>> Announcer: Live from Washington, DC it's theCube covering .conf 2017 brought to you by Splunk. >> Welcome back here on theCube the flagship broadcast for Silicon Angle TV, glad to have you here at .conf 2017 along with Dave Vellante, John Walls. We are live in Washington, DC and balmy Washington, DC. It's like 88 here today, really hot. >> It's cooler here than it is in Boston, I here. >> Yeah, right, but we're not used to it this time of year. Brad Medairy now joins us he's an SVP at Booz Allen Hamilton and Brad, thank you for being with us. >> Dave: And another Redskins fan I heard. >> Another Redskins fan. >> It was a big night wasn't it? Sunday night, I mean we haven't had many of those in the last decade or so. >> Yeah, yeah, I became a Redskins fan in 1998 and unfortunately a little late after the three or four superbowls. >> John: That's a long dry spell, yeah. >> Are you guys Nats fans? >> Oh, huge Nats fan, I don't know, how about Brad, I don't want to speak for you. >> I've got a soft spot in my heart for the Nats, what's the story with that team? >> Well, it's just been post-season disappointment, but this year. >> This is the year. >> This is the year, although-- >> Hey, if the Redsox and the Cubs can do it. >> I hate to go down the path, but Geos worry me a little bit, but we can talk about it offline. >> Brad: Yeah, let's not talk about DC Sports. >> Three out of five outings now have not been very good, but anyway let's take care of what we can. Cyber, let's talk a little cyber here. I guess that's your expertise, so pretty calm, nothing going on these days, right? >> It's a boring field, you know? Boring field, yeah. >> A piece of cake. So you've got clients private sector, public sector, what's kind of the cross-pollination there? I mean, what are there mutual concerns, and what do you see from them in terms of common threats? >> Yeah, so at Booz Allen we support both federal and commercial clients, and we have a long history in cyber security kind of with deep roots in the defense and the intelligence community, and have been in the space for years. What's interesting is I kind of straddle both sides of the fence from a commercial and a federal perspective, and the commercial side, some of the major breaches really force a lot of these organizations to quickly get religion, and early on everything was very compliance driven and now it's much more proactive and the need to be much more both efficient and effective. The federal space is, I think in many cases, catching up, and so I've done a lot of work across .mil and there's been a lot of investment across .mil, and very secure, .gov, you know, is still probably a fast follower, and one of the things that we're doing is bringing a lot of commercial best practices into the government space and the government's quickly moving from a compliance-based approach to cyber security to much more proactive, proactive defense. >> Can you get, it's almost like a glacier sometimes, right, I mean there's a legacy mindset, in a way, that government does it's business, but I would assume that events over the past year or two have really prompted them along a little bit more. >> I mean there's definitely been some highly publicized events around breaches across .gov, and I think there's a lot of really progressive programs out there that are working to quickly you know, remediate a lot of these issues. One of the programs we're involved in is something called CDM that's run out of DHS, Continuous Diagnostic and Mitigation, and it's a program really designed to up-armor .gov, you know to increase situational awareness and provide much more proactive reporting so that you can get real-time information around events and postures of the network, so I think there's a lot of exciting activities and I think DHS and partnership with the federal agencies is really kind of spearheading that. >> So if we can just sort of lay out the situation in the commercial world and see how it compares to what's going on in gov. Product creep, right, there's dozens and dozens and dozens of products that have been installed, security teams are just sort of overwhelmed, overworked, response is too slow, I've seen data from, whatever, 190 days to 350 days, to identify an infiltration, nevermind remediate it, and so, it's a challenge, so what's happening in your world and how can you guys help? >> Yeah, you know it's funny, I love going out to the RSA conference and, you know, I watch a lot of folks in the space, walking around with a shopping cart and they meet all these great vendors and they have all these shiny pebbles and they walk away with the silver bullet, right, and so if they implement this tool or technology, they're done, right? And I think we all know, that's not the case, and so over the years I think that we've seen a lot of, a lot of organizations, both federal and commercial, try to solve a lot of the problems through, you know, new technology solutions, whether it's the next best intrusion detection, or if it's endpoint, you know, the rage now is EDR, MDR, and so, but the problem is at the end of the day, the adversaries live in the seams, and in the world that I grew up in focused a lot around counter-terrorism. We took a data-centric approach to finding advanced adversaries, and one of the reasons that the Booz Allen has strategically partnered with Splunk is we believe that, you know, in a data-centric approach to cyber, and Splunk as a platform allows us to quickly integrate data, independent of the tools because the other thing with these tool ecosystems is all these tools work really well within their own ecosystem, but as soon as you start to mix and match best of breed tools and capabilities, they tend to not play well together. And so we use Splunk as that