VMware Explore 2024 | Mark Chuang | Broadcom

Clips
News
More from VMware Explore 2024

Mark Chuang

Sr. Director Product Marketing

Broadcom Software

Resiliency amid ransomware: How VMware Live Recovery helps minimize data loss and downtimes

As cyber threats proliferate, the difference between success and failure for enterprises often comes down to the speed at which they recover from attacks. VMware Live Recovery has been designed to expediently get companies back to full functioning in the event of ransomware attacks.VCF’s Mark Chuang talks with theCUBE about VMware Live Recovery.“I would say the number one thing that people use it for is to help them with this IT scourge of ransomware, modern ransomware, where the old ways of trying to recover just didn’t work,” said Mark Chuang (pictured), head of product marketing for VMware Cloud Foundation at Broadcom Inc

play_circle_outline VMware Live Recovery: key solution for ransomware recovery with unique features.

play_circle_outline Integration with vSAN: accelerates failback time by up to 16 times.

play_circle_outline Proactiveness: importance of being proactive in protecting against ransomware attacks.

play_circle_outline RPO and RTO: key dimensions attacking to minimize data loss and recovery time.

play_circle_outline VMware Explore: showcasing recent enhancements like vSAN integration, upcoming features.

Info
Transcript

Mark Chuang | Broadcom

Mark Chuang

Sr. Director Product Marketing Broadcom Software

The Venice Conference Center in Las Vegas hosts theCUBE's coverage of VMware Explore 2024 featuring Mark Chuang, senior director for product marketing at Broadcom. VMware Live Recovery tackles modern ransomware with solutions across the VMware portfolio and vSAN integration for faster failback times. The merging of disaster recovery and cyber protection workflows enhances collaboration between administrators and security personnel. Customer feedback shows increased confidence in recovery plans and streamlined testing processes. The solution has reduced recove... Read more

explore Keep Exploring

What is the number one thing people use it for and how is it specifically designed for ransomware recovery? add

What are some key considerations when bringing together disaster recovery and cyber security in the context of ransomware recovery? add

What are the alternatives for people who rely on cyber insurance as their only defense against ransomware attacks? add

What are recovery point objective (RPO) and recovery time objective (RTO) in terms of data loss and recovery time in case of disasters? add

What are some of the recent values and enhancements that the speaker wants to inform others about, and what upcoming features are they excited to talk about in more detail during the general session tomorrow? add

bolt Powered by CUBE AI

Mark Chuang | Broadcom

search

Dave Vellante

>> Welcome back to the Venetian Conference Center in Las Vegas, everybody. You're watching theCUBE's coverage of VMware Explore 2024. This is our 11th year covering this event. Mark Chuang is here. He's senior director for product marketing at Broadcom. Mark, thanks for coming on. Great to see you.

Mark Chuang

>> Thanks so much, Dave. Pleasure to be here.

Dave Vellante

>> We're going to talk about VMware Live Recovery. We're going to get into it. It's evolved over the years. It's like a flagship product for you guys. Explain to the audience what is VMware Live Recovery? Why is it so important? And we'll get it to how it's evolving.

Mark Chuang

>> Yeah, I would say the number one thing that people use it for is to just help them with this IT scourge of ransomware, modern ransomware where the old ways of trying to recover just didn't work. And really for us, leveraging all the assets that we've got across the VMware portfolio and bringing together, so it's a very unique offering, specifically designed for ransomware recovery. But at the same time, I mean, we've been doing disaster recovery for literally 10, 15 years, and so just bringing that into a single solution.

Dave Vellante

>> So I want to follow-up on that because during COVID we heard so often from CIOs that our business resilience was basically equal disaster recovery, and so we had to evolve our strategy. You've evolved your strategy as well. So like you said, it used to be known for disaster recovery, now it's much more. What specifically did you guys add to the platform to be able to accommodate that?

Mark Chuang

>> Yeah, so we built off of common technologies that's already in our portfolio, but really saying, "What are the key requirements of ransomware recovery that's different and unique than the power outages or the hurricanes that we've known forever?" And so there are a couple of key components to it. One, you've got to have a next-generation behavioral analysis engine embedded in because modern ransomware is not about scanning for file signatures anymore, so we built that in. Second, you've got to have this isolated recovery environment in which you slowly test recovery points in order to gain confidence that this is actually safe to deploy, whereas otherwise you're just going to reinfect production. And finally, we leverage our virtual networking technology with NSX to make this ability to change the network isolation in an automated fashion, we brought all that together. You didn't need any of that for a disaster recovery in the traditional sense. You absolutely needed it for ransomware recovery.

