 Welcome back, everyone, to theCUBE's live coverage of MYs here in our nation's capital. I am your host, Rebecca Knight, along with my co-host and analyst, Rob Streche. We're joined by Eric Dorr. He is the VP of Engineering for Cloud Security at Google Cloud. Thanks so much for coming on the show, Eric. I'm very excited to be here. So, before the cameras were rolling, we were talking about the integration and how it's going. And you said this is really the first time that we're seeing evidence of these two companies coming together. Unpack that a little bit for our viewers. Yeah, I think we were talking in the context of one of the product announcements we made yesterday, which was we announced a thing we call the applied threat intelligence, which is part of Chronicle. And really, there's a couple of things that are really powerful about this. The first is that the old way to do security is you'd have a team of people that are researching threats and threat actors. You have a team of people who are operating your security controls. People who are researching within painstakingly figure out how to go track or defend. And that's like the speed of 2010, not the speed of 2023 or 2024 or 2025. And so, applied threat intelligence taking everything Mandiant knows about threat actors. Everything Google knows about threat actors from defending billions of Chrome users, billions of Gmail users. And then programmatically integrating that into our Chronicle security operations platform so that it's automatically finding bad behavior. And even the extreme breach where we might have a Mandiant incident responder at a company finding something new and novel today, we put that into our system. And in under 30 minutes, that'll be matching if there's any of that behavior in your ecosystem. And that kind of speed, that's what it takes in today's world. But I'd say it's not the norm. And so we're really excited about that and how that kind of takes all the pieces of Google and Mandiant and brings it together into something that's really new and solves a real problem that security organizations have. Yeah, I mean that totally makes sense to me and to Rebecca and that makes sense to allow you to go wider and go to not as sophisticated customers. Is that kind of the intent of bringing Mandiant and Google and all of it together? Yeah, it's certainly a piece of it. What I'd say is a lot of parts of the world aren't satisfied with their existing security setup. And you've got an increasing, increasingly hostile geopolitical landscape, proliferation of cyber crime. It's a tough world to defend against. And so we're certainly hoping to help a lot of our customers do a lot better. So how are these updates going to benefit these customers? As you said, it's a big bad world out there and it's only getting harder to defend against these threats. Yeah, in the context of, we've obviously been talking a lot about AI and generative AI over the last year. And in the context of that, we tried to frame what we see are the core problems in cybersecurity and came up with our own way of talking about it. We talk about toil, talent, and threats, right? And, because it's alliterative and it's fun. But the, and you basically look at it and say, mostly I'd zoom in to kind of the toil and the talent and say, the average security job sucks. And what we hear from a lot of people is they might love the mission, but they hate their job. And why? Because their job has a tremendous amount of toil. Manual actions, copy and paste, road actions over and over. And if you can take some of that out, if you can make it so the human is doing things that humans are good at and let the computers do the things that they're good at, the road tasks, the automated tasks, there's a big benefit. And the other pieces around talent, we mean it's been well publicized, there's, depending on who you trust, hundreds of thousands or millions of open cybersecurity jobs, we're just not filling those. And so how can we take the people who are in those jobs and make them more productive? How can we make the people that are getting in and get them to ramp up more quickly and be more productive? There's just a tremendous opportunity there. And Generative AI is a piece of that puzzle. I mean, there's other pieces of the puzzle as well. Yeah, we actually talked with Kevin a little bit about that this morning and a couple others as well, but tell us what's new with Chronicle security operations. I think you made some announcements around that. Yeah, so there are a couple of things I'd highlight. I already mentioned one of them, which is the supplied threat intel, this notion that it's baked in, it's got the broadest and deepest visibility of bad threats and what threat actors are doing that anybody has between the optics that Google has and what Mandy and C's from the front lines of the worst of breaches and making that all automated and not requiring a separate team to go figure stuff out at the speed of slow humans. The second big thing is we announced that we brought this together into a unified, what we call modern security operations platform. And so some of this is the culmination of a prior acquisition we made of a company called Simplify, which does orchestration and response. Many of the Mandy and software components have now been brought together into a coherent platform that includes things like our attack surface, attack surface management, which is an, you know, this is like the outside in view of what's happening, what a bad guy can see of your infrastructure and how that can be brought in context as you are responding to an event. And all that comes together in a way that's really meaningful. Of course, due at AI and all the great things we're doing with AI, which we announced a lot of that at Next a few weeks ago, but there's kind of a- I'm just going to bring that up. Yeah, yeah, yeah, we'll get there. We'll get there. Yeah, exactly. But then the final thing I'd say is some amazing partnerships. And just a quick note on that, you know, Sentinel-1 and CoreLite are two partnerships we announced kind of expanding what we're doing with those folks. And this is something that's been, I'll say, a really beautiful part of coming into Google. I came in a little less than a year and a half ago, which is this really deep-seated understanding that we're all in this together. We're all fighting the same bad actors. And you've got to have really strong partnerships and kind of quote-unquote lock shields with them in order for us as an industry to move forward. And so it's really great to see the expansion here with these partners and lots more we're going to do. So how do you get that kind of mindset, that kind of shared faith, shared responsibility with all of these companies who are also ostensibly competitors too? I mean, maybe doing slightly different things. But I mean, what you are talking about sounds pretty inspirational and maybe even aspirational for the rest of the industry. Why is it, is it just because it is, as you said, a really rough geopolitical landscape that the future just looks so scary that we all need to band together? Or is there something else going on about the mindset that's created in cybersecurity? Yeah, I mean, I do think that cybersecurity compared to most industries, I think does a better job of kind of co-opetition than maybe in other cases. I think for Google specifically, Google got serious about helping people with their security