 Welcome back to theCUBE's coverage of Veeamon 2022. We're here at the Aria in Las Vegas. Dave Vellante with David Nicholson, my co-host for the week. Two days of wall-to-wall coverage. Jason Buffington is here. Jay Buff, who does some amazing work for Veeam, former analyst from the Enterprise Strategy Group. So he's got a real appreciation for independence data and we're going to dig into some data. You guys, I got to say, Jason, first of all, welcome back to theCUBE. It's great to see you again. Yeah, two and a half years. Thanks for having me back. Yeah, that's right. It seems like a blur. But so here's the thing. As analysts, you can appreciate this. It's the trend as your friend, right? And everybody just inundates you with now ransomware. Right. It's the trend. You get everybody's talking about the ransomware, cyber resiliency, immutability, air gaps, et cetera. Okay, great. Technology's there. It's kind of like the NFL. Everybody kind of does the same thing. There's a lot of wonderful buzzwords in that sentence. Absolutely. But what you guys have done that's different is you brought in some big time thought leadership with data and survey work, which of course as an analyst, we love. But you drive strategies off of this. So you got to, I'll set it up. You got a new study out that's pivoted off of February study of 3,600 organizations. And then you followed that up with 1,000 organizations that actually got hit with ransomware. So tell us more about the study and the work that you've done there. Yeah, I got to say, I have the best job ever. So I spent seven years as an analyst and when I decided I didn't want to be an analyst anymore, I called Veeam and said, I'd like to get in the fight. And they let me in, but they let me do independent research on their behalf. So it's kind of like being in-house counsel. I'm an in-house analyst. And for the beginning of this year in February, we published a report called the Data Protection Trends Report. And it was over 3,000 responses, right? 28 countries around the world looking at digital transformation, the effects of COVID, where are they on BAS and DRAS? But one of the new areas we wanted to look at was how pervasive is ransomware? How does that align with BCDR overall? So some of those just big thought questions that everyone's trying to solve for, right? And out of that, we said, wow, this is really worth double clicking. And so today, actually, about an hour ago, we published the ransomware trends report and it's 1,000 organizations, all of which have all been survived. They all had a ransomware attack. One of the things I think I'm most proud of for Veeam in this particular project, we use an independent research firm. So no one knows it's Veeam that's asking the questions. We don't have any access to the respondents along the way. I wish we did, right? Yeah, how bad. Go sell them back up somewhere. But of the 1,200 were CISOs, 400 were security professionals, which we don't normally interact with, right? 200 backup admins, 200 IT ops. And the idea was, okay, you've all been through a really bad day. Tell us from your four different views, how did that go? What did you solve for? What did you learn? What are you moving forward with? And so, yeah, some great learnings all around helping us understand how do we deliver solutions that meet their needs? I mean, there's just not enough time here to cover all this data. And I think I like about it is, like you said, it's a blind survey. You used an independent third party who might know they're really good. And you guys are really honest about it. It's like it was funny in the analyst call today or the analyst meeting when Danny was saying that 54% and Dave Russell was like, it's 52%, actually ended up being 53%. So, you know, whereas many companies would say 75%. So anyway, what were some of the more striking findings of that study? Let's get into it a little bit. Yeah, so a couple of the ones that were really startling for me, on average about one in four organizations say they have not been hit, right? But since we know that ransomware has a gestation for around 200 days from first intrusion to when you have that attack, 25% may be wrong, right? That's 25% in best case. Another 16% said they only got hit once in the last year. And that means 60% right on the money got hit more than once per year. And so when you think about, it's like that school bully, right? Once they take your lunch money once and they want lunch money again, they just come right back again. Did you fix this hole? Did you fix that all? Cool, payday, right? And so that was really, really scary. Once they get in, on average, organizations said 47% of their production data was encrypted. Think about that. So, and we tested for, hey, was it in the, was it, maybe it's just in the robo, right? So on the edge where the tech isn't as good or maybe it's in the cloud because it's in a broad attack surface, whatever it is, turns out doesn't matter. So this isn't just nibbling around the edges. No. This is going straight to the heart of the enterprise. 