>>Well, hello everybody. I'm John Walls here with the cube, and we're very happy to continue our coverage here of a splunk.com 21. And today we're going to talk about cyber security. Uh, obviously everybody is well aware of a number of, uh, breaches that have happened around the globe, but you might say there's been a surge in trying to prevent those from happening down the road. And I'm going to let our guests explain that Ryan Covar, who is the security strategist at Splunk. Ryan. Good to see you with, uh, with us here on the cube. Glad you could join us today. >>Thank you very much. I've wished we could have been doing this in person, but such as the time of life we live. >>Yeah. We have learned to live on zoom that's for sure. And, uh, it's the next best thing to being there. So, uh, again, thanks for that. Um, well, let's talk about surge, if you will. Um, uh, I know obviously Splunk and data security go hand in hand that is a high priority with the, with the company, but now you have a new initiative that you're just now rolling out to take that to an even higher level. Tell us about that. >>Yeah, something I'm extremely excited to announce. Uh, it's the first time we're really talking about it is that.com 21, which is wonderful. And it's kind of the culmination of my seven years here at Splunk. Uh, before I came to Splunk, I did about 20 years of cyber security research and defense and nation state hunting and threat intelligence and policy and compliance, and just about everything, uh, public sector in the U S and the UK private sector, a couple of different places. So I've kind of been around the block. And one of the things I've found that I'm really passionate about is just being a network defender or a blue teamer. And a lot of my time here at Splunk has been around that. It's been speaking at conferences, doing research, um, coming up with ways to basically defend organizations, but the tools they have at hand and something that we say Alon is, uh, we, we work on the problems of today and tomorrow, not the distant future, right? >>The really practical things. And we had an, you know, there was a little bit of a thing called solar winds. You might've heard of it. Um, that happened earlier in December and we were able to stand up kind of on an ad hoc ragtag group of Splunkers around the world, uh, in a matter of hours. And we worked about 24 hours for panning over to Australia, into a Mia, and then back over to America and able to publish really helpful work to, for our customers to detect or defend or mitigate against what we knew at the time around solar winds, the attack. And then as time went on, we were continuing to write and create material, but we didn't have a group that was focused on it. We were all kind of chipping in after hours or, you know, deep deprecating, other bits of work. >>And I said, you know, we really need to focus on this. This is a big deal. And how can we actually surge up to meet these needs if you will, uh, the play on the punter. So we created an idea of a small team, a dedicated to current events and also doing security research around the problems that are facing around the world insecurity who use Splunk and maybe even those who don't. And that's where the idea of this team was formed. And we've been working all summer. We're releasing our first research project, excuse me, uh, at.com, which is around supply chain, compromise using jaw three Zeke and Splunk, uh, author by myself and primarily Marcus law era. And we have other research projects coming out every quarter, along with doing this work around, just helping people with any sort of immediate cybersecurity threat that we're able to assist with. >>So what are you hoping that security teams can get out of this work? Obviously you're investing a lot of resources and doing the research, I assume, diversifying, you know, the areas and to which you're, um, exploring, um, ultimately what would be the takeaway if I was on the other end, if I was on the client and what would you hope that I would be, uh, extracting from this work? >>Sure. We want to get you promoted. I mean, that's kind of the, the joke of it, but we, we talk a lot. I want to make everyone in the world who use a Splunk or cybersecurity, looked into their bosses and defend their company as fast and quickly as possible. So one of the big, mandates for my team is creating consumable, actionable work and research. So we, you know, we joke a lot that, you know, I have a pretty thick beard here. One might even call it a neck beard and a lot of people in our community, we create things for what I would call wizards, cybersecurity wizards, and we go to conferences and we talk from wizard to wizard, and we kind of sit on our ivory tower on stage and kind of proclaim out how to do things. And I've sat on the other side and sometimes those sound great, but they're not actually helping people with their job today. And so the takeaway for me, what I hope people are able to take away is we're here for you. We're here for the little guys, the network defenders, we're creating things that we're hoping you can immediately take home and