(upbeat electronic music) >> Hey, welcome back everybody. Jeff Frick here with theCUBE. We are live in downtown San Francisco, Moscone Center at the RSA conference. It's one of the biggest conferences, I think after like Salesforce and Oracle that they have in Moscone on the tech scene. Over 40,000 professionals here talking about security, I think it was 34,000 last year. It's so busy they can't find a space for theCUBE, so we just have to make our way in. We're really excited by our next guest, Ted Julian from IBM Resistance, Resilience, excuse me. >> Thank you, it's alright. >> And you are the co-founder of VP Product Management. >> That's right. >> Welcome. >> Thanks, good to be here Jeff, thanks. >> And you said IBM actually purchased a company, >> Ted: A year ago. >> A year ago. So happy anniversary. >> Ted: Yeah, thanks. >> So how is that going? >> It's great. Business is really going well, it's been thrilling to get our product in place and a lot more customers and really see it help make a difference for them. >> Yeah we, Jesse Proudman is a many time CUBE alumni, his company is Blue Box, also bought by IBM. >> Ted: Yes. >> A little while ago, also had a really good experience of, kind of bringing all that horse power. >> They know what they are doing. >> To what his situation was. So let's jump into it. >> Sure. >> Security, it's kind of a dark and ominous keynote this morning. The attack's surface is growing with our homes and IOT. The bad guys are getting smarter, the governments are getting involved, there's just not necessarily bad guys. What's kind of your perspective as you see it year after year acquisition? 40,000 professionals here focused on this problem. >> We are not winning. >> We are not winning? >> Unfortunately, I mean, I guess as a species. Again, what is it? We saw a survey recently from the Ponemon Institute. 70% of organizations acknowledge they didn't have an incident response plan. So you talk about that stuff in the keynote where sort of a breach was inevitable. What are you going to do? Well the thing you'd need to have is a response plan to deal with it, and 70% don't. Cost of a breach also, according to Ponemon Institute is up to $4 million on average, obviously they can be a lot larger than that. >> Right. >> So there's a lot of work to be done to do better. >> And then you hook up a new device, and they are on that new device as soon as it plugs into the internet. They say within an hour, they ran a test today. So is the, I mean where are we winning, Where are we getting better? I mean, I've heard crazy stats that people don't even know they've been breached for like 245 days. >> Ted: Yeah. >> Is that coming down? Are we getting better? >> Certainly the best in the business are, and really the challenge I think as an industry is to percolate that down through the rest of the marketplace. Everybody is going to be breached, so it's not whether or not you are breached, it's how you deal with it come the day, that's really going to differentiate the good organizations from the bad ones. And that's where we've been able to help our customers quite a bit by using our platform to help them get a consistence and repeatable process for how they deal with that inevitable breach when it happens. >> That's interesting. So how much if it is you know kind of building a process for when these things happen versus just the cool, sexy technology that people like to talk about? >> Oh, it's everything. I mean one of the hottest trends that you're going to be seeing all over the show is automation and orchestration. Which is critically important as part of the sort of you get an alert and how do you enrich that to understand that, once you understand that how can you quickly come to sort of a course of action that you want to take. How can you implement that course of action very efficiently? Those things are all important. Computers can help a lot with that but at the end of the day it's smart people making good decisions that are going to be the success factor that determines how well you do. >> Right, right. Another kind of theme that we are hearing over and over is really collaboration amongst the companies amongst the competitors, sharing information about the threat profiles, about the threats that are coming in to kind of enable everybody to actually kind of be on the same team. That didn't always used to be the case, was it? >> Well, people have been working on this for a while but I think what's been a challenge is getting people to feel comfortable contributing their data into that data set. Naturally they are very sensitive about that, right? >> Right. >> This is some of our most confidential information that we've had a security issue and we're really not you know, dying to give that out to the general public. And so I think it's been, the industry's been trying to figure out how can we show enough value back when that information's contributed to some kind of a forum to make people feel more comfortable about doing that? So I think we've seen a little bit of progress over this last year and they'll be more going forward, but this is a, It's marathon not a sprint, I think to solve that problem. But, it is crucial because if we can get to that point that's what ultimately allows us to turn the tables on the bad guys. Because they cooperate, big time, they are sharing vulnerabilities, they are sharing tactics, they are sharing information about targets, and it's only when the good guys similarly share what they're experiencing that we'll have that opportunity to turn the table on them. >> It's funny we had a Verizon thing the other night and the guy said if you are from the investigator point of view, it's probably like a police investigator. They see the same pattern over and over and over and over and over it's only when it's the first time it's happen to you that's it's unique and different. So really the way to kind of short-circuit the whole response. >> How do you find out you've been breached? There is short list. One, Brian Crebs, very famous reporter happens to find out, he tells you. Number two, FBI. >> They tell you. >> Unfortunately, that's usually, it's usually external sources like that as oppose to organization internal systems that tip them off to a breach. Another example of how we are doing better but we need to do a lot better. >> And then there's this whole thing coming up called IOT, right. And 5G and all these connected device in the home, our cars, our nest, So the attacks surface gets giant. Like I said, they said in the keynote, you plug something in the internet they are on it within an hour. How does that really change the way that you kind of think about the problem? >> It makes it a lot harder. The attack surface gets harder, gets bigger, the potential risks go up quite a bit, right. I mean you are talking about heart implants, or things like that which may have connectivity to some degree, then obviously the stakes are severe. But the thing that makes those devices even trickier is so often they're embedded systems, and so unlike your Windows PC's or your Mac where, I mean it's updating itself all the time. >> Right, right. >> And you barely even think about it, you turn it on one morning and there is a new update. A little harder to make those update happen on IOT kinds of devices, either because they're harder to get to or the system's aren't as open or people aren't use to allowing those updates to occur. So even though we may know about the vulnerabilities patching them up is even harder in an IOT environment typically than in a traditional. >> It's crazy. Alright, so give us a little update on Resilient. What exactly is do you guys do inside this crazy eco-system of protecting us all? >> Sure. So five or six years ago, myself and my co-founder John started the company and it was really was acknowledging that we've gone through the era of prevention, to detection and now it's all about response. And at the end of the day when organizations were trying to deal with that we saw them using ticketing systems, spreadsheet, email, chat I mean a mess. And so we built our platform, the Resilient IRP from the ground up specifically to help them tie together the people processing in technology around incident response. And that's gone amazing. I mean the growth that we've seen even before the IBM acquisition but afterwards has been breath taking. And more recently we been adding more and more intelligence in automation and orchestration into the platform, to help not only advise people what to do, which we've done forever, but help them do it, click a bottom and we'll deploy that patch or we'll revoke that user's privileges or what have you. >> Right. Yeah a lot of conversation about kind of evolution of big data, evolution of things like Sparks so that you know can react in real time as opposed to kind of looking back after the fact and then trying to go and sell something. >> For sure. And for us it's really empowering that human. It's either the enrichment activity where they'd normally go to 10 different screens, to look up different data about a malware thread or about vulnerabilities, we just spoon feed that to them right within the platforms so they don't have to have those 10 tabs opened in the browser. And after they'd had a chance to evaluate that, and they want to know what to do, again they don't have to go to another tool and make that action happen, they can as click a button within Resilient and we'll do that for them. >> Alright. Ted Julian, we are rooting for you. >> Ted: Thanks, yeah. >> IBM, give him some more recourses. He's Ted Julian and I'm Jeff Frick. You're watching theCUBE at RSA Conference 2017, at Moscone Center, San Francisco. Thanks for watching.