47% of production data, regardless of where it's stored, data center, robo or cloud, on average was encrypted. But what I thought was really interesting was when you look at the four personas, the security professional and the back-abadment, right? The person responsible for prevention or remediation, they saw a much higher rate of infection than the CISOs and the IT pros, which I think the meta point there is the closer you are to the problem, you know, the worse this is. 47% is bad. It's worse than that as you get closer to it. The other thing that struck me is that a large proportion of, I think it was a third of the companies that paid ransom weren't able to recover. It maybe got the keys and it didn't work or maybe they never got the keys. Yeah, that's crazy too. And I think one thing that a lot of folks, you know, you watch the movies and stuff and you think, oh, I'm going to pay the Bitcoin, I'm going to get this magic incantation key. And all of a sudden it's like it never happened, right? That is not how this works, right? And so, yeah, so the question actually was did you pay and did it work, right? And so 52%, just at half of organizations said yes, I paid and I was able to recover. A third of folks, 27%. So a third of those that paid, they paid, they cut the check, they did the ransom, whatever. And they still couldn't get back, right? Almost even money, by the way. So 24% paid but could not get back. 19% did not pay but recovered from backup, right? Veeam's whole job for all of 2022 and 23 needs to be invert that number and help the other 81% say, no, I didn't pay, I just recovered. Well, in just a huge number of cases they attacked the backup corpus. Yes. I mean, that's was. 94%. 94%. 94% of the time, one of the first intrusions is to attempt to get rid of the backup repository and in two thirds of all cases the backup repository is impacted. And so when I describe this, I talk about it this way, the ransomware thief, they're selling a product, right? They're selling your survivability as a product. And how do you increase the likelihood that you will buy what they're selling? Get rid of the life preserver, right? Get rid of their only other option because then they got nothing left. So yeah, two thirds, the backup repository goes away. That's why Veeam is so important around cloud and disk and tape, immutable at every level. So we did what we do. So what's the answer here? We hear things like immutability. We hear terms like air gap. We heard, which we don't hear often is orchestrated recovery and automated recovery. I wanna come back to, so you're differentiating with some thought leadership. That's nice, okay, good. Thank you, the industry thanks you for that free service. But how about product and practices? How does Veeam differentiate in that regard? Now, full disclosure. So when you download that report for every five or six pages of research, the marketing department is allowed to put in one paragraph. It says, this is our answer. They call it the Veeam perspective. That's their rebuttal to five pages of research. They get one paragraph, 250 word count, and you're done. And so there is actually a commercial. We're here to buy. In the back of that. How we pay for the research. Everybody sells, Sanan said. All right, so let's talk about the tech that actually matters though because there actually are some good insights there. Certainly the first one is immutability, right? So if you don't have a survivable repository, you have no options, right? And so we provide air gapping whether you are cloud based, right? So your favorite hyperscale or one of the tens of thousands of cloud service providers that offer Veeam products. So you can have immutability at the cloud layer. You can certainly have immutability at the object layer on-prem or disk, right? We're happy to use all your favorite D-dups. And then tape, right? It is hard to get more air gapped and take the tape out the drive, stick it on a shelf or stick it in a white van and have it shipped down the street, right? So, and the fact that we aren't dependent on any architecture means choose your favorite cloud, choose your favorite disk, choose your favorite tape and we'll make all of them usable and defendable. So that's super key number one. Super key number two, there's three. So platform agnostic, essentially. Yeah, any cloud. No platform agenda. Any physical, we work happily with everybody, right? Just here for your data. So now you know you have at least a repository which is not affectable, right? The next thing is you need to know do you actually have recoverable data? And that's two different questions, right? How do you know, right? You don't. So one of my colleagues, Chris Hoff talks about how you can have this Nalgene bottle and make sure no water spills, right? Do you know that that's water? Is it vodka? Is it poison? You don't know. You just know that nothing's spilling out of it. That's an immutable repository. Then you got to know, can you actually restore the data? And so automating test restores every night, not just did the backup log work, only 16% actually test their backups. That breaks my heart. That means 84% got it wrong, right? And that's because it just don't have the resource or sometimes testing is dangerous. It can be dangerous. It can also just be hard, right? I