implement and do and make better detections and really find the things that are immediate threats to your network and not necessarily having to, you know, create a whole new environment or apply magic. So >>Is there a difference then in terms of say enterprise threats, as opposed to, if I'm a small business or of a medium sized business, maybe I have four or 500 employees as opposed to four or 5,000 or 40,000. Um, what about, you know, finding that ground where you can address both of those levels of, of business and of concern, >>You know, 20 years ago or 10 years ago? I would've answered that question very differently and I fully acknowledge I have a bias in nation state threats. That's what I'm primarily trained in, however, in the last five years, uh, thanks or not. Thanks to ransomware. What we're seeing is the same threats that are affecting and impacting fortune 100 fortune 10 companies. The entire federal government of the United States are the exact same threats that are actually impacting and causing havoc on smaller organizations and businesses. So the reality is in today's threat landscape. I do believe actually the threat is the same to each, but it is not the same level of capabilities for a 100% or 500 person company to a company, the size of Splunk or a fortune 100 company. Um, and that's something that we are actually focusing on is how do we create things to help every size of that business, >>Giving me the tools, right, exactly. >>Which is giving you the power to fight that battle yourself as much as possible, because you may never be able to have the head count of a fortune 100 company, but thanks to the power of software and tools and things like the cloud, you might have some force multipliers that we're hoping to create for you in a much more package consumable method. >>Yeah. Let's go back to the research that you mentioned. Um, how did you pick the first topic? I mean, because this is your, your splash and, and I'm sure there was a lot of thought put into where do we want to dive in >>First? You know, I'd love to say there was a lot of thought put into it because it would make me sound smarter, but it was something we all just immediately knew was a gap. Um, you know, solar winds, which was a supply chain, compromise attack really revealed to many of us something that, um, you know, reporters had been talking about for years, but we never really saw come to fruition was a real actionable threat. And when we started looking at our library of offerings and what we could actually help customers with, I talked over 175 federal and private sector companies around the world in a month and a half after solar winds. And a lot of times the answer was, yeah, we can't really help you with this specific part of the problem. We can help you around all sorts of other places, but like, gosh, how do you actually detect this? >>And there's not a great answer. And that really bothered me. And to be perfectly honest, that was part of the reason that we founded the team. So it was a very obvious next step was, well, this is why we're creating the team. Then our first product should probably be around this problem. And then you say, okay, supply chain, that's really big. That's a huge chunk of work. So the first question is like, well, what can we actually affect change on without talking about things like quantum computing, right? Which are all things that are, you know, blockchain, quantum computing, these are all solutions that are actually possible to solve or mitigate supply chain compromise, but it's not happening today. And it sure as heck isn't even happening tomorrow. So how do we create something that's digestible today? And so what Marcus did, and one of his true skillsets is really refining the problem down, down, down, down. >>And where can we get to the point of, Hey, this is data that we think most organizations have a chance of collecting. These are methodologies that we think people can do and how can they actually implement them with success in their network. And then we test that and then we kind of keep doing a huge fan of the concept of OODA loop, orient, orient, observe, decide, and act. And we do that through our hypothesizing. We kind of keep looking at that and iterating over and over and over again, until we're able to come up with a solution that seems to be applicable for the personas that we're trying to help. And that's where we got out with this research of, Hey, collect network data, use a tool like Splunk and some of our built-in statistical analysis functions and come out the other side. And I'll be honest, we're not solving the problem. >>We're helping you with the problem. And I think that's a key differentiator of what we're saying is there is no silver bullet and frankly, anyone that tells you they can solve supply chain, uh, let me know, cause I want to join that hot new startup. Um, the reality is we can help you go from a field of haystacks to a single haystack and inside that single haystack, there's a needle, right? And there's actually a lot of value in that because before the PR problem was unapproachable, and now we've gotten it down