 Hello and welcome to this special cube conversation. I'm Dave Nicholson and this is part of our continuing coverage of Google Cloud Next 2021. I have two very special guests with me. And we're going to talk about the topic of security. I have Sunil Padi, who is Vice President and General Manager of Google Cloud Security, who in a previous life had senior leadership roles at Nutanix and Citrix, along with Lior Div, who is the CEO and co-founder of Cyber Reason. Lior was formerly a commander in the much famed Unit 8200, part of the Israeli Defense Forces, where he was actually a Medal of Honor recipient. Very honored to have him here this morning. Sunil and Lior, welcome to the cube. Sunil, welcome back to the cube. Yeah, great to be here, David. And to be in the presence of a Medal of Honor recipient, by the way. A good friend of mine, Lior. Good to be here. Well, good to have both of you here. So I'm the kind of person who likes my dessert before my entree. So why don't we just get right to it? The two of you are here to announce something very, very significant in the field of security. Sunil, do you want to start us out? What are we here to talk about? Yeah, I mean, I think maybe, you know, just to set the context, as many of you know about a decade ago, a nation's sponsored attack, you know, actually got into Google plus a whole bunch of tech companies. You know, the project Aurora was quite, you know, infamous for a superior time. And actually Google realized almost a decade ago that, you know, security can't just be a side thing. It has to be the primary thing, including one of the co-founders becoming for lack of a better word, the chief security officer for a while. But one of the key takeaways from that whole incident was that, look, you have to be able to detect everything and trust nothing. And the underpinning for at least one of them led to this whole zero trust architectures that everybody now knows about. And the other part, which is not as popular, at least in industry vernacular, but in many ways equally important and some ways more important is the fact that you need to be able to detect everything so that you can actually respond. And that led to the formation of, you know, a project internal to Google to actually say that, look, let's democratize storage and make sure that nobody has to pay for capturing security events. So that was the formation of this new industry concept called a security data lake and Chronicle was born. And then as we started evolving that over into the enterprise segment, partnering with, you know, cyber reason. On the one hand, created a one plus one equals three synergy between say the presence around what do you detect from the endpoint but also generally just so happens that as you will tell you, the cyber reason technology happens to start with endpoint but it's actually the core tech is on detecting events, but doing it in a smart way to actually respond to them in much more of a contextual manner. And just that, you know, synergy between, you know, a world class planet scale, you know, security data lake, forming the foundation and integrating, you know, in much more cohesive way with cyber reasons detection response offering. So that spirit was actually that this is the first step of a long journey to really hit the reset button in terms of going from reactive mode of security to a proactive mode of security, especially in a nation state sponsored attack So maybe, Leon, you can speak a few minutes on that as well. Absolutely. So, as you said, I'm coming from a background of nation state hacking so for us at cyber reason it's not for what the Russian is doing, what the Chinese are doing on a daily basis and the grind ransomware curtail that's happening right now in Russia. When we looked at it, we said then cyber reason is very famous by our endpoint detection and response capability. But when we establish cyber reason we started the cyber reason on a core, almost fundamental idea of finding malicious operation we call it the mall of idea. So instead of looking for alerts or instead of looking for just pieces of data, we want to find the hackers we want to find the attack, we want to be able to tell basically the full story of what's going on. In order to do that we build the inside cyber reason, basically from day one the ability to analyze any data in real time, in order to stitch it into the story of the melt the malicious operation. And what we realize very quickly that while our solution can process more than 27 trillion events a week. We cannot feed it fast enough just from endpoint, and we're kind of blind when it's come to the rest of the attack surface. So we're looking to be honest, quite a while for the best technology that can feed this engine, and to as Sunil said the one plus one equal three or four or five to be able to fight against those hackers so in this journey. We found basically chronicle, and the combination of the scale that chronicle bringing the ability to feed the engine and together basically to be able to find those hackers in real time, and real time is very very important. And then to response to those type of attack. So basically, what is exciting here, we created a solution that is five time faster than any solution that exists right now in the market. And most importantly, it's enabled us to reverse the adversary advantage, and basically to find them and to push them out. So we're moving from hey just to tell you a story to actually prevent hackers to being in your environment. So, Lior, can you, I want to double click on that just just a little bit. Can you give give us a kind of a concrete example of this difference between simply receiving alerts, and and actually, you know, taking taking correlate creating correlations, and and actually creating actionable proactive intelligence, can you give us an example of that working in in the real world. So we can start from a simple example of ransomware by the time that I will tell you that the reason ransomware your environment and I will send an alert. It will be five computers that encrypted and by the time that you going to look at the alert it's going to be 5000 basically machine that are encrypted, and by the time that you will do something, it's going to be already too little too late and this is just a simple example. So preventing that thing from happening. This is critical and very timely manner in order to prevent the damage of ransomware. But if you go aside from ransomware, and you look for example for that the attack like solar wind. Basically, the purpose of this attack was not to create damage