 Hi everybody, we're wrapping up day two of AWS Reinforced. theCUBE's continuous coverage, my business partner John Furrier and co-host is actually in Monaco. Getting ready to do a big crypto show over there so they'll be reporting from there tomorrow. Check that out on theCUBE.net. Jeff Swain is here, he's the Vice President of Global Programs, Stor and Tech Alliances at CrowdStrike. Jeff, thanks for coming on. Thanks, David. So, tell us about your role, what's Stor. Help us understand that. Yeah, so CrowdStrike has a CrowdStrike store, which is effectively a marketplace within our application and also available externally that allows customers to be able to review, decide and trial products, not only from CrowdStrike, but also from our third party partners. So wherever we have a tech alliance, a customer can come in, see the value of the integration, see how it works on our platform and the third parties platform, and then go and request a trial. So it's a very easy and dynamic way for a customer to understand the joint value proposition that CrowdStrike has with various other vendors and our own products as well. So your role is to bring all these cool tech companies together and create incremental value? Yes, we believe that the ecosystem is really a natural evolution of what's happened in terms of the CrowdStrike story. If you think that we started out with a very simple product that in the very early days, 10, 11 years ago, service company built a product. That product then became a platform with various modules in it. The next evolution of that is expanding out beyond our own platform and working into other areas of interest and value. So that's where the ecosystem comes into play. So you have to underpin that with some automations, things like marketplaces and stores. You have to have integrations in place, joint applications and commercial vehicles to make that work. So I was walking around the other day and it caught my eye and I sat there and listened for a better part of the presentation. Had to get back and do the queue, but it was a presentation between a CrowdStrike expert and an Okta expert. Better together was the whole thing. And then they were describing how you guys complement each other. So that would be an example. A perfect example. I mean, we compliment Okta and Okta compliments us for very, in various different ways. And in fact, we sort of assemble that into different narratives that work well for our customers. So as an example with Okta, we work very well with them in zero trust. So we have a zero trust narrative that talks about how it works with Okta and also Zscaler. In fact, we have an alliance through the Cloud Security Alliance where we're working to build practitioner guides, build a community of value across the different products to bring zero trust into some standardized reference architectures and some standardized training that brings all of our products together for the user. We example of one of the narratives that we have. They'd also play in our XDR narrative. Obviously, XDR helps us bring telemetry in from different products. And again, we use XDR right across various tech alliances. So you take zero trust. You'll take the concept of least privilege and you'll apply that to what? To endpoint, to using identity with Zscaler, you bring the Cloud component. Correct. So then we're actually able to see how someone's traversing the entire organization. We can see who they are, we can see where they land, we can see what data they're accessing, where they're accessing it. Gather a whole bunch of different telemetry around that and provide the security team with the ability to be able to see what someone's doing and force the access rights as and where they need to. See any anomalies or anomalous behavior within that and close it down before anything bad happens. So zero trust is a really important part of our narratives. And you have these plays or narratives with a bunch of ecosystem partners, right? Correct. So tick log management. Yup. Maybe add some context to that. So around that, you may know we acquired Humio. Right. And around that, obviously we have to be able to ingest and have bridges out to a large variety of different platforms to be able to ship data into our platform. I mean, one of the values of Humio is its ability to massively scale and very easily and cheaply bring a lot of data into a simple place and have very fast searching. Well, what are you searching? You got to go and have data sources. So, you know, very quickly we've built out a large number of integrations with, I think, over 30 partners to easily bring data into the Humio platform to let customers be able to have that advantage. So what role does AWS play in all this? AWS is a fantastic role in both coordinating some of this in terms of, especially through the marketplace, the ability to coordinate our transactions between us and help us work together from a transactional basis and help the customer procure the right solutions together. But also, AWS's nature, natural inclination towards innovation means they like to work with partners who are especially partners who are on their platform to drive a lot of innovation to build out how customers are bringing more data together obviously that's beneficial to them in terms of the volumes of data that go and compute that go across the AWS platform. But also, they encourage us to work together. They, in some cases, invest in those integrations. They work with programs. They bring in third-party reseller programs through CPPO. So it gives us a platform, gives us innovation. It gives us some structure. It's been really exciting working with them. Now, talk about CrowdStrike and your cloud strategy. How would you describe your cloud