problems four or five years ago. Obviously Google has been focused on internal security for a long time. And there's a benefit when you approach a market as a relative newcomer, which is you get to pick where you're going to engage and what problem you're going to focus on and you don't have any of the innovators' dilemma problem, right? But what I would say is if you look at, if you look broadly at security, our point of view is there's a lot of stuff that's just broken. If you look, let me pick one example. I don't know of any other market where your budget today could be say twice what it was five years ago and the outcomes are worse. It's like buying a car and saying, I bought a car today, it's $10,000, it gets 50 miles a gallon, five years later you buy a car, it's $20,000 and it gets 10 miles of a gallon. You'd be outraged as a consumer if that happened. And yet that's the norm in cybersecurity for the average CISO and the average organization. We're coming in and saying, look it doesn't have to be that way. There's some like-minded partners who are saying we can band together and do stuff together and we're making progress I think, but we have a long way to go as an industry. And like you said, you actually joined from one of those partners as I understand you came over from Microsoft and brought some of that. So it's nice to see, because I think Microsoft is on stage in a little bit at one of the keynotes as well. And I think that's truly unique. I think to this is the ecosystem and that whole ecosystem, I got to say that has blown me away at how much of an ecosystem play has been at this event. But one of the things that goes along with ecosystem is especially when you're doing integrations and trying to bring things together at the engineering level is sometimes it becomes complex and how do you make it simple? So how are you making it simple for the customers to really take advantage of Chronicle and really all of the tooling that Mandy has brought to bear? Yeah, as you said, it is a journey and it is sometimes complicated. But again, I'd look at it and say, in a past job, I was a defender myself trying running the sock for Azure and kind of helping stitch together the right tools and the right resources. So I kind of feel like I have an emotional understanding of what that's like that is helpful at times. I'd say a lot of CISOs kind of describe their life as they buy a set of things, a truck comes, dumps a set of Legos on their driveway and now they might have all the Legos but they got to put it together. And how much time do you want to spend putting together things versus doing your job, doing your real job? Certainly what we're trying to do is be very outcome focused and say, you've got a job to do. The technology is there to accelerate that job and how can we pull together things so that they just work? Easy to say that. Lots of people say, oh, we're going to make it just work. We're going to do integration. But I think we've been laser focused particularly on the things we've been building at Google and then as we've made these acquisitions and take the amazing IP and technology and expertise that we've gotten from these acquisitions. How do you fuse it together into something that's truly unique but really focused on up leveling the defender and helping them do their job better, helping them be safer? How do you describe the mood of the average CISO today and sort of what you're hearing, the conversations you're having here at MYs? What are sort of the dominant themes that are emerging? Yeah, first thought, mood of the CISO grumpy. Okay, all right. The mood of the CISO when they talk to us, often hopeful. Okay, all right. So, you know, I think that, you know, it's a really hard job being a CISO and there's kind of, what's the adage about the defenders have to win every day and the bad actors only have to be right once, right? Well, they're kind of a similar thing which is the CISO only has to fail once for it to be pretty bad, right? Yeah, career ending. So I think it's a really hard job. I think that more and more as we talk to customers, they're seeing that we're coming with a different approach that we're turning upside down some of the kind of conventional wisdom. An example of this is just kind of the founders of Chronicle had a very simple but very profound insight which is that the way that the industry looks at data for security is broken. Because people look at it as a scarce, expensive thing where you have to pick and choose what data you're going to do, what you're going to keep, how long you're going to keep, you have whole teams of people in large organizations and that's what they do. And we said, if you turn that upside down and just say, we'll build a solution that can scale with all the data that matters to you, index it quickly, search quickly, it's a different world. And because we built the foundation, right? We can do that economically so that people are paying a reasonable amount of money for those capabilities. It changes the game, it sounds small but it's so fundamental because when you do that, you can't be smart about what's happening if you don't actually have all the data. And most organizations can't afford to actually have all the data given the tools they're using. So you get those basics right, you get the foundation right. It's not that the rest is easy but the rest is possible. And I'd say re-imagining what security can be as possible. Which I think that's the hope that I see in some of these conversations when we talk is they are seeing, oh, maybe there is a light at the end of the tunnel. To my job being easy, but to my job being possible maybe. Yeah, you just don't want it to be a train at the end of the tunnel, of course. But I think you brought up a really good point and I think what we get a lot when we travel around is how do the security companies also keep the data secure? And because you're collecting so much data about these companies and you have, like you said, we had Jeff Reed on earlier about the attack surface management. It's like that's pretty important information and I would expect that you spend a lot of time thinking about how do we keep this security secure for our customers as well. Yeah, for sure. I think there's two dimensions of that. One is the controls we give customers to protect their data and have their data managed, however they want. Simple example, the data residency that a lot of customers who say, I'm in this country and I want all the data that to originate in this country to stay in this country, these are the kinds of controls we've been building into across Google Cloud and across our security business and kind of build it from the bottom up so that's everywhere. And I think the other thing then is of course the work we do to make sure our own infrastructure is super resilient and we have some of the best red teams in the world, some of the best internal security teams and of course we get to eat our own dog food and use all of the best technology and in many cases the tech we built for ourselves is some of what we're saying, hey, this is, we think, very, very helpful and something that's better than the state of the art and how can we bring that to customers so that they can take advantage of that. Eric, thanks so much for coming on theCUBE. It was my pleasure, thanks. I'm Rebecca Knight for Rob Stretche. Stay tuned for more of theCUBE's live coverage of MYs coming up after this short break.