integration hub to bring together the data that allows us to bring our advanced trade-craft and tech-craft around hunting, understanding of the adversaries to be able to fuse that data and do advanced detection and help our clients be a lot more proactive. >> So cyber foresight is the service that you lead with? >> Yeah, you know, one of the things, having a company that's been, Booz Allen I think now is 103 years old, with obvious deep roots in the federal government, and so we have a pedigree in defense and intelligence, and we have a lot of amazing analysts, a lot of amazing, what we call, tech-craft, and what we did was, this was many many years ago, and we're probably one of the best kept secrets in threat intelligence, but after maybe five or six years ago when you started to see a lot of the public breaches in the financial services industry, a lot of the financial service clients came to us and said, "Hey, Booz Allen, you guys understand the threat, you understand actors, you understand TTPs, help educate us around what these adversaries are doing. Why are they doing it, how are they doing it, and how can we get out in front of it?" So the question has always been, you know, how can we be more proactive? And so we started a capability that we, or we developed a capability called cyber foresight where we provided some of our human intelligence analysts and applied them to open-source data and we were providing threat intelligence as a service. And what's funny is today you see a lot of the cyber threat intelligence landscape is fairly crowded, when I talk to clients they affectionately refer to people that provide threat intelligence as beltway book reporters, which I love. (laughter) But for us, you know, we've lived in that space for so many years we have the analysts, the scale, the tradecraft, the tools, the technologies, and we feel that we're really well positioned to be able to provide clients with the insights. You know, early on when we were working heavily in the financial services sector, the biggest challenge a lot of our clients had in threat intelligence was, what do I do with it? Okay, so you're going to send me, what we call a Spot Report, and so hey we know this nation-state actor with this advanced set of TTPs is targeting my organization, so what, right? I'm the CISO, I'm the CIO, should I resign? Should I jump out the window? (laughter) What do I do? I know these guys are coming after me, how do I actually operationalize that? And so what we've spent a lot of time thinking about and investing in is how to operationalize threat intelligence, and when we started, you kind of think of it as a pitcher and a catcher, right? You know, so the threat intelligence provider throws those insights, but the receiver needs to be able to catch that information, be able to put it in context, process it, and then operationalize it, implement it within their enterprise to be able to stop those advanced threats. And so one of the reasons that we gravitated toward Splunk, Splunk is a platform, Splunk is becoming really, in our mind, one of the defacto repositories for IT and cyber data across our client space, so when you take that, all those insights that Splunk has around the cyber posture and the infrastructure of an enterprise, and you overlay the threat intelligence with that, it gives us the ability to be able to quickly operationalize that intelligence, and so what does that mean? So, you know, when a security operator is sitting at a console, they're drowning in data, and, you know, analysts, we've investigated tons of commercial breaches and in most cases what we see is the analyst, at some point, had a blinking red light on their screen that was an indicator of that particular breach. The problem is, how do you filter through the noise? That's a problem that this whole industry, it's a signal to noise ratio issue. >> So you guys bring humans to that equation, human intelligence meets analytics and machine intelligence, and your adversary has evolved, and I wonder if you can talk about that, it's gone from sort of hacktivists to organized crime and nation-states, so they've become much more sophisticated. How have the humans sort of evolved as well that your bridge to bear? >> Yeah, I mean certainly the bear to entry is lower, and so now we're seeing ransomware as a service, we're seeing attacks on industrial control systems, on IOT devices, you know, financial services now is extremely concerned about building control systems because if you can compromise and build a control system you can get into potentially laterally move into the enterprise network. And so our analysts now not only are traditional intelligence analysts that understand adversaries and TTPs, but they also need to be technologists, they need to have reverse engineering experience, they need to be malware analysts, they need to be able to look at attack factors in TTPs to be able to put all the stuff in context, and again it goes back to being able to operationalize this intelligence to get value out of it quickly. >> They need to have imaginations, right? I mean thinking like the bad guys, I guess. >> Yeah, I mean we spend a lot of time, we've started up a new capability called Dark Labs and it's our way to be able to unlock some of those folks that think like bad guys and be able to unleash them to look at the world through a different lens, and be able to help provide clients insights into attack factors, new TTPs, and it's fascinating to watch those teams work. >> How does social media come into play here? Or is that a problem at all, or is that a consideration for you at all? >> Well, you know, when we look at a lot of attacks, what's kind of interesting with the space now is you look at nation-state and nation-state activists