 Hi everybody, Dave Vellante back with day two coverage. We're live at the Aria Hotel in Las Vegas for Falcon 22. Several thousand people here today. The keynote was a little light. I think people were out late last night but the keynote was outstanding and it's still going on. We had a break early because we have to strike early today. But we're really excited to have Stefan Goldberg here, Vice President of Technology, Alliances at Clarity. We're going to talk about an extremely important topic which is the internet of things, the edge. We talk about it a lot. We haven't covered securing the edge here at theCUBE this week. And so Stefan, really excited to have you on. Thank you for having me. You're very welcome. Tell us more about Clarity. C-L-A-R-O-T-Y, very interesting spelling, but what's it all about? Clarity is a cyber security company that specializes in cyber physical systems, also known as operational technology systems and the extended internet of things. The difference between the traditional IoT and what everyone calls an IoT and the cyber physical system is that an IoT device is anything connected on the network that traditionally cannot carry an agent, a security camera, a card reader. A cyber physical system is a system that has influence and operates in the physical world but is controlled from the cyberspace. An example would be a controller, a turbine, robotic arm, or an MRI machine. Yeah, so those are really high-end systems run, looked after by engineers, not necessarily consumers. So what's happening in that world? We've talked a lot on theCUBE about the schism between OT and IT, they haven't really talked a lot, but in the last several years they've started to talk more. You look at the ecosystem of IoT providers. I mean, it's companies like Hitachi and PTC and Siemens. I mean, it's different names than we're used to in IT. What are the big trends that you're seeing, the macro? So first of all, traditionally, most manufacturers and environments that were heavy on operations, operational technology, they had the networks air-gapped, completely separated. You had your IT network for business administration, you had the OT network to actually build stuff. Today with emerging technologies and even modern switching architecture, everything is being converged. You have the same physical infrastructure in terms of networking that carries both networks. Sometimes a humor error, sometimes a business logic that needs to interconnect these networks to transmit data from the OT side of the house to the IT side of the house, exposes the OT environment to cyber threats. Was that air-gapped by design or was it just that there wasn't connectivity? It was air-gapped by design due to security and operational reasons and also ownership. In these organizations, the IT managed space was completely separate from the OT managed space. So whoever built the network for the controllers to build a car, for example, was an automation engineer. And vendors that have built these networks were automation vendors, unlike the traditional Cisco's of the world that were specializing in IT. Today we're seeing the IT vendors on the OT side and the OT vendors are worried about the IT side. But I mean, engineers are control freaks, no offense. But as I'm glad they are, I'm thankful for that. So there must have been some initial reticence to them connecting up these air-gapped systems. They wanted to make sure that they were secure, that they did it right, and presumably that's where you guys come in. What are the exposures and risks of these, of this critical infrastructure that we should be aware of? So you're completely right. And from an operational perspective, let's call it change control is very rigorous. So they did not want to go on the internet and just, we're seeing it with adoption of cloud technologies, for example. Cloud as in industry 4.0, 5.0. Cloud is in cybersecurity. We all heard Amol's keynote from this morning talking about critical infrastructures and we'll touch upon our partnership in a second. But Krausreich, being considered and deployed within these environments is a new thing. It's a new thing because the OT operation managers and the chief information security officers, they understand that air gap is no longer a valid strategy. From a business perspective, these networks are already connected. We're seeing the trends of cyber attacks, IT cyber attacks, like not Petia, I'm not talking about the Stuxnet, the targeted OT, I'm talking about WannaCry, internal blue IT vulnerabilities that did not target OT, but due to the outdated and the specification of OT posture on the networks, they hit healthcare, they hit OT much harder than they did IT. Was Log 4J, did that seep into OT or any IT that? Absolutely. So Log 4J, which was so pervasive, like so many of these malware. All these vulnerabilities, it's a Windows vulnerability, it has nothing to do with OT. But then when you stop and you say, hold on my human machine interface workstation, although it has some proprietary software by Rockwell or Siemens running on it, what is the underlying operating system? Oh, hold on, it's Windows. We haven't updated that for like eight years, we were focused on updating the software, but not the underlying operating system. The vulnerabilities exist to a greater extent on the OT side of the house because of the same characteristic of operational technology environments. So the brute force air gap approach was no longer viable because the business imperative came in and said, no, we have to connect these systems to digitally transform or advance our business. There's opportunities to monetize, whatever it was. The business laid that out as an imperative. So now OT engineers have to rethink how they secure it. So what are the steps that they're taking and how does Clarity help? Is there a sort of a playbook, a sequential playbook? Absolutely. Before we discuss the maturity curve of adopting and CPS security or OT security technology, let's touch upon the characteristic of the space and what it led vendors like Clarity to build. So you have the rigorous chain control, you have the security in mind operations, lower the risk state of mind. That led vendors likes of Clarity to build a solution and I'm talking about seven, eight years ago to be passive, mostly passive or passive only, to inspect network and to analyze network and focus on detection rather than taking action like response or preventative maintenance. It made vendors to build on-prem solutions because of the cloud averse state of mind of this industry and because OT is very specific, it led