Hello and welcome back to Navigating the Road to Cyber Resiliency. This is the Summit made possible by Dell Technologies, and this is the analyst angle, Rob Stretcher and Shelly Kramer, who are the two managing directors of the Cube Research and Advisory. And of course, John Ferrier. Guys, thanks for spending some time here. We're going to wrap up before we get to the eco ecosystem speaks, but Shelly, I want to start with you. You've been sort of monitoring throughout the day. You just, you, you're just about to release a new podcast series with Joe Peterson, who's pretty deep engineering expert around around cybersecurity. I know it's been an area that you've looked at for, for a while. What, what are your takeaways from this summit? What are the things that you, you learned that people should be aware of? You know, it's interesting. I feel like whenever I, first of all, it was a ton of great content, but I feel like every time I listen to these conversations, these are not new conversations. You know, we've been talking about the need for security to be a foundational element for years. We've been talking about observability, we've been talking about endpoint management, mean, we've been talking about all of these things. And I think perhaps that the advent of Gen AI has maybe even sped up even more, the need to get our arms around all this stuff, because as you mentioned earlier, hackers aren't sitting around. I mean, they are looking for every opportunity to maximize opportunities. They're patient in many instances, they're funded by nation states, so we have a lot of work to do. Yeah. And we found out, we, from Wendy Whitmore, they take vacation. It's just not when we're on vacation. They like to do things when we're on vacation. Yeah. It's the hacking season. >> Absolutely. Well, you know, the, the, the, the sort of tongue in cheek joke is, is Patch Tuesday is Hack Wednesday. But that's the other thing that we're hearing is that the breakout time is compressing. Right. So it's like down to, you know, hours, you know, sometimes even shorter. So speed really matters, doesn't it? Yeah, Yeah. I think there's both the speed aspect and the longevity and how long these operators are in your environment, and the fact that the regulations may or may not keep up with that. And when do you notify, when do you even know that you've been attacked or you're in? And I, I think understanding that you still have to have those guardrails in place. It can't be a shift, shift left or shift right. Type of thing. It has to be organizational. Yeah. It has to take platform engineering into account because you have many different places to go. Now, John, I want to get your take on ai. I mean, it's something that you've, you've not only, you know, thought about it, written about it, you helped build it. How do you think it applies to security? We had Supercloud earlier this year where the focus was on AI and security. Yeah. In just a few short months, things have changed and things come into focus. What about ai? I think Shelly pointed out, based on her research, it's the same conversations, but it's been upleveled with edge gen AI changes the scope and changes the order of magnitude and the problem scope. So I think Gen AI totally changes the game on velocity. So for the good guys and bad guys, it also changes the organizational aspect too. Rob pointed that out in, in his comment. The organizations are struggling right now because things like the MGM hack are combination of poor technology selection and just organizational mismanagement. Just from the, the, the pace of play of security at AWS reinvent, if you remember, we interviewed their top security guy on the cube, and Amazon now has one security organization for their entire company, not AWS Amazon. And what that means is they're looking at it as a holistic thing, not a series of siloed CISOs.

It's a, it's a organization across the entire company under Steve Schmidt, chief Security Officer. And what that points to is that the organizations are zooming out to take a big step forward, right? So I think Gen AI is going to force organizations to think differently. So they don't have the problem with the MGMA, Rob Besley pointed that out. Who's the pioneer behind this program that organizations have to decide? And if they had Dell, they probably would've better recovery like Caesar's did. So you start to see the organizational changes, because Gen AI completely changes the pace of play. There is no AppSec review for bad guys. They just launch, if it doesn't work, they launch again. So companies have to have a high bar. And so they're fighting organizational slow speed versus hacker speed. Again, hackers try it doesn't work. They go back to the well. And so their ability to throw stuff out at, at the walls is, is there, so again, this is the fight fire with Fire Z has pointed that out on the last analyst angle. So to me, gen AI absolutely changes the pace of the attacks and gives you the opportunity for the companies to defend themselves better. So it's going to be interesting to watch and how that changes the, the, the organization. Yeah. You Know, Shelly, I want to ask you, 'cause I, I think that when I think about the, the objectives of the Cube research, and I think about your background in customer experience, I think there's an opportunity, and I'd love to get your thoughts on this, on transforming the SOC analyst experience, listening to John talk about ai, AI is going to change. I mean, we always hear about how they're like air traffic controllers and their eyes are bleeding, but Right. But, but do you think that the industry can bring, you know, best in class consumer customer experience that we've seen evolve over the last decade to the SOC analyst? Well, I think we have to. I mean, you know, it's, it's funny when you were talking, John, I had just had a vision in my head of a game of whack-a-Mole, you know, and that's what it fe that's what I think it must feel like to be a CSO right now. Like, oh crap, what's going on here? You know? And, and that's really where Gen AI plays such an important role. And I think really having the right technology solutions in place and the right support is super important. I think though, beyond just the SOC operations and the ciso, this is a board level issue. And when I was preparing for a webcast that I did this weekend that's not yet live, I came across some interesting information. It was a research, research that was done by a VC firm, night Dragon with the Diligent Institute, which is a software company.

