Eric Herzog, Chief Marketing Officer at Infinidat, discusses the evolving role of storage in cybersecurity strategies at RSAC 2025 in conversation with Christophe Bertrand, Principal Analyst of SiliconANGLE theCUBE. This informative dialogue delves into the intersection of data storage and cybersecurity, highlighting how these domains increasingly intertwine to bolster corporate security frameworks.
Herzog, a seasoned expert with decades of experience in enterprise storage solutions, shares insights into how storage now plays an integral part in comprehensive cybersecurity strategies. Guided by host Bertrand from theCUBE Research, the conversation explores how storage companies such as Infinidat evolve to include cyber resilience and recovery technologies, such as InfiniSafe, directly into their systems. Herzog emphasizes the importance of integrating storage in corporate security strategies, a trend noticeably highlighted by the increased presence of storage vendors at RSAC 2025.
Key takeaways from the discussion highlight the necessary shift for cybersecurity professionals to include storage as a critical component of Information Technology (IT) infrastructure security. According to Herzog, professionals must now adapt to a landscape where storage functions actively involve data protection and threat mitigation, not just backup. The discussion features insights on the role of automation, integration with tools such as Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), and Security Operations Center (SOC), and the pivotal role of artificial intelligence (AI) and machine learning (ML) technologies in enhancing cyber resiliency. Herzog and Bertrand also emphasize the importance of collaboration among IT and security teams to develop a unified cybersecurity strategy encompassing both data protection and rapid recovery.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For RSAC Conference 2025
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for RSAC Conference 2025.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to RSAC Conference 2025
Please sign in with LinkedIn to continue to RSAC Conference 2025. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Eric Herzog, Infinidat
Exploring the Integration of Cybersecurity in Enterprise Storage: A Discussion with Eric Herzog at RSAC 2025
Eric Herzog, chief marketing officer of Infinidat, discusses the evolving role of storage in cybersecurity strategies at RSAC 2025 in conversation with Christophe Bertrand, principal analyst of SiliconANGLE theCUBE. This informative dialogue delves into the intersection of data storage and cybersecurity, highlighting how these domains increasingly intertwine to bolster corporate security frameworks.
Herzog, a seasoned expert with decades of experience in enterprise storage solutions, shares insights into how storage now plays an integral part in comprehensive cybersecurity strategies. Guided by host Bertrand from theCUBE Research, the conversation explores how storage companies such as Infinidat evolve to include cyber resilience and recovery technologies, such as InfiniSafe, directly into their systems. Herzog emphasizes the importance of integrating storage in corporate security strategies, a trend noticeably highlighted by the increased presence of storage vendors at RSAC 2025.
Key takeaways from the discussion highlight the necessary shift for cybersecurity professionals to include storage as a critical component of Information Technology (IT) infrastructure security. According to Herzog, professionals must now adapt to a landscape where storage functions actively involve data protection and threat mitigation, not just backup. The discussion features insights on the role of automation, integration with tools such as Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), and Security Operations Center (SOC), and the pivotal role of artificial intelligence (AI) and machine learning (ML) technologies in enhancing cyber resiliency. Herzog and Bertrand also emphasize the importance of collaboration among IT and security teams to develop a unified cybersecurity strategy encompassing both data protection and rapid recovery.
Eric Herzog, chief marketing officer at Infinidat, joins theCUBE’s Christophe Bertrand at the RSAC 2025 Conference to examine how data storage is becoming a frontline player in cybersecurity strategy. The conversation unpacks how Infinidat weaves cyber resilience and recovery capabilities directly into storage systems.
Herzog explains why modern storage isn’t just about backup; it’s about active threat defense, data protection and rapid recovery. With tools such as InfiniSafe and integration into SIEM and SOAR platforms, storage is evolving into a fu...Read more
exploreKeep Exploring
What role has storage historically played in corporate cybersecurity strategies, and how are storage companies now integrating cyber resilience and cyber recovery technology into their systems?add
What changes are occurring in the cybersecurity industry due to the inclusion of IT data infrastructure in security conversations, and how are professionals adapting to this shift?add
What is the importance of having a known good copy in a comprehensive cybersecurity strategy and how can automation help reduce the threat window?add
What technology is being used on the storage side to detect malware and ransomware, leveraging AI and ML?add
>> And we're back at RSAC
2025 in San Francisco. This is our last segment. My name is Christophe
Bertrand, Principal Analyst with theCUBE Research, and I
am joined for the last segment, last but not least, guess
who he is based on the shirt, Eric Herzog from Infinidat, CM of Infinidat.
