00:00
All right, everyone. Good afternoon. Welcome to the session today. We're gonna be talking about the material science of man production. No kidding. Who would rather be in that session? Ok. Good. Thankfully, that's not what we're talking about
00:18
today. Um We're gonna actually talk a little bit about data protection and that it will be in the context of whatever you guys really want it to be in. So, um I'm here with my friend Christoph Bertran from I DC. We'll do proper introductions here in just a second. But no, as we go through the session,
00:33
we want this to be interactive. I know it's right after lunch. I know some of you would rather be taking a nap. Hey, I might be there with you, but let's make this about you. Ok. Christof has some awesome data points. Uh We can certainly have a great conversation as we go,
00:49
but raise your hand, let us know when you want to bring something up or like tell your own stories or ask your own questions and we'll direct the conversation that way. We're both very comfortable, kind of taking things ad hoc. So, you know, feel free to interject. Sound good. All right.
01:06
Well, welcome to those uh that, that are arriving now and we're getting ready to start. So, with that Christoph, would you like to do an introduction? Yes. My name is Christoph Bertrand. Um uh practice director. I work for an analyst firm called Enterprise Strategy Group. Not it ce SG.
01:22
Yeah, it's OK. It's an analyst firm, but I actually had a real job before I was actually in product uh functions on the backup and recovery and storage side. So I've seen a lot of experience on uh when it comes to data protection, whether it's software, hardware, all of the techniques and technology that come into play.
01:41
Most recently, I've been very focused on this topic of ransomware. We did some research where we evaluated the state of the market and there are lots of very interesting findings. Probably some of them will shock you. Others may not. And I was, you know, we like to do polls and ask questions when we do surveys,
02:00
but you're here probably for a good reason, which is you care about protecting your environment, especially in the context of ransomware and building a cyber resilient infrastructure. How many of you have been affected directly or indirectly in your environment by ransomware? It's Vegas, you can go ahead.
02:19
Is it closed? Cameras are off only one? Well, I can tell you statistically that's not quite, quite the case. This is a very weird sample. I see nobody wants to talk, but that's ok. It's gonna be a long, long, 45 minutes.
02:43
So, hypothetically if you were to be affected by ransomware, who might be affected by ransomware, if that were hypothetically the case, anybody, everyone in the room. Yeah. Exactly. Yeah. Well, so, you know, I'm Andy Stone, I'm CTO for the Americas here at Pure and, um, I come with a lot of information security in my background.
03:04
I'm more a security guy than, than a storage guy in a lot of ways. Um, 25 years in the space. Uh So I started off my career doing offensive security operations with one of the three letter agencies and kind of transitioned through that into consulting and a bunch of other things before landing here at Pure.
03:20
But, um the net is I can go, you know, really deep with you guys and, and certainly down whatever paths you want in the security landscape as well. Um I guess, you know, with that, uh Christoph, you know, could you maybe start with, um, helping us understand some of the latest research that you and your colleagues at uh ESG have done? And what are some of the things that you guys
03:40
are seeing today in terms of ransomware? Right. So, as I said, we did sort of market evaluation and what's the state of the market for ransomware preparedness? And we're running it again actually. Now we did it about 18 months ago and it's such an evolving topic that we have a pretty quick cycle on refreshing the research. And what we did was look loosely modeling our research based on the nest model.
04:04
We looked at multiple dimensions. We talked to about 600 organizations around the world and asked them a number of questions along those general categories. What are you doing for readiness and prevention and response? Of course, recovery. And then how does that play in terms of business continuity?
04:22
So these were the dimensions we looked at. Um I partnered with my colleagues from the cyber security practice because I'm more again on the recovery side of the equation. But the truth is when you look at 620 people around the world, it professionals like yourselves. Uh you get a very good sample, it's very representative of what the market is and here's what we found.
04:44
We also didn't tell them, but we actually scored some of the answers. So we created a score by dimension and overall, overall, only 15 1 5% of the organizations we spoke with were considered leaders. They had, they were in that sort of high score bracket. That means 85% is not a leader, but it gets better.
05:05
Those leaders did extremely well in prevention and response, almost perfect scores. But for recovery or recover the best or the average score was 40% there lies the problem. So we know it's not a matter of if it's a matter of when and yes, you're going to be really good at trying to fend things up.