strategy? So we've been cloud native from day one. It's one of the founding principles of CrowdStrike as we were set up by a founder. So two elements, cloud native and a single agent. Those two design principles have not been broken by us at any point through our history. It's very important that we stick to those two principles. Our cloud was born in AWS. And they've been supportive of us right through our growth period. So we started out with one module. As I said, now we have 23 different modules. And we're continually growing that. We also then have a lot of support for the cloud. So helping us understand what's happening within cloud environments so that our customers are better protected. In fact, the show here, we've announced two separate incremental products to the cloud space. One that's very much focused on adding better container or better visibility inside containers in our CNAP product. And another area around how we do our threat hunting across the cloud. So we have a team of threat hunters, global best practitioners who hunt right across our customers' environments. We have a whole bunch of additional cloud telemetry. So that's been included into our overwatch threat hunting. So you'll ingest data from multiple clouds, right? You're running on AWS. Yes. But you can take data from anywhere. From anywhere. Including on-prem? So our sensor sits on laptops, servers, virtual servers, devices wherever they need to set. And then it needs to be cloud connected. It comes into our cloud. So we can take information from instances in any cloud environment and any laptop, pretty much bringing them in. And that's how it works, but it's a single cloud. I mean, our value proposition is that huge graph, threat graph that we've built over the years. Trillions and trillions of events per day that we're now searching and using AI technologies to weed out what's good and what's bad. Yeah, so CrowdStrike, obviously, we've reported on CrowdStrike in breaking analysis. A lot of CrowdStrike, Zscaler, Octa, a number of other of those companies. You're partnering with all of those guys, which is quite interesting. Yeah. You're all growing, you know, really nice clips. I wonder, I always wonder in these situations, okay, as things get bigger and bigger and growth slows, we haven't seen that. We saw the cloud growth accelerating during the pandemic. Yeah. But you wonder, you see it all the time in this industry is companies get big, they start doing M&A, they start getting it to adjacencies, you know, Google, Apple, you know, Cisco, VMware. Do you think you'll ever see a collision course with all these wonderful partners? Are we years away from that? I think we're very careful with how we partner and who we partner with. Obviously, we have discussions on what our future plans are to make sure that what we partner on is beneficial to both sides. CrowdStrike itself, we're growing all the time. You know, our platform has grown, as I said, the modules have grown. But in general, what we've found is that our partners are taking the journey with us. It's one of the advantages of the success that we've had is most of the partners want to be part of that journey rather than sort of trying to go ahead on. But you know, there's always opportunities for us to have open conversations and real dialogue to make sure that we do the right thing for the customer. And that's what drives everything that we do. You know, we're focused on the right products for the right customers. What's Reinforce been like? What's the experience been? What's your takeaways from the show? It's been a really excellent show for us in terms of getting out, meeting a lot of customers at a very decent senior level here. It actually has been very, very worthwhile. We've had great response to the announcements that we've made. There's been a lot of activity through the booth, which is always great to see. From actually from a partnership perspective, from my world, you know, I've had a large number of really great meetings with the AWS leadership as well about what we can do together. And the future looks really bright. Who's the, when you think, and thinking about, and I know you're not, you know, selling direct, but when you think about the constituencies, when you think about all the partners in your ecosystem that you're building and collaborating with, who do you guys collectively talk to? Who do you appeal to? Is it the CISO? Is it the, you know, other security practitioners? Is it the line of business? Is it the CIO, architect? Who are the actors that you're sort of collaborating with and your customers side? It's really interesting, obviously, because there's different personas depending on what it is that we're doing. Someone who's really interested in our log management narrative, for example, is probably going to be maybe from the DevOps team or from that area for CNAP. It's going to be someone in the cloud architecture, cloud security architecture space. Zero trust, again, will be someone who's got a bit of an identity area and privacy to them as well. A lot of this comes up to the CISO and that's often our, you know, our economic buyer would be in that space, but one of the things we have to do is we go into adjacent markets, is learn the personas there and understand their habits and their buying cycles and build value propositions that work for those people. So, it's an ongoing exercise. How do you see the CISO role evolving, given, you know, cloud, one of my takeaways from this event is like, I feel like cloud is becoming the first line of defense. The CISO and the developers are becoming the second line of defense. Audit is like the third line of defense. Some people agree with that, some people disagree, merit bear. I said, no, no, it's