to saying like, Hey, use your traditional tools, use your traditional analytic craft on a much smaller set of data where we've pretty much verified that there's something here, but look right here. And that's where we kind of focused. >>You talked about, you know, and we all know about the importance and really the emphasis that's put on data protection, right? Um, at the same time, can you use data to help you protect? I mean, is there information or insight that could be gleaned from, from data that whether it's behavior or whatever the case might be, that, that not only, uh, is something that you can operationalize and it's a good thing for your business, but you could also put it into practice in terms of your security practices to >>A hundred percent. The, the undervalued aspect of cybersecurity in my opinion, is elbow grease. Um, you can buy a lot of tools, uh, but the reality is to get value immediately. Usually the easiest place to start is just doing the hard detail oriented work. And so when you ask, is there data that can help you immediately data analytics? Actually, I go to, um, knowing what you have in your network, knowing what you have, that you're actually trying to protect asset and inventory, CMDB, things like this, which is not attractive. It's not something people want to talk about, but it's actually the basis of all good security. How do you possibly defend something if you don't know what you're defending and where it is. And something that we found in our research was in order to detect and find anomalous behavior of systems communicating outbound, um, it's too much. >>So what you have to do is limit the scope down to those critical assets that you're most concerned about and a perfect example of critical asset. And there's no, no shame or victim blaming here, put on solar winds. Uh, it's just that, that is an example of an appliance server that has massive impact on the organization as we saw in 2020. And how can you actually find that if you don't know where it is? So really that first step is taking the data that you already have and saying, let's find all the systems that we're trying to protect. And what's often known as a crown jewels approach, and then applying these advanced analytics on top of those crown jewel approaches to limit the data scope and really get it to just what you're trying to protect. And once you're positive that you have that fairly well defended, then you go out to the next tier and the next tier in next year. And that's a great approach, take things you're already doing today and applying them and getting better results tomorrow. >>No, before I let you go, um, I I'd like to just have you put a, uh, a bow on surge, if you will, on that package, why is this a big deal to you? It's been a long time in the making. I know you're very happy about the rollout of this week. Um, you know, what's the impact you want to have? Why is it important? >>We did a lot of literature review. I have a very analytical background. My time working at DARPA taught me a lot about doing research and development and on laying out the value of failure, um, and how much sometimes even failing as long as you talk about it and talk about your approach and methodology and share that is important. And the other part of this is I see a lot of work done by many other wonderful organizations, uh, but they're really solving for a problem further down the road or they're creating solutions that not everyone can implement. And so what I think is so important and what's different about our team is we're not only thinking differently, we're hiring differently. You know, we have people who have a threat intelligence background from the white house. We have another researcher who did 10 years at DARPA insecurity, research and development. >>Uh, we've recently hired a, a former journalist who she's made a career pivot into cybersecurity, and she's helping us really review the data and what people are facing and come up with a real connection to make sure we are tackling the right problems. And so to me, what I'm most excited about is we're not only trying to solve different problems. And I think what most of the world is looking at for cybersecurity research, we've staffed it to be different, think different and come up with things that are probably a little less, um, normal than everyone's seen before. And I'm excited about that. >>Well, and, and rightly so, uh, Ryan, thanks for the time, a pleasure to have you here on the cube and, uh, the information again, the initiative is Serge, check it out, uh, spunk very much active in the cyber security protection business. And so we have certainly appreciate that effort. Thank you, Ryan. >>Well, thank you very much, John. You bet Ryan, >>Covar joining us here on our cube coverage. We continue our coverage of.com for 21.

