Kavitha Mariappan of Rubrik, chief transformation officer, and Joe Hladik of Rubrik, head of Rubrik Zero Labs, join hosts John Furrier and Dave Vellante on theCUBE at the NYSE Wired Cyber Security Leaders series for a focused discussion led by theCUBE Research. The conversation examines Rubrik’s strategy for backup observability and business risk in the context of evolving threats and regulatory expectations.
The discussion explores how artificial intelligence reshapes cyber resilience, elevates backup data into a strategic intelligence layer, exposes agentic attack surfaces and forces enterprises to rethink governance identity and recovery workflows. Mariappan emphasizes that cyber risk equates to business risk and argues artificial intelligence widens the attack surface, requiring assume-breach postures and preemptive recovery. Hladik reports that roughly 20% of prevalent threats appear in backup datasets, revealing a resilience gap. They outline a move toward enhanced observability agent governance and agent-based AI capabilities from Rubrik to protect and recover critical operations, with implications for data security ransomware defenses and data governance.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: Zero Trust Cyber Series. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: Zero Trust Cyber Series.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For theCUBE + NYSE Wired: Zero Trust Cyber Series
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for theCUBE + NYSE Wired: Zero Trust Cyber Series.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: Zero Trust Cyber Series. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: Zero Trust Cyber Series.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to theCUBE + NYSE Wired: Zero Trust Cyber Series
Please sign in with LinkedIn to continue to theCUBE + NYSE Wired: Zero Trust Cyber Series. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Kavitha Mariappan & Joe Hladik, Rubrik
Kavitha Mariappan of Rubrik, chief transformation officer, and Joe Hladik of Rubrik, head of Rubrik Zero Labs, join hosts John Furrier and Dave Vellante on theCUBE at the NYSE Wired Cyber Security Leaders series for a focused discussion led by theCUBE Research. The conversation examines Rubrik’s strategy for backup observability and business risk in the context of evolving threats and regulatory expectations.
The discussion explores how artificial intelligence reshapes cyber resilience, elevates backup data into a strategic intelligence layer, exposes agentic attack surfaces and forces enterprises to rethink governance identity and recovery workflows. Mariappan emphasizes that cyber risk equates to business risk and argues artificial intelligence widens the attack surface, requiring assume-breach postures and preemptive recovery. Hladik reports that roughly 20% of prevalent threats appear in backup datasets, revealing a resilience gap. They outline a move toward enhanced observability agent governance and agent-based AI capabilities from Rubrik to protect and recover critical operations, with implications for data security ransomware defenses and data governance.
>> Palo Alto Studio connections, Silicon Valley and Wall Street. I'm John Furrier, the host of theCUBE here with Dave Vellante my co-host. Well, I'm John Furrier at theCUBE here at the NYSE Studios for theCUBE. Of course, we have our Palo Alto studio connecting Silicon Valley to Wall Street. This is our cybersecurity leaders, where we're going to unpack the leading AI trends, but also what's happening in the market from a transformation perspective. Kavitha's here, Mariappan, chief transformation officer of Rubrik. Joe Hladik's head of Rubrik Zero Labs. Great to see you guys. Thanks for coming in.
Kavitha Mariappan
>> John, good to see you again. Thanks for having us.
John Furrier
>> So you guys were here in January with a lot of news. Rubrik has pioneered the cyber resilience category going back many years. Now that AI is upon us we're seeing, not IT transformation, that's been happening, but the business transformation, the business model transformation. And the pace of change is so fast. The velocity is fast. Enterprises are digging, everyone's using AI as users. It's affecting the enterprise, the hyperscalers, and there's this huge demand and the AI build out we're seeing on the infrastructure side just booming. The demand for faster, bigger supercomputers, more tokens is creating a lot of disruption and acceleration. How has this affected Rubrik and your customers?
Kavitha Mariappan
>> Well, John, I think first and foremost, one of the things we've been saying for a while is that cyber risk equates to business risk. If anything, AI has not only accelerated our ability to innovate so quickly, but it's also widened the attack surface. And so essentially cyber plus AI risk necessitates the enterprise to build resilience. And it's definitely widening the aperture around business risk and the need for enterprises to get a grasp of this to kind of figure out how are we going to assess and manage risk going forward.
John Furrier
>> I love looking at these waves and this wave is so big and we've seen the internet, you've seen cloud, mobile, SaaS, now you have AI native. What's interesting, the companies that are successful that I've interviewed all have one thing in common, I want to get your reaction to this. They're kind of in the market already and they're doing things that don't look like what would be a venture-backed funded or a monster plan. They're doing things like integration. So there's like a beachhead that's been developed in the AI world where people get a position and they're getting the data. You guys have the beachhead in the enterprise, it was backup and recovery. Then expands with more capabilities with cyber resilience, which is much more broader. What's going on with AI? Because when you're seeing all that data, it's not a pivot. You're sequencing to much larger position because you're seeing more. Talk about this dynamic because people who are doing integrations are now doing bigger things because they're already in, they're doing data work. They're doing what looks like data plumbing or data engineering, but they see everything. They're not like making it up on a clean sheet of paper. They're already in the market. So what is that advantage for Rubrik? Talk about that unique, because you have a unique position, you're seeing a lot of things.