and they have sophisticated TTPs. In general they don't have to use them. Nation-states haven't even pulled out their quote "good stuff" yet because right now, for the most part they go with low-hanging fruit, low-hanging fruit being-- >> Just pushing the door open, right? >> Yeah, I mean, why try to crash through the wall when you can just, you know, the door's not locked? And so, you know, when you talk about things like social media whether it's phishing, whether it's malware injected in images, or on Facebook, or Twitter, you know, the majority of tacts are either driven through people, or driven through just unpatched systems. And so, you know, it's kind of cliche, but it really starts with policies, training of the people in your organization, but then also putting some more proactive monitoring in place to be able to kind of start to detect some of those more advanced signatures for some of the stuff that's happening in social media. >> It's like having the best security system in the world, but you left your front door unlocked. >> That's right, that's right. >> So I wonder if, Brad, I don't know how much you can say, but I wonder if you could comment just generally, like you said, we haven't seen their best pitch yet, we had Robert Gates on, and when I was interviewing him he said, "You know, we have great offensive posture and security, but we have to be super careful how we use it because when it comes to critical infrastructure we have the most to lose." And when you think about the sort of aftermath of Stuxnet, when basically the Iranians said hey we can do this too, what's the general sort of philosophy inside the beltway around offense versus defense? >> You know, I think from, that's a great question. From an offensive cyber perspective I think where the industry is going is how do you take offensive tradecraft and apply it to defensive? And so by that I mean, think about we take folks that have experience thinking like a bad guy, but unleash them in a security operation center to do things like advanced hunting, and so what they'll do is take large sets of data and start doing hypothesis driven analytics where they'll be able to kind of think like a bad guy and then they'll have developers or techies next to them building different types of analytics to try to take their mind and put it into an analytic that you can run over a set of data to see, hey, is there an actor on your network performing like that? And so I think we see in the space now a lot of focus around hunting and red teaming, and I think that's kind of the industry's way of trying to take some of that offensive mentality, but then apply it on the defensive side. >> Dave: It just acts like kind of Navy Seal operations in security. >> Right, right, yeah. I mean the challenge is there's a finite set of people in the world that really, truly have that level of tradecraft so the question is, how do you actually deliver that at any level of scale that can make a difference across this broader industry. >> So it's the quantity of those skill sets, and they always say that the amazing thing, again I come back to Stuxnet, was that the code was perfect. >> Brad: Yeah. >> The antivirus guy said, "We've never seen anything like that where the code is just perfect." And you're saying it's just a quantity of skills that enables that, that's how you know it's nation-state, obviously, something like that. >> Yeah, I mean the level of expertise, the skill set, the time it take to be able to mature that tradecraft is many many years, and so I think that when we can crack the bubble of how we can take that expertise, deliver it in a defensive way to provide unique insights that, and do that at scale because just taking one of those folks into an organization doesn't help the whole, right? How can you actually kind of operationalize that to be able to deliver that treadecraft through things like analytics as a service, through manage, detection, and response, at scale so that one person can influence many many organizations at one time. >> And, just before we go, so cyber foresight is available today, it's something you're going to market with. >> Yeah, we just partnered with Splunk, it's available as a part of Splunk ES, it's an add-on, and it provides our analysts the ability to provide insights and be able to operationalize that within Splunk, we're super excited about it and it's been a great partnership with Splunk and their ES team. >> Dave: So you guys are going to market together on this one. >> We are partnered, we're going to market together, and delivering the best of our tradecraft and our intelligence analysts with their platform and product. >> Dave: Alright, good luck with it. >> Hey, thank you, thank you very much, guys. >> Good pair, that's for sure, yeah. Thank you, Brad, for being with us here, and Monday night, let's see how it goes, right? >> Yeah, I'm optimistic. >> Very good, alright. Coach Brad Medairy joining us with his rundown on what's happening at Booz Allen. Back with more here on theCube, you're watching live .conf 2017.

