Transcript
We're here at Convene at Hudson Yards in New York City. I'm Dave Vellante with my co-host Krista Case, who covers the cybersecurity and resilience business for theCUBE Research. We're here with Rehan Jalil, who's the president of products and technology at Veeam. Thanks for spending some time with us. The founder of Security AI, so congratulations on the acquisition. What a transformation, Veeam. Great to have you here. Thank you so much for hosting. Really enjoying the event here, and I'm really looking forward to this conversation. Okay, so let's go back to the founding premise of security. Why did you start the company? I think there was a core belief much ahead of now that very obvious that data is at the heart of everything. And there is so many different controls that are needed around data. Privacy is one control, and security is another control, and governance is another control. You need compliance on it, and the list goes on. And there is variety of point solutions. Our whole thesis was that if you can create one platform, which is a common fabric, it has a full intelligence around your data, and if it could become the source of truth, and if it is knowledge graph-driven system, then you can actually enable all kind of controls that an organization needs in a much more unified fashion. That was literally the core foundation, the way the security AI has been built. And I think now, fast forward, with AI coming into the picture, and enterprises wanting to use AI, and you cannot use AI without your proprietary data, this layer has become like a central piece of it, and the way the team implemented it using a graph, I think, has become a very important conversation. Rayhan, the promise of a single source of truth from this industry has been out there for many decades, and it's never really delivered. Data warehousing, data marts, big data, Hadoop, it didn't deliver on that promise. Why are you confident that it's different this time? Fundamentally different. So if you look at the unification of data or a single source of truth, often people have talked about bringing data to one place, structured data, combining it, and then cleaning it up, your business data, primarily structured data, because machines could not use unstructured data, like documents and PowerPoints and so forth. So our notion is very different. Don't move data anywhere. You're primarily looking for intelligence on data. You're primarily looking for controls on data, and data is spread across hundreds of different types of systems in an organization, whether it's public cloud or SaaS or on-premise. If you actually learn what data is there, if you learn what's inside the data, if you learn the context around it, you can create that layer and use basically a knowledge graph-oriented system that the team invented, because no actual basic graph database is going to be able to do what we did here. That's literally probably the first time that got done to the level that you could know everything around data at a file level, not a system level. And in the AI era, that is super important because AI actually operates on your files, on your structured data, on your streams of data. It operates on that. So having that level of granularity in a full contextual form became like a fundamental requirement in putting controls in place. So I think fundamentally I would say that we push the envelope, the team has pushed the envelope in the art of possible, and it is not about just structured data, bringing it to one data warehouse and all, but create a layer across all kinds of data systems. And then of course, it serves the security, also serves the resilience at the same time. Yeah, so knowledge graphs have always had a place in security. You have, I would call it a next-gen knowledge graph, if I can use that term. So you have the expressiveness of a knowledge graph. The challenge has always been querying a knowledge graph. You have to go back 15 years, pre-sequel. But so now, today, we can talk to the data. And so I want to understand your vision of context, what you're capturing today, and where you see it going. Because you very, in your keynote, aptly described sort of the way organizations work today. Everybody's in their own silos, and the knowledge graph allows you to visualize that and break down those barriers. It seems like you're capturing the context, a lot of the technical and operational metadata. Is that sort of accurate? And how far can you take it into process knowledge and underlying application logic? It's a great question. Historically, if you see different domains, they've existed in silos, right? Data security or intelligence around data from the data lens is one thing. But if you know about data but don't know who created it, who owns it, who has permission to use it, who is it being shared with, it becomes very siloed. But if you go towards identity and access, if you just look at from that silos, you know which people are in your org, which groups they belong to, but you don't know what data they have, right? Now if you fast forward to AI, even if you figure out what AI agents are there, or generally which system they're connected to, but if you don't know the intricate details of exactly what data this agent can touch or is touching it, then you're still in silo. So instead of doing this thing in silos, you want to bring them together into one place. And that's where the unification of just the intelligence layer, data, access intelligence, and basically AI, artificial intelligence, we call it data AI. So literally that's the term we use, data AI, to basically combine the data, AI, and access intelligence. Now above it, you have variety of control requirements. It's not just security control, but that's a fundamental control. It's not just resilience, but it's very important to be able to come back from any bad mess up. But also there's privacy controls that you need, privacy actions that you need to take. You also want to make sure you're compliant. So compliance checks and controls have to be there. You want to make sure you're governing your data right, which is not necessarily security. It's