Zoginstor is in store. >> Christophe, thank you.
Love being on theCUBE
Eric Herzog
>> and doing it for years, and
thank you again for inviting us.
Christophe Bertrand
>> Well, so great to have you, Eric, and you've been in the
industry for many years. You've seen a lot of
things through the years. And I have to say, RSAC, and now we see storage
companies, we see backup and recovery vendors. Do we have a cyber resiliency category that has finally manifested itself here?
Eric Herzog
>> Well, I think what's really
happened is on the security side when you look at
the corporate strategies, it's been edge, server, network, and then we realize that 90% of the company's data is
sitting on their enterprise storage, especially for, let's
say, the global Fortune 2000. So they've kind of left storage out. So all of the backup data
protection vendors have integrated, several of the
primary storage vendors such as we have at Infinidat
with our InfiniSafe, have integrated cyber resilience and cyber recovery directly
into storage systems. So now, whether it be the backup side or the primary storage
side, storage can be part of a comprehensive cybersecurity
strategy and fits in now. So you're not leaving the front
door wide open when you go on vacation and say, "Come steal my stuff. " And quite honestly, with 90% of the data sitting on enterprise
storage, when the CISOs or the CIOs or CTOs would
leave the storage out, that's kind of what they were doing. And now you see that here at RSA. That's why you see so many vendors that have a storage genealogy, a storage history showing
up now with cyber resiliency and cyber recovery technology.
Christophe Bertrand
>> Right. So it's really
changing the game for a lot of the traditional
cybersecurity professionals. They lived in a world of
detection and endpoints and network security, et cetera. Right? And now all of a
sudden, you see this sort of IT infrastructure, data
infrastructure come up and become part of the conversation. And sometimes, well, it's a little too late
when you've had this attack and you're calling up your friends who have the backups in the organization, and well, they can't really
recover for X, Y, or Z reason. So what do you think is
happening for the professionals who are here today? Are they evolving? Is their job changing? Is their organizational structure changing because of what you've just described?
Eric Herzog
>> Well, I think there's
two possibilities here. One is if you integrate it automatically. So for example, there are some vendors where when a SIEM app, a SOAR app, or their SOC sees a cyber attack, it'll start kicking
actions off through an API. No phone call or anything, right on the
storage right away, trying to reduce that threat window. So as that continues, it's
either, A, the CSO understands that it needs to be incorporated and works with the infrastructure
executives to make sure that the storage has that capability. So I think that that is
really an educational process. Right now, a lot of the
security people that came by the booth didn't know, or they would say, "Oh,
well, that's great. I'll have to turn you
on to the storage guys. " A few said, "Oh, yes,
our CISO's all over this. Let's set up a meeting. Give me your email and we'll set up a meeting after the show. "
So I think it is evolving, but I'd say storage
still is on the outside. However, it's starting to get better recognition at
the CSO level, the CIO level, the CTO that, "Oh, wait a second. I haven't been including
storage for the last 20 years. That's probably not a good idea anymore."
Christophe Bertrand
>> Right. I think it's very interesting to see this, and I believe we'll see the
next wave will be the IoT type of devices, still
part of the infrastructure. So we'll see what happens.
That's kind of my prediction. More importantly, it seems to me that this change in the nature of the conversation is
forcing a total change in how you measure and how you put metrics around
traditional recoverability, which typically will happen
from backup recovery software, working the infrastructure or from the storage
system itself directly. Lots of options there depending
on how you've set it up. But do you think we've seen
the end of the traditional 3-2- 1 strategy for how many copies you have, how you back up, how you
recover? Are we in a new era?