>> Narrator: From Boston, Massachusetts, it's theCUBE, covering Cloud Foundry Summit 2018. Brought to you by the Cloud Foundry Foundation. >> Welcome back I'm Stu Miniman, and this is theCUBE's coverage of Cloud Foundry Summit 2018, here in Boston, Massachusetts. Happy to welcome to the program first time guest, founder and CEO of a start-up, solo.io, Idit Levine. Thank you so much for joining us. >> Thank you so much for having me. >> All right, so one of the things we were talking in the open. Lauren Cooney, who you know, and I were talking about, well, you know, Cloud Foundry. We've been talking about digital transformation. The enterprise for years, but there's always these new technologies. It was, you know, Kubernetes came this wave, now server-less is the wave, and you know, Amazon's kind of overarching, you know, discussion in the market place. That's why I'm glad to bring you in because your company, a startup, plays across a number of these, you know, emerging spaces in the Cloud Foundry space. So, give our audience a little bit about your background and what led to the foundation of solo.io. >> Yeah, thanks. So I was in start-up all my life. I worked in DynamicOps, we got acquired by VMWare, so vRealize, if you remember. And then I moved to another start-up, got inquired by Verizon, so cloud switch, who was moving back in the day from micro, from on prem to off prem. And then I moved to Dell EMC, to the city office and that was great because what I was doing was basically started the dojo of Cloud Foundry. So, me and Ryan Gallagher, if you know him, and Patrick Dennis, we are the three who started it and we basically co-located with the Cloud Foundry team and we worked very, very closely with them. And what we did, what I was doing a lot was bringing in innovation so we created some opensource projects like Key Unique if you heard about it about UniCare, you know, building and running UniCare. We worked with a lot of the ecosystem and the reason we started Solo is because I felt, I really feel, I really felt that the EMC is a great place but that it sometimes slow you down because of the big organization and I felt that we can do much faster outside. So that's why we opened, we started Solo, and all the purpose with Solo is basically playing two tracks. One of them is we really, really want people to use our product, so we want to target the people who has the problem, which is the enterprise. So that's where we're really, really targeting to help them move to what we really master which is the opensource community, so all the innovation. So, that's exactly what we're doing, basically helping them to take their monolithic application, move them to microservices and to Serverless, but by using very, very unique and innovative technology like Envoy and a lot of others. >> Okay, so we hear a lot of times it's you know, of course, companies, they need to move faster. They need to go through this transformation. It's the API economy. And that's, I think, where Gloo fits in there. So Gloo is spelled G-L-O-O, >> Right. >> What's a function gateway? How does this help with, kind of, you know, is it API Sprawl these days? Or, you know, all these various services. You know, how is this the glue that brings everything together? >> So as I said, we're working in two ecosystems, right? The first one is the enterprise. So the main use case that we are trying to solve as I said is the movement. We wanted to make sure that people will be able to take the monolithic and at least extend them to microservices like Cloud Foundry and Kubernetes, and to Serverless, and also in the free time to kind of like move it. So that was kind of like our purpose. But we needed some technology for that, and we looked outside and discovered that the first thing that we needed is probably a very good API gateway. But it need to route on the function level, and it need to discover the function, and a lot of technology that just wasn't exist back then. So what we did was basically build one, which is Gloo. That's the first thing that we needed because we had no choice. There wasn't anything that actually we seriously, and trust me, and looking very well of all the opensource project, there's nothing like what we built out there, in terms of the quality of the technology and what we're capable of doing. So that's why we built it. We didn't plan to make it a product, but that was the purpose. And the second thing. Now we're building more stuff, and we need maybe to extend to service-match, or function-match, like we call it. Again, not because we want to. Because we have no choice. Right? So this is not a core product, but it's really, we're building is about, we're targeting everything that's related to this use case and we're trying to move. >> Okay, so Google and Microsoft in their keynotes talked about an API gateway, opensource project, I hear service-match, I'm thinking about ISDL. How does Gloo fit-- >> So as I said, there's a beautiful, we are not competing because as I said, at the beginning, my purpose, look, I will look at the situation. That's how somebody can use it. But they're just not moving fast enough for us as a startup. So we had to actually create it. Now, when we created it, we created it specifically to our use case, right? We needed the function, that we knew that our purpose was to take all that, those ecosystems of monolithic, microservices, and Serverless, and look and see, what is the