 Welcome back everyone to SuperCloud 3. I'm John Furrier, host of theCUBE. This is SuperCloud 3 security and AI. We're here with CrowdStrike CTO, Ilya Zaitsev. Ilya, thanks for coming on to our SuperCloud 3. We had George on CEO. You guys are in the security game, big time player, SuperCloud, multiple environments, multi-cloud, cloud operations. This is a big part of our theme here. Thanks for coming on. Thanks for having me, John. So I got to ask you, the number one question that comes up is, is multi-cloud real, multiple environment real in cloud operations? We know public cloud and non-premise hybrid, perimeter's dead, more surface area for breaches. You guys are in this business of stopping breaches and more. What is the reality of the whole multiple environment security paradigm right now? Well, you're absolutely right. It's a real thing. And we are seeing the majority of customers are running services in multiple cloud providers. So that might be a combination of, you know, your traditional virtual system, but in many cases they're using a lot of managed services and serverless technologies as well. Database technologies, you know, container hosting environments, serverless functions. Then of course, don't forget all your SaaS applications which are ultimately living in the cloud as well. And that's where a lot of the data and the user activity is occurring now too. And a lot more surface area, a lot more activities being stood up or torn down. The developer role is super important. A lot of new things are happening as the acceleration of digital transformation. And certainly with the AI training, seeing a massive developer surge, I saw a stat just this week that close to 50% of GitHub commits are done by machine. So what is the vision for CrowdStrike in securing these cloud services and workloads across these environments? You got a lot going on. How do you guys look at this? What's the vision? Yeah, there's a couple of areas that we really focus on, John. And one of them is giving that visibility across the full lifecycle of that cloud deployment process. So if you think about, you know, the old days of traditional on-premise security, you know, you've got your developer, they write their code and they've got to go talk to their IT person. Their IT person gets a server, sets it up, you deploy your application. You know, you've got one little place to secure it all. Now we're in the modern cloud environment where first of all the developer with, you know, techniques like infrastructure as code, they're setting up their own infrastructure. They're taking that one application and they're spinning up 1,000, 10,000 copies of it. So there's a couple of things that we focus on. Number one, getting that full lifecycle. So we think this is a key thing that organizations need to focus on. It's not just about protecting the runtime environment. It's not just about the application layer. It's not just about, you know, the infrastructure and the configurations and the misconfigurations. You really want to tie all of those together at number one and you want to do it in one place. Too often I see companies that focus on just one of these pieces and they're missing out on that full protection capability by bringing it all together. There's so much going on in the security posture. You got the application, as you mentioned. Now you got workloads. Then you got stuff in the workload software that's multiple open source packages. You could have some software supply chain risk. You've got the network layer. Then you got the data layer against so much going on, you have to track everything. How do you guys look at the instrumentation of making sure that you have observability into all these areas to manage and look at and protect and detect all these new environments because you've got to look at everything now. And it's not as easy as just pointing it at the network or pointing it at a box anymore. That's correct. So I think you could break it up into maybe three key areas. I'm sure you could figure out a couple ways to slice and dice differently, but let's keep it simple with three. First, you've got all the way, you know, left, right? If you shift all the way left, you've got the developer themselves, the applications that they're building. That's a great opportunity you have there to do some initial assessments. Look for issues in the codes. Do things like container and image scanning. See if there's vulnerable packages. And of course, if I can address it then early on in the life cycle, it saves me a lot of headaches later on once the code actually gets deployed. But guess what? You're never gonna catch everything that early. So then you go to the next stage, right? We're spinning up our cloud services. We're deploying those applications in those containers. I wanna make sure that if there are in fact, misconfigurations, I can identify them, I can address them and I can remediate them. But again, that's never gonna be 100% successful either. Those are all gonna slip through. And ultimately, you are gonna have vulnerable misconfigured applications running in the cloud. And then you want runtime security so you can actually see is an adversary taking advantage of them. And like I said a few minutes ago, the key is combining them all together in a simple, easy way for the analyst to shift back and forth. If I see at runtime that something has occurred, great. I've stopped it then and there. But remember that application may be replicated 10,000 times over. I now have 9,999 other vulnerable applications. Let's