Kavitha Mariappan
>> No, I think fundamentally our DNA has been around data management. The very data that we helped organizations back up and recover from, from a cyber incident or physical disruption or some level of misconfiguration internally, we augmented that when we saw an increase in why people needed to reach for backups was because there was an increase in cyber incidents. So for us, it was a logical progression for us to get into the security space to augment our platform and look at the facets that we needed to build out. One of the things we noticed was identity became the first battleground and that we needed to really invest and build around identity, resilience and recovery. Fast forward a couple of years, AI has widened that aperture and that attack surface, but fundamentally those principles are the same. You need to be able to not just detect and prevent, but you need to be able to increase or focus on defense in depth from a perspective of not just detect and prevent, but actually recover and be resilient. And that is a shift in the way the industry, the security industry has really thought about, or even like the vendor ecosystem has thought about security at large because it has always been about building a deeper, taller wall, that castle and moat that we've talked about for years. But I think we have to take a stance that says, now with AI, if it wasn't already happening, you have to take a position of assume breach and assume overreach, agentic overreach.
John Furrier
>> What I've loved about the cyber resilience positioning when it came out was it wasn't like an IT thing. The business was on the line because you had a lot of attacks and ransomware, that was a C-suite conversation. The AI now is a C-suite conversation. So you were doing security, you come into the security realm and that's top of mind for all businesses, and so you have Zero Labs and Rubrik. How does that tie in? Because some people have these monster labs and SOCs and they're doing all kinds of things. What's been your approach, Joe, with Zero Labs? Has it been to try to be the security hub? What was the strategy and what are some of the things that you work on? Was it more of like, "Okay, we've got Rubrik?" How did that develop? I'm curious.
Joe Hladik
>> Oh, so my background is primarily in incident response and formerly red team operations. And a big part of what we used to do was we need data to inform context. If we don't understand the actions or the activity that's happening, that we're observing, then we have no context to report to executive decision makers. So when we talk about what Zero Labs does at Rubrik, we're primarily focused and our primary mission is to look at backup data and turn it into a source of threat intelligence, but also weaponize it as a forensic layer. If you come from the security operations world, backup data is not a commonly leveraged data set. So that's really what drew me to Rubrik and to lead this effort is to figure out, okay, well, what is backup data providing us? And we published a report last week actually that said around 20% of the threats that we're finding are considered prevalent. So that includes nation state actors as well as prominent criminal ransomware actors. Now think about that. That means that there's an entire data set that is going unnoticed by security operators. And that is the purpose of my team, is to bring that to the surface so other security leaders can recognize that, oh, they have another data source available to them that they can use for threat intelligence and forensics.
John Furrier
>> Talk about this because this is interesting because every conversation I had with AI and everything else, but mostly AI, it's, get your data right. And then, I mean, data governance, I've said the word governance in the past eight months more than the 15 years I've been doing theCUBE combined. It's been the front and center thing because data is what AI wants. So what does that translate into when you start to see this unused or unleveraged data?
Kavitha Mariappan
>> Well, here's the power of data, right? The very data that we're trying to manipulate an instrument for AI is very much the attack surface. So that's the tension that we're dealing with in the industry today. And I think data gives us an aperture into behavior. The telemetry, a lot of the work that Joe's team does in working with our R&D organization is, what is that vantage point we have, as Joe mentioned, to use backup data as that interesting sort of forensics layer, what are we seeing? What does that telemetry give us in terms of not just visibility of agentic actions, but the context behind those agentic actions from observability perspective, how are agents being provisioned? How are they being permissioned? How are we deploying them? How are we seeing organizations use them?
And that very interesting thing there is that, that gives us insights into how enterprises are operating. The other sort of interesting observation for us is that when we think about threat actors, we think about the fact that they're going after our crown jewels. One of the things we've seen is that they're actually going after high value targets like taking down or impacting your backup data. That data is a gold mine. If they target your backup data and they've been in your environment and have been doing recon for a while, you may bring somebody in if you notice anomalous behavior to recover your operations, but as soon as you do, it goes unnoticed and you've just restored a lot of the threat that they're -
John Furrier
>> So you're sitting at a good spot?
Kavitha Mariappan
>> Absolutely.
John Furrier
>> Joe, what does that mean? Because is that an observability thing? Is it a visibility or both? Because if you're sitting between, first of all, ransomware is super hot, everyone knows that. But if you're sitting in this area where data's moving, because you got to back it up, you're seeing a lot of movement of data across all the ecosystem. Talk about that position and what it means for value.