about your internal rule book on the data that you're doing it right. All that can be enabled by this common fabric that is part of the data AI command platform. That's awesome. And when we get a technical visionary in theCUBE, I want to keep pressing. So let's go back to the single version of the truth. The single version of the truth is actually created by reconciling those silos with humans, right? It's that tribal knowledge that you talk about and they do reconciliation, they make exceptions, and you're capturing that in a knowledge graph. So the promise of AI is that it will break down those silos, dissolve those away, and have a layer that essentially is a true version of the truth and essentially a digital twin, I like to say, of the enterprise. And that captures state, not only people, places, and things that databases understand that we store in strings, but things that humans understand that we can speak to, including processes like we talked about before. So now you have the state of an enterprise in your knowledge graph. Do you protect that state? Do you snapshot that state? How often can I, do you recover that state? I mean, I know it's futuristic. It's not something you're going to sell today, but isn't that the promise of AI? Actually, you bring a very good point. First of all, you're very right that historically people have tried to understand this complex environment by either having separate tools from the lens of a privacy or lens of a security or lens of resilience, but they were very point, part kind of a view you would get and they were sometimes conflicting with each other. Different tools would give conflicting answers. And sometimes people relied on just asking people, what data you have? Can you fill out this spreadsheet? Are you complying? Are you doing XYZ things? Can you fill out the spreadsheet? Did you, are you using second factor? Did you turn on like, you know, proper controls? Are you encrypting the data? And that was compliance. You can't really do that anymore. Even your access certifications were not like, where you actually checking who's touching what data. But if you fast forward, agents will come and go fast. They can be turned on, gone. Who are you going to ask, right? Nobody would know. So you, the point you made was state. You need to capture this activity in the state into one place where you can actually query. It becomes your context of your org and you're using the right term in some ways to say this is your digital twin, like your representation of the org captured in a knowledge draft, right? So that has been the vision. And now it's, it has been there now and people are using from different point of views, the same system. Because our customers can come from a security lens and say, look, I want to look at from security lens. Source of truth is common, but source of visualization or the visualization could be different for different people. For instance, when a compliance team wants to see it, they want to see a very different view of it. When a security wants to see it, they want to see a very different view of it. When a privacy team wants to use it, they want to see a very different way to use the same data. And which means we have to build modules and different agents on top, which satisfies the diverse requirements of different personas. Which means, also means that this is a very important state we have, which means we want to make sure it's resilient ourself. So we have ways how to make sure we can recover back, something goes on, we can revert back. And of course, we are using our own tech for that. Wow, okay. So you can capture that. I mean, I'm imagining it, you know, CDP for the state of the business in very fine granularity. I mean, that's one of the things that you're touting is you can roll back to within minutes, right? And essentially, is that the future? You'll be able to capture that state of the business. I mean, today you're doing it for all the things that you mentioned. Do you see Veeam's role as going up into that layer of intelligence that actually harmonizes the data and interprets that data? Or is that sort of, you know, leave that to the Palantir's of the world and the sales forces and the systems of transaction systems? How far do you go? I think they, of course, have a role to actually derive the business value out of it. Right? That's the value depending on what is that layer or what business function. And they're very suitable for doing that part. Our role is to make sure that data is protected or controls are applicable on the data. You have very distinct visibility at any given point in time that you're compliant to your internal rule book and external regulations. And you have comfort that if something goes wrong, you can come back. Now, something goes wrong, definition has changed. It used to be in the very beginning, your system crashed or some disaster happened. Now we have all the regional conflicts. It's actually a reality. Your data center could be just gone, right? So that was one time. And then ransomware required that you were actually ready that ransomware happened. We just saw last, a week back, like 8,000 colleges were down with the ransomware that you can recover back from it. But I think we are entering an era which there's going to be tens of thousands, if not hundreds of thousands, in a regular organization, agents flying around. And they are, could be, some of them could be as bad as the ransomware. Even if they're not malicious by design, they can make stupid mistakes and same behavior. They can delete data. We already saw that it's already happening. There it requires that you actually have super fine visibility on what the agents are doing. And you also have super fine controls on what you can recover from. For instance, if you have a billion files, which is a lot. And if you have like only hundred files got corrupted by an agent, how do you know which ones? Can you recover them back? And old school solutions will not be able to do it till you have full understanding of your live data and activity on it. You could not go back and do this level of precision. And Veeam is, at this point, is