not wait for the runtime security to save the day at the last minute. Let's go clean up those vulnerabilities and misconfigurations there. Conversely, if I see I've got a misconfiguration, great. I can go fix my code, but don't I want to then figure out, hey, before I realized that there was a problem, did the adversary take advantage of that in those 10,000 running instances that they access any sensitive data? Did they compromise an account or a credential or access a secret? That's why we think it's really important to combine those viewpoints together as easily as possible for the end user. I like how you brought in the weaved in the different layers from developers down to the actual data points. But you're bringing up two things that jump out of me. I want us to double click on one is, you're talking about scale, right? Massive scale, you're talking about the 10,000. It could be more, but also the billions of observational data points and other scenarios that may or may not be known by all. So AI is a promise we're seeing. You're starting to see automation. You mentioned that in your platform. You guys do a lot of that discussions. What's the AI or automation angle? Because we know humans plus AI is better than just AI by itself. How do you guys look at helping automate and detect? Because, okay, developer might have missed it. It's going to be caught by somebody else. There's too many billions of data points out there. Again, known by some or not by all and maybe by the adversary. Yeah, I really like the way that you put it there. It's the humans plus the AI. That's the real key. I think too often people want to put all their hope and faith into AI and it's going to come in and save the day and we can all go drink our lattes on the beach and take a vacation. That's not the case, right? The adversary is using both. The adversary is not fully automating their attacks. They are taking the best of what humans bring to the table, creativity, ingenuity, and then they're combining it with that ruthlessness of the machine, right? That 24-7 operating at speed, never take a break, never take a vacation. And we think you have to do the same from the defender's perspective. AI is ultimately going to deal with a lot of that velocity. It's going to handle the volume, the known stuff that we see every day, day in, day out. But the thing that a lot of people don't realize about AI, especially some of the newer technologies like generative AI, they're not creative. They can't do things that nobody has ever seen before. They take examples of what others have done, humans, and then they automate it and they repurpose it. So if the adversary is going to be consistently innovating, the humans need to keep up with it as well. And I think one of the biggest advantages we have here at CrowdStrike when it comes to bringing generative AI technologies for the defender is the fact that, and it's a little bit counterintuitive at first, we've been investing in the human side of things for years, literally over a decade. So we have this massive database we've built up of our trained expert analysts interacting with our customers, doing things like explanation, right? One of the, I think one of the most promising applications of AI for the technology going forward is this idea of explainability. Hey, I've got this product tracking these billions of data points and it's working with multiple cloud providers and technologies. You told me something happened. What does it mean? What do I do about it? You need to have a data set first of an actual human explaining that before you can have a generative AI system replicate it. Well, guess what we have at CrowdStrike? We have Overwatch, our managed threat hunting team. We have Falcon Complete, our managed response and remediation team. So we have years of data sitting there. Well, it's not sitting there anymore. It's being leveraged now of our analysts explaining to customers what all this means. Now we can train our generative AI models on that information and have it do it automatically on their behalf. I love that human aspect of the creativity. And it reminds me of, I'm a big multiplayer gaming fan. So you could be great or not. The game is still the game and you the human are playing that game. This is kind of the dynamic. It's a multiplayer game going on with data and the human AI is there for the creative, the human. How do you deploy that scenario? Because this is where I think it's going to go fast with AI, there's some low hanging fruit opportunities. Where does that go first? Where do you see that human kind of playing that defender game, if you will, in the corporation? How does that play out in your mind? How do you see it unfolding? Well, I definitely think it's going to be a multi-stage journey and there's going to be some low hanging fruit. And then we're going to go progressively as an industry after the harder, more challenging things. I think some of the earliest applications that I expect to see pretty common in the marketplace is the assistance aspect, like the democratization, if you will, taking a novice at a particular technology who may have domain expertise. I'm a cybersecurity analyst. I've used product X, product Y before. I know generally speaking how they work, but hey, here's a new technology. Here's CrowdStrike's Falcon platform. And I haven't actually used that before. So what would you do in the old days? Well, you take some training classes, you'd read the documentation, you'd watch someone like me make a YouTube video. But now it's