Joe Hladik
>> So I think I brought up the 20% number before. I think that's an important statistic to lean on because that actually shows you the resilience gap that exists within normal security operations. So typically most companies have been historically prevention first defense strategy, but what this actually tells us is that that posture is not always successful. It's failing because if 20% of the time those threats are in your backup data and then it could be reintroduced later down the road if it's not cleaned up in your backup, that shows a significant failure within your frontline defenses, such as your endpoint network defenses. But secondly, on the AI side of this, historically, security operators have always been focused on visibility. And what does that mean? It just means I can have a window into what the network is telling us or what the endpoint and the hosts are telling us or log data. It's really never been about observability. That's a newer concept that AI is introduced because when you have agents acting almost as mimicking human operators within your environment, changing things in microseconds versus us taking minutes, what we really need is like, yes, you may have visibility, but what is actually happening? And that is what observability is. It's getting the context of the reasoning of why each agent is performing the action and the timeline of those actions. So that is really where visibility is morphing into a context oriented observability term. -
John Furrier
>> Yeah, and words compliance, governance, context is AI language now.
Joe Hladik
>> Auditability.
Kavitha Mariappan
>> Agent lineage, right?
Joe Hladik
>> Lineage as well.
John Furrier
>> Yeah. So you got a data advantage, you're sitting in a nice spot seeing a lot of horizontal data, which feeds into the intel. How has that impacted the products? Because AI agents are coming, they're part of the workforce, people are leveraging them, but the humans are curating them, driving them, managing them. What happens for the CISO now? Because now you have, "Okay, I have new data." What's the AI impact for this?
Kavitha Mariappan
>> Well, CISO more than ever, it's not like they didn't have enough to do, but they have a fuller plate now. And I think that's going to be the interesting thing, right? Because AI has also brought down the silos and these organizational swim lanes where if we think about what IT building and infrastructure for the business to run and security determining policies and controls, do we assume that the CISO is going to assume all the risk for all of the Agentic operations of a large sort of multinational organization? That is complex. And so I think the role of the CISO is evolving so quickly in terms of how we think about governance and risk and how we model risk within that organization, right? How does a SOC operate? I mean, we're getting so many signals ingested into the SOC right now. When we think about false positives and false negatives, how do we alert the SOC team so that we don't have alert fatigue? There's a lot of organizational, I think dynamic right now that's emerging within what the role of the CISO or the role of the security team is. But more than ever, I think who owns ... What we like to talk about is, AI is everyone's responsibility and as is AI risk, but who's accountable for that within the organization?
John Furrier
>> Yeah. Joe, the thing that is happening that I'm coming to terms with is the transformation with AI is so radical, if you think about it. And what I mean by that is that what was once this is now becoming this. For example, I just came back from the FinOps conference in LA, which is the Linux Foundation is a very niche category around financial operations for the cloud, cloud costs. It's now going to be renamed to Tokenomics Conference. Why? Because token costs are now a finance thing, but it's also a deep tech. So DevOps team, so it's an engineering problem. You're in cyber realist today, you're going to transform into a bigger opportunity. So you're seeing these things kind of consolidate adjacent functions and then the customers are also feeling the same thing. Had a department doing software licensing, software states, management of license and costs, SaaS pricing, FinOps, they're all merging, as an example. What's transforming for Rubrik, for you guys? Because cyber resilience isn't just recovery and security. You have the data, you have the AI, what are you guys transforming into?
Kavitha Mariappan
>> Well, for us, I mean, if you think about Rubrik, Rubrik where we started off from a data management perspective, today we're squarely a security and AI operations company. That's where we see tremendous opportunities, but that's also where we see the tension within organizations. We want people to be able to securely and safely deploy AI and take advantage of the power of innovation. And we can only do that if we build an environment and a framework that allows them to deploy AI and new technology safely. And that requires this oversight and introspection around how, as Joe mentioned, kind of visibility into what's going on, observability and the ability to feed that back into the overall machinery, so the organization can thrive and deploy and innovate.
John Furrier
>> Yeah. The backup workflow is now gold, that's what I'm hearing. It's like, okay, so that data is unharvested, but it's so contextually relevant to everything else. This is kind of what I'm seeing is the combination of things. How do you guys look at that now? I mean, what's the tech team working on, Joe? Okay, if we believe that's happening, the next step is, okay, what's happening? Visibility, I would imagine is first thing you figure it out what it is. What are you guys working on now as you get this data? What does it feed into? Is it new agents from Rubrik? Is it new products? Is it new data for customers? What's the outcome of this new flywheel?
Joe Hladik
>> So I think Kavitha is probably the better person to talk about the Rubrik product plan and strategy, but what I can tell you from a more general perspective in terms of security, what's really important is what I mentioned before. It's one, the telemetry. What are the agents doing? What's the context around why they're doing it? But if we're talking about rolling back agentic action, you need the context in order to find the point that you need to recover back to. So that is one of the most powerful things I think that Rubrik is going to be providing, especially in the future, is because if we have that capability and we're providing that to our customers, then that means we also have the record of what the agents are doing. And then my team can go in there and provide more of a storytelling narrative around what the threats are, what the risks will be imposed upon all customers down the road. So in terms of the actual product, maybe Kavitha could shed a little more light on that.
Kavitha Mariappan
>> Yeah.
John Furrier
>> Talk about the product and how that drives the transformation.
