Supercloud Security Is a Data Problem | Supercloud 3

foreign welcome back to supercloud 3 live here in our Palo Alto Studios I'm John Furrier with Dave vellante unpacking Next Generation cloud data security obviously with security and Ai and now in general AI a lot of hype and reality coming to the picture we're gonna try to break it down as the next gen applications hit the market we're here which apric CEO of lace work Cube alumni great to see you thanks for coming in for our live performance thank you thank you for having me so super cloud 3 Security Plus AI obviously part of the big picture security has got to be baked in all operations that's kind of the table Stakes people are talking about now it's also a data problem it's also an opportunity to build in a cloud native like experience people talking about these things but the end of the day the hackers are attacking on offense faster than the defense can keep up so it's got kind of a pro game but you got a developing Market at the same time going on let's get your thoughts and perspectives on what you guys do in lace works and how you see this yeah absolutely so ever since the company's founding back in 2015 we've always approached and thought about securing the cloud as a data first problem and that what's happening in the cloud is just constant chaos there's so many things changing you want to be driving faster and faster rates of innovation the cloud provider the cloud infrastructure the cloud stack itself is also always adapting always getting better multi-cloud different Technologies you've got different applications that are bringing in different types of services and whenever the cloud providers themselves do their events they launch a whole bunch of new capabilities which is great for driving and building new applications driving Innovation but then it creates a whole nother category another set of facets on your risk model in your organization so the only way we have always felt that you can keep up with potentially stay ahead of these security risks is to just drive this through processing collecting and processing a lot of data that's the only way to automate driving the security outcomes you can't do this the old ways we handled Security on-prem in our data centers talk about the old versus the new and you have a historical perspective you've seen many ways of innovation in the past the conversation is not happening it's still handsome though you've got that going for you the the old way comes up a lot like oh we don't have we don't do firewalls anymore that's attacking us we do it this way zero trust all these kind of new architectures are coming out the perimeter is gone it's more surface area what are some of the old ways that have have changed and what hasn't changed and what are people doing that's on the right side of the historic wave here now what are people what are you seeing I think fundamentally it's just knowing that where we are today with cloud and where it's evolving is just forcing yourself to rethink the problem or the solutions from first principles and trying to copy and graft ways of doing things from an on-prem perspective into the cloud may help you when you're trying to first get started with the cloud as an organization but they quickly become these speed bumps or these impediments that really then don't allow you to realize the value of the cloud which is moving fast being able to build these things adapt measure iterate and and you know just build better value for your customers so I really think it's just one of these things where just go back to First principles what are we trying to do from an innovation perspective know and think through how you're going to be compromised how are you going to be attacked in the cloud with things like AI you're generating a ton more data right and now you have all of the data that drives business value but guess what it's also very attractive to people who are trying to get in and get that data to do something with it so you mentioned chaos chaos is actually is opportunity certainly for the attackers it's also opportunity for the technology companies that can defend end and help defend so you're talking about AI or a security as a data problem so explain where you get the data what data are we talking about here and I'm interested in next phase is how AI fits into that yeah again so ever since the beginning of lacework in 2015 we've always taken this as a go find and get all of the right data that we need to then figure out how to drive those right security outcomes put those outcomes to the right person who can then drive the action there in a automated kind of less burdensome less scattered way and to make them more productive right to take these to take this data and to drive more productive and faster outcomes for these security teams for these developer teams so where we get the data it's it's pretty complex but I would say there's one broad bucket of data that we get from the cloud providers native Services themselves we get third-party data we get other real-time Telemetry there's a whole set of ever-evolving categories of data that we get and then that comes into our platform and then from there whether it be things from a preventative side like here's the things you ought to do to really secure your configurations or here's things that from a reactive side these are things you should go investigate because what we detect here doesn't look like normal behavior in your infrastructure and that's ever evolving as the cloud providers themselves offer more services but then the application stack of the customers of the companies out there building on the cloud also are evolving so that data lives inside your platform you persist it you analyze it and you now you bring Ai and have been bringing AI to that data can you talk about what AI that is and how if when the we see the AI heard around the world that changed how people are thinking about bringing AI yeah absolutely so one of the