>> from Burlingame, California It's the Cube covering Suma logic Illuminate 2019. Brought to You by Sumer Logic >> Hey, welcome back, everybody. Jefe Rick here with the cue, We're at the higher Regency San Francisco airport. Here. It's Suma logic. Illuminate 2019. It's our second year here, the third year of the show. I think it's about 1000 people that Kino was packed. A lot of great energy, a lot of good community as we see a lot of these smaller show, especially when they're getting started. It's all about community is a lot of sharing of information. It's a really cool time in the life of these companies. Worksite have our next guest slightly irreverent cool culture will dig into it a little bit with Justin bike. Oh, he is the co founder of Expelled Justin Creek to see >> likewise. Thanks for Thanks for having me. >> Absolutely. So give us the give us a rundown expel what you guys all about. >> So in a nutshell, were a 24 73 65 transparent, manage security provider. What that really means is on a 24 hours a day, seven days a week basis. We're looking for you know, signs. They're bad guys inside your environment. If they're there, we're gonna tell you they're they're gonna tell you what they're up to and help you get >> rid of them. Now, the transparent word comes up time and time again, Looking at some of your guys materials that transparent in terms of we can see inside the black box and how you're operating is that transparent. Like we're just going to tell you and show you what transparency is Obviously a really important piece of your messaging. >> Yeah, kind of all of the above. We try to take it to heart and try to really mean it. I think the easiest way to think about it is we want our customers to feel like we're just another part of their team. Right. And the easiest way for us to do that is to let them be a part of what we do on a day in and day out basis. That means if they want a ride shotgun with us when we're working an incident, they can They can watch everything that we do. Watch the investigation unfold in real time if they want to get in there and work with us. They certainly have the ability to do that. And then, you know, we take transparency pretty far. We put our real actual prices on our website, which is not something you see a lot of security companies do. So we just try to be as up front as we can be in the way that we approach dealing with our customers and working with him over time. >> Right? So we we cover our say, we've been covering our safe forever. It's it's 40,000 people at Mosconi. Few is more vendors than you can count, all talking about security. So, you know, you're in the year in the business and then remain in his keynote, put up a security section, had a whole bunch of companies. How did people sort this? I always think of the poor CEO on the other side is being told, you know, you got a big security in every place. You've gotta have a B A B Y o d was using their own iPhones and now we got I t With all these connected devices, the threat surfaces expanding geometrically. How should people think about security? How do you guys play in this kind of morass of complexity. >> You know, it's an interesting question how people deal with it. I think that's why you're starting to see a lot of these really strong in a lot of cases, sort of regional and local see. So groups start to form right because they want to get together and actually talk about a. I'm dealing with this challenge. What do you do and how are you handling this problem? And the only way to do that is to learn from appears, right. Everybody's in this fight together. As for how we fit in, one of the things that we try to do is help customers who have made a lot of investments in a lot of different security technology make sense of it. All right, so you've got 56789 10 20 pieces of security technology. They're deployed there, all blinking red lights of like, Hey, this might be a threat. This might be an intruder inside your infrastructure, and you've got a handful of people that work Monday through Friday, 8 to 5 ish. Somebody's gotta look at that all day long, and that's what we're there for. So our job is to make space for our customers, to do the things they actually love about security instead of just sitting there trying to keep up with a constant, you know, basically overflow of alert. >> Right? And you guys are socking the service. Is that Is that a hard sell? Is that easy sell to people? Understand? They need kind of the augmentation. How does that how does that go over with the customer? It has >> been, I think it's over the years it's become, I think, an easier thing for people to wrap their head around. Because at the end of the day, everybody is infrastructure to grow and write. Their footprint of what they need to protect is growing. They can't. Still, nobody can hire enough people that they need. That's a pervasive problem. It's a top five c. So problem has been for you will never go for a long time. So you've got all this security technology. You get the whole network instrument and then suddenly the business moves to the cloud. You have two instrument that too, and you have to do it using the team that you've gotten. That's not enough people And so what choice do you really have? You need somebody to come in and help provide that 24 7 coverage. There's certain things that your security at the institute, that on Lee be done from inside the business. Right things. They remove your program forward, let your team focus on that and all the stuff around monitoring technology to look for signs. They're bad guys in the environment. Let a provider like expel, help you out, >> right? So let me get your take on kind of the explosion of data. But both the quantity of the date as well as the sources of the data, as well as the structure of the date or the lack of structure in a lot of this data, it's growing exponentially right in people. And we all have our time kind of wrapping our heads around exponential growth, one of the kind of the fundamental problems that we have from your point of view, as you see this and you see your customer struggling with it and interests. Other kind of dichotomy is, Is it? Is it is it Is it asset? Of course, there's a lot of good stuff in there hopefully, But it's also liability because it's expensive. It's expensive. The hold. It's expensive to move. It's expensive to store. How do you help people deal with Keep it secure in this explosion of data environment that we are. >> You know, if there were a silver bullet, answer that question, we'd probably be the only security company in existence. >> They would be on a boat >> in >> the Caribbean or >> something like that, you know, being able to apply the technology that we're, you know, that we can bring to bear, which helps our analysts take all of these different disparate data sources. So we can take your I d. S. We can take your e t r. We can take your cloud control platform, your cloud control plane like an aws cloudwatch cloudtrail all that sort of stuff, bring it in one place, makes sense of it, put it together in a way that contextualized is it against what we know about your business. That's ah, whole lot of the battle right there is just being able to help somebody sort of understand what's going on. What does it mean to my business? What do I do about it? What do I do next on? If you can free up that chunk of time, you let the customer focus on those sort of