05:28
But if something goes through your recovery is going to probably not work that well. So clearly the weakest link is recovery and that's what the market says. That's what the data says. Uh And of course, there are different behaviors depending on how mature you are. Um We can talk about many dimensions and the leaders actually uh have certain
05:47
characteristics that others don't. And that's something we'll be exploring today, I guess in terms of, you know what I'm seeing a lot of in the marketplace as I speak to customers and, and prospects today. Uh And as I'm presenting it at various events and, and even talking with folks like, you know, federal regulators and law enforcement, you know, what we're seeing is that backup probably isn't enough anymore,
06:11
right? This whole concept of recover ability has come to light, it's come to play really dynamically. And what it means is that the backup more or less nowadays is being resigned to long term data retention and compliance. It's not where you want to go to start your recovery.
06:31
The reason is it's not fast, even with pure, like we have some of the fastest recovery solutions on the market today. Bar none like with volt 270 terabytes an hour, you know, cohesive petabytes of recovery a day. The general consensus in terms of recover off of most solutions is probably somewhere in that 2 to 6 terabyte per hour range, right, to give you context.
06:53
But even that is going to be way slower than something like a snapshot where you can recover instantly or near instantly. So as we're out talking to executives, what we're finding is that there's this whole concept of SL A at play, folks are really concerned about how quickly they can get their, their business back up and running when a bad event occurs.
07:14
Right? And backup isn't the way to do it. So, in that context, I guess, you know, Christoph, what are you seeing in terms of this whole SL A conversation? So it's an interesting question because if you think about traditional for data protection, RPO and RT O, right? So recovery time objective, how quickly do you
07:30
get back on your feet and how much have you lost in the process with RPO? Right. Well, you're probably ready for a number of things like a dis traditional disaster. You know, if a hurricane is coming, well, if you have time to shut things down and fell over somewhere else to the cloud or another data center, uh if something really bad happens to
07:48
the facility, well, at the end of the day, you're probably going to be able to get back on your feet within a matter of hours or minutes. In some cases, if you have high availability in place, you're maybe replicating across town, something like that. Right. And of course, you could also invoke a backup, takes a little longer, but it's also very reliable.
08:06
Here's the problem. These are, um, run books or work flows that are reasonably well established provided you actually test for them, not everybody does that. Um, but assuming you're really well prepared, run somewhere is not gonna really work against that because you don't really know what's gonna hit you.
08:21
You don't know exactly what your problem is for a while. Then when you realize what your problem is, how you recover is likely gonna require a different workflow. And there may be things that have been affected in the process you never thought about, right? If you think your facility is going to explode, that's a big problem.
08:40
I get it. But you're not thinking that somebody is attacking your active directory, for example, or this, you know, disabling your network. Uh If you can't log in, what are you gonna do? Right. So these are the, the things you have to think
08:54
about. So I believe from an sl a standpoint there is I have this hypothesis now that traditional uh traditional disaster recovery is dead. I think we're now in the era of cyber recovery, the slas are different. There's a cyber recovery sl a that's gonna be probably not as good as what you were used to. And that's a problem because the top brass really cares the executives care as a matter of
09:16
fact, you know, it's the top business issue for 25 people or 25% of the people we spoke with except for leaders. It's the top business issue for 75% of those leaders. So when is the last time the uh you know, it slash storage guy or gal got invited into the C suite or into the board of directors? Right? Well, now's the time next to never. Yes.
09:45
Yeah. So question with on that sl a aspect. So that kind of comes back to knowing your applications because as you said, NAS is in place active directory. Like what are you guys seeing from what you're looking at from a environment standpoint or doing a research around that? And I guess the other question around that is when you guys did your research,
10:06
I know immunity is a big thing but how everybody defines immun a little bit differently. So what are you guys seeing from like uh immun definition? So I know internally and how I approach immunity means can't be changed or deleted and that to be deleted is a key takeaway in a lot of things when you start looking at. So, right.
10:27
So in terms of applications, let's start with that. And I'm gonna, I have my uh my slide here on the phone, but I have lots of numbers in my head. But I'm gonna say that only about 15% from memory of organizations have protected 90% or more of their mission critical applications or felt comfortable they could recover should rent somewhere hit.
10:46
This is the first question you should ask yourself what is mission critical in my environment. So from a business standpoint, you know, applications are sort of in woven now. So it's really gonna be that mission critical sort of supply chain. The other thing uh is the infrastructure, right?
11:01
I don't really need to go after you. I mean, of course, people wanna go after your data, your regulated data, very, very prized because you know, it really hurts and you need it back um private information or personal data depending on which compliance regulation you look at etcetera. But it turns out infrastructure is very uh very, very price.