live from the mandalay bay convention center in las vegas it's the cues covering vmworld 2016 rock you by vmware and its ecosystem sponsors it's legal yeah everything's legal welcome inside walls here on the cube as we continue our coverage here at vmworld once again we're back or what is going to be an exciting three days here in Mandalay Bay and i'm joined by my partner in crime you might say mark farley the producer Vulcan cast a host of Vulcan cast and tell us about Vulcan kestrel quick mark well you've seen comedy in cars you've seen singing in cars with carpool karaoke this is discussions about technology and cars it's tech talk and cars I see it on you can see it on Vulcan cast calm what a novel name for a website I'm pretty you figure good all day coming up with that one didn't you yeah but it's cool you know what it's like to look for a name absolutely benefit but it's a neat neat concept Tech Talk comes the cars you're kind of like the the james corbett of tech there you go except we don't sing about it I'm more like the Jerry Seinfeld maybe that's the next time we're joined by a couple of guests who are they become partners to more or less here in the business and solutely with Vaughn Stewart who is the enterprise architect and chief evangelist I love that by the way of on a pure storage and that evangelist looked up you do have it you getting the whole thing today and kimbark is a CEO of cata logic software and gentlemen ulcers thank you for being here we appreciate that so if you would start off by telling us a little bit about your individual companies you know what you do and then the marriage you to have partnered up here for the past four months came together pretty quickly and what that's all about and if you would bomb what you go first sure so pure storage is recognized widely as being the number one independent all-flash storage vendor we've been recognized for three years as being the leader in gartner's solid-state array Magic Quadrant we've really allowed flash to be consumed by the masses by making it more affordable than traditional disk based storage arrays and deliver all the promise of of the performance of flash kent and in a nutshell cattle objects software's that spin out three years ago from the syncsort company and what we've got about twenty nine patents we're working hard what we did is we evolved our technology to this whole copy data management space which is very exciting and when you marry copy data management to flash technology you drive some really serious effects and catback savings for customers so it's kind of a peanut butter and chocolate on here right was together really really does right so let's talk about your relationship then this has only been four months in the making you've known each other for a long time but you put together your business venture here very quickly what brought it together so fast and how did it make that kind of sense that boom it just happened almost overnight like that to start going on with the Kent listen we were lucky enough that these guys actually found us that a trade show it was a mug event Vav mug event in Austin Texas they found some for a show they have been absolutely brilliant to work with in the business that we're in we're what's called in place copy data management and why that's important is because we get to pick our partners and it's a lot easier to build a technology if you have a partner that cooperates and these guys have been so cooperative that's what made this thing tick they saw a gap that we could fill they were kind enough they sent us a box up to work with the team culturally has been aligned I mean we we've kind of do things all up and down the stack the same way pricing I think we're very similar channel driven we're similar the way we we look at at working together is very similar say just been brilliant and that's kind of what it is it's a neat at the end of the date and to try to squeeze the effects and capex savings out for customers that's kind of the do yeah and we're also seeing a lot of requests from our from our customer base we have a large number of joint customers as well as customers that were interested in purchasing the other technology but we're waiting for a point of integration and so as we're seeing this shift in the the mid market and the enterprise to a more DevOps centric model more of infrastructure teams converging their their server and their compute management or application owners into owning the entire stack there was this this need for taking the data management constructs that we had and allowing an end-to-end ecosystem enable meant so that dev teams could just you know at the push of a button and refresh their data sets move they move their development efforts forward and get rid of all the old legacy time centric based provisioning models yeah I mean I mean CDM has kind of become you know one of these hot buzzwords right all of a sudden as as our data storage just become more capable and has become cheaper we tend to hoard more stuff right now listen we're hanging on things a lot longer so what is the gap exactly you're talking about that you're filling and what's the need that you're addressing specifically then you have all this data at your disposal and and and I guess with Flash movie great question John so what what happens is when you first of all let's talk about what's driving the flash analogy right why why flash is so popular right now everybody that we've talked to is either moving to flash or thinking about moving to flash simply for their primary applications you know those are things like databases virtualization filers you know SharePoint right and as you start to move you get you get really good benefits around effects from using your flash because the speed and the performance particularly with what they do they've got some compression stuff that's unbelievable and then what we do is we overlay that so if you take CDM which was your question if you look at CDM what CDM does copy data management it allows you to deal with all of these copies in the in the world today you've got so many of the vendors that are taking different snapshots at different times and you end up at any given time I think IDC did a study what was it like 50 50 versions of an email that you've got floating around is any given time floating in your organization right so what Vaughn was referring to let's take one example in a test dev environment right we could drive home on that which