 Hello everyone and welcome to Falcon 2022 CrowdStrike's big user conference. You're watching theCUBE. My name is Dave Vellante. I'm here with my co-host David Nicholson. CrowdStrike is a company that was founded over 10 years ago. It's about 11 years, almost to the day. They're a $2 billion company in revenue terms. They're growing at about 60% a year. They've got a path. They've committed to Wall Street. They got a path to $5 billion by mid-decade. They got a $40 billion market cap. They're free cash flow positive and trying to build essentially a generational company with a very growing TAM and a modern platform. CrowdStrike has the fundamental belief that the unstoppable breach is a myth. David Nicholson, even though CISOs don't believe that, CrowdStrike is on a mission, right? I didn't hear the phrase zero trust mentioned in the keynote. What was mentioned was this idea that CrowdStrike isn't simply a tool, it's a platform. And obviously takes a platform to get to $5 billion. Yeah, so let's talk about the keynote. George Kurtz, the CEO came on. I thought the keynote was measured, but very substantive. It was not a lot of hype in there. Most security conferences, the two exceptions are this one and reinforce Amazon's big security conference. Stephen Schmidt, the first time I was at a reinforce, said all this narrative about security is such a bad industry and we're not doing a great job and it's so scary. That doesn't help the industry. George Kurtz sort of took a similar message. And you know what, Dave, when I think of security, outside the context of IT, I think of like security guards. Like protecting the billionaires, right? That's a powerful, positive thing. It's not really a defensive movement, even though it is defensive. But so that was kind of his posture there. But he talked about essentially what I call, not his words, permanent changes in the cyber defense industry subsequent to the pandemic. Again, he didn't specifically mention the pandemic, but he alluded to this new world that we live in. Falcon has a hundred sessions, eight tracks, and really his contention is, we're in the early innings. These guys got 20,000 customers and I think they got the potential to have hundreds of thousands. Yeah, yeah, so if I'm working with a security company, I want them to be measured. I'm not looking for hype. I don't want those guards to be in disco shirts. I want them in black suits. So, you know, so the point about measured is I think a positive one. I was struck by the competence of the people who are on stage today. I have seen very, very large companies become kind of bureaucratic and sometimes you don't get the best of the best up on stage. And we saw a lot of impressive folks. Yeah, Michael Santonis get up before we get to him. So a couple of points that Kurt's made. He said digital transformation is needed to bring modern architectures to IT and that brings modern security. And he laid out that whole sort of old way, new way, very Andy Jassy like old guard, new guard. He didn't hit on it that hard, but he basically said security is all about mitigating risk. And he mentioned that the CISO, I say CISO, he says CISO or CISO, has a seat at the board now. Many CISOs are board level participants and then he went into the sort of four pillars of workload and the areas that they focus on. So workload to them is endpoint identity and then data. They don't touch network security. That's where they partner with the likes of CISCO and Palo Alto Networks. But then they went deep into identity threat protection data, which is their observability platform from an acquisition called Humio. And then they went big time into XDR. We're going to talk about all this stuff. He said data is the new digital currency. Talked a lot about how they're now renaming Humio log scale. That's their Splunk killer. We're going to talk about that all week. And he talked a little bit about the single agent architecture that is kind of the lynchpin of CrowdStrike's architecture. And then Michael Santonis, the CTO came on and did a deep dive into each of those and really went deep into XDR, extended detection and response, XDR building on EDR. Yeah, I think the subject of XDR is something we'll be touching on a lot, I think, in the next two days. I thought the extension into observability was very, very interesting. When you look at performance metrics, where things are gathering those things in and being able to use a single agent to do so, that speaks to this idea that they are a platform and not just a tool. It's easy to say that you aspire to be a platform. I think that's a proof point. On the subject, by the way, of their fundamental architecture, over the years there have been times when saying that your infrastructure requires an agent, that would have been a deal killer. People say, no agents. They've stuck to their guns because they know that the best way to deliver what they deliver is to have an agent in the environment, and it has proven to be the right strategy. Well, this is one of the things I want to explore with the technical architects that come on here today is how do you build a lightweight agent that can do everything that you say it's going to do? Because they started out at end point and then they've extended it to all these other modules. Identity, they're now into observability. They've got this data platform. They just announced the acquisition of another company. They bought Pre-empt, which is their identity. They announced Reposify, which is extends the observability and gives them visualization or visibility. And I'm like, how do you keep an agent lightweight? That's one of the things I want to better understand. And then the other is, as you get into XDR, I thought Michael Santonis was pretty interesting at Black Hat last month. He did a little video, you know, a man in the street, what's XDR, what's XDR, what's XDR? I thought the best response was somebody said a holistic approach to end point security. And so it's really an evolution of EDR. So we're going to talk about that. But how do you keep an agent lightweight and still support all these other capabilities? That's something I really want to dig into, you know, without getting bloated. Yeah, yeah, I think it's all about the TLA's, Dave. It's about SDKs and APIs and having an ecosystem of partners that will look at the lightweight agent and then develop around it. Again, going back to the idea of platform. It's critical. If you're trying to do it all on your own, you get bloat. If you try to be all things to all people with your agent, if you try to reverse engineer every capability that's out there, it doesn't work. Well, that's one of the things that again, I want to explore because CrowdStrike's trying to be a generational company in the breaking analysis we published this week. One of the things I said, in order to be a generational company, you have to have a strong ecosystem. Now the ecosystem here is respectable, you know, but it's obviously not AWS class. I think Snowflake is a really good example. ServiceNow, this feels to me like ServiceNow circa 2013. And we've seen how ServiceNow has evolved. You know, Okta bought Auth0 to give them the developer angle. We heard a little bit about a developer platform today. I want to dig into that some more. And we heard a