11:21
Why? Because I can just go disable the infrastructure, some components of it never touch your data and you're done, you cannot do anything. So do you have a good understanding of what's mission critical to you including your infrastructure? And what is the, are you 100% covered then the uh other point around immutability and,
11:40
and you could add, you know, there's also air gapping, there are a number of techniques we, I can't remember the exact definition definition we used in the survey in order to get people to, you know, answer sort of, you know, truthfully. Uh but it was definitely along along your lines and I don't think you need to be academic about it. It's pretty simple.
11:55
If it's immutable, it means you've protected a data set and we're not gonna go into how you did it because it could be a snapshot. It could be a back. We do lots of things and you cannot change or alter the data set in question, right? Or if you, if you can, it's, it really requires a qu or an act of God before you could do that. That's kind of really what the definition is
12:17
and it's immutable because again, once it's protected, it can never be changed, right? Uh Which of course gives you that guarantee that you're protecting the protector, right? Backups are, have been targeted as well. So um hard to recover when you don't have a backup.
12:41
So like I know we've talked to a lot of different vendors and things like that. So I've heard this from different vendors. Hey, are we snapshot snapshot by itself is immunal? Well, it is, it can't be modified the data camp because you gotta carve it off. But you, you can, you can still modify by deletion.
12:58
So like I know some cloud providers we use define all their snapshots as immun and then when you throw in like, hey, we, we also define that as deletion. Well, then it doesn't really happen. So, but I guess I wanted to add that and I guess from the mission critical standpoint from infrastructure. So what are you seeing with that? Are people attacking like network switches or
13:19
is it ad what we, we had big sort of categories because we could not, you know, ask, you know, 250 questions. Uh But we had, we had a bunch of questions. No, it was really about networking infrastructure. Uh We saw a lot of uh in the responses. A lot of it was really software related.
13:34
Uh Something came up in the software supply chain that we're not aware of uh mis configurations. So I think there are lots of things you can do, talk talking about snapshots. I mean, are you really snaps shotting everything you should? That's mission critical. Uh The immun is, yes, it cannot be deleted. Otherwise it's well changed or disappeared.
13:51
That's not good. Um And then I think the other aspect is, you know, have you really, do you understand all of your work flows, right? Uh And then from a recovery standpoint, what is that going to require? And we, we looked a little bit at recovery and the, the reality is there's a level of confidence that grows with organizations that
14:10
have, that are considered leaders and those leaders were leaders because they were actually better prepared to actually pay a ransom, believe it or not. Uh because they were hit before. So they knew they may have to decrypt a bunch of stuff. So they had compute provision in case they needed to do that. They had a crypto wallet.
14:25
Counterintuitive, right? The the better option is not to have to be in this position. And by the way out of those who paid a ransom, a vast majority got hit again with another request for ransom. Out of those who paid a ransom and were able to get their data back only 15%. 1 so 15. So that's one in seven people uh or so uh could
14:48
recover 100% of their data. So, and we didn't ask him how long because that would have been probably too much, but probably way beyond any sort of uh you'd find to. So the point I'm making is you, you, you really have no choice you really have. If you look at this data, it says that there's paying uh a ransom is not a business cost as
15:10
you may think uh cost of doing business. It sucks. But you know, just another tax. No, it's not because it doesn't guarantee anything at all. Right? Um I know there's a lot of discussion around cyber insurance and our different types of cyber insurances and,
15:26
and, and of course, your CFO your legal folks will say, oh, we need to have Cyber insurance. We need to demonstrate Xy and Z what the truth is, the premiums are starting to go up number one. And do you think Cyber insurance is gonna get your data back? Right. So really the be the better option is to be
15:45
ready to be resilient, meaning failures will happen, problems will happen. The question is, can you put yourself in a position where you can always recover in what you consider acceptable terms in terms of how much data loss there is and how much time it takes you to get back on your feet and that's the net, net old disaster recovery stuff. The problem is the work flows have totally
16:09
changed and the teams are not connected between the cyber teams and the backup teams. I mean, if you're on the cyber side and you call up the backup guy because you kind of need to recover now, it's probably way too late. That's all I can tell you. I, I agree with what Christoph is saying, you know, wholeheartedly, I think, you know, in terms of the,
16:29
you know, overall concept of resiliency, you know, we gotta think about what that means. So like with pure, what we're thinking is again, leverage those snapshots and our snapshots, by the way, are super immutable, they can't be deleted once they've been taken, right? We have a special process around them with safe mode. So hopefully at least some of you in the room
16:50
are familiar with safe mode and the benefits that that brings. But where you're running your workloads on pure protect with snapshots, protect with safe mode and save those snapshots on your primary tier for 3 to 7 days from there. Put a middle tier of lower cost storage in place in pure parlance, it might mean something like flash A AC or flash blade E or flash A AE but the idea is
17:15
lower cost bigger storage, offload those snapshots from that primary tier and keep them for as long as you can afford, preferably six months to a year and you use them for multiple purposes. One could be for forensics after an event, two could be recovery, you may actually run from that tier if something really bad happens. But the idea is you've now got multiple tiers of resiliency in place.