Eric Herzog
>> Well, I think this is all
about the next generation of data protection and that next generation
of data protection has, A, a huge dose of cyber injected into it, which is not the traditional way. Grandfather, father, son,
as you said, the old way, which we both know well from the old days, but now that's anything you
do, even if you're still going to do grandfather, father,
son, where's the cyber angle? Are you scanning those backup datasets? And on primary storage, completely separate from the
traditional data protection model is, well, wait a second, I can take simultaneous snapshots with no performance on
primary storage at all, so why don't I then scan those? And I could do that once
a week, twice a week. And if you have the right software that can scan not just the
metadata information looking for anomalous pattern
detection, but much deeper. If you will, almost
cracking open the files and taking a look at everything. We're going to get something like 200 or 250 different parameters
leveraging ML technology so that it can learn that,
"Wow, what's going on on that storage race seems to be
like the Herzog malware attack that everybody heard about or the Christophe ransomware attack. "
So if it can learn like that, and that is where the technology is today. So, A, instead of just being
data protection thinking backup, because that is
what most people think, is now you're protecting the
data both on the backup side and on the primary side, scanning it, and in fact, if you do it
right, not only are the SIEM and the SOAR and the SOC
the early warning detection, you could actually see it on
the storage side if you're doing the scanning properly. And then through an API, send
a note to the SOAR or the SIEM or to the SOC saying, "Hey, the storage is seeing an issue here. We need to be on this. " And that really does change
it from traditional data protection, which is
pretty much a backup play, as we know from our past.
Christophe Bertrand
>> Right. So I think
what's important here is, and you've said it multiple times, APIs. You've mentioned other
parts of the infrastructure that a few years ago you
would never have mentioned whether in storage or backup and recovery. So I think the big play here is how many APIs can you build? What type of partnerships do you have? So looking at the exhibit hall,
I think it's mind-boggling how many vendors there are, all participating in this big ecosystem that clearly is starting
to combine and merge because of the type of
issues we have to fix now. What's your take on the best
strategy from an ecosystem standpoint coming from the storage side? What are you looking for? What are the characteristics of those partners you're looking for? What capabilities? Do you
see potentially in time some consolidation, you know, how products become features over time? What's your take on this? Because I think it's very confusing for end users should they
invest in this company or that company when maybe
they're going to be not so compatible with the
other part of the stack?
Eric Herzog
>> Well, I think the
key thing is you've got to do it from a storage perspective now. You need cyber on both the
old-style data protection, backup and archive. If I'm the cyber criminal, I'm going to understand how things go. This is not like the old
gangster movies in the 1940s where they show up with a machine gun and, "I'm going to break your leg. " That's not how it works. These guys are very sophisticated, so they understand the data flows, server through the network to
the storage, storage back through the network out to the server, the application layer sitting there. They understand that. So what you need to do is have cyber built into your backup and archive strategy, but cyber built into your
primary storage as well. And then obviously, from
a storage perspective, the better automation, so for example, my company has done integration
where if a SIEM, a SOAR, or a SOC sees an attack, we start automatically taking snapshots, automatically scanning those snapshots. So in that case, as you
send a wider ecosystem, so in this case, it gets
back to my earlier comment, enterprise storage is now part of a comprehensive cybersecurity strategy, and that involves automation helping reduce the threat window. What are you doing to
get a known good copy? Because it's not if you'll be attacked, it's when and how often. And as you know, they're
going to get through. You read about it every day in all kinds of people having a cyber threat, or I should say an attack
that becomes public, let alone all the ones
that don't become public. So if you have it on both the backup side and on the primary storage
side versus just looking at it as data protection,
"Oh, I just take backups and that's good enough," and then the idea is you want
to be able to recover as fast as you can, as fast as you can. And certain vendors out there, such as us, offer RTO guarantees on how fast we guarantee
we'll recover that dataset. And that's a value, whether
it be on the backup side or whether it be on the
primary storage side.
Christophe Bertrand
>> Right, and it's recovering
quickly that matters, but it's also having the ability to know that you've recovered good data, which is where the integration with
potentially other tools and scanning through the data, maybe looking at snapshots
on a regular basis, using some sort of a white room or staging type of environment
is going to be critical. So you mentioned automation,
you hinted at AI, and from a research study that
will be published very soon that we recently completed
here at theCUBE Research, I would just hint that
when you ask people about what makes up cyber
resiliency from a technology and business standpoint, of
course cybersecurity tools are going to come on top
and backup and recovery. But guess what? In the top
five, I will just reveal today, AI makes the top five as a key technology for cyber resiliency. So how do you integrate AI and what do you think the future of AI is from your standpoint in helping with better cyber resiliency
and resolving those issues?