core use cases of where we apply Ai and sort of machine learning to the technology is really inside of a customer environment understanding collecting all this Telemetry and understanding what normal behavior is what your employees are doing what your machines are doing kind of what are the operational activities that are occurring in your environment and for example John does this operation reliably every afternoon but now and he does it from this location but now all of a sudden wait a minute he's doing it on the weekend and he's doing it from these three other countries all within like you know and this is a simple example right but those are the types of things that the the system will say hey normal behavior is this now we find that there's this weird Behavior happening with John maneuvering in in the production environment that that is something you should probably go investigate again this is a very simple example the the platform itself has many more capabilities to look for not as obvious use cases as that like where there's little tiptoes happening in your infrastructure which each one of those Taps would be honestly not noticeable but when you look at 14 of these Taps you've been compromised can AI mask that and sort of make it even harder to to detect those anomalies absolutely so when you have the other side of this conversation which is okay so we use this technology to really sift the signal from the noise and to give practitioners and companies much more accurate things to go investigate and to go and protect against so that they're not working on things that don't matter but think about the bad attackers out there the attackers out there use this to actually mask or to be much more sophisticated about the types of attacks that they can do and they can orchestrate things in now with AI maybe that they had to do manually through more sophisticated kind of training or scripts and whatnot they can program these AI systems to explore to discover in very innocuous undetectable ways or very minuscule ways but then to put together a broader attack with a lot more steps because it's all data and machine controlled and orchestrated or guided I should say so steps for instance that could sell form when they get to the other end I mean think about this outside of the context of cloud security but think about just your own experiences with you know some of these like chat GPT and and what it's done to help you write or you know copy edit an email or put together a presentation and think about how that can actually be used to socially engineer an employee and having a conversation phishing app fishing I mean you know spam all of those things from a textual email perspective we're going to see a whole I mean we've already been talking about that that stuff's out there but think about the social engineering verbal like you know you're talking to somebody you think is a human and it's not yeah awesome example by the way my Netflix about time they got to that password sharing simultaneous access from all different places with my kids um you mentioned uh developers and and I want to get into do ears we see a lot of activity on around the kind of super cloud and security data operating operationalizing data at scale is one a conversation we hear a lot about more data more leverage more access to better things goodness around that and then the developers as developers start building apps to solve problems with data like having data available for developers we're calling that the data developer is going to be more commonplace and right now you're starting to see the beginnings of that in open source a lot more activity going on certainly in Ai and open source but we envision a future where the developer is going to be absolutely immersed with the data capabilities to embed into their applications what's your what's your reaction to that absolutely I think that that's already happening in many companies today and I think that as we collect more data we understand it through these systems and you can discover and explore and drive new features and you can enhance that customer experience because of what you can do from data think about these companies whether it be Facebook or Netflix what value you get as a consumer as a as a company because the ability of a company to mine that data to really find the the right path ahead for you to be like hey I can get more value from this Insight that you get from the data right this is back to lace work is today you would have to toil through looking through all of these logs and data and graphs manually and what we often do is take that alert volume down by 100x right so you may be dealing with a thousand alerts a day with kind of conventional systems and but we can give you that like 50 or 20 or 100 alerts that really matter down from that thousand that saves you a ton of time that putting it in front of the developer in terms of what to go action versus chasing a bunch of ghosts is massive impact to this the observability market we've seen the the hype of that obviously there's some consolidation but the game gets changed now with more apps and more Telemetry coming in I was talking off camera to I won't say the name of the person the company but that we collect everything tons of telemetry data they use only a fraction of it they can only get to it their hope is AI will help the generative AI will help pull that forward pull that value forward so that's one a lot of data being hoarded and now stored so more data storage you know on happening again never stopping that's the key area as you start to get the Telemetry coming in from applications is a real promise area I know you have a lot of experience in that area been there done that where's it going next where's that puck going to be where people can skate to the puck as we start thinking about as we get more data I can see some value being pulled forward what's that next step I think it's a Continuum to be honest with you I think