17:37
Your third tier would ultimately be your backup tier. You still want backup. It's still important, but use it for the right purpose. And as Christoph was saying, it's not gonna help you meet your slas anymore, like it's not fast enough, you're not guaranteed to get all your data back.
17:52
So think about ways to add those tiers of recovery to your organization and to your plan so that you can guarantee the recover of the data and do it fast so that you're not facing down time and you know, all the executive fund that comes with that. Uh We have a question in the back. How are you doing? Um So what I hear you saying is it's gonna
18:19
happen, just make sure you can recover. Um Maybe I'm looking for a unicorn. I I don't know, but that doesn't seem like a great solution. I mean, you're, you're just constantly playing defense. You're hoping your ability to recover is foolproof. You have to have good snapshots that go back far enough to
18:47
recover data that's meaningful enough to spend the time recovering on is pure, working on something that's a little bit more proactive, aggressive, taking, taking the fight to the ransomware folks based upon all of the information that you have accumulated up to that point. Now that, that being said they always have the advantage.
19:15
Um they're going to try and do something that you've never seen before, but to just sit there passively sort of makes me a little bit uncomfortable with the whole situation. Yeah, so I I'll unpack this a few ways. OK. The first is um there are things that you can do to be more uh focused on the upfront part of a, of an attack,
19:41
right? So when, when I talk about security specifically in a ransomware attack as a component of that, I generally talk about it in three forms before, during and after and before an attack, there are absolutely things that you should be focused on to be more, you know, kind of offensive in nature within your environment,
19:58
right? Most organizations you are not gonna be offensive in terms of going after Attackers. But you know, the the ideas here are things like hygiene, right? Has nothing to do with storage by the way, but hygiene where you're keeping systems up to date and patch,
20:13
that's the number one thing you should be focused on far. None, you know, authentication. So not just multi factor authentication, but things like credential vaulting with a beyond trust or a cyber arc, you know, thing two thing three education, boardroom level education even. So table topping is a concept, bring your executives into a room role,
20:33
play out a scenario. So leverage a partner that can help you do that so that you can see what the results look like. Learn the things that you don't know from one of these attacks up front and analytics. So you know, everything the FBI or dod is going to tell you today is visibility is the number one issue in security. It's where you should be focused.
20:52
Number one and I don't disagree. What that means is where you're running Splunk or elastic. You need to do it effectively pure can help with that last piece running something like security analytics in an effective manner. We can help you configure those environments so that they're way more performant to do security searches and to make it so you can identify these Attackers in your environment faster
21:15
earlier. Hopefully before they launch an attack, there are things that we're working on in terms of the product to help from a security mitigation perspective, ran, you know, from a ransomware perspective. Um and insider threats, safe mode was the first step, right? Step two, we're going to be doing some things with you will even announce here,
21:37
I believe, you know, some stuff in the arrays where we can use A I and ML to identify changes in data reduction that will ultimately point us to the fact that we're receiving encrypted data and that you might need to do something about that. Right. So we'll be able to send an alert initially because to do other things could be dangerous or damaging to an array.
21:59
So, you know, I wouldn't say we're going to be offensive. We will continue to investigate the market. We'll continue to look for opportunities to expand into the space and to be, help our, our customers be more, you know, considerably proactive, I guess, um toward the attacks. But there are a lot of things that we can talk through from a security perspective to help
22:22
you and your security teams understand the dynamics of how an attack works and, and things that you should consider security or I'm sorry, pure or not pure right along that path. So we have expertise, you know, I'm happy to spend time with every one of you and talk through what should you be thinking about? You know,
22:43
I've been AC O multiple times. I was AC O for Farmers in Zurich Insurance. So Global Fortune 60 ran off security at pricewaterhousecoopers, right? So if it was public, it'd be Global Fortune 20 right. So, I mean, I, I, we can help you think through these things. It's not a storage only problem.