And the research that they released did it, they did an analysis of the board competition of the s and p 500 and those boards, 88% of the directors on those boards of some of the biggest companies in the world had no directors with cybersecurity experience. Wow. So we're, we're operating in a realm of people making decisions at the highest levels within our organizations have no real knowledge, certainly no expertise. And so, you know, but they're making policies and leadership decisions and things like that. So I think that we need to start there and understand that this is a top down and organization wide issue. And yes, we can provide better support, but it also comes with senior leadership, really understanding the severity of this issue. Yeah. And, and playing off of that, and I think going towards how you were talking about gen AI changing things and how whack-a-mole and all of the different things that keep popping up. I think there's, it goes back to some of the stuff we talk about with the data silos that are out there and how getting control across all of those data silos and having an understanding of what's a known good state? How do you get to a minimally viable company? And that becoming a board level thing. What is a minimally viable company look like? And being able to say, yes, I've gone and clean roomed this. I've gone and understood where I can go and actually recover to and done all of this. And cybersecurity at least. And we've seen it from a perspective of how many people actually have done tabletop experiences experiments in the past year. It's super low, single digit percentages. And if you haven't even done that at the tabletop, how do you know you can actually go recover to a known good place for your minimally viable company That, that came up at at in our a Mandy customer on threat detection? The tabletop exercises are critical. Dave, you know, we go back to the Cube 2012 timeframe, big data in 2010 with Hadoop, and we've been on that big data wave almost every year. It's been security's a data problem. Yeah, okay. So, okay. It's been kind of a, it is a data problem. I get that. Yeah. Now you've been, the Chin AI piece now says, okay, gen AI is leveraging the data. So to me, the platform engineering conversation combined with Cloud Next Gen scale and the Gene ai, to me, is the perfect storm for organizations to look at. That's why I brought the Amazon thing to look at how they're organized, assuming that AI will be an augmentation to help do some heavy lifting, do the compliance reporting. Right. That's always problem for the board level. Absolutely. So helping out on little stuff like that, but also automating some of the defenses. So I think Endpoint management, all >> That. Yeah. I think this is going to be a confluence of those three elements. Platform engineering goes to data. Okay. Data engineering, engineering specifically, not data science, data engineering. And then the gen AI as a, I won't say weapon, but it is going to be, can be weaponized for good and, and 'cause it's being weaponized for bad. That's going to be interesting to see how the apps respond to that. I think, you know, you see cloud native community, Rob probably move away from talking about Kubernetes as it gets boring and standard Yeah. To how that's going to be augmenting the platform engineering conversation. Well, I think this is a data problem and, and it's, and it's like there's, there's too much data. You get all these false positives, it's very hard to do what we do in the cube. And we've been doing it since we've saved for since 2010, extracting the signal from the noise, which is our tagline. But, so I I, I think that ai, there's a promise that it can potentially help with that problem, but there's, there's just so much data, it's hard to get fidelity out of that data. Does, does AI change that Rob, in your View? I, I think it helps. I think it starts, it's, it's a portion of the answer. And I think it goes back to it's not only how much data, it's how long you keep it for, where do you store it, how do you understand it? Because it may be that the attacks mutate over time, or the time may be way more condensed in this time. We may be talking minutes where they, something fails, they try a different one and they have access now using gen AI on their side to actually mutate their attacks very quickly. So you're fighting fire with fire asus talked about, and you look at that not only happening in the core, but out at the edge as we talked about earlier in the day. And when you start to look at products and how products are engineered and how do you keep bios and OSS and all of that, the entire stack free and clear so that you're not reinfecting it without knowing it. That kind of stuff is still not a gen AI problem necessarily, but it's looking at the different fingerprints, extracting the signal out of the noise and going about that. That's why when we were talking about it earlier about SecOps and AIOps, and I also put observability into kind of that triad of things coming together so that you understand where things are and it's organizational at that time. I mean, I find Dave, that