Kavitha Mariappan
>> No, totally. So John, at the end of the day, what does an enterprise care about? If I make soft drinks, I really don't care where the threat's coming from. I don't really care about IT infrastructure or solutions. I want to be able to make soft drinks. At the end of the day, that's what the business is all about. And we want organizations, we want our customers to be able to do that. So the simplicity of what AI brings and obviously the complexity of what it brings is that it widens that risk aperture, right? How is an organization thinking about risk and in terms of managing that risk, containing that risk so they can do the work that they're doing. Well, one thing I can tell you is that on Tuesday we announced that the Rubrik platform is now available as an agent. So Rubrik AI is now available. That's an incredible step forward-
John Furrier
>> And you have a lot of other announcements. So we can come back-
Kavitha Mariappan
>> Hold on, we'll come back. Absolutely.
John Furrier
>> But this agent piece is, what is that about?
Kavitha Mariappan
>> So everything that you deploy from Rubrik today is now available as a one click agent.
John Furrier
>> All right. So now what does that mean for your customers? They're going through a transformation. Is the agent just their Rubrik copilot? Is it coworking with them? What's it-
Kavitha Mariappan
>> It's more than a copilot. The Rubrik instance is now there as an agent for you to do all those operations in terms of monitoring the governance, the protection, the detection and the recovery as an agent versus how we would've deployed software with -
John Furrier
>> How should executives think about this transformation with AI? Because now they're going to have agents, so you mentioned some of the agentic things happening. Are your customers leaning into agents and how far in are they in the progression and what are they thinking about?
Kavitha Mariappan
>> I think everyone's at all ends of the spectrum, but I think one thing is immutable, there's no one that's not thinking about AI in their environment. There's no one that's not thinking about how agentic AI is going to drive a high level of productivity, help them manage costs and actually impact the top line growth. And so our customers are all leaning in. They're leaning in though with forethought, right? How do I unleash this in a way that is safe and manage costs and operations, data operations? I think one interesting statistic we're seeing is for every on human identity about 82 non-human identities in the enterprise. So just thinking about how this workforce is going to evolve. We see this as being a little bit more of a CEO mandate than just a technology problem. This is the one time I think where a CIO or a CISO or a CTO are not going to the CEO asking for budget. This is one that's coming down from the CEO saying, "We will do this and we are doing this. This is going to be a competitive edge for us."
John Furrier
>> And the builders and the operators are also thinking like investors because their costs, you mentioned costs, they can reinvest that cost into the operations because they want to use more AI. They want to have more capabilities. I guess-
Joe Hladik
>> There is a, if I don't mind, there is an additional point I'd like to make and it's what Kavitha had brought up earlier, that it's not just a technical or cyber resilience problem, this is a business resilience issue. And one of the things I have seen in prior days doing incident response is that under crisis, you need people with authority to make decisions quickly, no consensus, no debate. You need to activate those types of resources, in these types of situations and they must be fast and quick. So especially now that we've entered the Agentic world, businesses in every industry should have either a center of excellence or some leadership that it has the mandate under say wartime scenarios where they can quickly make these decisions from the business perspective, not just the technical operation. I just wanted to quickly highlight that as a-
John Furrier
>> Yeah. I mean, this brings up the whole point of what's changed. So I guess my next question for both of you is what's changed for Rubrik and the customers on both the business and product side and then some of the data you're gathering. What's been the biggest change in the past year?
Kavitha Mariappan
>> We think about our core business. We're there to make sure that enterprises can get up and running, right? If there's an incident, the blast radius is minimized, your operations are up and running, minimum outage, minimum franchise, reputation, fiscal impact, right? So that's changed with AI or the increase in the threat vectors and this unleashing of a insider threat fleet now within the organization if it's not managed or governed right, that's changed because they're grappling with what that looks like. And I think if you think about frontier AI and what mythos has just sort of unraveled like for us, there's latent security threats, decades with the security threats within our organizations that people are unaware of. So that's definitely changing one, how the day-to-day looks, where they're going with this, how they're managing the risk appetite, et cetera. And what that's doing for us is for us to be able to track, what does the enterprise want? How do we support them in this endeavor and as the industry goes through AI transformation that people can do that safely and I think preemptive recovery is where, I think we know preemptive recovery is how we're thinking about this and that plan for this during peacetime so you don't have to deal with this during wartime.
John Furrier
>> Joe, what's changed for you?
Joe Hladik
>> With the AI transformation?
John Furrier
>> Yeah, the past 12 months, just your life, your day to day?
Kavitha Mariappan
>> His boss gives him more work because he can do more work now.
John Furrier
>> There's a lot going on, bombs are dropping, things are happening. The product data you're feeding in.
Joe Hladik
>> So it's funny, there's always been a fire and there's always been a motion forward for change. I mean, in many ways the threat actors are the innovators and we're the ones that are responding to that innovation and then escalating our own defenses. So it's kind of like this life cycle of that. And with AI, it hasn't really changed much other than accelerated it. And what it's done is it's posed an interesting and unique challenge to our team where it's like, well, in many ways it's kind of cool because now we get to use AI for defense just as they are using AI for offense. I find it exciting even though a lot of people might find it scary, which it is. I don't want to deny that. There's a lot of reason for fear, but I'm hopeful, mainly because there are a lot of smart people on the defensive side and there's a lot of emphasis on the threats and what can go wrong, but I want to be that reassurance that no, we still have the good, smart people on the defenses that are also thinking about this and trying to innovate as well. So what's changed? I don't think much. It's more just speed.