Rob Strechay

>> Yeah, I mean, this to me is, and a lot of the big news this week is around VCF and how it's really expanding and evolving, and we'll hear some more about that tomorrow for sure. How does VMware Live Recovery really fit into the ongoing vision of VCF?

Mark Chuang

>> Yeah, so two things really come to mind here. First of all, while we are working with customers very closely to help them realize the value of that full private cloud solution that's VCF, VMware Live Recovery though helps protect workloads even if you're just running vSphere and even if you're just running an on- premises or out in the cloud. So first of all, we're going to help protect any of those VMware-based workloads. The second one is this continued theme around taking the broad set of assets that VMware has got and deeply integrating it so that there's even more value. So one of the things that we very recently delivered was an integration with vSAN so that when you're doing the failback, because you now have a local vSAN snapshot, our calculations are the failback can actually accelerate by up to 16 X because you're using that vSAN local snapshot.

Rob Strechay

>> Because you're only bringing back to diffs off that.

Mark Chuang

>> Exactly. And so what's so fun about the last few years is we're looking at the unique requirements of ransomware recovery and then harnessing different assets in our portfolio and then by bringing it together, delivering so much more value.

Dave Vellante

>> So disaster recovery and cyber were largely separate domains and have been for years. But again, post-COVID, people started to bring those together. You've seen data protection/backup become an adjacent seat of cyber and even some would argue a fundamental component of it. Are you able to bring together those workflows and those experiences into a single experience for customers? What's that like?

Mark Chuang

>> That was a huge design point for us. We wanted to make sure to really think through all of the personas that are involved, when you get hit with ransomware, when you get hit with DR, and there are several. But there is a common persona, which is ultimately that infrastructure or cloud administrator who is responsible for bringing the infrastructure or the applications, the data back up. They were responsible for DR, and they're still responsible for a ransomware attack as well when you got to bring it back up. But in the workflows, we were very cognizant of the fact that they've got to work with the security persona. And so we wanted the workflows that were designed to actually improve collaboration between these two personas, not make it more difficult for them to do their jobs.

Rob Strechay

>> I mean, to me, again, having lived in this world like yourself for quite some time, you start to look at it and go, "Really, it is when the rubber meets the road and how it helps customers understand this." I know you guys, you're highlighting a few of those customer stories. Why don't you break that down for us and help us understand how people are really getting and having great outcomes from that?

Mark Chuang

>> Yeah, this is one of those where I'll be able to anonymize some customers because no one wants to talk about the fact that, "Hey, look, I got hit by ransomware and this is what we ended up doing." But I'm talking to customers that use words like, "You guys have given me great peace of mind. You guys and the solution you've delivered, this is a game changer." And what they're talking about is they now have a plan and when they test it, they're having confidence that if I got hit or when I got hit, I've been able to recover. And so it comes down to the fact that before they were like, "Maybe we had documentation and it was like that thick of a manual run book." And they were so worried about, "Could I actually execute when the time came?" But now because we have the workflows and actually the tools and the ability for them to test outside of their production, their confidence level has gone from somewhere down here to very, very high. And that's the basis upon which we've seen it really just flip a switch relative to what they think and now have the ability to do.

Dave Vellante

>> I want to ask you about testing because again, for years having also spent some time in this space, organizations they wouldn't test. They might test failover but not failback as an example because it was too risky to test. But it sounds like you've dramatically evolved customer's ability to test with confidence so they could tell their board, "Yes, not only do we have something in place, but we've tested it, we test it regularly." What's the test regime like these days? Am I onto something here that people are actually testing these days?

Mark Chuang

>> Yes, so much so. I mean, before it felt like I would talk to customers and the better ones may tell me I test once a year, right? Now. Okay, I'm going to break it down into two parts. Even before we get them to a test, we actually will run an automated check of their run book looking at the dependencies for that run book to be effective. We do that every 30 minutes. Now, it's not a full-on test, but it's looking for the most obvious dependencies and if it finds something, it's going to tell you quickly within that 30 minutes. Now get to your question in regards to the actual testing itself, that's where being able to leverage these cloud resources that you're not paying for 24 by 7, only when you're testing, not part of your production. So you're not worried that you're going to somehow impact your production environment. We're seeing customers, we advise them they should be testing every two weeks, every month, and now they're actually doing it because it's not prohibitively painful, disruptive, or expensive. So that is huge.

