 Hey everyone, welcome to theCUBE's second day of coverage of CrowdStrike Dalcon 23. Live from Caesars Palace in Las Vegas, we've been talking all things cybersecurity, AI services, customers, partners, you name it, Lisa Martin here with Dave Vellante. We've got Deloitte on next, going to be digging into some interesting topics. Chris Richter joins us, global detect and respond leader. Chris, welcome to theCUBE. Thank you, happy to be here. So as we, the landscape that we're all living in technology-wise, it's so fast-paced today, right? Cloud adoption has become a game changer for a lot of businesses, but it's also presenting some risk. Talk about that from, what are some of the risks out there that you're seeing in the business landscape? Well, you can't eliminate risk 100%. So it's always increasing. And one of the things that George said a couple of days ago, is that cloud is just the evolution of technology. It continues. So we are being forced into the cloud and we're bringing risk with us. It's never going to go away. It's a fact of life. So many of the risks on the surface to businesses are very much the same, but they take on a different type of perspective. The attack surface actually grows. You're much more exposed to many more bad actors who have increased access to higher bandwidth capabilities. They have increased access to training to become better hackers. So the risks are manifold as you move into the cloud. It's definitely a more complicated situation with the cloud. It's the cloud has kind of become the first line of defense, but you got the shared responsibility model. You got multiple clouds. So you have multiple shared responsibility models. And then when you go into the organization, you've got the SecOps team, the IT team. Now you have the application development team that's being asked to shift left. And all that's designed to protect the users. And then you got audit, which is like the last line of defense. And so this is an increasingly complex situation, more touch points, more lines of communication that have to be created. So you guys must love all this complexity. How do you help solve that? So our biggest adversary is complexity actually. So as we move to the cloud, as our organizations are moving to the cloud, we are constantly looking for ways to simplify, reduce complexity because complexity is the friend of the hacker. They actually take advantage of multitudes of security controls and products. And we have a lot of organizations that are going through mergers and acquisitions and handling different identities and different privileges. It becomes a playground for bad actors to take advantage and go and swim between those silos of complexity and confusion to take advantage of organizations. And they tend to be really good at finding the weak spot, the weakest link in exploiting that. So as we move to the cloud, yeah, we're looking for better security controls. We're looking for better sophistication, but at the same time, we're trying to simplify the manage of it because the easier it is to manage, the more simplified it becomes, the better you are to protect yourself from attack. Now, that sounds very high level, but moving to the cloud actually helps with that progress. There are ways to make sure that moving to the cloud, as opposed to being diversified with on-prem in multiple different locations, it actually can help if you do it the right way. It reminds me of like football analogy. You got a really good offense, right? If you play man to man, they're going to flood the zone and they're going to find an open man. If you play zone, you're going to leave seams open. Kelsey's going to find that seam. They're going to connect. It's like this constant plugging of holes. And how many do you put on the secondary, right? You're right. And so you have to be situational. You have to adjust. So can you help us understand the scope of Deloitte's security practice? Sure. So Deloitte has been in cybersecurity for decades. We're rated number one MSSP by MSSP Alert. That's just this year. We are rated number one in cybersecurity consulting by Gartner this year. So we are a leader in cybersecurity. We have over 3,000 cybersecurity professionals in just the detect and respond part of our business globally alone. So we've been at this for a long time. You combine that cybersecurity expertise with our consulting expertise. Of course, our famous tax and audit business. We understand how businesses operate. We understand what is important to business. Security, the outcomes of security have to be meaningful for the business. So we feel that we're at a very good position understanding cybersecurity on the one hand, but also understanding what's important for our clients from a business perspective. Because that's what they're looking for. They're looking not just for outcomes and X number of detections and time to resolution. They're actually looking for business outcomes that are created by proper cybersecurity controls and management, if that makes sense. How important or relevant is the industry in which you're serving your customers? Like the difference between a manufacturing or an IoT or an operations technology driven business versus say a financial services business and how do you accommodate those different sort of special situations? Well, I always like to say that cybersecurity is the second international language or universal language. So the same kind of issues persist. The only difference is the attack surface is different. OT, you've got different type of attack surface and financial services you tend to have in a different type of attack surfaces. But many of the exploits are the same and you still have to have the same security strategy in place without a security strategy and a proper governance model. Everything falls apart. We're in an arms race right now with hackers and I've seen so many point solutions thrown out in different directions. You can't throw money at this problem to make it go away. It's just not going to work. You have to have a governance structure and manage the security policies properly. How important is it? It's vitally important. And we're seeing an increase