they do a lot more than that but if you take the test stab and let's say you're a developer and you have an Oracle database that you really want to test the latest data right now without flash without CDM what happens is you make a copy of that database you move it to the developers and getting that copy if you're a developer getting that copy away from the internal IT infrastructure department can take you hours can take days go ahead we've we've got customers whose current copy data management process is it is is fulfilled by either a full-time employee or a staff that runs around doing arm and restores or restores from tape and development teams have to try to anticipate weeks in advance when a new copy of the data that model has been the the de facto standard in the industry for a decade or more and in what you're seeing from from all conversations around DevOps is agility it's time to how can I no increase the rate at which we innovate part of it is by bringing agility into your development process and so so this is a real nice pairing of technologies the performance capabilities within a flash a flash array allows you to scale a large number of instances the instant ability to clone the data set gives you gives you the agility but it's just an engine I still have to take care of the rest of the stack I got a role based access which users get to see which data do I need a datum ask the data or do they get direct access are they having a virtual copy or a physical right and best part can I make it a portal or can I make it right into their native workflow so they never hit the storage team or even the infrastructure team so let's talk about how customers are going to use this right pure has been a big leader not just in flash but and also digital efficiency capacity efficiency and you've had to be that right from the get-go people are saying well how am I going to be able to get the cost you know the effect of costs down of this flash well you have dee doop and you have compression and now you're adding this application layer or higher layer if you will another layer of the stack towards you know data density do you think this is going to have you done run the numbers on what kind of percentage or anything like that that customers will see absolutely kind of kind of absolute ken so I'm actually doing in the solution booth I think 430 tomorrow's solution a the vmworld booth we've got a customer six flags theme park operator that doing this test dev case we saved ninety percent affects efficiency for these guys so there's some really solid number again 90 90 90 / such a big number what's a huge number but it's what is what Vaughn was trying to say if you start marrying the workflow if you take their ability to make the storage and the moving the data more efficient and you'll ever their tool and then you overlay it with our api's we have rest api is that you can tie into a customer environment and then we've got to work flow this workflow engine that we call full stack automation the customer can start automating a lot of the stuff that they're trying to do and it's a home run yeah let's be let's be get a little bit in greater depth here but not too deep yeah these capabilities have existed in market for a long time yeah but the customers had to assemble and build their own scriptures in a fool's the phone and again we're not talking just copying of the data yeah we're giving you an efficiency in the copy data engine with it running on the flash array right what cata logic is doing is giving you a single interface either via portal or API for the entire orc for the orchestration of the entire stack the test Network the virtual machines the physical servers the volume managers all the way down to the copy of the data absolutely so I'm going to dive even deeper bond what kind of skill set be careful what did I get wet what kind of skill set does a customer need to have to take advantage of this solution so that's that's a beautiful question because it goes back to the synergy between our two companies right we're known for being able to set up storage in under an hour that requires no administrative skill set right nothing to tune much like very much like an iphone right kind of out of the box there's no manual right cata logics in the same boat you download an ova you're up and running in 30 minutes you're connected to the pure array in four at 40 minutes yeah you're connected ad and 50 and you're running you're off to the races right we don't have any boxes no appliance versus our competitors out there right we don't have any agents to install no appliances it's just it's the perfect match simplistic and we're running and through api's right we're getting we're getting consistent application consistent copies of the data sets right and we're orchestrating through the built in infrastructures that that already exists whether we're looking at vSphere or the rest of the ecosystem so say a customer does their own development and they've got they've got people that know how to use api's program for api's will they be able to will they be any faster be able to do more with it or does it really not what it does this gets back to the effects issue right so so with our REST API they can tie it in and we've already got a lot of things that are tied in like some of the development tools out there chef puppet bluemix from IBM I mean these are all things that we we can kind of work with to complete the environment and allowed them to lever is amazing platform does that answer your question I think yeah so what about the market for this right it a happy data management took a while to take off right it's one of those things in data management has always been a tough thing and it takes a while for customers to sort of get a what