it was espionage. The Russian wanted to collect data on our government. And this is kind of the main purpose that they did this attack. The ability to be able to say hey right now there is a penetration. This is the step that they're doing, and there is five ways to push them out of the environment and actually doing it. This is something that today it's done manually. And with the power of chronicle and cyber reason we can do it automatically and that's the massive difference. Sunil are there specific industries that should be really interested in this or is this is this a broad set of folks that should be impacted. In some ways, the saying these days to Lear's point of ransomware is that if a customer or enterprise has a reasonable top line revenue, you're a target to some extent. In that sense, especially given that this has moved from pure espionage or, you know, whether it be in a government oriented or industrial espionage to a financial fraud. Then, at that point in time, it applies to pretty much a wide gamut of industries, not just financial services or, you know, critical infrastructure companies like oil and gas pipeline or whatever it could be like any company that has any sort of IP that they feel drives their top line business is now a target for such a tax. So when you talk about the idea of partnership and creating something out of a collaboration, what's the meat behind this? What are you guys doing beyond saying, you know, hey, Sunil, Leor, these guys really like each other and they respect what the other is doing? What's going on behind the scenes? What are you actually implementing here moving forward? So every partnership is starting with love, so it's good. But then it needs to translate to really kind of pure value to our customers and pure value coming from deep integration when it's come to the product. So basically what will happen is every piece of data that we can collect at Cyber reason from endpoint, any piece of data that the Chronicle can collect from any log that exists in the world. So basically this is kind of covering the whole attack surface. So first we have access to every piece of information across the full attack surface. Then the main question is, okay, once you collect all this data, what you're going to do with it? And most of companies or all the companies today, they don't have an answer. They're saying, oh, we're going to issue an alert and we hope that there is a smart person behind the keyboard that can understand what just happened and make a decision. And with this partnership and with this integration, basically we're not asking and outsourcing the question what to do to the user. We're giving them the answer. We're telling them, hey, this is the story of that that this is all the pieces that's going on right now. And in most cases we're going to say, hey, and by the way, we just stopped it. So you can prevent it from the future. When will people be able to leverage this capability in an integrated way? And by the way, restate how this is going to market as an integrated solution. What is, what is the, what is, what are we going to call this moving forward? So basically this is the cyber reason XDR powered by Chronicle. And we are very, very happy about it. And I think just to add to that, I would say, look, the meta strategy here and the way it'll manifest is in this offering that comes out in early 2022 is that if you think about it today, you know, a classical quote unquote security pipeline is to detect, you know, analyze and then respond. Obviously, you know, just just doing those three in a good way is hard doing it in real time at scale is even harder. And just that itself was where cyber reason and Chronicle would add real value where we are able to collect a lot of events, react in real time. But a couple of things that I think that, you know, to Leo's original point of why this is probably going to be a little for game changer in the years to come is we're trying to change that from detect, analyze, respond to detect, and anticipate. So because ultimately that's really how we can change, you know, the profile from being reactive in a world of ransomware or anything else to being proactive against a nation sponsored or nations influenced attacks because they're not going to stop right. So the only way to do this is to rather than just go batten up the hatches is just really, you know, change, change the profile of how you'll actually anticipate what they were probably going to do in six months or 12 months. And so the the graph technology that powers the heart of, you know, cyber reason is going to be intricately woven in with the contextual information that Chronicle can get so that the intermediate step is not just about analysis but it's about truly understanding the overall strategy that has been employed in the past to predict what could happen in the future. So therefore then actions could be taken downstream that you can now say, Hey, most likely this these five buckets have this kind of personal connection data is a reasonable chance that, you know, if they're exposed to the internet, then as you create more such buckets in that project, you're going to be susceptible to more ransomware attacks or some other attacks right. And that's the, the kind of thinking of the transformation that we're trying to bring out with this joint talk. This concept of mallops and cyber reason itself. You weren't just born yesterday you've been you've been you have thousands of customers around the globe. He doesn't look like he was born. I know I know I know well you know it used to be that the ideal candidate for a CEO of a startup company was someone who dropped out of Stanford. I think it's getting to the point where it's people who refused admission to Stanford. So the dawn of the 14 year old CEO it's just it's just around the corner. But, but Leo, do you get frustrated when you see, you know, when you become aware of circumstances that would not have happened. Have they implemented your technology as it exists today. Yeah, we have for this year it was a really frustrating year that starting with solar wind. If you analyze the code of solar wind and we did it but other did it as well. Basically the Russian were checking if cyber reason is installed on the machine. And if you were installed on the machine they decided to stop that back. This is something that first it was a great compliment for us from, you know, our not friend from the other side that decided to stop that back. But on a serious note it's like we were pissed because if people were using this technology, we know that