mean, how do you spend something up without breaking what's already live, right? So several years ago, Veeam created the sandbox. This is what we call a data lab, right? And so we create a whole framework for you with a proxy that goes in. You can stand up whatever you want. You can, if file exists, you can ping it. You can ODBC SQL. You can map the exchange. I mean, you can, did it actually come up? You can actually run water through the recovery pipes. Yes. And tweak it so that it actually works. Exactly. So that's your second thing. And only 16% of organizations do. Wow. And then the third thing is orchestration, right? So there's a lot of complexity that happens when you recover one workload. There's a stupid amount of complexity happens when you try to recover a whole site or a whole system or, I don't know, 47% of your infrastructure, right? And so what can you do to orchestrate that to remediate that time? Those are the three things we found. So in that orchestration piece, a number of customers that were in the survey were trying to recover manually. Yes. Which is a formula for a failure. A number, I think the largest percentage were scripts, which I want you to explain why scripts are problematic. And then there was a portion that was actually doing it right. Maybe it was bigger. Maybe it was a quarter that was doing orchestrated recovery. But talk about why scripts are not the right approach. Yeah. So there were two numbers in there. So there was 16% test the ability to recover. 25% use orchestration as part of the recovery process. So the problem is that if I'm doing it manually, think about, OK, I've stood back up these databases. Now I have to reconnect the apps. Now I have to re-IP. I mean, there's lots of stuff to stand up any given application. Scripts says, hey, I'm going to write those steps down. But we all know that IT and infrastructure is a living, breathing thing. And so those scripts are good for about the day after you put the application in. And after that, they start to gather dust pretty quick. The thing about orchestration is, if you only have a script, it's as frequently as you run the script. That's all you know. But if you do a workflow, run the workflow every night, every week, every month, right? Test it the same way. That's why that's such a key to success. And for us, that's Veeam Disaster Recovery Orchestrator. That's a product that orchestrates all the stuff that Veeam users know and love about our backup recovery engine. So imagine you're an Excel user. You're using macros. OK, I'm going here, clicking on that, doing this. He's sort of watching you, and it repeats that. But then something changes. Yes. New data or new compliance issue, whatever. That renamed. You're not going to have to go in and manually change that. How do you, what's the technology behind automated orchestration? What's the magic there? The magic is a product that we call Orchestrator. And so it actually takes all of those steps. And you actually define each step along the way. You define the IP addresses. You define the paths. You define where it's going to go. And then it runs the job in test mode every night, every week, whatever. And so if there's a problem with any step along the way, it gives you the report. Fix those things before you need it. That's the power of Orchestrator. So what are you guys doing with this study? What can we expect? So the report came out today. In a couple of weeks, we'll release regional versions of the same data. The reason that we survey at scale is because we want to know what's different in APJ versus the Americas versus Europe, right? And all those different personas. So we're releasing regional versions of the data along the way. And then we'll enable road shows and events and all the other stuff that happens. And our partners get it so they can use it for consulting, et cetera. So you saw differences in persona in terms of their perception. The closer you were to the problem, the more obvious it was. Did you have enough end to discern? It's early. I know that's why you're doing the drill downs. Did you sense any preliminary data you can share on regions? Is the US getting hit harder? So attack rate is actually pretty consistent, especially because so many criminals now use ransomware as a service. You're standing it up, and you're spreading wide, and you're seeing what hits. Where we actually saw pretty distinct geographic problems is the cloud is not as available in all segments. Expertise around preventative measures and remediation is not available in all segments, in all regions. And so really geographic split and segment split and the lack of expertise in some of the more advanced technologies we want to use, that's really where things break down. Common attack plane, uncommon disadvantage in recovery. Great stuff. I want to dig in more, I'll probably have a few more questions if you don't mind. I can email you or give you a call. Jason Buffington, thanks so much for coming on theCUBE. Thanks for having me. All right, keep it right there. You're watching theCUBE's live coverage of VeeamON 2022. We're here in person in Las Vegas, huge hybrid audience. Keep it right there, but right back.