what I'm going to say a group think and the critical mass of people thinking about it it looks like you've had some help in the last year with other vendors getting in well and popularizing it you know EMC has theirs and commvault I think is doing something in my response is talking about it now you know 18 months ago those of what he did but what started it mark and this is and that's a great question is what I was alluding to earlier once flash comes on the scene and particularly flash vendors that can do what they do that have got a huge cat-back saving or opik savings for the customer then you can start working in their workflow in their processes and saving them even more money so it actually is copy data management with flash storage can becomes almost to have to have versus and the other things that we were doing a year ago it was a nice to have what i call a nice to have right because if you start looking at how to save yourself money from an effects perspective you might as well look at how to go all the way and sometimes you can triple to 10 times your savings geometrically by adding see the right CDM what i call enhance CDM what our customers sometimes say is they call us a CDM on steroids copy data management on steroids that's energy is a big thing if you've looked at the industry historically what you've seen as storage vendors put out their own homogeneous right automation walls right point bond and then you've seen a number of heterogeneous vendors to play their tools but they don't want to have any correlation with any hardware vendor right right and so and so as a storage provider right and customers are looking to say well look I don't wanna get locked in a particular storage provider and right so that's one aspect as a storage vendor we're sitting there saying we'd like to have greater integration your ecosystem so we can bubble up our value cattle logics kind of hit that sweet spot and said we're going to be heterogeneous we're going to be multi-platform and we're going to leverage leverage the channel right hundred percent channel driven and we're going to leverage the API and the data management ecosystem the storage vendors so they've kind of got a perfect storm going on in terms of a technology and market momentum if you like ok so let's talk about how the solution is going to be delivered you sell it do you sell it do you sell into pure accounts you talked about channel we're getting we're going to meet in the channel okay we're also talking about doing some more creative things possibly up for right now it's a meet in the channel we think there's enough enough good networking the teams are in touch with each other you know the value proposition proves itself right if somebody when's it going to be available in another month or so so there are demonstrations available both in the cat illogic and in the pure storage booth here at vmworld I so we would we would encourage those who are interested in seeing the power of this this solution to stop by either booth at any time we're going to speaking sessions in each others as well this week absolutely up and we are currently targeting for somewhere between mid to end-september for a ga release right and I need to say one other thing going back to this the reason this works is because these guys have but one care and they are customer driven right they don't have an ego they are driving to the customer and fulfill the needs because as he said it's sometimes hard for a heterogeneous vendor that controls a lot to be welcomed as much as we've been welcomed with this group it's because they know they want to drive it through the customer get the best solution in the world of the customer so on the customer side you've talked about the perfect storm of services and products who's the perfect customer who's the optimal customer something like this that I i think the low-hanging fruit is any development team that has as some requirement where they are taking copies of their current data set and are developing off of that platform I think that's the low-hanging fruit I think at a more macro level any organization that says they have a DevOps initiative and particularly they want to turn key DevOps platform to be riding with and launch launch ahead versus a try to acquire talent to build their own this is rate rate within your wheelhouse good deal no brainer and if people aren't looking at that right now you know they're not they're not in this century right because everybody's moving to flash for the primary all the projections are going forward to going off the charts in terms of the growth of flash of what's gonna happen at any what's changed with flash right where four years ago sure had to kind of get over the hurdle of the price berry for flat right we did that with industry-leading data reduction that's still two x better than the rest of the industry but as flash prices keep coming down not what you're seeing as a pivot around around value is around making multiple data sets I mean if you get into a depth use case and I'm making ten copies of a data footprint that's already reduced by x 5x and you're getting to a price point that you just you can't you can't meet with with this because you couldn't drive enough performance either death actually that's not possible yeah well before I let you go I want to tell you it's just disappointing to us that you're not more enthusiastic so and super a little it's really impressed today we had a long night life maybe tomorrow things will pick up but congratulations on the business venture and wish you the best of luck down the road thanks for being well thank you thank you guys for having us on really enjoyed it appreciate it thank huh thank you back with more from vmworld right after this here on the cube