smallest unit of compute that's common between them, and cut everything to it, and that's the function. So basically, what we're doing, we're taking all these ecosystems, cut everything to function, and then reassemble a movement between them. That's something that they just didn't give us, so we had to build it. But the beauty of it is because we are, you know, we are really innovative and that's what we know how to do, we decided to leverage the opensource, so for instance is build on Envoy, right, because it is the best proxy that exists today. And we extended it, because we needed some functionalities, so we created a lot of filter, right? Because it was very important to us to make Envoy basically have this functionality. So we are not competing with none of them, because mainly, that's not what we're doing. We're just focusing on the use case. But theoretically, if you're looking at API gateway, I will say hands down we're probably the best that exists out there, which is, that's not what we started with. >> Yeah, it's really smart, coming, you know, no small startup's going to be, oh, well, we're going to, you know, in Silicon Valley maybe they think they're going to take down the giants and break the world and competing is everything, but I like you actually spent some time working in the EMC CTO office, and there are certain things we will always look at. And it's like, there's this gap. Here's what we have today, and here's absolutely where we know where the market is going. >> Right. >> So, you know, the analogy I hear today is like, well, customers they've got their applications. They need to modernize them. So it's been the last year or so, there's been this discussion of lift and shift. It made people cringe. I said, you know, I've lifted the virtualization way. One of the biggest challenges where, was I took this old application which, to be frank, stunk, and I kept it alive for years longer, even though the server was no longer supported, the OS was no longer supported, but I could just virtualize it and that was great. I want to get to 12-factor, microservice architecture, even Serverless might be the foundation that I'd like to build this. I cannot lift and shift to get Serverless. There is no path from old to there. So it sounds like you're >> What we're doing. Trying to attack some of that there, am I getting that right? >> Yes, I mean, basically, I will give you an example of a customer that we have, right? So, they came, their monolithic application, right? And they really want it to move. And you know, it's really hard to maintain this, so they said, you know what, we really want it to move to Serverless. That's the engineering part, right? They're saying, we want it to move to engineering. They came to the boss and they said, well, what we want to do is to take it, rewrite it, and put it as a greenfield, right? Basically as a Serverless. So the boss said, no problem, go, evaluate how much time it will take, and then come back to me. So they went and they did it, and they basically came with nine months. So the boss said, okay, so, no. And the reason is because nine months means a year, and also, I didn't get any feature on this year. Right? They will fire me. So what we're doing is we're saying, take this monolithic application, it's working, don't touch it, extend it. First of all, extend, on the new functionality, going to the Serverless and to microservices, and we're supporting everything, and it's brand new. I mean, I can start telling you what is the platform that we support. It's almost everything. And then, the second thing is that, on your spare time, start breaking it. Now, there's no magic. I know people are saying there's an algorithm. That's never going to work. Trust me, and I did a lot of software in my life. You can't guess this stuff. You actually need to rewrite them. But on your spare time, when you're available, and on the way, you know, on your pace of learning. And I feel that that's what we're giving. We're basically giving them the freedom to do that on their spare time, and we're giving a lot of other tools, like for instance, debug. So we create, we opensource a project called Squash, that basically be able to attach debuggers to microservices, to Serverless, and to monolithic, in different language, different everything, and jump between them. So you basically can create what I call library up, and jump cross that. So I feel that what we're targeting is basically make this movement easy, with any technology that we can put out there. >> Yeah. The whole application modernization is a real challenge. If I look at, you know, in this space, Pivotal's acquisition of Pivotal Labs was to help them. A lot of services, things that we're looking at, Pivotal going public. How much of their business is actually services, how much of it is you know, subscription and software? How much are you, is this just tooling you're building, or are you helping customers get through some of the services that maybe it's time for you to talk, how many people do you have on your team? Like, I look at the website, I see like five people, so. >> Yeah, that's