we're on this curve of kind of evolution and I think the more data we get and then there is these from a supply perspective the there are these disruptive Technologies so gen Ai and the large language models themselves but there will be things after that I think we're you know very enamored and and very entrenched and kind of enthused by what's currently here which at GPT and others but this isn't this is just the beginning of the beginning in my mind and there's a whole set of things that are going to come out of this as people experiment and I think right now we're going to be in a phase where lots of experimentation is going to happen there's going to be a lot of stuff that's what I would describe as kind of trinket and I would say it would be it would be fun to use for a little bit but it's not going to drive a lot of long-term value and deciphering that data problem and there will be then other use cases that more emerge that are immersive that actually change buying Behavior as well as user behavior and I don't think we've seen that yet in the Enterprise when it comes to security Jeff Jonas when I was on thecube for this event he said all these hot startups are getting a term sheet by the time they get their money they their features out of business because the rate of change is something that humans do not I feel like we do not understand how fast this space is is actually changing it is changing so fast right so you can have an idea on Monday and it can be disrupted by Wednesday this is the long-term value play I think this is an important Point as you look at trying to identify where that Puck's going what's a trinket as you say or what's a fad what's real what's that foundational how do you look at that and and what's your vision for how laceworks going to capture that because again this is an ever-changing thing but the foundation has to be laid the pace of play insecurity is huge you can't you can't fake it so you make it in security this is a whole nother ball game no and I would say there's a couple of points here to cover which is one is we again have started with this premise where it is security is is a data problem fundamentally right through and through from from start to finish and how you drive insights from there will change over time whether it be graphical through UI whether it be other insights through kind of action whether it be interacting and exploring and discovering things in that data through search or through a kind of large language model interface to it I think these are where we'll constantly be experimenting and these will be platform capabilities that influence and change all of the user experiences in the lacework platform and then over time what we have to think through is from a customer perspective in an industry perspective there's a whole new cast of data that's going to get created there's a whole new set of threats that are going to be created talking to our current customers about what they're worried about from a threat perspective right which we we talk a lot about the value that gen AI is bringing from a top line or a new business outcome perspective but you also have the other side of this conversation which is hey how is this stuff going to be used to take me out in the business because now there's this new superpower that's been granted to everybody right and you have to think about both sides of this equation so how are you going to protect your systems as you build these new systems at the same time I don't think we can talk about these into dependently anymore so who ultimately do you think benefits the most from AI is it Defenders or attackers I think it's too early to tell but I think it is right now I think it is equal um I want to ask you about applying large language models and gen AI specifically in security sometimes you know you watch TV and you see somebody and she or he is very articulate and force me say that person's smart and the tone is so confident and you believe them I feel like chat gbt in particular has similar tone so you have to be careful about how you apply it and especially in the context of Securities like Jeff Jonas said it gives you different answers every every time so where should we think about or do you think about applying gen AI in security I think in certain Fields like security and there's going to be other fields which I think are pretty obvious the efficacy the accuracy of these Technologies is going to really matter right when you're putting together and you're looking through data and applying these Technologies in your 75 accurate or 80 accurate that's not good enough in a security context so how do we take this technology how do we mix it with other technology how do we remember the system learns over time how do we remember those learnings and keep getting that feedback so that the efficacy of the outcomes that gen AI can be better right because they have to be 90 plus percent and 95 percent you'll never be perfect but to have a system that really does drive high accuracy I think is really important because if you are not accurate and it's a fun user interface but you're only right two out of three times then the the useful life of that over time it may be cool to demo and you may get people to experiment with it but when you actually are called and you're in the trench dealing with something and one third of the time that thing is wrong or chases it sends you down the wrong path it's going to be a very frustrating user experience and that could be business severely business impacted and that accuracy is it not a moving Target another thing Jonas said is entropy is winning this is Randomness in the data is is problematic so once you get to 95 accuracy it's not like you're not assured of maintaining that level yeah and that's where the feedback from the systems from the practitioners is got to be incorporated has to be incorporated in the systems right we have to learn to get together this is sort of a shared learning model