Eric Herzog
>> So what we've done from our
side on the storage front is we have a technology that will
detect malware, ransomware. It leverages AI and ML
on the storage side. Now, obviously the cybersecurity
vendors are using AI and ML to help forward attacks, recover, but we're already using
it from our perspective. In our storage products
at least, we use AI and ML to scan a snapshot,
a volume databases, whatever you want. And then, A, if you do it
as an early warning system, it can report back into a
wider cybersecurity ecosystem, as you said, or if you've had an attack, you can take potential candidates, stick it in a fenced forensic
environment, scan it, and then that will say,
"Oh, this is not good. "
Remember, malware and ransomware, as you
know, is the ultimate, the ultimate spy. If they're really good, no
one knows they're the spy. And so they're not pounding
their chest like King Kong screaming and yelling, saying, "I'm going to steal your stuff. " It's all done surreptitiously. So being able to do the scanning,
you can create a snapshot, you could be backing up malware and ransomware and you'd never know it. So the scanning can be,
A, a proactive tool, which then would report back in, or B, if they get through, you need to get to a known good copy. So whether that be your snapshots
or your backup datasets, and you're going to just scan them, and we have a tool that uses
AI and ML and it can come back and say, "Guess what? That snapshot from 2:22 AM, it's no good. But that snapshot from 2:22 PM," earlier, if you would say that 2: 22 AM was the most recent snap and you did one 12 hours earlier,
"maybe that's a good one. " And the AI and ML technology can do that when you're in a recovery mode to get to a known good copy. So two different ways to use the AI and ML from a storage perspective.
Christophe Bertrand
>> Right. And it's actually very critical because you don't want to
perpetuate the problem. If you recover something
that's bad, it may trigger more attack or deeper attack next time around or continue the problem. So it's very critical. So let's talk about the type
of partnerships you have. I know you work with a couple
of vendors in the space that really help with
understanding what's what and doing this sort of analysis. If you take a step back and think about the new
generation of security folks that are now joining in the business, how much do they understand about storage? How much do they understand
about really going to the root of what the data is to actually scan? Is there an education
need that is required that maybe falls a little
bit on the vendor side and on you, really, to
help them understand this?
Eric Herzog
>> So we have a joint
development partnership with a company called Index Engines. They understand how to
do the scanning, how to leverage the AI and ML technology. We did some of the
development, they did the bulk of the development, and that
solution will do the scanning. You set up what you want to scan, "I want these three arrays
scanned, these three are not as important datasets, so
I won't want to do those. " And so that is exactly what you need. Then you also need
integration though in order to kick those off. So without having them to
text somebody, call somebody, pick up the phone, send an email, and no one answers, you want to automate that entire process. So that's integration with
things like Microsoft Sentinel, IBM QRadar, the SIEM
and the SOAR packages. Obviously for companies that set up a SOC, they've already got a
SOC, so in their case, they're monitoring on their own. So you set up an API and that level of integration
allows the storage then to go in an automated fashion and help you reduce the threat window. And of course, if you have an attack, our software will create a
fenced forensic environment, as you talked about already, and then you scan in that
fenced forensic environment to see if you've got
malware or ransomware. So you got integration
that we have done already with Index Engines, then other integration with the data center-wide
cybersecurity infrastructure, like a SIEM and a SOAR or a SOC, so that the storage process now
becomes an automated part of the comprehensive cybersecurity strategy, not a manual process. It's an automated process.
Christophe Bertrand
>> Yeah, so it seems to me that because of the nature of the threat that has fundamentally
changed, well, the metrics of recovery or recoverability have changed, the teams are changing, the
organization is changing, integrations are happening. What's the next step? Are we going to see maybe a broader set of solutions hitting the market
that are more integrated, maybe a storage system that actually has a lot
of those components? Are we going to see more of
a play for service providers gluing together some maybe pre- configured stacks? Everybody has a different stack. If we look at the enterprise, which is an area in which
you play, well, everybody has maybe their top 20, 25 components, and that's really minimizing it here. It's a lot more, but
there's probably a top 25, and it's going to vary. It's going to be different
permutations depending on who you talk to and sometimes
even in the same organization. So how do you go to market with that? How do you, as an end user,
consume all of this information and get to the right solution? And what's the big play? What
do you see in the industry?