23:03
I don't care what anybody tells you. Right. Storage, we can't solve this problem for you alone. It's not, that's not what it is. It's team sport. You have to bring the right pieces to play and use them in the right way. Use the tool as it's meant to be used in an effective manner.
23:20
Right. You're not going to use a hammer to drive a screw. You shouldn't. Right. Probably could not the most effective. So you use the tool and you have in the right way, that's what we can help you do. So can we solve your ransomware problem? No, can't anybody that comes to you and says
23:37
they can, is lying, turn and run the other way, run out that door. They can't do it. We can be a part of the stack though that can make you much more effective, considerably more and we can make it so that when you do get hit, we can help you recover very, very quickly, much more quickly than anybody else out there. If you have things configured the right way, can you talk about how uh
24:02
pure is using A I and ML to prevent uh data exfiltration? We're not today. Um It's something that, you know, we, we've had some conversations about. Um So it's interesting because so I, I get into some of these debates on, you know, we should be using antivirus scanners on arrays or something,
24:23
you know, like but, but the reality is you can't scan block data for, you know, a V signatures. It's just not possible or it's possible, but it's very, very complex. Um, data exfiltration kind of fits in the same bucket because what happens is when these Attackers exfiltrate data, we could probably use a INML to watch the arrays and look for
24:44
data, leaving the organization in an anomalous pattern. Um But we, we'd have to work with someone to do something about that. Right. So my thought was ok. Could we inform ad LP vendor for instance, could we tell D LP? Hey, it's 2 a.m. Normally we don't see a bunch of data leaving
25:04
the organization at 2 a.m. but we are and it's going to some weird IP address that it shouldn't be going to probably tell D LP to block it or tell D LP to do something or tell a network provider to do something, but we're not in a position to necessarily stop those types of events, right? We can know about them potentially and we could maybe inform on them but stopping them would be very difficult.
25:30
Yeah. Yeah, I, I agree with you and I think it's a matter of prioritization and uh, you guys probably all know the product side, right? Everybody wants features and where they all play out. So, but it's something that we'll continue to push. Yeah. Yeah,
25:52
obviously pure has built its reputation on being customer focused and in the event that my organization were to suffer an attack and we need your, your support organization to step in and help us. You're gonna do that. How are you aligned to scale in the event of a massive attack from a nation state
26:15
actor? How can your support organization help all of your customers at once? I mean, the reality is we can't. Right. I mean, that, that it's a prioritization exercise at that point, like, um, you know, there would certainly be different orders of operation
26:33
depending on the type of nation state attack. Right. Um So the, the assistant director of the FBI was presenting out in Boston last week and, you know, it came up that um we already know the federal government already knows that the Chinese and the Russians and probably the Iranians are in critical national infrastructure and specifically, they're in power grid and transportation as the two
26:58
primary focuses along with a bunch of other things. And they know that when we go to war with Tai for Taiwan, bad things are gonna happen, right? It changes the landscape at that point of defensible, right? You're not talking about a ransomware attacker at that point,
27:17
you're talking about much different scale of attack and different attacks, attack types, likely, what you would see is that, you know, they're gonna take ownership of systems so that they can control them for as long as possible. And then plus then they're gonna be destructive probably on the way out. Right. And so it's the destructive piece where we
27:35
could potentially come, help recover. Um And obviously, I, I would think we would probably prioritize critical national infrastructure over, you know, commercial and enterprise entities. I'm, I apologize to anyone here in those spaces but, you know, reality is we, you can't work without power. So I guess you would understand that,
27:55
but, you know, we couldn't, with, with tens of thousands of customers. It's unrealistic to, to expect that anyone could service them all at once, right? Much less pure. I can tell you that where we've had events arise, like take blog for J as an example, you have all hands on deck and I have never seen an organization come together like our
28:16
engineering team, they will move, you know, mountains of earth, like you would not believe to make things happen. It's an incredible feat. So um I'm certain that we would do our best to figure it out and we would continue to service our customers as best we could. Uh But let's not get it twisted like nobody is gonna service everyone at once.
28:41
Thank you for being honest. Uh Of course, I mean, that's what we're here for. It's part of being a good, you know, relation for our customers, right? I mean, I'm not gonna stand here and lie to you. I'm not gonna do anybody who could.