Rob Strechay

>> Yeah. I mean, I know just because I've been able to get some briefings from you and your team leading up to this, that Merrick was one of the ones that was sitting there and there's actually a case study on your website about it, so I think I can use their name.

Mark Chuang

>> Yes, it is a public case study, yes.

Rob Strechay

>> They were stealing from production to actually do that and try to do that. Is that something you see as common is again, how do you get out of this bind of resources versus testing and also it's the people aspect of those resources as well? And what are you seeing from that?

Mark Chuang

>> You know what? The fundamental shift here is that, let's go back to the testing part of it. If you weren't testing, you couldn't have confidence, bottom line. So even something as simple as that. You're right, the Merrick example, we have a customer out of Europe that has also dramatically improved their posture because they've been able to get out from using the production environments and leveraging the cloud to be able to do the testing. And then also I think just the confidence that they're replicated snapshots, they're immutable, you're not having to worry about them being compromised when the ransomware attacks because that's one of the first things that they go to. So all of that, but what they really appreciate nowadays is that all of the components are built into VMware Live Recovery. Could they build this solution on their own? Yeah, they could, but DIY is a lot more difficult. And so what they appreciate is that it's all integrated and that we design the workflows for it so that whether it's the testing, whether it's the failover, whether it's the failback in the example I just shared with vSAN, we're really thinking about it end-to-end.

Rob Strechay

>> And I think just diving a little deeper, my geek had on here, that vSAN example that you're giving also is the fact that there are, you can go back up to 200 snapshots on it, right?

Mark Chuang

>> Right.

Rob Strechay

>> Because I think that gives people that experience and that distance that they can be confident to go and be able to understand. And you're automating that as well, right?

Mark Chuang

>> Exactly. So with the dwell time of modern ransomware being days or weeks, you've got to have that deep history of snapshots available to you for sure. And fundamentally, at the end of the day, I'm also seeing customers realize that, look the way I used to handle backups, you still need backup, don't get me wrong, but you can't take that solution and now believe that it's going to be the thing that's going to help you recover when you get hit.

Dave Vellante

>> So you said 200.

Rob Strechay

>> 200.

Dave Vellante

>> 200. So that's the max. So you could in theory do eight in an hour if you wanted to, and that kind of granularity, is that what you're suggesting?

Rob Strechay

>> You could do every 15 minutes or something of that nature. Some people do every five minutes. It all depends on how far back you're looking to go, I think.

Dave Vellante

>> But the reason I bring that up is because I want to dig into the business case a little bit. So I mean, the conventional way to think about a business case for a solution like this, I've got two dimensions that I look at. The frequency of an event, which leads to the probability and the impact, frequency you really can't control, it's going up, but you can control the impact and the impact the measurement is I guess the reduction in an expected loss, like insurance people would say, "All right, we're going to expect a loss of X every 10 years, and then it was five years and it was yearly." So presumably that's the dimension that you can have an impact on. And you've got a number of customer examples. Have you been able to, even if it's anecdotally or subjectively been able to get a sense as to how you've been able to reduce that impact?

Mark Chuang

>> Yeah, if you look at different estimates out there, we'll see that the total cost of a ransomware breach is on average somewhere in the range of about $4 million. Now, that includes the direct business impact of losing your applications, but it also factors in just the productivity impact. And then it goes a step further in regards to even an estimate relative to reputational impact as well. So let's just use that $4 million number if we're able to help a company even reduce from what could have been three to four weeks. I mean, it sounds like a long time, but I'm absolutely hearing stories about that, down to days to recover. I don't have the calculation right off the top of my head, but you can imagine the magnitude there. And I've been talking to customers where if they can't recover within a reasonable amount of time, I don't think it's hyperbole to say it is an existential threat for them because at some point your customers will just be like, "Forget it, I can't trust you anymore, and so I'm going to take my business elsewhere." I've definitely been hearing stories at that magnitude.