in OT, cybersecurity controls the importance of it because it's all over the news. We see what can happen if an OT system is compromised, especially in critical infrastructure. It could be disastrous. But buying a widget and putting it out there and washing your hands, maybe you check a compliance box. I think that you're done. Is it going to solve the problem? One of the things that Mike Santana's talked about during his keynote this morning, I don't know if you had a chance to see it, was he talked about why security is so hard. He talked about cost, the cost of all these point solutions, the cost of resources to try to integrate things, he talked about the complexity as obviously, and you talked about too, was one of the adversary's best friends. And then he talked about the third C was catastrophe. Nobody wants to be that next headline like we just saw here in Vegas in the last 10 days. Talk a little bit about the partnership with CrowdStrike and maybe some of the cloud service providers. What Deloitte is doing to help customers really be able to detect and respond to get more from reactive to proactive since the threats just continue to get smarter. So, great question. So as I mentioned, Deloitte is a MSSP leader, managed security services provider leader. Our own business with MS, managed security services is evolving very rapidly. You talked about shift left earlier in application development. We're seeing a shift to the edge. So the old MSSP model was collect the logs, use a sim tool to do correlation and analysis and look for evidence of a breach or evidence that something might be going on. Still very, very valid and important function. What CrowdStrike has provided to our managed extended detection and response service is it has shifted detection and prevention to the edge to the endpoint. So instead of relying on indicators of compromise, which is the MSSP model, CrowdStrike has allowed us to shift to an indicator of attack. So the attack can happen as it's discovered at the endpoint where the attack surface is and not only at servers and laptops, mobile devices, but also in cloud workloads and internal identity systems as well. So they have helped us cover the gaps in the spectrum of the MITRE attack framework, for example. CrowdStrike can help us address all of those tactics on behalf of our clients and do it in a lightning fast way. I love the fact that CrowdStrike focuses on the adversary. Instead of waiting for the attack to come hit, CrowdStrike goes after the adversary, understands their motives, their tool set and modifies its approach and its tools to meet it at the edge, as opposed to trying to defeat it once it's already inside the environment. So we've structured our managed service around that philosophy. Yeah, it's like, again, football analogy, try to take away the strength of your opponent and that's maybe more of an offensive, defensive approach. Better to sack the porter back than to tackle the runner, the one-yard model. So AWS, they just announced today and the keynote won the partner of the year award. I'm sure you guys were in the mix. And you actually are two awards, right? Well, actually talk about that before I ask my question. Yeah, so CrowdStrike recognized us as the system integrator of the year in the US and as the global leader for ELP, the Elevate Partner Program, which has benefited us tremendously and our clients as well. And as it pertains to AWS, you are in the mix with this Convert Security solution, which I'd love for you to talk about because you're using AWS tooling. Yes. Security Lake, I'm interested in what AI, et cetera, but what is that, how do you go to market with that and what does it do for customers? So Convert Security is basically a constellation of security controls, leaning edge security controls and processes that make it easier for our clients to achieve cloud transformation in a secure manner. All the while, helping them ensure that they are achieving compliance control requirements. So two very important aspects. Convert Security brings the best of Deloitte cybersecurity and the best of AWS cybersecurity. You mentioned AI and analytics tools that they bring to the mix. So look, I mean, a while back, we got together with AWS and we realized sitting at the table that AWS is the number one cloud provider on the planet. Deloitte is the leading cybersecurity consulting firm at MSSP in existence. We have CrowdStrike, the leader in endpoint security. We really ought to do something together. We ought to find a way to do this and make the lives of our clients and organizations around the world easier. And we think that shifting to the cloud, yes, it does come with risks, but at the same time, it helps clients, first of all, they have to go there, but it helps them achieve security at the speed of business. And it also addresses the four main concerns that we hear from clients day in and day out. One is they want better security efficacy. You know, there's been a lot of promises made by a lot of security vendors out there and what ends up happening is you pointed out earlier is that you install all of this cybersecurity technical debt. You end up with people leaving. You can't hire new people who know how to run it. You've got to pay maintenance charges to support that infrastructure. And meanwhile, I just read an interesting research between now and 2025, the end of 2025, there are going to be 3.5 million unfilled security roles out there, very difficult to do that. Meanwhile, what do I do with all this stuff that I have? Converged security helps us consolidate that in the cloud. And it provides our goal is for it to provide better security efficacy overall. The second thing is reduce complexity. And we talked about complexity quite a bit. Move away from the endpoints, have a managed structured security lake with all the security and analytics tools at clients disposal, at the service providers disposal, that pulls in the best of the ecosystem partners that we have out there, such as CrowdStrike, to move from a construct of a bevy of best in breed products to a best in platform construct. So best in platform is what we believe in. We think platform, cybersecurity