lot about everybody hates their DLP. I want to get rid of my DLP, data loss prevention. And so, and the same thing with the SIM. One of the ETR round table, Eric Bradley, our colleague, had a round table and said, if it weren't for the compliance requirements, I would replace my SIM with XDR. And so that's again, another interesting topic. CrowdStrike, cloud native, lightweight agent, you know, some really interesting tuck-in acquisitions, great go-to market. You know, not super hype, just product that works and gets stuff done, you know, seems to have a really good bright future. Yeah, no, I would agree. Definitely no hype necessary, just constant execution moving forward. It's clearly something that will be increasingly in demand. Another subject that came up that I thought was interesting in the keynote was this idea of security for elections, extending into the realm of misinformation and disinformation, which are both very, very loaded terms. It'll be very interesting to see how security works its way into that realm in the future. Where, nope. Yeah, yeah, yeah. Yeah, this guy, Kevin Mandia, who is the CEO of Mandiant, which just got acquired. Google just closed the deal for $5.4 billion. I thought that was kind of like, by the way. I thought Mandiant was worth more than that. Still a good number. But, and Kevin, you know, was the founder and they were self-funded. Yeah, impressive. But I thought he was really impressive. He talked about election security in terms of hardening, you know, the election infrastructure. But then, boom, he went right to what I see as the biggest issue, disinformation. And so I'm sitting there asking myself, okay, how do you deal with that? And what he talked about was mapping network effects and monitoring network effects to see who's pumping the disinformation and building career streams to really monitor those network effects. Positive, you know, factual or non-factional, factual network or information. Because a lot of times, you know, networks will pump factual information to build credibility, right? They get street cred, earn that trust, you know what I'm talking about, zero trust, and then pump disinformation into the network. So they've now got a track. We have Kevin Mandion later with Sean Henry, who's the CSO, yeah, the CSO, or CSO, Chief Security Officer of CrowdStrike. More TLA's. Well, so you can think of it as almost the modern equivalent of the political ad where the candidate at the end says, I support this ad or I stand behind whatever's in this ad. Forget about trying to define what is dis or misinformation, what is opinion versus fact. Let's have a standard for finding, for exposing where the information is coming from. So if you could see, if you're reading something, and there is something that is easily decodable that says this information is coming from a troll farm of a thousand pots, and you can sort of examine the underlying ethos behind where this information is coming from, and you can take that into consideration. Personally, I'm not a believer in trying to filter stuff out, put the garbage out there, just make sure people know where the garbage is coming from so they can make decisions about it. So I got a thought on that, because Kevin Mandion touched on, and again, I want to ask about this. He said, so this whole idea of these, detecting the bots and monitoring the networks, then he said, I think he said something effective, you can go on the offensive, and I'm thinking, okay, what does that mean? So for instance, you see it all the time. Anytime I see some kind of fact put out there, I got to start reading the comments, because I like to see both sides, I'm right down the middle, and you'll go down and like 40 comments down, you're like, oh, this is fake, this video was edited, and then a bunch of other people, but then the bots take over and that gets buried. So maybe going on the offensive is to your point, go ahead and put it out there, but then the bots, the positive bots say, okay, by the way, this is fake news, this is an edited video, FYI, and this is who put it out, and here's the bot graph or something like that, and then you attack the bots with more bots, and then now everybody can sort of see it, and it's not like you don't have to email your friend and say, hey dude, this is fake news. Do some research. Put the research out there in volume, is what you're saying? Yeah, so it's just, I thought it was an interesting segue into another area of security, under the heading of election security, that is fraught with a lot of danger if done wrong. If done incorrectly, you get into the realm of opinion making, and we should be free to see information, but we also should have access to information about where the information is coming from. The other narrative that you hear, so everything's down today again, and I haven't checked lately, but security generally, we wrote about this in our breaking analysis, security somewhat has held up in the stock market better than the broad tech market, why? And the premise is, George Kurtz said this on the last conference call, earnings call, that security is non-discretionary. At the same time, he did say that sales cycles are getting a little longer, but we see this as a positive for CrowdStrike because CrowdStrike, their mission or one of their missions is to consolidate all these point tools. We've talked many, many times in theCUBE, and in breaking analysis, and on SiliconANGLE in a Wikibon, how the security business is too many point tools. You know this as a former CTO. And now you've got all these stovepipes. The number one challenge the CISOs face is lack of talent. CrowdStrike's premises, they can consolidate that with the Falcon platform and have a single point of control, single pane of glass to use that bromide. So the question is, is security really non-discretionary? My answer to that is yes and no. It is to a sense because security's the number one priority. You can't be lax on security, but at the same time, the CISO doesn't have an open checkbook. He or she can't just say, okay, I need this, I need that, I need this. There's other competing initiatives that have to be taken in balance. And so we've seen in the ETR spending data, by the way, everything's up relative to where it was pre, right at the pandemic, right? When pandemic year, everything was flat to down. Everything's really up last year, I don't know, 8, 10%. It was expected to be up 8% this year. Let's call it 6 to 7% in 21. We were calling for 7 to 8% this year. It's back down to like 4, 5% now. It's still healthy, but it's softer. People are being more circumspect. People aren't sure about what the Fed's going to do next. Interest rates, you know, loom large. Lot of uncertainty out there. So in that sense, I would say security is not non-discretionary. Sorry for the double negative. What's your take? I think it's less discretionary. Food, water, air, non-discretionary. And then you move away from sort of gradations from that point. I would say that, yeah, it falls into the category of less discretionary, which is a good place to be. Dave Nicholson, Dave Vellante here. Two days of wall-to-wall coverage at Falcon 2022, CrowdStrike's big user conference. We got some great guests. Keep it right there, we'll be right back right after this show break.