John Furrier
>> Yeah, the same speed. Guys, thanks for coming on and congratulations on, you guys got a great position. You're seeing a lot of data across the ecosystem, a lot of movement there in the backup and you're seeing the network trap. Everything's happening right there and you got the AI wave. What's next for the second half? We're going to see you out at events? What's the plans? What are you focused on for the second half?
Kavitha Mariappan
>> We have lots in the hopper. We'd love to work with you more, but yes, definitely we'll be at Black Hat. We have a lot of our CXO bespoke events coming up, but we're hitting the road.
John Furrier
>> Yeah. Joe, thanks for coming on, the Cybersecurity Leader Series at the NYSE Wired Program for theCUBE. Appreciate it.
Kavitha Mariappan
>> Thank you, John.
Joe Hladik
>> Absolutely.
John Furrier
>> All right. I'm John Furrier here. The NYSC Cube Studio is a NYSE Wired program and open community where leaders gather and share their thoughts because the market's moving super fast. IT transformation has moved to business transformation, which is the business model, revenue costs and capabilities accelerating so fast. We're trying to keep up and share that with you. Thanks for watching.
>> Palo Alto Studio connections, Silicon Valley and Wall Street. I'm John Furrier, the host of theCUBE here with Dave Vellante my co-host. Well, I'm John Furrier at theCUBE here at the NYSE Studios for theCUBE. Of course, we have our Palo Alto studio connecting Silicon Valley to Wall Street. This is our cybersecurity leaders, where we're going to unpack the leading AI trends, but also what's happening in the market from a transformation perspective. Kavitha's here, Mariappan, chief transformation officer of Rubrik. Joe Hladik's head of Rubrik Zero Labs. Great to see you guys. Thanks for coming in.
Kavitha Mariappan
>> John, good to see you again. Thanks for having us.
John Furrier
>> So you guys were here in January with a lot of news. Rubrik has pioneered the cyber resilience category going back many years. Now that AI is upon us we're seeing, not IT transformation, that's been happening, but the business transformation, the business model transformation. And the pace of change is so fast. The velocity is fast. Enterprises are digging, everyone's using AI as users. It's affecting the enterprise, the hyperscalers, and there's this huge demand and the AI build out we're seeing on the infrastructure side just booming. The demand for faster, bigger supercomputers, more tokens is creating a lot of disruption and acceleration. How has this affected Rubrik and your customers?
Kavitha Mariappan
>> Well, John, I think first and foremost, one of the things we've been saying for a while is that cyber risk equates to business risk. If anything, AI has not only accelerated our ability to innovate so quickly, but it's also widened the attack surface. And so essentially cyber plus AI risk necessitates the enterprise to build resilience. And it's definitely widening the aperture around business risk and the need for enterprises to get a grasp of this to kind of figure out how are we going to assess and manage risk going forward.
John Furrier
>> I love looking at these waves and this wave is so big and we've seen the internet, you've seen cloud, mobile, SaaS, now you have AI native. What's interesting, the companies that are successful that I've interviewed all have one thing in common, I want to get your reaction to this. They're kind of in the market already and they're doing things that don't look like what would be a venture-backed funded or a monster plan. They're doing things like integration. So there's like a beachhead that's been developed in the AI world where people get a position and they're getting the data. You guys have the beachhead in the enterprise, it was backup and recovery. Then expands with more capabilities with cyber resilience, which is much more broader. What's going on with AI? Because when you're seeing all that data, it's not a pivot. You're sequencing to much larger position because you're seeing more. Talk about this dynamic because people who are doing integrations are now doing bigger things because they're already in, they're doing data work. They're doing what looks like data plumbing or data engineering, but they see everything. They're not like making it up on a clean sheet of paper. They're already in the market. So what is that advantage for Rubrik? Talk about that unique, because you have a unique position, you're seeing a lot of things.
Kavitha Mariappan
>> No, I think fundamentally our DNA has been around data management. The very data that we helped organizations back up and recover from, from a cyber incident or physical disruption or some level of misconfiguration internally, we augmented that when we saw an increase in why people needed to reach for backups was because there was an increase in cyber incidents. So for us, it was a logical progression for us to get into the security space to augment our platform and look at the facets that we needed to build out. One of the things we noticed was identity became the first battleground and that we needed to really invest and build around identity, resilience and recovery. Fast forward a couple of years, AI has widened that aperture and that attack surface, but fundamentally those principles are the same. You need to be able to not just detect and prevent, but you need to be able to increase or focus on defense in depth from a perspective of not just detect and prevent, but actually recover and be resilient. And that is a shift in the way the industry, the security industry has really thought about, or even like the vendor ecosystem has thought about security at large because it has always been about building a deeper, taller wall, that castle and moat that we've talked about for years. But I think we have to take a stance that says, now with AI, if it wasn't already happening, you have to take a position of assume breach and assume overreach, agentic overreach.