all integrated into one thing. And I'm like, no, it's not, but okay. But how is the CISO role evolving given that the cloud is becoming so much more prominent today? I think it's at this point everyone said, you know, the CISO needs to evolve to being a direct member of the, directly responsible to the board. This is something that we've all said for many years. If you look at what we see in the threat reports, if you look at what we're seeing from the threat landscape, you know, the volume of threats that are coming through and not diminishing in any way, but in fact, the size and the impact of what they're doing is getting worse. So the risk that's being experienced is just getting worse all the time. However, we have different options for resolving that issue. You can go down a services-led path with an MDR player like our Falcon Complete process, or you can go down with an MSP. So the CISO's role is now not just on what products and how to use them to best defend, but also what products, what services are available. What am I going to invest in my team versus what am I going to push to a third party to look after for me? And we're seeing more and more companies going up the enterprise stack, trusting us and our Falcon Complete team with parts of their defense portfolio. So I think that role, you know, the CISO's role is developing all the time into something that's portfolio-oriented, how am I getting value for service as well as value for money from products. It's a really interesting development. In terms of what they have to deal with, you know, I still think that the visibility that you see from the endpoint is where the crown jewels are. Still, it's where the data is. And I think that's really why CrowdStrike is a unique proposition in that space. It's what we protect. So when you say the endpoint is where the data is, playing a picture of that? Well, if you think about it, if an actor is after a personal information or IP, they're often going to be going down to the laptop or the virtual instance level to look for that within it. The weakest part we've always said is people. And the more open you are with that, the wider your audience there, the more risk you carry within that space. You know, we don't think endpoints are laptops or phones, you know, servers, compute instances inside the cloud. They're all endpoints to us. Workloads is a better word, in fact. Those work... So what's a better word? Workloads. Workloads, okay. Yeah, we often talk about workloads rather than endpoints. Is a data store an endpoint? Yeah, if there's computer, I don't know if it's basically, it's a workload where we can put a sensor. How about a backup corpus? A backup corpus of data. Well, I think if there's a place that we can put a sensor on it to see whether it's being active or not, and we can track the telemetry from it, we would consider that. A sensor would be an agent? Yeah, an agent, yeah. Okay, and you said single agent. We have one agent that runs all of our products this week, and one of the design principles is the basics of our company. Because one of the things that we've seen, tell me if you don't see this, is that a lot of times ransomware attackers will go after the backup corpus and disable it. Yeah. Because once you get that, you can't recover. 100%. Yeah, and they'll encrypt all the data in the network, and then they'll hold the backup corpus hostage. This is one of the great advantages of how CrowdStrike and how our platform works, in fact. A lot of other vendors talk in terms of known bad, known good, and indicators of compromise, right? I know this IP address has been compromised. I know that anything originating from here is bad. What CrowdStrike looks at is we've built up a very, very substantial library of what we call indicators of attack. Indicators of attack are looking at the potential for attack and whether that in conjunction, that specific piece of telemetry in conjunction with others, makes the attack more likely. So, for example, if someone opens an email, we don't think that's necessarily a risk point, right? But if someone opens an email and they click on an attachment, we think, well, maybe that happens billions of times a day, so still not bad. But if that then spools up a process, and if that process then starts to enumerate hard drives and start to look for backups, we're getting more suspicious all the time, and if they then cause an encryption routine, we can be pretty certain at that point that what we've got in play is a ransomware attack. By looking at the holistic attack, at the whole process of it, and having that sort of fingerprint of what that may look like, and in combining that with our knowledge of bad actors, our intelligence in the field, we've got a very good view on what may happen there. So, exactly to your point, if we see someone going after backups as part of a wider process, that helps us identify that something bad is about to happen in terms of ransomware attack allows us to take action against it, put in the appropriate containment or blocking. And then, explain, so when people hear agent, they're like, oh, another agent to manage, but I was talking to somebody the other day and said, no, we're going to integrate with the CrowdStrike agent because it's so robust. And what we're doing, which is agent list, it's good, it's lightweight, but we can't get the data, so explain that. So there's a trade-off, right? I mean, you've got to manage an agent, right? But obviously it's working, your customers are adopting. So it's an extremely lightweight agent. That's always been the premise for this. And I think when George founded the company, one of the things he noticed was how long it was taking for someone to scan, it'd get through a scan while they