28:56
I heard that in Purity os 6.4 there is a feature which you can detect ransomware attack. No. Uh So let's be really clear. No one, no, no vendor can detect ransomware in your environment today before an attack is actually launched. No one. OK. Let's be clear is the reason is because of the
29:22
way modern ransomware works. It's polymorphic, right? It's constantly changing. There aren't known signatures to detect it and it runs in memory on running hosts. So the only way that you could detect ransomware in your environment before an attacks launched is to literally take in memory snapshots of every running process on every
29:40
running host and be able to very quickly run those signatures against known bads and identify it before it can morph, nobody can do that today. It's just not possible. What we can do is what I was describing before, which is leverage a INML to some degree to identify DRR change rates. So let's pretend you're getting um compression and ded Dulic location.
30:04
So that's what we would call, you know, data reduction uh to the tune of, you know, 5 to 1 and all of a sudden now we see that drop and it's getting, we're getting zero, something's not. Right. Right. We're going from 5 to 1 to 0. Uh So we're probably receiving encrypted data is the, the net.
30:24
So we're gonna take that intelligence and we're going to send an alert to say, hey, this doesn't look right, you need to go check on this because you're probably receiving encrypted data and you need to react. Does that make sense? Ok. Can you, can you do it on the mic because we're recording the audio?
30:43
So, excuse me, uh is it right now Incorporated or you are doing it? Are the alerts uh will be sent in specific uh release of it will be in a specific release of PD OS. I'm not sure which one it's gonna come out in. Um but it will come out over the summer is what is my understanding currently legal disclaimer forward looking statement, things could change?
31:08
Ok. Thank you in case legal is in the room just so you know, other questions? Awesome. So, you know, Christoph uh and ESG they have some phenomenal research as we've heard, I love the data points and you know, we're talking about these slas around recover and how important it is. So Christoph based on that,
31:30
like, what are we seeing in terms of like security budgets and like where does this money come from for these organizations? Right. So it's uh you mentioned this earlier, it's a team effort. So uh the reality is different teams have to not collaborate to solve the issue. It used to be that cyber would do cyber stuff and then you had the backup and the storage, you know,
31:49
budget, etcetera, all of that has changed. Uh Of course, with the adoption of cloud, you have a totally different set of of people now and with, uh, you know, the fact that skill sets are lacking in a number of areas, having a simplified, you know, sort of, uh piece of software, regardless of what it is you're managing, it is gonna be key.
32:08
So the it generalist is really becoming the norm, right? And typically it's gonna be it ops. So the people who are gonna run ransom recovery are gonna be somewhere between it ops cloud ops and the cyber team. And there's probably a, a security operations team that gets very involved. Uh So it's a team sport uh where we are today.
32:27
And when we asked specifically asked the question around budget, it was very clear that it came from all of these teams that I've mentioned, including also an executive uh budget. There, there is money somewhere in the executive, you know, uh area that they can, where they can allocate certain funds.
32:44
So if you can make your case again, you have the ear of the C suite and not very often. Do you get that? What do you typically see on a like a recovery zone to customers have to buy new infrastructure and install a, like a, a mini data center or do they restore to the cloud or what, what do you see more often?
33:09
So we didn't ask the question in so many terms. I think again, it depends on what everybody is going to be different. That's where your plan comes in uh depending on the nature of the, of the attack. So it's a pretty open question, but, you know, lots of technologies are in play and, you know,
33:27
while of course, it could be all pure, you're probably going to have a combination of different storage, you know, silos, it's not, it's not a good thing necessarily. It creates more complexity. You're probably gonna see some tape being involved as well. You're going to see a bunch of different technologies and those are probably your traditional, your established mechanisms,
33:45
as I was saying earlier, because of the changes you need to do in terms of people, processes and technology, including sending all those signals and, and assessing all uh vulnerability management programs, which by the way, people are not very comfortable and not being very confident about in general terms. Uh That's another data point.
34:02
The, the, the point is that you need to really revisit whatever you were doing when it was designed four or five years ago is probably not gonna work today. And to the Jones point earlier. Yes, you're playing defense. Absolutely. And it's not going to get any better. In my opinion. We'll see what the data says in time.
34:21
If the sentiment gets better, I don't believe it will get better until um in a sense, it will get better if you get attacked and you survive it and you learn from it, the people who were the leaders in the group were people who had been attacked, uh, more often were organizations that actually had to learn, uh, from getting hurt.