platforms, as George said the other day, is the future. That's where we're going with it. The other piece is the business outcomes. So we need to have really good outcomes. And then the fourth piece is the value of the service. It can't be where we keep spending more and more money. To the point, I mean I've heard some organizations say that 20, 25% of their IT budget to spend on cybersecurity, that is insane. It should not be that high. So we got to bring down that percentage, improve security efficacy, and deliver outcomes that help the business. You know, wouldn't it be great if we had, if there was an intersection between reducing the CISO stress level, because this arguably the most stressful job on the planet. You look at the lifespan of an average CISO. Do things that make his or her life easier so they can sleep better. And those same things actually help their organizations' business grow and become more productive. When you have those two objectives working in parallel, that's a nirvana state. That's what we at Deloitte want to see happen. You know, it's interesting you say that, Chris, because I go to, I've been at, I think, every reinforce, which is AWS's security conference. And when I go to conferences like this, I always listen, okay, what am I hearing that it makes the CISO's life easier? Now it's interesting, I walk away from reinforce, no offense to my friends who made it to us going, I'm hearing some good stuff that they're doing, but what are they doing to make the CISO's life easier? That's where you come in. And this is why AWS is such a great ecosystem because they leave a lot of meat in the bone, Lisa, for partners. And so, now, of course, at a conference like CrowdStrike, the products, you know, pretty awesome. So, but I have to ask you. So, Converged Security is AWS Security Lake, AWS Geni, which I guess SageMaker, other analytics tools, I presume in the future, it's going to be a bevy of selections from Bedrock and Titan and Code Whisperer, all that stuff, right? All that stuff, that's all coming. And in your basic platform, as a SaaS, right? Our platform, as a SaaS offering, our consulting services, our cybersecurity consulting, and our threat hunting tools and techniques that we also use. So, AWS makes the threat hunting piece a lot faster. It allows us to store almost unlimited amounts of data that we, in the security lake, that we can use in our hunting tools and techniques. And the outcome, the outcome that we're striving for is better security efficacy, better value, better business process and outcomes for our clients. So, but you come in with this highly opinionated package of services and software and capabilities. And with a strong recommendation that we're going to apply, actually, I'm sure you work backwards, what's your problem, understand it, and when there's a fit. But you guys are agnostic, right? You have to be as a services player. So, if a customer says, well, I'm running the Google Cloud or Azure or I'm using Sentinel-1 for my endpoint, what do you do in that case? We adjust? Yeah. Yeah, I mean, Deloitte is really good at going into client environments, understanding their ecosystem. We don't rip the Band-Aid and do a forklift shift. That's not the reality of the business world. All of our clients have existing legacy. They have technical debt. They have different tools, tools that they love. In not all cases, are they going to be a one-cloud company? Most companies have multiple clouds and they do it for resiliency. Converged security gives them a path to integrate all of their security telemetry in one place and apply best-in-class, best-of-breed tools in an integrated platform to address their issues. We can pull telemetry from any cloud, any cloud workload into security life. Do you have a favorite case study example of converged security that really shines the value on what you're able to enable customers to achieve and increasing that security efficacy, enabling business outcomes? Any story, even by customer name or by industry that comes to mind, you're smiling. You must have many. Well, I will tell you that we're in a lot of conversations with clients right now about converged security and our own cyber analytics engine, which is a component of converged security. What we're seeing right now is that storage of security telemetry data, unstructured data can be very expensive, especially if you hold on to it for a long time. As the attack surface grows, things like OT, different website presences, marketplaces, you name it, all of that data contains valuable information about the potential security attack and also your security posture. So I'm smiling because we're talking to a number of clients who are actually looking to improve security performance and reduce their costs. So long-term storage and better analytics performance, faster threat hunting is something that is attracting clients to us with regard to converged security. It's evolving so quickly, it makes me smile because the outcomes are very, very good. And I mentioned at the beginning of this conversation that we're in an arms race. AI is one of the core components of converged security. It is fantastic, but at the same time, our adversaries are using AI as well, and they're using it very effectively. So, converged security, I believe, is absolutely necessary for us to stay a little bit ahead of what our adversaries are doing. And there's other things on the roadmap that we're adding to converged security that I can't discuss, but it's in anticipation of where our adversaries are going. And AWS and CrowdStrike are right there on the journey along with us. Sounds like a great partnership there that's going to be really making a huge difference across industries. Chris, we appreciate you joining us on theCUBE, talking about what Deloitte is doing and the partnership with Converged Security will keep our eyes peeled and listen to hear more. Thank you for your time. My pleasure, thanks Chris. All right, for Chris and Dave Malante, Lisa Martin here reporting from theCUBE Live. CrowdStrike Falcon 23, stick around. Our next guest joins us in just a minute. Dell and Intel, we don't want to miss it.