the only company which has very intricate knowledge of the live data and then able to recover it back with precision. And it's only possible when you have these two kind of technologies come together. So the reason I get so excited about this is because, correct me if I'm wrong, but the application had to deal with a lot of the recovery, historically. When you see things like Headless 360, you remember Nadella and Benioff were trolling each other. Satya said that the future is agents talking to crud databases. Ironically, his applications were somewhat exposed because the file formats are all available. So I don't need the application necessarily. So it seems like this puts more, which is an opportunity, pressure on companies like Veeam to actually play that role because not necessarily the application, it's all applications that Veeam's just expanded its TAM quite dramatically. We have a much more important role to play. And I'll tell you, it's very obvious that if you, let's say you heard from Salesforce and all, it becomes Headless. Many companies are coming Headless and saying, you have agents doing whatever they want to do with it. You need more guardrails. You need to make sure you can recover back from it. Having said that, you also need to make sure your recovery solution is not as Headless because you cannot put any random agent on it that it can delete your backup data. It has to be horizontal as well. It actually has to be certified agents like coming from us who are not going to mess up. And you are very much like, you know, you can do the automation, you can do the stuff that is needed to be done for your intelligent res ops, but you're also feeling comfortable that it's not going to delete your backup data. Because if your live data is gone and backup is gone, your business could be in serious jeopardy, like completely in jeopardy, right? So, which means we have a responsibility to build agents, certify them that they work, but they don't misbehave. And then people will trust us more to say, we're going to not only take your technology, but your intelligent res ops agents, which actually help them do their function. So, go ahead, I've been dominating. Oh yeah, no, I was just going to say, you know, it's really brings me back to kind of thinking about moving forward, these AI agents, we almost need to treat them like a malicious insider. You know, like to your point, even if they don't have malicious intent, right? They could, especially as become more autonomous, we need to be able to have that auditability and that control over what they can do. So this is only going to become more important moving forward. In addition to security, it does become a compliance issue as well. Very much so. Like on a regular, you know, traffic and road, people often don't have accidents because they want to have an accident. It happens because a mistake got made, right? So agents, because they're fundamentally probabilistic models, they are best effort probabilistic models, they would make mistakes like humans do, and they will make more mistakes in fact, because there's just sheer number of more agents who are going to be existing. So the end result is the same, that you have disruption potential, which means you just need to be a lot more prepared with resilience. First of all, you want to protect against it. If something is acting stupidly, or you look like it's acting maliciously, but even by mistake, you want to stop it, which means security for data and AI is super important, because you don't want to go to resilience anyways. You don't want to end up being in a hospital and then coming out. Maybe you want to prevent from going to a hospital. And then, but if it does happen, you want to make sure you have technology to bring you back. You know a little bit about waves. You were at Sun during the absolute peak of Sun. I think it was one of the, I think it was four. Dot in the dot com. Dot in the dot com. We were interviewing Scott McNeely well after he sold Sun to Oracle. It was a sad day. But he said, I should have just called the cloud. You know, Scott, he was like, but my point is that we're in a wave now that you called it the most transformative technology in human history. Maybe. We'll see. I mean, electricity's right up there, but it's got the potential to be in the top five. So how do you compare this wave with what you lived? I mean, the heyday of the internet. What are the similarities and what are the differences? I mean, I know that's a long-winded answer, but give us a sort of quick take and from a technologist perspective and somebody who really deeply understands the technology. I think it is, I sincerely believe, it's the most transformative. Of course it is sitting on the shoulders of electricity, shoulders of compute, shoulders of GPUs, shoulders of everything. Of course it is on the shoulders of everything. But why this is distinctly different, it does what only humans could do. Only humans could do. Which is to actually read or learn from reading and then actually generate new stuff. Or observe, you're going to see more physical AI which can just observe the regular, and then learn from it and then start behaving a certain fashion. You're going to see more physical AI showing up. That impact of that on humans in good ways and bad ways has never been exercised before, never. So all other waves which have come, industrial revolution came, that was transformative, very much transformative. But not like this. It directly actually does what distinctly only humans could do. So we'll see what the impact of it on society is, good and bad. Well, I mean, machines have always replaced humans, but never in a cognitive function like this. I know I'm excited and sanguine about the future and it seems like you are too. Rahat, thanks so much for coming on theCUBE. Appreciate your time. I really enjoyed the conversation. Very thoughtful questions, really enjoyed the conversation. Thank you. Thank you so much. And thank you for watching. This is Dave Vellante for Chris the Case. We're at VeeamON 2026 in New York City. We'll be right back after this short break. You're watching theCUBE.