34:41
Uh, and, and therefore got better. Right. So there are, there's still a bunch of people out there who live in blissful ignorance and think it will all work when they not taking the right steps. Uh, so let's see what happens, but, you know, without having the, the nation state thing happen, all it takes is, you know,
34:59
a couple of good attacks that spread reasonably well and you'll see, you'll see who's really got their stuff together. Um, and I don't know how much we can talk about some of the initiatives on the pure side with the great subscription and run somewhere subscription. But that's something you guys should be looking at.
35:17
Definitely very interesting to see what pure is doing to practically help you get back on your feet. Um You know, if you are a, you think your a has been compromised, it's probably not a good idea to just put it back in production, right? So what do you do? What do you do? And, and maybe it's getting held up by the FBI
35:38
or your forensics team saying, oh, don't touch it. I gotta run through a bunch of stuff here. What do you do? And that's exactly, I think the question that prag pragmatically, um the, the, the ransomware sl a subscription is gonna help fix. So I find that very, very good. It's definitely a great initiative and it's,
35:56
I think 48 hours or something. So it's so nuts. It's pretty good. Yeah. So what Chris is referring to is, uh, we kind of mentioned it on the main stage earlier but we have a, a ransomware sl a offering that we're coming to market with. Um, we just introduced actually, uh, and it's for our as a service customers.
36:13
So, um, you know, so pure as a service or, or pure one as we might call it. Um Those customers can subscribe to this sl a service. And if you get attacked by ransomware, we will guarantee that within 24 hours, we'll be shipping you a new array or arrays as it might be. And then we'll provide resources around it to help, actually help you get those arrays
36:35
implemented uh and data transferred over so that your business gets back up and running because, you know, when you're in the middle of an event like this, um your resources are really thin, they're being pulled in all kinds of different directions. So, you know, having somebody there that can actually help you get the storage rate up, uh up and running and get the transfer of the data
36:55
migration, moving it could be a godsend in a lot of ways. So that's what we were looking at as we did that. Um Certainly uh an innovative offering and much different than what any of the competition is. Going after. Right. It's not an insurance policy that we don't intend to ever pay on. Right. This is something real where,
37:13
you know, we we will put some guarantee behind it. Yeah. Is there a session here that goes into more detail on that ransomware sl A I'm not sure is the honest answer. I don't believe we have a an an actual session on it, but I'm happy to spend some more time to go through it if you'd be interested and we get
37:39
people. Thanks for that. Um Now, so Christo was talking about one thing and, and that was around, you know, the on the recoverable side uh in the sl A component, we talked a little bit about ad you know, as being a core component and authentication. One of the areas that a lot of folks miss when they start to think about this whole resiliency
38:01
concept is what I call tier zero infrastructure, specifically active directory, dns and time without any of those three things, you can't operate your environment, right? So where you can run active directory, especially on pure. In a lot of cases, a large enterprise is going to use dedicated DNS appliances and dedicated time servers.
38:21
If you're a commercial shop, maybe not, maybe you're using windows for all of those. Definitely look at running those on pure. So you can protect them with safe mode and you can protect them, you know, have the snapshots available to get back up and running very quickly should something occur occur. Because as you look at recovering your core applications, you have to think of the dependency chain that's associated.
38:43
One of the things that often gets overlooked is the fact that OK, I have application X which has this database in this application. But you don't think about oh wait, I need active directory to authenticate and I need, you know this other thing and these other two applications so that it'll actually work. So think about your dependency chains that are associated with your critical applications to
39:03
ensure that you can actually get them back up and running if you need to. Hey, I wanted to follow up on, you talked about vulnerability patching environment. So when you guys did your surveys, what do you guys, what do you guys see there from other organizations that were like leaders and other organizations on how they patch their environment? And when I think of that, I think of,
39:21
I think everybody does Windows Linux and Os is fine but like storage arrays, network switches, fiber channel switches. Was there any questions like that that you details into? So not in this research, I believe uh the cyber security research team um or practice uh has done a lot of work in that area. So I don't have,
39:41
I don't have the data but definitely you're, you're bringing up, you know, a good, a good point. All we know is we had more of a sentiment question around. Hey, how, how do you feel about your vulnerability management programs? Do you feel you're mature? Do you have work to do? And it was not like 100% where?