John Furrier
>> What I've loved about the cyber resilience positioning when it came out was it wasn't like an IT thing. The business was on the line because you had a lot of attacks and ransomware, that was a C-suite conversation. The AI now is a C-suite conversation. So you were doing security, you come into the security realm and that's top of mind for all businesses, and so you have Zero Labs and Rubrik. How does that tie in? Because some people have these monster labs and SOCs and they're doing all kinds of things. What's been your approach, Joe, with Zero Labs? Has it been to try to be the security hub? What was the strategy and what are some of the things that you work on? Was it more of like, "Okay, we've got Rubrik?" How did that develop? I'm curious.
Joe Hladik
>> Oh, so my background is primarily in incident response and formerly red team operations. And a big part of what we used to do was we need data to inform context. If we don't understand the actions or the activity that's happening, that we're observing, then we have no context to report to executive decision makers. So when we talk about what Zero Labs does at Rubrik, we're primarily focused and our primary mission is to look at backup data and turn it into a source of threat intelligence, but also weaponize it as a forensic layer. If you come from the security operations world, backup data is not a commonly leveraged data set. So that's really what drew me to Rubrik and to lead this effort is to figure out, okay, well, what is backup data providing us? And we published a report last week actually that said around 20% of the threats that we're finding are considered prevalent. So that includes nation state actors as well as prominent criminal ransomware actors. Now think about that. That means that there's an entire data set that is going unnoticed by security operators. And that is the purpose of my team, is to bring that to the surface so other security leaders can recognize that, oh, they have another data source available to them that they can use for threat intelligence and forensics.
John Furrier
>> Talk about this because this is interesting because every conversation I had with AI and everything else, but mostly AI, it's, get your data right. And then, I mean, data governance, I've said the word governance in the past eight months more than the 15 years I've been doing theCUBE combined. It's been the front and center thing because data is what AI wants. So what does that translate into when you start to see this unused or unleveraged data?
Kavitha Mariappan
>> Well, here's the power of data, right? The very data that we're trying to manipulate an instrument for AI is very much the attack surface. So that's the tension that we're dealing with in the industry today. And I think data gives us an aperture into behavior. The telemetry, a lot of the work that Joe's team does in working with our R&D organization is, what is that vantage point we have, as Joe mentioned, to use backup data as that interesting sort of forensics layer, what are we seeing? What does that telemetry give us in terms of not just visibility of agentic actions, but the context behind those agentic actions from observability perspective, how are agents being provisioned? How are they being permissioned? How are we deploying them? How are we seeing organizations use them?
And that very interesting thing there is that, that gives us insights into how enterprises are operating. The other sort of interesting observation for us is that when we think about threat actors, we think about the fact that they're going after our crown jewels. One of the things we've seen is that they're actually going after high value targets like taking down or impacting your backup data. That data is a gold mine. If they target your backup data and they've been in your environment and have been doing recon for a while, you may bring somebody in if you notice anomalous behavior to recover your operations, but as soon as you do, it goes unnoticed and you've just restored a lot of the threat that they're -
John Furrier
>> So you're sitting at a good spot?
Kavitha Mariappan
>> Absolutely.
John Furrier
>> Joe, what does that mean? Because is that an observability thing? Is it a visibility or both? Because if you're sitting between, first of all, ransomware is super hot, everyone knows that. But if you're sitting in this area where data's moving, because you got to back it up, you're seeing a lot of movement of data across all the ecosystem. Talk about that position and what it means for value.
Joe Hladik
>> So I think I brought up the 20% number before. I think that's an important statistic to lean on because that actually shows you the resilience gap that exists within normal security operations. So typically most companies have been historically prevention first defense strategy, but what this actually tells us is that that posture is not always successful. It's failing because if 20% of the time those threats are in your backup data and then it could be reintroduced later down the road if it's not cleaned up in your backup, that shows a significant failure within your frontline defenses, such as your endpoint network defenses. But secondly, on the AI side of this, historically, security operators have always been focused on visibility. And what does that mean? It just means I can have a window into what the network is telling us or what the endpoint and the hosts are telling us or log data. It's really never been about observability. That's a newer concept that AI is introduced because when you have agents acting almost as mimicking human operators within your environment, changing things in microseconds versus us taking minutes, what we really need is like, yes, you may have visibility, but what is actually happening? And that is what observability is. It's getting the context of the reasoning of why each agent is performing the action and the timeline of those actions. So that is really where visibility is morphing into a context oriented observability term. -
John Furrier
>> Yeah, and words compliance, governance, context is AI language now.
Joe Hladik
>> Auditability.
Kavitha Mariappan
>> Agent lineage, right?
Joe Hladik
>> Lineage as well.
John Furrier
>> Yeah. So you got a data advantage, you're sitting in a nice spot seeing a lot of horizontal data, which feeds into the intel. How has that impacted the products? Because AI agents are coming, they're part of the workforce, people are leveraging them, but the humans are curating them, driving them, managing them. What happens for the CISO now? Because now you have, "Okay, I have new data." What's the AI impact for this?
