they've gone from an idea to having a product resting in two or three customers at this point in about 15, 16 months. I think that's pretty good focus and a pretty good example of good, solid execution. And the entrepreneur environment is ripe for rapid deployment. You guys are in beta. Talk about the product real quick. Give a quick overview. What's the name of the product? Yeah, so it's Conflaura IQ. We can deploy on Linux, Windows environments. We get deployed on, the customer identifies the environment on which they would like a protection like this. We get deployed. It stops to our central brain that could be either in the cloud or on-premises. We analyze, we collect the telemetry, analyze the data and figure out if there is an attack in progress and then provide recommendations to take response steps or we can, policy-based, we can automate that for the customer as well. And the focus execution on your end for the team is what? Hiring, get the plug in. What are you guys looking for? Absolutely, yeah. So hiring was the first challenge. We definitely, we have, we're very proud of the team. Excellent background from systems, networking, security, internet scale, data management capabilities. So excellent team that we have had. We built the product. We are going to launch the product in Black Hat in a few weeks. So, yeah, we're very excited about it. She's looking for, go to market as well. You've got a product available now. So you're going to need a field. You're going to go to market with the sales team, indirect or through partners or. So we have a direct sales team now. We have our sales leader joined already. Great. Well, thanks for coming. I really appreciate it. Abhijeet, John, great to see you. I'm good to see you too. Tell Satya we said hello. We want to see him at his next event, bring the cube there. All right. And come back on and visit us. I know he's super busy, but it's been great work. Okay, special cube conversation here. Start up launch Confluera, getting $9 million of fresh funding. Abhijeet Kosh, CEO and John Thompson, venture partner at Lightspeed, as well as an investor and a chairman of Microsoft. Thanks for watching.