more tactful things that they need to do inside their business, which is, you know, what's the next big evolution of security inside? You know our company, >> right? The word assume a logic fit in for you guys were here, obviously at the sumo logic event. And you know, the scale of the complexity of this stuff is getting beyond the ability of a human keep track of quite frankly. So there's got to be some automation. There's got to be tools. Even though you guys were transparent, there's just there's just some things I can't look into. How are using similar logic? How's it helping you do your business? You >> know, our partnership with Suma Logic came about actually from our 1st 2 customers who are actually symbolize your customers. And so they're sending all of their infrastructure data. They're sending all their security data and assume a logic, and they came to us and they said all that it is there. If you want to monitor our infrastructure, start there right on our ability because it lives in the cloud. There's no sort of management for the customer to do our villages plug right into that and immediately, like within an hour, to start getting security value out of what the customer has inside Suma Logic is, it's pretty substantial to be able to just start immediately telling him, giving him visibility into what's going on. So that's kind of how the relationship came about and how we worked with him today is we find that again. A lot of our customers have just a ton of data, security or otherwise that they need to store. They need to do it in a place that's going to scale with, um, so your traditional on Crim. You know, it's like a more old school Sim. We just gotta keep buying drives and buying drives and buying more and more places to store things. It's a tough life, right? So Cloud hosted platform, like Suma Logic lets you continue to scale, lets you quickly and easily search that they didn't do it in a reasonably cost effective way. It's a great way for us to work with customers. You don't have any visibility today. We know the folks over assume a logic really well, it's super easy to get up and running and get it up really quickly. It's easy for us to plug into. We can get you visibility in your environment really, really fast. If you don't have any today, >> so is that enabled you to bring a different scale of data to bear on your analytics is too. We know there's bad guys in there. You know how fast you can find him and shut him down to take action? >> I think so. Because of the way the technology with Suma logic scales that lets customers send more data, then they may have otherwise ordinarily sent toe like a more traditional Sam or something like that on what that does is that gives us more data to look at when we have more today to look at. We have more visibility and what's going on the customer environment. We can start delivering more value to them. Tell you hey, did you know this is going on over here something you weren't previously looking at because it scales reasonably well. That's something that we can start doing for >> her just because you have a good kind of macro point of view on multiple customers and the market. I just love to get your take on now. We used to hear all the time that, you know, the time between the breach and the knowledge of a breach was like 260 days. Whatever. And we keep hearing whatever show you out. It's coming down. It's coming down, coming down, but at the same time, pretty much every day. You know, you hear about a new breech and it's it's it's, I think everybody is going to be breached, it seems like, and it's really more of a function of How fast can you find out? You know, how quickly can you can you cut down on the damage and take the action? And I wonder if you could share your thoughts of kind of, You know, I still think some people think there's a moat strategy that you can just keep people out, and it's just it's just not, >> you know, somebody who is an attacker that's determined enough there. Well, fuck. You know, they've got enough funding. We're gonna get in and think about it like your house, right? Like, but all the doors. Put all the locks on his many doors. You want as many bars on as many windows as you want. If somebody wants it badly enough and they have enough time, they have enough planning. They have enough money, they're getting in your house, right? And so what you want to do? You want to know when they get in there so that you can react pretty quickly and so sure that like you dwell time of how long before, you know, from the time the intruder got in the environment till the time they were actually discovered. You obviously don't want that to be hundreds and hundreds of days, So it is important to figure out when they're they're what have they accessed when they're in there? So you understand what risk your date is that? Where are they In your environment? And that's the kind of thing you want to make sure that you have instrumentation to be able to see quick, because you can't. There is no silver bullet. You can't just keep the attackers out. You can't say I've prevent all these prevention mechanisms in. Nobody's gonna get in, so I don't need to worry about trying to find them once they're inside. It's just not the case. It's not really. >> And have you guys built a technological answer to social manipulation for penetration? I mean, my favorite examples are the, you know, somebody calling. You know I can't get into the company softball game. Can you please click on this or another one? I heard a Vegas. A Vegas casino was breached via that. The bomb it, er in the fish tank in the lobby. That was that was a connected thermometer so the fish wouldn't die. I mean, are we are you thinking about, you know, kind of social engineering is still a really effective way to get into these places and tools to break those kind of that access. >> Yes. Oh, social engineering. Absolutely. If you look across our customer base, the incidents and our customers deal with the number one by a long shot vector for how these companies are actually getting compromised in the first place. It's fishing, right? It's ominous. Intuit e mail. And I'm gonna convince you to click on this link, or I'm gonna convince you to open this file or I'm gonna convince you to give me a password or something like that, because at the end of the day, some of these things are pretty good and it's hard to spot a fake. It's just really difficult spot a fake if it's well tailored. A lot of the security companies and I'll give credit to a lot of the infrastructure. Providers like Google have done a really good job at trying to flash warning signs. You've never received an E mail like this from this person before. You've never received an e mail from this person with an attachment. You've never received an e mail from this person with, you know, from this domain or anything like that. They're starting to get more and more sophisticated around some of those mechanisms. But at the end of the day, social engineering fishing, that is the number one vector. It's a really hard problems. All then the security industry hasn't solved yet. >> Yeah, All right, well, let's get his job security for you. Well, Justin, thanks for taking a few minutes and really enjoyed the conversation. Thanks for having me. Alright. He's Justin. I'm Jeff. You're watching the Cube. Were Touma logic illuminate in San Francisco Hyatt Regency? Thanks for watching