>>Fly from San Francisco. It's the cube covering RSA conference, 2020 San Francisco brought to you by Silicon angle media. >>Hey, welcome back everybody. Jeff, Rick here with the cube. We're at the RSA conference in downtown San Francisco at Moscone. It's the fourth day of the show, 40,000 some odd people here. It's all about security. It's the biggest security show in the world despite the fact that there were some challenges with the coronavirus this year and you know, people were kind of wondering how that was going to shake out. There's been a lot of kind of weird stuff going on in the conference scene, but a lot of people got here, a lot of conversations around security and we're really happy to have really a seasoned vet. He's been through this cycle of security a couple of times that you said he's done four different startups. We're happy to have him as all of our Fredericks, the VP security product. That's blown. Good to see all of her. >>Thank you. Great to be here. Absolutely. So let's take a step back. You've been coming to this show for a little while. What's kind of your, your impression of the show? Well, it's really interesting this year, you know, I think it's a, I'd say the energy level is somewhat flat and I think it's a sign of our industry maturing and getting to the point where, you know, you used to see, uh, some pretty big disruption every few years when compute changes the threats or attack surface moves and the threats change with it. But things have been relatively stable. You know, the cloud is really the biggest, most recent, uh, innovation. And so there really hasn't been, I think any massive disruption in our industry for a little bit, but a lot of just continuous iteration and improvement on existing technologies. Right? There's some big ones coming down the pike though, right? >>One of the big ones that's going to have a huge impact is five G and IOT. Uh, suddenly now that you know these things, people think five GC can talk to your mom faster on the phone. That's not what it's about at all, right? It's a speed of machines and the speed in which these transactions are going to be happening. Not to mention all those connected devices, all those new attack surfaces, very, very revolutionary. And yet the theme here is the human elements. So when you think about speed of machines and, and increasing, uh, the kind of frequency of bot attacks, this and that, and yet there's still people that gotta be on the hook and responsible for this stuff. How do you think about it and has you actually use things like AI to help the people fight the machines? Yeah, I know it's a really good question. >>So typically over the years, right, attackers have targeted compute, uh, operating systems, applications, servers, and so on. But we've, we've done a really good job of starting to lock those down, finding those vulnerabilities, patching them, fixing them, you know, that's, it's not a panel, it's, it hasn't been solved, right? That's, it's an ongoing issue. But attackers have moved onto the weakest link, which is people, right? If I can convince you to send me your, you know, your bank account information or that access to your account and wire money out of your account, right? It's a lot easier than having to find a vulnerability in Microsoft windows these days, which used to be pretty easy back 20 years ago. Used to, they're there, they're by the dozens. Right. But, but now they're getting better on the fishing too. And now spear fishing. Right. I, I had a friend in commercial real estate who, who told me this email that he got like from his banker, you know, talking about a transaction with a business associate using vocabulary words that that would normally be used in their exchange to the point where he called the guy and said, did you send this to me? >>Um, so you know, the, the, the, the bad English bad grammar and, and kind of funky word selection isn't necessarily that red flag that it used to be that don't click on here and we're still getting, you know, this, this attacking is happening. So how do, how do people get more sophisticated in light of kind of these more sophisticated attacks on the people? >>Yeah, so I think there's two things. One is, you know, it hidden in there is, and that type of an attack is typically wire instructions, right? If it's, if I'm buying a house, my escrow company or title company is going to send me wire instructions to send the money for the down payment on that house for example. You know, that's, that's been a very, very common attack where, you know, title companies may not be the most sophisticated, like many of the organizations that are here today. Uh, so definitely fall victims. So that's, that's definitely a growing problem and a growing attack surface. We also see, uh, you know, the need for new technologies like natural language understanding, actually understanding the context of the data. Uh, for example, what's the intent behind it? What's the meaning? Sure, it's not going to be misspelled. But can I find other relevant factors or attributes of that email that, uh, point out at red flag or something that I need to be concerned about before I actually click on it or open it or, or act on it? >>Right. So the company that you, uh, led before spunk acquired you, Phantom, you talked a lot about they're trying to help, help to see Sox do a better job, help them kind of filter, filter what they don't need to respond