actually what we are. So I mean, specifically, we are five. We are startup. We got actually really well funded from True Ventures, great, great investors. And what was important to me, was not to do a lot of mistakes of the other startups doing, which is basically scale too fast, right? I wanted first to putting a product out there, I want to see what's going on. And today, because we opensource, because we all can use Amazon and so on, we don't need a lot of money to actually create the additional projects. So that's what we did. Specifically, I can tell I'm getting a lot of resumes and right now, I'm actually pushing them back, because it's really, really important to me to scale on the right side. Now we're starting to have customers, we will have to scale, right? So that's that. In terms of how much, so that's enough. We are five and as I said, it's good, but we are not in the services. Actually people they're doing an amazing job. We don't want to touch that. What we do want to make sure is that they're giving the tools to do them themselves and they will hire probably people to do the services. >> Are you able to share how much funding, you said True Ventures is one of the funding? >> So we got 2.5 from True Ventures, and then we got 500 from Haystack and another 250 from Wave Ventures, capital. >> Okay, and five people. You're hiring too. What are you looking for? >> Yeah, so we're definitely going to hire more. We need a full stack engineer, we need a system engineer. Right now it's very flat architecture. A lot of really, really good people. I mean, my engineers are people who was in the Israeli Army as lackers, you know, very, very technical. People who are, walk with me in EMC, and so on. Very, very good people. And our purpose is to grow as system engineers a little bit, UI, and we also need some help to scale. >> And you're located here in Boston, correct? >> I am, I am. I have one engineer in Seattle, but all the rest are here. >> Okay, and the products itself, you know, opensource, and the things that are available, so-- >> For now, so we started as an open, we did put it as an opensource project. This is the platform I feel should be opensource. But there will be features that we will not opensource. A lot of more things that makes sense for the enterprise, we will not opensource. But yeah, right now, everything is opensource, and we wanted to share for the community. >> Okay, and from the customers you're talking to, what's their biggest challenge, you know, things like Serverless, you know, are they getting their arms around it, especially, you know, out here in the east coast, as opposed to, you know, some of the startups in the like? >> So actually, people in the enterprise, I mean, I think I nailed the use case, because you know, I went, I'm talking a lot in conference, QCon is one of the conference that I really, really liked and talked a lot, and when I talk there to the people, everybody has this problem, which I have a monolithic, how do you move them? Most of them trying to move to container right now. That's where it is. But the beauty of how we built Gloo, and that was totally on purpose, is the fact that, and I actually have a diagram showing it, today those enterprise that are only using monolithic. I don't know, like Bank of America, I think is only monolithic. Then if you're looking, there's people only using microservices, probably Google and others. And then there is companies like iRobot for instance. So it's going all the way to Serverless. That's all there, right? Bam, which is amazing. But, and there is companies that's sharing it, right? That means they're microservices and Serverless, so monolithic, and then. And EMC for instance, they have like Serverless, microservices and monolithic. What we're trying to do is basically, the beauty of what we build, is basically a platform on top of an envoy. So we can actually create the customized offer for you that will be only what you need. And what we will help you is to basically glue, this is what the name, glue your environment, so it will give you one experience that you can manage it or you can mix and match, you can do whatever you want, and it's really, really clean. So when I'm talking to customers today, mainly where they are is like monolithic to microservices, but they love this use case. I mean, I didn't meet a customer yet that I show him the demo of how we're taking a spring boot application and move it, and he said that they don't want it to proceed. So it's good. >> Wow. Fascinating stuff. I really appreciate you sharing. Definitely, we hear from customers all the time. It's moving from the old to the new, it's I need to live in both of those worlds, and they can't split those teams, it can't be islands, I need to pull this together. It's definitely through a multi-cloud, and seems like it's happening in the development environment too. So, Idit Levine, solo, congratulations on where you've gone. Look forward to catching up much more in the future. We're back with lots more coverage here from the Cloud Foundry summit in Boston, Massachusetts. I'm Stu Miniman. Thanks for watching theCUBE.