vendors to focus only on OT devices overlooking what we discussed as IoT. Unfortunately, besides the HMI and the PLC, the controller in the plant, you also have the security camera. So when you install an OT security solution, I'm talking about the traditional ones, they traditionally overlooked the security camera or anything that is not considered traditional OT. These three observations, although they were necessary in the beginning, you understand the shortcomings of it today. So cloud averse led to on-prem, which leads to more security. It's like comparing CrowdStrike and one of its traditional competitors in the antivirus space. What CrowdStrike innovated is the SaaS first cloud native solution that is continuously being updated and provide the best in class security, right? That is very much like what Clarity is building. We decided to go SaaS first and cloud native solution. So because of cloud aversion, the industry shows somewhat outdated deployment models on-prem, which limited scale and created greater diversity, more stovepipes, all the problems that we always talk about. Okay, and so as the answer to that, just becoming more cloud, having more of an affinity to cloud, that was a starting point. This is exactly it. AirGap is perceived as secure, but you don't get updates and you don't really know what's going on in your network. If you have a Clarity or a CrowdStrike installed there, you have much higher probability detecting fast and responding fast. If you don't have it, you are just blind. You will be bridged. That's the assumption. I was going to say, plus, you know, AirGap, it's true, but people can get through AirGaps too. I mean, it's harder, but you know. Yeah, look at Stuxnet, right? Mopping the floor, boom, however it happened, but so yeah. But the point being, you know, assume that breach, even though I know CrowdStrike thinks that the unstoppable breach is a myth, but you know, you talk to people like Kevin Mandia, it's like, we assume you're going to get breached, right? Let's make that a side. Okay, and so that means you've got to have visibility into the network. So what are those steps that you would do? What's that maturity model that you referenced before? So on top of these underlying principles, which is cloud native, comprehensive, not OT only, but X IoT, and then bring the verticalization and the OT specificity. On top of that, you're exactly right. There is a maturity curve. You cannot boil the ocean, deploy protections, and change the environment within one day. It starts with discovering everything that is connected to your network, everything from the traditional workstations to the cameras, and of course, ending up with the cyber physical systems on the network. That discovery cannot be only a high level profile. It needs to be in depth to the level you need to know application versions of these devices. If you cannot tell the application version, you cannot correlate it to a vulnerability, right? Just knowing that's an HMI or that's a PLC by Siemens is insufficient. You need to know the app version, then you can correlate to vulnerability, then you can correlate to risk. This is the next step, risk assessment. You need to put a score basically on each one of these devices, a vulnerability score or risk score in order to prioritize action. These two steps are discovery and thinking about the environment. The next two steps are taking action. After you have the prioritized devices discovered on your network, our approach is that you need to lay the land and deploy protections from a preventative perspective. Clarity delivers recommended policies in the form of access control lists or rules that can leverage existing infrastructure without touching a device, without patching it, just to protect it. The next step would be detection and response. Once you have these policies deployed, you also can leverage them to spot policy deviations. And that's where CrowdStrike comes in. So talk about how you guys partner with CrowdStrike, what that integration looks like and what the differentiation is. So actually the integration with CrowdStrike crosses the entire customer journey. It starts with visibility. CrowdStrike can ask exchange data on the asset level. With the announcement during Falcon, with Falcon Discover for IoT, we are really, really proud working on that with CrowdStrike. Traditionally, CrowdStrike discovered and provided data about the IT assets and we did the same thing with CPS and OT. Today with Falcon Discover for IoT and us expanding to the X IoT space, both of us look at all devices but we can discover different things. When you merge these data sets, you have an unparalleled visibility into any environment and specifically OT. The integrations continue and maybe the second spotlight I'll put but without diminishing the other ones is detection and response. As the XDR Alliance, Clarity is very proud to be one of the first partners, XDR Alliance partners for CrowdStrike fitting in to the XDR, to CrowdStrike's XDR, the data that is needed to mitigate and respond and get more context about breaches in these OT environments but also take action. Also trigger action via Clarity and leverage Clarity's network-centric capabilities to respond. We heard a lot, we heard a lot in today's keynote about the data, the importance of data, the graph database. How unique is this step on in the industry, in your view? The uniqueness of what exactly? Of this joint solution, if you will, this capability. I told my counterparts from CrowdStrike yesterday they go to market ones and the product management. If we are successful with Falcon Discover for IoT and that product matures as we plan for it to mature, it will change the industry, the OT security industry for all of us. Not only for Clarity, for all players in the space. And this is why it's so important for us to stay coordinated and support this amazing company to enter the space and provide better security to organizations that really support our lives. We got to leave it there but this is such an important topic. We're seeing in the war in Ukraine, there's a cyber component in the future of war today. And what do they do? They go after critical infrastructure. So protecting that critical infrastructure is so important, especially for a country like the United States which has so much critical infrastructure and a lot to lose. So, Stefan, thanks so much for the work that you're doing. It was great to have you on theCUBE. Thank you. All right, keep it right there. Dave Vellante for theCUBE will be right back from Falcon 22. We're live from the Aria in Las Vegas.