Eric Herzog
>> So a couple of things. First of all, we've automated a whole bunch
of this process already. So if they've got Sentinel, then they don't have to worry about it. Now, it does need to get configured, and our channel partners can help them or our own people can help them. Okay? Then there obviously
are think of we have a partner who has a storage practice
and a cybersecurity practice. So we've done education with
their cybersecurity team, so they know, "Oh, okay, so their storage is blah, blah, blah, blah. " So when they sell a security program or they sell a security
engagement, a services engagement, they know, "Okay, well, we're
going to bring in Infinidat because Infinidat integrates with this and Infinidat can do this
and that other thing. " So we've done, in that
case, through a reseller, there's consultants that are
often used by the enterprises. So as long as they're aware
of what the solution is and how you can put it together, then you can put together ease. And again, we've done a lot of automation. So putting it together
is more like, "Oh, wait. Oh, that software can talk to IBM. That software can talk to Splunk. Oh, okay, now we just need
to do the integration. " And once you've done that integration, which is more about config, "I
want these arrays to do this and these arrays to do that,
and these storage systems do that," then it's automated. Think about it as you have to configure it once and then you're done. Now, when you buy more
storage, maybe you want to add that new array or those new two arrays, but again, really it's a one- time configuration in the data center because the levels of
integration are there. Now, by the way, if
they don't have any SIEM or storage software,
that's a different issue because we can't help there because we're taking our
key from that software. Same thing, if you're
doing scanning, let's say, every Tuesday and Thursday, and with our scanning software
we call InfiniSafe Cyber Detection, you notice something? If they're not using SIEM, SOAR, or SOC, you can't send it anywhere. So there's a broader
cybersecurity methodology that they say, "Oh, of course. Oh my God, I recognize that. " So those are the things
that have to happen, and a lot of that is more about having, A, a comprehensive view
inside the data center with the IT teams where the SIEM guys, the SOAR guys, they know. Okay, the cyber guys go, "Oh, wait, our storage guys said they're
starting to buy storage or backup products with security. And oh, okay, I'll make
sure I connect to them," because once you do the connection, you can automate everything.
Christophe Bertrand
>> Right. I mean, very clearly, and this may be the last
word here, it's teamwork. It feels like the team
has to come together around this issue of
the teams, I should say, whether it's SecOps, whether it's the traditional
cybersecurity team and the leadership, ITOps,
CloudOps data center folks. It's a lot of people who have to agree on what the resource levels have to be, what the integrations have to be, and what the testing has to be, which of course is going to be critical. So we covered a lot of ground and thank you so much for your insights. I mean, you know a lot about the business. Clearly we're entering this
new phase in the industry where I think cyber resiliency
is this new sort of category that is changing a lot of
the vendor landscape, a lot of the conversations, and a lot of the teams
within IT and cyber teams. So it was great to get your insights. So Eric, thank you so
much for joining us today. >> Great, well, thank you very much.
Eric Herzog
>> RSA has been a great event for us. And like I said, as you
pointed out earlier, you're seeing a lot of
storage vendors show up, which you wouldn't have seen
that three, four years ago. We were here four years ago.
It was the first time we went. I think there was a couple
other, there was maybe three, but I counted about 15 this year. So that's all new, and the
integrations will keep happening. And obviously by using
the right consulting firm, the right channel partner, the
right systems, integration, and inside, it's a comprehensive
cybersecurity strategy where storage and backup are included. And if they approach it
that way, then there's a lot of integrations that will
produce this automated technology so that they're not sitting
there going, "Oh my God, we have to call 27 people to get this thing going. " It just starts doing it. But if they don't think
in a comprehensive fashion that storage and backup
need to be included, that's where the problem will lie.
Christophe Bertrand
>> Well, words of wisdom.
Thank you very much, Eric. >> Great. Thank you very much.
Christophe Bertrand
>> And to our viewers, thank
you so much for joining us
Eric Herzog
>> for our coverage of RSAC
2025 in San Francisco. My name is Christophe
Bertrand, Principal Analyst with theCUBE Research, and
we'll see you on the next show. Thank you.
Christophe Bertrand