a totally different game. Now you can go to your chat generative AI assistant and say, hey, I know that these products, these technologies can do things like this, generally speaking. I don't know exactly how you do it. And sure, I could learn how to do it, but let me just ask my new AI assistant, can you tell me if there were any new vulnerabilities in my environment this week? And if there are, go and push the patch down, right? Cause I know that that's what these products ultimately do. I don't know the details of the clicking. We can have the artificial intelligence assistants do that, you know, wrote operation for us and do it much quicker than if we had to train ourselves to do it. Elia, that's a great point. In fact, you know, you bring up the democratization. I think what's going to happen. I'd love to get your thoughts. I think that's going to see a huge surge of talent come in because if you go back to old school security, you had to be really strong in computer science, math or some discipline to have the requisite kind of knowledge to kind of compete at the highest levels. Okay, so now you can democratize that. You get someone who's, who might have a creative genius streak in them or just some natural talent that's augmented by the AI assistant or the augmentation by the tech. So I think once that happens, you're going to see at least I see people coming in that might not have to have those super skills because they're either baked in and their job is essentially do something unique and novel in the system. So what's your view on that? Cause I think that's going to be a big, it's not just one of the skills gap issue. It's more of expanding more talent. Absolutely. I think, I think there's probably three lenses. Again, I'll stick with the three theme, right? I think there's three areas that jump out at me. One is what you just mentioned, John. Take the individuals that, you know, don't have that deep expertise and get them started really, really quickly. I know how computers work in general, but I don't have the security specific background, you know, or the tool specific background. So right away, I can be armed in dangerous day one just by having a conversation with the system. Then you take the senior, the senior, you know, the veterans, the experts who actually do know how this technology work. They do it day in, day out, but they can now use the AI assistant to increase their productivity. So yeah, I can go write all these things by hand and make these API calls and do the 10 button clicks. But I know that the AI systems can do this for me. I'll just have a conversation with it and tell it to go do the 10 things in one minute that would normally take me an hour to do. So the productivity of my best individuals is going to be rapidly augmented. And then finally, I think this one is a bit under looked as well. There's the internationalization aspect of it. You know, so much of our tech, like for example, at CrowdStrike, you know, we're a US based company. So naturally we start everything in English. And as we expand out, it's a worldwide marketplace at the end of the day. We have to now localize our products. The interface is the documentation that takes time. It takes, it's expensive. It requires certain expertise. With these generative AI systems, guess what? They're polyglots, right? They speak 30, 40, 50, 60 languages out of the box. I can go ask you the question in Japanese, have it interface with my English language product and APIs and then have the results come back and convert it on the fly to Japanese. And guess what? Now my Japanese SOC analysts can use our product just like an American or an English speaker can, but they may not speak a word of English. I think that's going to be a super security paradigm. And I think that's going to accelerate. If that plays out the way you just said, just take to the next level, next step, which is, okay, massive change in workforce configuration, more talent is in there, culture changes, rapid accelerations of new solutions. It's going to change the makeup of organizations and how they behave. And certainly as data becomes important, this is a big part of our super cloud theme always with the AI as well, is that data and networks and security kind of all play hand in hand, right? You mentioned global, you mentioned security and data. Data looks like security, right? You got to have guardrails, you going to have expertise, there's democratization going on. So, you know, data security and networks are all kind of intersecting. What's your thoughts on that? Because that's something that's not talked about much in the industry is that there's a whole data wave coming that's not about data warehouses or traditional data management. It's about data like security, expertise, pipelining. What's your thoughts around this data, intersection of data and security? Yeah, I mean, I think one of the areas where you see it most apparent today in security is in the realm of XDR, we're getting off. Well, this is still kind of related to cloud of course as well. XDR extended detection response. It's really the new wave and iteration of products where we're recognizing as an industry, we do have all these different systems and technologies and they're creating information and we do want to be able to leverage them all. So these XDR platforms like CrowdStrike, we're allowing you now to combine what we do out of the box with all the other systems and technologies that you've invested in, bring it all together, correlate it. And by the way, tying in