Kavitha Mariappan
>> Well, CISO more than ever, it's not like they didn't have enough to do, but they have a fuller plate now. And I think that's going to be the interesting thing, right? Because AI has also brought down the silos and these organizational swim lanes where if we think about what IT building and infrastructure for the business to run and security determining policies and controls, do we assume that the CISO is going to assume all the risk for all of the Agentic operations of a large sort of multinational organization? That is complex. And so I think the role of the CISO is evolving so quickly in terms of how we think about governance and risk and how we model risk within that organization, right? How does a SOC operate? I mean, we're getting so many signals ingested into the SOC right now. When we think about false positives and false negatives, how do we alert the SOC team so that we don't have alert fatigue? There's a lot of organizational, I think dynamic right now that's emerging within what the role of the CISO or the role of the security team is. But more than ever, I think who owns ... What we like to talk about is, AI is everyone's responsibility and as is AI risk, but who's accountable for that within the organization?
John Furrier
>> Yeah. Joe, the thing that is happening that I'm coming to terms with is the transformation with AI is so radical, if you think about it. And what I mean by that is that what was once this is now becoming this. For example, I just came back from the FinOps conference in LA, which is the Linux Foundation is a very niche category around financial operations for the cloud, cloud costs. It's now going to be renamed to Tokenomics Conference. Why? Because token costs are now a finance thing, but it's also a deep tech. So DevOps team, so it's an engineering problem. You're in cyber realist today, you're going to transform into a bigger opportunity. So you're seeing these things kind of consolidate adjacent functions and then the customers are also feeling the same thing. Had a department doing software licensing, software states, management of license and costs, SaaS pricing, FinOps, they're all merging, as an example. What's transforming for Rubrik, for you guys? Because cyber resilience isn't just recovery and security. You have the data, you have the AI, what are you guys transforming into?
Kavitha Mariappan
>> Well, for us, I mean, if you think about Rubrik, Rubrik where we started off from a data management perspective, today we're squarely a security and AI operations company. That's where we see tremendous opportunities, but that's also where we see the tension within organizations. We want people to be able to securely and safely deploy AI and take advantage of the power of innovation. And we can only do that if we build an environment and a framework that allows them to deploy AI and new technology safely. And that requires this oversight and introspection around how, as Joe mentioned, kind of visibility into what's going on, observability and the ability to feed that back into the overall machinery, so the organization can thrive and deploy and innovate.
John Furrier
>> Yeah. The backup workflow is now gold, that's what I'm hearing. It's like, okay, so that data is unharvested, but it's so contextually relevant to everything else. This is kind of what I'm seeing is the combination of things. How do you guys look at that now? I mean, what's the tech team working on, Joe? Okay, if we believe that's happening, the next step is, okay, what's happening? Visibility, I would imagine is first thing you figure it out what it is. What are you guys working on now as you get this data? What does it feed into? Is it new agents from Rubrik? Is it new products? Is it new data for customers? What's the outcome of this new flywheel?
Joe Hladik
>> So I think Kavitha is probably the better person to talk about the Rubrik product plan and strategy, but what I can tell you from a more general perspective in terms of security, what's really important is what I mentioned before. It's one, the telemetry. What are the agents doing? What's the context around why they're doing it? But if we're talking about rolling back agentic action, you need the context in order to find the point that you need to recover back to. So that is one of the most powerful things I think that Rubrik is going to be providing, especially in the future, is because if we have that capability and we're providing that to our customers, then that means we also have the record of what the agents are doing. And then my team can go in there and provide more of a storytelling narrative around what the threats are, what the risks will be imposed upon all customers down the road. So in terms of the actual product, maybe Kavitha could shed a little more light on that.
Kavitha Mariappan
>> Yeah.
John Furrier
>> Talk about the product and how that drives the transformation.
Kavitha Mariappan
>> No, totally. So John, at the end of the day, what does an enterprise care about? If I make soft drinks, I really don't care where the threat's coming from. I don't really care about IT infrastructure or solutions. I want to be able to make soft drinks. At the end of the day, that's what the business is all about. And we want organizations, we want our customers to be able to do that. So the simplicity of what AI brings and obviously the complexity of what it brings is that it widens that risk aperture, right? How is an organization thinking about risk and in terms of managing that risk, containing that risk so they can do the work that they're doing. Well, one thing I can tell you is that on Tuesday we announced that the Rubrik platform is now available as an agent. So Rubrik AI is now available. That's an incredible step forward-
John Furrier
>> And you have a lot of other announcements. So we can come back-
Kavitha Mariappan
>> Hold on, we'll come back. Absolutely.
John Furrier
>> But this agent piece is, what is that about?
Kavitha Mariappan
>> So everything that you deploy from Rubrik today is now available as a one click agent.
John Furrier
>> All right. So now what does that mean for your customers? They're going through a transformation. Is the agent just their Rubrik copilot? Is it coworking with them? What's it-
Kavitha Mariappan
>> It's more than a copilot. The Rubrik instance is now there as an agent for you to do all those operations in terms of monitoring the governance, the protection, the detection and the recovery as an agent versus how we would've deployed software with -
John Furrier
>> How should executives think about this transformation with AI? Because now they're going to have agents, so you mentioned some of the agentic things happening. Are your customers leaning into agents and how far in are they in the progression and what are they thinking about?