this is an interesting topic because, you know, part of this event that's clever is the title Navigating the Road to Cyber Resilience. And it's from Dell data protection, but also data recovery is the big topic, right? Right. So it's not so much data protection, then we had, you know, Palo Alto Networks on their threat management. So I think the combination of threat management, data protection as not either or they're both kind of coming together, brings together this whole customer problem, which is they're kind of just trying to discover the road, right? Right. So like, you know, Dale's already navigating it, but I think the customers are trying to discover what is my strategy? What is the architecture going to look like? How do I organize my people? And then how do I use gen AI in there to, to help me? But in the meantime, I'm flying the airplane at 35,000 feet. I got to still do protection and recover. So it's kind of an interesting problem that that's happening in real time. And I think that's going to be the big challenge is that what is the road, what is that road? Yeah. And I think that, you know, we did, I, I did some research in partnership with Dell. It was done, the study was done in late 19 20 19 and published in 2020. And I, I cite this all the time because I think it's so interesting. The thing of it is we don't know what we don't know. Okay. So when we asked senior leaders and IT leaders and CISOs about their security operations and their visibility into their security operations, many of them said they used, they used a security framework, they knew that they had experienced breaches, they knew how many breaches a month that they were seeing thwarting, that sort of thing. So 75% of enterprises who, who utilize security frameworks said they'd experienced a breach. 51% of the enterprises that that responded to our survey said that they don't use a security framework and they hadn't had any breaches. Well the reality of it is that like you don't know. You're not looking Wistfully ignorant. That's It. Right. But that, but I think that speaks to what you're saying too. Like you if you're not looking, yeah. If you don't have real time visibility, if you don't have observability in there, which you mentioned is a part of this equation. Yeah. There's stuff going on. You have no idea about In in this world. There are those who have suffered breaches and those who don't know they've suffered breaches. Exactly. And those who are going to suffer a breach because it's inevitable. I think the other big thing that I took away from this whole series is just during episode one, episode two culminating in the summit, the nature of ransomware has evolved just in this short timeframe. Yeah, yeah. Right. And and you heard Palo Alto today, Wendy Whitmore talking about no longer is it just spearfishing, it's these mass vulnerabilities that happen For the first time it took over the top spot. That's what, you know, her comment was really notable. I mean, Dave, it's lucrative ransomware. It's highly effective. Absolutely. They team, they have teams of companies underground doing this, the big tam there. And they get, they get the ransomware and they lock it up and they store it for cash. Now I would even say that stay tuned for some of the stuff from the ecosystem coming up. Because even in some of those discussions, ransomware used to go from really being poorly written or having comments in it and things of that nature. And we start to get into that. Now with the advent of gen AI and being able to do that, you can actually produce really smooth, really clean ransomware. Yeah. That doesn't have a lot of fingerprints leading back to you. Yeah. But it leads to gen AI and I, I think that kind of information in that kind of trail is becoming even more difficult. So being able to be prepared ahead of time, I mean, And it's becoming democratized. Well, I mean, I mean any knucklehead can be a, Well that's the whole point >> Of, well they saw ransomware as a service. You know, ransom a >> Service, a Help desk, no barriers to, We'll negotiate for you. I know. No, no Barriers to entry. And Dave, we always say in the podcast, we don't really argue. We also agree it's the same thing. AI is a productivity opportunity. And guess who's more productive, right? Yeah. The bad guys. So, I mean they're just getting better. Yeah. And to your point, I mean this is like the smarter, faster ransomware. So again, that's why I think the recovery thing is so interesting to me. Dell's nailing the recovery piece and it's not data protection 'cause that's, you know, on one side, but the recovery is the central conversation. Right. And, and I think it also talks to some of the things we've already heard around the different frameworks and how you apply them and taking a step back and looking at it. You know, it can't just be about resilience is about trying to stop it, but being prepared on the other side when something does go bump in the night with one of your applications, as we heard, you know, 80% of people really looked at it. They had very low expectations that they could actually recover a mission, all their mission