were trying to get an email out before a plane took off. And he said, we can't have this. So he was looking at how do we make this as light as possible. And so that's one of been a principle for us right from day one. And you're right, third parties do want to leverage our agent because of its robustness. We look at pretty much everything that's happening as a telemetry event. Once the power hits the CPU through till it drops out. So we've got a very rich knowledge of what's happening on every single device or workload that's out there. And it's very usable for other people. As far as the customer's concerned, if a third party can use that information rather than have to deploy another agent, that's a huge win for the customer. I think we all know that proliferation of agents hurts. And that was the old way of doing things. People would acquire products and try and bundle them together and what they ended up with multiple agents competing for resources on the system by having one agent well-defined, well-architected. What we have is a modern software architecture to solve modern problems. Okay, so last question. When during the pandemic, we noticed that everything changed, obviously work from home, remote work, and the implications on the CISO were these permanent changes. And we reported on this in breaking analysis and other, except for endpoint, you guys, crowd strike. Identity, octa, got a boost. Cloud security, Z-scaler, got a boost. Rethinking the network. Network security became top of mind. And that we said is these are permanent changes. But now as we exit, but they were rushed. As we exit the isolation economy, what can we expect going forward? I think to our ear point, the ability for us to work across all of those areas and work better, you know, everyone was very much concentrating on delivering their own product as best as they could, as quickly as they could to meet the demands of the pandemic. Now we can go through a place of making sure that we work really, really well together as different units to solve the customer problem. So trim some of the fat out of any integrations that we may have built quickly to solve a problem. Now we can focus on doing it really well. What we're seeing is a proliferation in our world of more applications in our store. So tighter integration inside our UI with our third party products. And a lot of demand for that. So really that the customer experience is as seamless as possible. We talk about, you know, frictionless. It's what we want to see. And that's, you know, the boost that the disruption got from the pandemic was a fantastic start to the innovation. Right now we have the opportunity to bring everything together to really solve some excellent problems for customers and make the world a safer place. Jeff, great summary. Thank you for coming on. I'm going to give my quick take on this reinforcement. I think very clearly AWS is enforcing the notion that security is job one for them. From the nitro chip, you know, all the way up, the stack, all the way through the culture. I mean, I think we heard that at this event. I think you heard, you know, some great announcements, a lot of stuff around, you know, threat detection and automation and reasoning, which is great. I don't think you heard a lot on how AWS are making the CISOs life simpler. I think a lot of that goes to the ecosystem, maybe. But the other thing is AWS leaving a lot of room, a lot of meat in the bone, as we like to say sometimes for the ecosystem. You know, security is a good example. I mean, you know, Microsoft makes a lot of money on security, AWS doesn't make a ton of money in security. It's just sort of comes with it. I think we're also seeing the changing role of the CISO. I think the cloud is becoming the first line of defense. CISO and developers, the next line audit is really the third line and developer, the developer role is becoming increasingly important and frankly, sophisticated. They got to worry about securing the containers. They got to worry about the runtime. They have to worry about the platform as a service. And so, you know, developers need the team with the security operations team. So that's kind of my takeaway here. I think the event was good. It was not, it wasn't oversubscribed. I think people in Boston this time of year are at the beach. Whereas last 2019, you know, it was June and so you had a bigger attendance. But that's kind of my takeaway. Anything you'd add to that, Jeff? I think the quality has been here. You know, maybe not the quantity, the quality has certainly been here. I think, you know, there is a lot of innovation that's happening in the security industry. I think AWS has got some good products that they're helping deliver. But as you said, they're there to help us support us and the other ISVs to really come together and build our best of breed overall solution that helps our customers. And solve some of that complexity that you're seeing and some of that uncertainty you're seeing is who has to solve what problem in the stack. Yeah, well, thanks for that. Thanks for helping me wrap up here. The security space remains one that's highly fragmented, highly complex. Lack of talent is the problem that most organizations have, Lena Smart of MongoDB doesn't have that problem. Nor does AWS, I guess, because they're AWS and Mongo. But that's a wrap here from day two, theCube. Go to theCube.net, you'll see all these videos. YouTube.com slash SiliconANGLE, if you want, you know, the YouTube link. Yeah, you can go there, SiliconANGLE.com is where we publish all the news of the day, wikibon.com for the research. This is Dave Vellante, look for John Furrier from Monaco at the crypto event all this week. And we will see you next time. Thanks for watching.