where the users the threats the technology all have to be harnessed those are also signals that these systems in a company like lacework we can harness and we can build and advance and mature the models that way too yeah and the human plus AI is better than AI by itself that's the key part of that that accuracy in some fields that good enough is good but not in those accuracies needed that's a big thing correct let's bring it into the cost piece because you know in Ai and now security it's growing compared to the rest of the market obviously every security is never slowing down like data right never stops but accuracy but also cost to run workloads if there's an AI component it might cost more to run it over there versus there so costs to manage and secure Services is a big deal what's your vision on how that's going to play out and and what do you how do you think about that cost equation because you know real cost is a relative term but I mean at the end of the day it could be massive costs yeah absolutely I think it's a trade-off that every business is going to make based on that part of what's a priority in the company right because oftentimes you may put your cost into new things where you're really trying to gain market share or you have a competitive threat and then you're going to optimize it later right I think it is really hard to kind of invest in optimizing thing when it doesn't have product Market fit or it's not scaling yet it's probably the wrong trade-off honestly so I think it's going to really depend I think we're in that phase days right now where there is innovation there is support for kind of experimenting with things and dollars are going to shift into this for experimenting with the AI stuff but hey keep it secure too so we need to put some dollars behind that and people behind that as well but then we'll optimize elsewhere in our budgets to fund fund that that's the trade-off in the conversation I hope we have more of but also I think these things are on a curve where the if you think about the cost of running you know these types of models a year ago or even three months ago versus where it is now versus where it will be a year from now it is dramatically shifting and lowering right now so what is your expense envelope today what you can do with that dollar you know six months from now is is not just 10 or it's a lot more Security's held up pretty well generally throughout this we're happy for headwinds yeah absolutely it's definitely still top priority uh AI sort of getting quiet there before gp10 now all of a sudden it's shot back up all across but you're seeing other you're seeing trade-offs people are saying I see in the data a little less RPA than I saw before that could be some cannibalization some automation automation you've certainly seen less you know laptops we have for the last you know service so it seems like they're overall saying we're going to shift things and as you say put them toward machine intelligence to figure out what we can do with it and as companies like figure this stuff out and they unlock value they build more products and they're able to deliver more value to their customers than they've they're going to feed this back into their budgets invest more spend more et cetera so I think this is all part of the part of the cycle we've seen and we love open sources growing continue to be great so that's big factor it's a big part of the disruption in AI is the stuff that gets constantly open sourced yeah good stuff final minute we got give a plug for the company what's your vision what are you guys working on what are your key things you got going on the market yeah absolutely I mean our Vision here is to be the security platform for the cloud right and for us to really approach all of these security problems that companies face around the world in this fast-moving kind of constantly changing Cloud environment with a data first or data at scale approach and we want to do it in an intelligent way where we can bring things like ML and Ai and drive these workflows so people can focus on the things that matter and do the right amount of work and not waste and feel a lot of toil in the day job to secure their infrastructures so things that we're working on honestly is just really staying focused on a set of outcomes to help developers these different people out there so what can we do to help developers write more secure code and to not waste time on securing things that are never actually running in production to helping people that have to you know be paged at two o'clock at night and have a page that says hey I've got a I've got a threat I've got a breach happening right now we you know like what what do I do with this how do I mitigate this right we had a customer recently that said they were using lace work for part of their environment and they weren't using lace work for another part of their environment they got breached and they said hey if I were had lease work in this other part of my environment I would have found the attacker in minutes and kicked them out versus spending five weeks to investigate what happened in that breach and they still got to do they still got a case to join as they say and do Recon on the hack they got to go investigate so you can get early warning detections with data it's data native Market yeah so everything we're doing from a data and an AI perspective is really trying to secure everything from from the code from the developer all the way to the cloud the production environment so that's our vision that's what we're working on tons of Technology tons of products that accomplish that yeah perfect super cloud conversation bring data native to the scale scaling up the data as people store more I mean data is the competitive Advantage now we're hearing in the AI Jay thanks for coming on super Club thank you okay I'm sure Dave vellante we'll be right back with our wrap up after this short break foreign thank you

2023-08-26 03:56

Other news