critical applications to get back to a minimally viable company. When you start to look at that and you say, okay, did I implement the NIST framework? Did I start to look at some of these other frameworks that are out there, Atlas and others? Did I start to go and use zero trust? How do you pair that with it? It can't be a, I just did this and I'm good. It has, it's an all the above strategy that brings cyber resilience and cybersecurity together. Well, And you heard from Gil Hack who came in from, from Israel, that was really fascinating to me because storage systems that are working properly, they do a good job of recovering, but when they've been attacked and you have to recover from all these different piece parts of, you know, discontinuous data, it's a really complicated matter. So they created this, this offering called Storage guard, which Dell, I think resells or you know, makes part of their solution that is a really specialized, you know, capability that not a lot of people have. I mean, it's just not something that is easy to develop off the shelf. And so it's taken years and years of experience to actually develop something like that. And then of course to apply it is, is critical to your business. Well, Rob Desley talked about the ecosystem where I think it's a big point that's going to be bigger. You know, I remember when we were talking with General Keith Alexander Dave back a couple years ago, data sharing was a big, you know, start sharing the data. I think because these products are always going to be intertwined with cloud and on edge and on premises, the multi-vendor ecosystem, deep data sharing understands how their environment's going to be big. I was hearing a story, I won't say the name of the company, but they have a backend system. They're in a category and they're doing good. Turns out you can load on Chrome, Chrome extension that basically logs passwords. Well, something companies don't even store passwords are getting, Hey, we have all your company's passwords. That's not even related to the company. And so these vectors are coming in these attack vectors to get stuff. So I think there can be more emphasis on ecosystem who's partnering with who. That's going to be a big part of, I think the evaluation in my opinion. 'cause you start to see the interactions with the data. Well, and you have all this distributed infrastructure. We've been talking about cloud, we've been talking about data centers, edge, a, a, A A, data protection, backup and recovery, business resilience. Super cloud HA has to emerge because you, you're not going to have stovepipes, I hope for cloud and another stovepipe for your data center and another stove pipe for your IOT and edge workload's. That's not going to be, that's not going to succeed. Right. It's, It's got to be a comprehensive solution. And you know, I mean we've been talking about knocking down silos for the last decade across all organizations of all sizes. And, and so this is not any different. It has to be connected. Yeah. I, I think e exactly how you go about that and which silos I think again, to our, our on platform engineering and how it's the new IT and how it goes across. Yeah. And where you're bringing security and resilience needs to be from the time you code the app to the time you've run the app. And it can't be just day two, you can't just slap it on. You have to think about it. And that's the processes and the people, not just the technology. And I think that's what I've really liked about today is we're talking a lot about the people and the processes and we're going to continue that with the ecosystem after this. Yeah. Okay. Well let's talk about that. The up next is the ecosystem does speak, as Rob just said, we're, we've got execs from DXC, ndl and attos. So you've got these major service providers that are giving their perspective and they're in the front lines. They're seeing this. Then we have Brent Ellis and Elizabeth Preston from Forrester. They've discussed the economics of cyber recovery solutions. They're, you know, super intelligent and, and detailed analyst. Great to have them on. And then I've been, been teasing a lot on this series. Mark e Sorenson wrote a book restaurant in Jaffa and guys, he talks about the, the fragile nature of critical infrastructure and how relatively trivial it is to, to hack that. And of course it's a, it's fiction, but it's, it's weaves in a lot of nonfiction and it's, it's, it's quite enlightening. Then David Strom, the, the cyber journalist for Silicon Angle.

It tells it like it is. And then we close with Dr. Tony Bryson, who's the CSO of the town of Gilbert, Arizona, which is really a city, it's, it's quite a large town. This is the third in our series really focusing on this really important issue of cyber resiliency. So check out the cube.net and silicon angle.com and the, the cube research, which is formerly wbo. And we want to thank Dell for making this series possible. Thanks to all our guests. And guys, thank you for helping us wrap up Analyst angle and thank you for watching. This is Dave Volante for John er, Rob Stretcher and Shelley Kramer. Enjoy the rest of the show.