the AI piece of it as well. This is I think a big way that we're going to solve the problem because one of the challenges we've had and we've gone through these ways before data lake and SIM, put all the information in one place and now magically all your problems are gone. How did that work out, John? Not very well. The problem is you gotta figure out someone has to actually sit there and figure out what does it all mean? How do you put it together? How do you take one plus one and make three out of it? And it's almost impossible for any one company, any one user to actually be able to do this because they're not gonna be domain experts in all of these different technologies and products. I think that's where AI going back to that topic has a really big part to play because we can start to automatically synthesize and find those connections and take that low, that mental low, that manual processing effort off of the humans and offload that to the machines and let the humans actually deal with the results of that. Focus on the outcomes, not setting up the environment in the first place. Yeah, everyone's talking about security everywhere. You know, that's the theme and the cliche, but if you're going to have digital transformation and that's data everywhere and that's not a data warehouse or product, that's a fact, that's data native. And it's a data product. This is a data industry. Security is data, right? At the end of the day, there's no perimeter and you want to stop breaching. You got to look at everything. I mean, this is really where we're at. I think identity is a huge part of that as well and that's part of the reason why we've made some significant investments in our identity protection capability because when the physical infrastructure starts to dissolve and you're right, it does become a bunch of data living in the cloud and all these different ephemeral SaaS products, one of the few remaining techniques, effective techniques to handle all that is to look at the user. The user is always going to be around, right? You and I aren't hopefully going anywhere anytime soon. So let's follow the user. Let's look at their login patterns. Let's look at the systems that they're accessing and we can now implement controls there that might be difficult otherwise because, you know, the perimeter is going away, the firewall isn't as relevant anymore. The user is still, you know, king or queen. My final question for Ilya is, you know, you got data, you got contextual and behavioral data. Now you got AI, you got training and inference. Pattern going on here. You got a lot of action happening. How do you look at all this? You guys have a platform for it. What should, what do you think about that concepts and how should customers start thinking about the architecture of how they do business when they want to have not just security everywhere but data native, new applications taking advantage of it. You got to have that. You got to have the data contextual behavior but now you got inference and training as now the new thing coming in. Yeah, I mean, I think one of the challenges that organizations have had in the first wave of migration to the cloud and adopting these new technologies is they don't really take a good hard look at the way you should be building an environment to take advantage of them. They're porting over their legacy applications and legacy technologies and they're missing out a lot of opportunities to redo things the right way. If you look at cloud development, sure I could take my old on-premise system and then just put in a virtual environment in the cloud but if I really want to get the most out of it, I want to break it up into microservices and get a proper cloud native architecture. Security is very similar in that regard. Too often as people gravitate towards these new technologies, they're going down the route of implementing them first and then a year or two or five years later they think about, well, how do we secure it all? It's a lot easier if you bake it in from the get-go. That's by the way part of what one of the areas that we focus on with cloud security. We want to be seamless. We don't want the developers to know that they have to think about how do I integrate CrowdStrike into my environment? We're just going to hook into their CI CD pipelines and scan all their workloads. We're going to be running on their container host and giving them runtime protection. All they have to do is deploy their application. They don't even have to know that CrowdStrike is there. We're taking care of them. We're watching behind the scenes and we're going to keep them safe. But of course it's a lot easier if you're building that security in by design versus trying to attack it on later. Yeah, and the whole super cloud wave's all about abstracting away the complexities, making it invisible, you know, security as code, whatever you want to call it, it's going to be seamless and easy and fast. Absolutely. Ilya, thanks for coming on Super Cloud 3. Really appreciate their master class you just put on there. Appreciate it. We'll do a deep dive in our security conversations for the rest of the year. We're going to be doing more of these chats around the deep dive and unpacking issues around some of the core things and congratulations on all your success. We'll see you at Falcon too. We'll be there. Thank you, John. It's been a pleasure. I look looking forward to seeing you at Falcon. Okay, Super Cloud 3. I'm John Furrier, host of Security Plus AI. We'll be right back after the short break.