to, prioritize what they need to respond to and then respond quicker when they do. That's right. A little bit more about how that works and what's kind of the impact of having that technology on the front line. >>Yeah, so five years ago, automation and security really didn't exist. Uh, we created a new category called soar security, orchestration, automation and response. And, uh, it's a technology that allows you to automate what a SOC analyst would typically do by hand. So typically, you know, if an analyst is looking at an event, uh, it would take them 10 minutes, best best-case, 11 hours, worst-case, to analyze that and do all the work that they need to do to triage it. By automating, we're able to reduce that down to a best case of one second, worst case of 10 minutes using automated playbooks. So we're able to get a, uh, a massive performance improvement by automating, by creating a playbook of those rout routine things that an analyst would do by hand. And that frees up the analyst to do more proactive, higher order activities, things that actually require the human thought versus the repetitive work which we're very happy about. >>And are most of those types of, of of uh, processes that you automated? Just check, just to get, you know, kind of checking boxes if you will, almost like a pre-flight to make sure that you kind of have the simple things covered or you know, what are some of the activities that you've been able to automate? >>Yeah, so it's interesting these, these platforms have become very flexible and multipurpose. So today we integrate with over 300 different security vendors that are on the showroom floor here today to let you automate in those products. So the typical large enterprise has maybe 60 70 security products that they're all managing from a browser tab or a different login. What soar platforms do is they tie those together and allow you to manage those products very rapidly. In the case of an event. So for example, you know, if I have a, a, a phishing email, I can take the attachment detonated in a sandbox from any of the sandbox vendors here on the showroom floor. Look it up in my reputation service like my virus total reversing labs for example, look it up on my EDR product on the endpoint to see do any of my endpoints actually have this file. And then I could take remediate, remediate of action and actually block the user, take the endpoint off the network using a Nack product that's here, uh, and so on, or block it on the firewall. So there's many different types of scenarios. >>It's that whole chain that you just described potentially would be something that you build into this playbook and have that happen automatically. Yes. Oh, that's a huge time saver. Huge time saver. So as you look forward, kind of at the power of AI, right? It's good news, bad news, right? Good news. You're going to have a lot more horsepower and computational wizardry at your fingertips. Bad news is the bad guys are also going to have a lot more computational power and wizardry at the end of their fingertips. So how do you, you know, kind of see the battle continuing to play out? Where do you really see great opportunities with, with this evolving AI to do things that you just couldn't do before? >>Yeah, look, I at attackers have been using automation and AI against us for, for many years now. So we're just starting to catch up and use it effectively to defend ourselves. Uh, you know, it'll be very interesting to see where this goes. I don't know if I can predict, but imagine machines fighting machines just like in real life and robotics and so on. In real physical kinetic warfare. Imagine the same thing happening in cyber here is entirely conceivable, but I don't think we're quite there yet. I mean, we obviously see botnets and other automated attacks that are already very rampant and then automated countermeasures that are there as well. So it'd be very interesting to even have, you know, maybe one year here we'll have uh, you know, robot Wars for cyber and have, you know, technologies battle each other to see who your >>wins. But what's crazy is as much as the bots are fighting the bots, you know, we have, uh, people in like Rachel tow back, we fed on a couple of times. She's, she does social hacking and uh, and she's basically a hundred percent, uh, successful in just calling people on the phone and giving them to provide her the details. So it still is going to keep the people in the loop. We're still going to have to, you know, make sure that they're not the weakest link. Absolutely. Yeah. All right, good. So final thoughts as you ahead into 20, 20 the year, we're going to know everything with the benefit of hindsight. Well, look, I think one thing we're seeing, there's so many vendors here, uh, things are coming together. Again, our customers are looking to consolidate, they're looking to reduce. And one thing that we're very heavily focused on at Splunk is creating a single work surface for analysts. So they don't have to deal with dozens of different consoles. Right. We're very, very focused on that. Working 70 tabs to work process is not a, not very efficient. So ideal. No. All right. All over. Well, thanks for, uh, for taking a few minutes to stop and buy and a continued success for you and Splunk. Thank you. Alrighty. He's all around. Jeff, you're watching the cube. We're an RSA 2020 and downtown San Francisco. Thanks for watching. See you next time.