they're not going to be attacked. When we analyze it we realize that we have three different way to find the solar wind hackers in a three different way. So this is just one example and then the next example in the colonial pipeline hack. We were the one that found dark side as a group that were hacking. We were the first one that release a research on them, and we showed how we can prevent the basically what they're doing with our technology. So, when you see kind of those type of just to example and we have many of them on a daily basis. We just know that we have the technology in order to do that. Now, when we're combining the chronicle technology into the technology that we already have, we basically can reverse the adversary advantage. This is something that you're not doing in a single day. But this is something that really give power to the defenders to the communities of CISO that exist kind of across the US. And I believe that if we're going to join forces and lean into this community and basically push the solution out, the ability for us to fight against those cartels, specifically the ransomware cartels, it's going to be massive. This time next year, when we are in Google cloud next 2022. Are you guys going to come back on and offer up the we told you so awards because once this is actually out there and readily available the combination of chronicle and cyber reasons technology. It's going to be hard for some CISOs to have an excuse. It may be it may be uncomfortable to know that they could have kept the door secure, but didn't. Yeah, where's that bad business is that bad business to hand out awards for doing dumb things. I don't know about, you know, a version of Darwin awards probably don't make sense, but but generally speaking, so I do think, you know, we're all like, as citizens in this right because, you know, we talk about customers. I mean, you know, alphabet and Google is a customer in some ways cyber reason is a customer the cube is a customer right so I think, I think the rubber hitting the road a year from now will be we should we should do this where I don't know if the cube does more than two folks at the same time. David, but we should. I mean, I'm sure we'll have enough to have at least a half a dozen in the room to kind of talk about the solution because I think the, you know, as you can imagine this thing didn't materialize. I mean, it's been being cooked for a while between yours team and our team and in fact it was inspired by feedback from some joint customers out in the market and all that good stuff. So, so a year from now I think the best thing would be not just having customers to talk about the solution but to really talk about that transformation from respond to anticipate and do they feel better on their security posture in a world that they know, like and I think we should probably spend a few minutes on this is, I think we're on the tip of the sphere of this nation state. And what we've just seen in the last few years is what maybe the nation states have seen over two decades ago, they're going to run those playbooks on the enterprise for the next decade or so. We'll talk about that for a minute. It's, it's really, you know, just to continue the Sunni thought it's really about finding the unknown, because what's happening on the other side it's like specifically China and Russia, and lately we saw Iran starting to gain power. Basically, their job is to become better and better, and to basically innovate and create a new type of attack on a daily basis as technology is evolved so basically there is a very simple equation, as we're using more technology and relying on technology, the other side going to exploit it in order to gain more power as soon as and create financial damage, but it's important to say that this evolution, it's not going to stop. This is just the beginning, and a lot of the data that was belong just to government against government fight, basically lived in the past few years. The criminal is starting to use it as well. So, in a sense, if you think about it what's happening right now, there is basically a cold war that nobody is talking about it, between kind of the giant that everybody is hacking everybody. And in the crossfire, we see all of those enterprises across the world. It was not a surprise that, you know, after the Biden and Putin meeting, suddenly it was a quiet it was no ransomware for six weeks. And after something changing the politics, suddenly we can see a crying kind of attack when it's come to ransomware that we know that was directed from Russia in order to create pressure on the US economy. Sunil, wrap us up. What are your final thoughts and what's the big takeaway here? No, I think, you know, I think the key thing for everyone to know is, look, I think we are going into an era of state sponsored. We have to pay as much as Pionage as much as threat vectors that affect every business. And so, in many ways, the chiefs, this chief information security officer, the chief risk officer, in many ways the CEO and the board now have to pay attention to this topic, and they paid attention to mobile 15 years ago as a transformation thing, or maybe cloud 10 years ago. I think cyber has been one of those, it's sort of like the wireless era, David, like it existed in the 90s, but didn't really break around until iPhone hit, or the world of consumerization really took off, right. And I think we are the tip of the spear of that cyber really becoming like the era of mobile for 15 years ago. And so I think that's the, if there's like a big takeaway, I think, yes, there's lots of solutions, good news is great innovations are coming through companies like cyber reason working with, you know, proven providers like Google and so forth. And so there's a lot of like support in the ecosystem, but I think if there was one takeaway that was that everybody should just be ready internalize, we don't have to be paranoid about it, but we anticipate that this is going to be a long game that we'll have to play together. Well, with that, taking off my journalist hat for a moment and putting on my citizen hat. It's reassuring to know that we have really smart people working on this. Because when we talk about critical infrastructure control systems and things like that being under threat. That's more significant than simply having your social security number stolen in a data breach. So with that, I'd like to thank you, Sunil Lior. Thank you so much for joining us on this special Cube conversation. This is Dave Nicholson signing off from our continuing coverage of Google Cloud Next 2021.