Dave Vellante

>> I mean, just very simplistic back in the math, if it takes you four weeks to fully recover, I mean, it's obviously going to be a curve, but let's just make it simple. Simplifying assumption, a million bucks a week for a $4 million loss. If you can compress that down to days, you do the math, you're saving. And I mean, that's huge in terms of productivity especially. I think that's the biggest

Mark Chuang

>> It was probably last year, I remember reading an article about a regional hospital in the U.S. that literally had to shut down because they just could not get their operations back up and running. And let's just for a moment set aside the business side of it. I mean, imagine the human side of it where you had to literally tell their patients that they could not care for them anymore.

Rob Strechay

>> And there's also regulation sides of things as well. We had heard anecdotally about a large financial services company that used the service during that whole CrowdStrike thing. That seems like something that's under, I guess you could say estimated is how do you really push the button before things get bad? Is that something where you're leaning into and saying "Here, not only that we know you have known goods here. Let's go now before that," because that would seem like a-

Mark Chuang

>> You absolutely do have to be proactive, right? I mean, if you hadn't captured deep enough snapshots or really kind of get all this set up ahead of time. It is a little too late once that first ransomware hits you. But what other alternatives do people have nowadays? There will be times when I talk to customers, they're like, "Well, I have cyber insurance, cyber security insurance or cyber attack insurance." I'm like, "Great, you absolutely should have that. But the trends that I'm hearing about is that the premiums are increasing very, very rapidly and the requirements to even qualify to get a payout are becoming more and more strict. And so that needs to be a part of the puzzle, but it can't be the only thing that you rely upon." And then the final thing when I'm talking to customers like that is like, "Hey, you got the payout, that's fantastic, but if you didn't have a way to actually still recover your data and your applications, that payout isn't going to really get you back up and running."

Dave Vellante

>> And frankly, the best insurance is if you can compress your recovery time and minimize the loss data. So again, back to basics, RPO and RTO, recovery point objective, recovery time objective, those are kind of geeky terms. Somebody said to me one time, "You have to speak in those business terms." I'm like, "Those aren't business terms. Recovery point objective is how much data do you want to lose?" And people say, "Well, I don't want to lose any data." "Well, how big is your checkbook?" Because there's no such thing as RPO zero if you get disasters and earthquakes and fires. But anyway, you can compress that down to minimize the amount of data loss and in recovery time we talked about earlier, the time it takes to get back online in a fashion that is trusted. And those are the two dimensions that you're attacking here, right?

Mark Chuang

>> So we typically tell our customers that if your goal is to protect against ransomware, keep your hour lease for 24 hours, keep your day lease for at least a week, keep your week lease for a month and keep your month lease for at least six months. That kind of strikes the balance between, I'm paying all this money for storage because I could keep by-the-minute snapshots, but imagine the bill that you've got from a storage point of view. So that's our very common advice to strike that balance.

Dave Vellante

>> So what's the buzz at Explore this year? What are you guys showing off, flexing your muscles? Any news you can share?

Mark Chuang

>> Well, a lot of people here at Explore, they don't think about this 24/7 like myself and my team do. So we just want to tell them about some of the even more recent values and enhancements. I brought up the vSAN integration, which we believe can accelerate the failback time as much as 16 times relative to what we had before. So we wanted them to know about things like that, but we want to be able to talk about things that are upcoming as well. So some of that is saved for our gen session for tomorrow, so I'm not allowed to talk about it here. But just imagine being able to even extend the ability to protect where customers have maybe air-gapped environment, so they can't fully leverage the cloud. Or being able to leverage our vSAN capabilities again, in a greater part as part of the VLR workflow. So stay tuned for that. We're a few hours early, but pretty excited about leveraging the full VMware portfolio.

Dave Vellante

>> Tease your session tomorrow. Where is it? When is it?

Mark Chuang

>> Oh, my goodness .

Dave Vellante

>> Oh, sorry.

Mark Chuang

>> You caught me off guard on that one. I'll have to pull that one up.

Dave Vellante

>> All right, so well let me know and then we'll let people know.

Mark Chuang

>> Fantastic.

Dave Vellante

>> Mark, thanks so much for coming on theCUBE. Really appreciate it.

Mark Chuang

>> My pleasure, as always. Thank you for having me on.

Dave Vellante

>> Of course. Our pleasure. All right, keep it right there. Rob will be back with me and John Furrier right after this short break. You're watching theCUBE live from VMware Explore 2024 from Las Vegas. Be right back.