39:58
Oh, yeah, we're done. We're good. It was much more about, well, we still have some work to do and, and you know, here in, in it when somebody in it says somewhat or yeah, we still have work to do, you know exactly what that means? OK. So uh I take it always with a grain of salt.
40:15
So I think it's uh there's a lot of work to do there. And then the other question is uh you know, do you, do you work with third parties? I mean, it's, it's, it's team work, but there may be third party organizations as well that can help you uh if not for vulnerable testing, but for a bunch of other processes around what you need to, to architect.
40:37
So that's an area where I think people are still a bit shy. I've not really fully realized how much they can benefit from outside help. So we have a few minutes left. Um Let's keep going with any questions that you guys have. It's only about three minutes and then we're gonna get pulled out of here. So, um but any lingering questions?
41:00
Yeah, we got two. Do you have any information on Pr Dr service that po is working on? So, uh we do have some uh information available out in the solutions area. Um Actually it's right outside of the analyst room. They have a booth set up on uh data protection, I think.
41:23
And I know that they're doing the DR as a service component there or I'm happy to talk to you a little bit about it off to the side. Thanks. When you guys talked about, um, cyber security and the changes that are, are happening in that space um with the, with the risk that they've got, um do you know of anybody that's in the space that's actually
41:47
looking at a client's ability to protect themselves their, their security infrastructure as it relates to the premiums and the pricing that is getting charged to protect clients from ransomware or, you know, things like that just looking to, you know, find a correlation of, you know, hey, some business savings on insurance if you,
42:12
you know, do more snapshots and things like that. So I know we have um we have researched cyber insurance, so I don't have uh all the data, but it's definitely something we've looked at and there are different types of cyber insurance sort of um policies in place. But I think the question you're asking is, can you actually get save on cyber insurance if you
42:32
demonstrate great, you know, ability to recover that's already in place? I mean, you can't really get insured unless you demonstrate a bunch of stuff now. And frankly, you know, everything for any vendor in the space infrastructure, you name it, everything ends up with a, at some point to say yes or no. Uh or should.
42:52
So, I think, you know, the, the biggest question is, have you really built resilience in from the beginning? And that's what I I'm gonna keep researching because it's, it's interesting to see how the market matures. Are we going to see more leaders this year? Are we going to have 25% who have answered the questions correctly and they're improving.
43:11
We're really trying to look at that as well. I think the, the, the there's gonna be some probably weird influence with cyber insurance. I'm not necessarily a fan of it. I get that people have to do it, but you're not solving the fundamental issue. All you're trying to do here is to mitigate your business cause that's something you should
43:29
never have to worry about. But you know, let's be practical if somebody wants you to have Cyber insurance because that's what the policy is in the company that it's their governance. You will probably save a lot on the premium by having a great ransomware preparedness plan that you can demonstrate. And the one thing we haven't talked about is
43:48
with all of the technology that's available is testing. The only way, you know, if that's gonna work is by, you know, testing your recover your recover ability. Um You know, mounting attacks on yourselves. You know, of course, in a test environment just to see if people have the right,
44:04
uh, reflexes. Do you have to do the team speak together? Do you send the right information to the right people at the right time? Uh, all of this is maybe even more important than the actual technology you use, uh, people and processes, you know, that's what runs it. That's my, that's my view anyway.
44:20
Yeah, and, and I haven't seen anyone come back yet and say that they got a discount for running pure, like just be real direct about that. But what I can tell you is that there are a lot of solution requirements out there depending on the insurer, things like air gap, right? Which is nonsense. And I'm happy to give you the reasons why off to the side.
44:38
But you know, where you're using pure, we can do on array air gapping with safe mode, right? So it saves you a bunch of money in terms of infrastructure and services cost and maintenance. Um you know, things like immutability. So going the next level and saying, hey, we have super immutable snapshots that can't be deleted,
44:55
you know, and really playing up the fact of the benefits that you may have in place, it could result in a discount, I think over time depending on how the insurer views it. So you become, you definitely become more insurable in my opinion, whether or not that results in a premium reduction. I don't know. All I can tell you is that premiums in general
45:15
are going up. It's been the feedback we've been getting and think about it this way more people get hurt. Where do you think the money is going to come from? Uh insurance? You know, companies are business and they need to get those premiums up to cover their costs?
45:31
All right, with that, I wanna say thank you to all of you for attending the today after lunch. Staying awake. Hopefully this was somewhat entertaining for you at least. Thank you so much to my friend Christoph be from a SG really appreciate the the wonderful facts.