Kavitha Mariappan
>> I think everyone's at all ends of the spectrum, but I think one thing is immutable, there's no one that's not thinking about AI in their environment. There's no one that's not thinking about how agentic AI is going to drive a high level of productivity, help them manage costs and actually impact the top line growth. And so our customers are all leaning in. They're leaning in though with forethought, right? How do I unleash this in a way that is safe and manage costs and operations, data operations? I think one interesting statistic we're seeing is for every on human identity about 82 non-human identities in the enterprise. So just thinking about how this workforce is going to evolve. We see this as being a little bit more of a CEO mandate than just a technology problem. This is the one time I think where a CIO or a CISO or a CTO are not going to the CEO asking for budget. This is one that's coming down from the CEO saying, "We will do this and we are doing this. This is going to be a competitive edge for us."
John Furrier
>> And the builders and the operators are also thinking like investors because their costs, you mentioned costs, they can reinvest that cost into the operations because they want to use more AI. They want to have more capabilities. I guess-
Joe Hladik
>> There is a, if I don't mind, there is an additional point I'd like to make and it's what Kavitha had brought up earlier, that it's not just a technical or cyber resilience problem, this is a business resilience issue. And one of the things I have seen in prior days doing incident response is that under crisis, you need people with authority to make decisions quickly, no consensus, no debate. You need to activate those types of resources, in these types of situations and they must be fast and quick. So especially now that we've entered the Agentic world, businesses in every industry should have either a center of excellence or some leadership that it has the mandate under say wartime scenarios where they can quickly make these decisions from the business perspective, not just the technical operation. I just wanted to quickly highlight that as a-
John Furrier
>> Yeah. I mean, this brings up the whole point of what's changed. So I guess my next question for both of you is what's changed for Rubrik and the customers on both the business and product side and then some of the data you're gathering. What's been the biggest change in the past year?
Kavitha Mariappan
>> We think about our core business. We're there to make sure that enterprises can get up and running, right? If there's an incident, the blast radius is minimized, your operations are up and running, minimum outage, minimum franchise, reputation, fiscal impact, right? So that's changed with AI or the increase in the threat vectors and this unleashing of a insider threat fleet now within the organization if it's not managed or governed right, that's changed because they're grappling with what that looks like. And I think if you think about frontier AI and what mythos has just sort of unraveled like for us, there's latent security threats, decades with the security threats within our organizations that people are unaware of. So that's definitely changing one, how the day-to-day looks, where they're going with this, how they're managing the risk appetite, et cetera. And what that's doing for us is for us to be able to track, what does the enterprise want? How do we support them in this endeavor and as the industry goes through AI transformation that people can do that safely and I think preemptive recovery is where, I think we know preemptive recovery is how we're thinking about this and that plan for this during peacetime so you don't have to deal with this during wartime.
John Furrier
>> Joe, what's changed for you?
Joe Hladik
>> With the AI transformation?
John Furrier
>> Yeah, the past 12 months, just your life, your day to day?
Kavitha Mariappan
>> His boss gives him more work because he can do more work now.
John Furrier
>> There's a lot going on, bombs are dropping, things are happening. The product data you're feeding in.
Joe Hladik
>> So it's funny, there's always been a fire and there's always been a motion forward for change. I mean, in many ways the threat actors are the innovators and we're the ones that are responding to that innovation and then escalating our own defenses. So it's kind of like this life cycle of that. And with AI, it hasn't really changed much other than accelerated it. And what it's done is it's posed an interesting and unique challenge to our team where it's like, well, in many ways it's kind of cool because now we get to use AI for defense just as they are using AI for offense. I find it exciting even though a lot of people might find it scary, which it is. I don't want to deny that. There's a lot of reason for fear, but I'm hopeful, mainly because there are a lot of smart people on the defensive side and there's a lot of emphasis on the threats and what can go wrong, but I want to be that reassurance that no, we still have the good, smart people on the defenses that are also thinking about this and trying to innovate as well. So what's changed? I don't think much. It's more just speed.
John Furrier
>> Yeah, the same speed. Guys, thanks for coming on and congratulations on, you guys got a great position. You're seeing a lot of data across the ecosystem, a lot of movement there in the backup and you're seeing the network trap. Everything's happening right there and you got the AI wave. What's next for the second half? We're going to see you out at events? What's the plans? What are you focused on for the second half?
Kavitha Mariappan
>> We have lots in the hopper. We'd love to work with you more, but yes, definitely we'll be at Black Hat. We have a lot of our CXO bespoke events coming up, but we're hitting the road.
John Furrier
>> Yeah. Joe, thanks for coming on, the Cybersecurity Leader Series at the NYSE Wired Program for theCUBE. Appreciate it.
Kavitha Mariappan
>> Thank you, John.
Joe Hladik
>> Absolutely.
John Furrier
>> All right. I'm John Furrier here. The NYSC Cube Studio is a NYSE Wired program and open community where leaders gather and share their thoughts because the market's moving super fast. IT transformation has moved to business transformation, which is the business model, revenue costs and capabilities accelerating so fast. We're trying to keep up and share that with you. Thanks for watching.