>>Okay, welcome back everyone to San Francisco, live coverage here with the cube 80, be summit 2022. We're back in person. I'm John furry host of the cube. We'll be at the 80 us summit in New York city. This summer, check us out then. But right now, two days in San Francisco, getting all the coverage what's going on in the cloud, we got a cube, alumni and friend of the cube. I dos car CEO, investor, a Sierra, and also an investor and a bunch of startups, angel investor. I'm gonna do great to see you. Thanks for coming on the cube. Good to see you. Good to see. See you, sir. Chris pump. Cool. How are you? >>Good. How are you? >>So congratulations on all your investments. Uh, you've made a lot of great successes over the past couple years and your company raising some good cash as Sarah. So give us the update. How much cash have you guys raised? What's the status of the company product what's going on? >>First of all, thank you for having me. We're back to be business with you never while after. Great to see you. Um, so I, as the company started around four years back, I invested with a few of the investors and now I'm the CEO. Um, we have raised close to a hundred million there. The investors are people like nor west Menlo, true ventures, coast, lo ventures, Ram Shera, and all those people all well known guys, Andy Beel chime Paul Mo Mayard web. So a whole bunch of operating people and, uh, Silicon valley vs are involved >>And has it gone? >>It's going well. We are doing really well. We are going almost 300% year over year. Uh, for last three years, the space ISRA is going after is what I call the applying AI for customer service. It operations, it help desk, uh, the same place I used to work at ServiceNow. We are partners with ServiceNow to take, how can we argument for employees and customers, Salesforce, and service now to take it the next stage? Well >>Of having you on the cube, Dave and I, David ante as well loves having you on too, because you not only bring the entrepreneurial CEO experience, you're an investor. You're like a, you're like a guest analyst. <laugh> >>You know who done? You >>Get the comment, this fun to talk to you though, you >>Get the commentary, you you're your finger on the pulse. Um, so I gotta ask you obviously, AI and machine learning, machine learning AI, or you want to phrase isn't every application. Now, AI first, uh, you're seeing a lot of that going on. You're starting to see companies build the modern applications at the top of the stack. So the cloud scale has hit. We're seeing cloud scale. You predicted that we talked about in the cube many times. Now you have that past layer with a lot more services and cloud native becoming a standard layer. Containerizations growing Docker just raised a hundred million on a 2 billion valuation back from the debt after they pivoted from an enterprise services. So open source developers are booming. Um, where's the action. I mean, is there data control, plane emerging, AI needs data. There's a lot of challenges around this. There's a lot of discussions and a lot of companies being funded, observability there's 10 million observability companies. Data is the key. What's your angle on this? What's your take? Yeah, >>No, look, I think I'll give you the view that I see right from my side. Obviously data is very clear. So the things that system of recorded you and me talked about the next layer is called system of intelligence. That's where the AI will play. Like we talk cloud native, it'll be called AI. Native NATO is a new buzzword and using the AI for customer service it operations. We talk about observability. I call it AI ops, applying ops for good old it operations management, cloud management. So you'll see the AOPs applied for whole list of, uh, application from observability doing the CMDB, predicting the events incidents. So I see a lot of work clicking for AIOps and AI service desk. What used to be help desk with ServiceNow BMC <inaudible> you see a new, a layer emerging as a system of intelligence. Uh, the next would be is applying AI with workflow automation. So that's where you'll see a lot of things called customer workflows, employee workflows. So think of what UI path automation, anywhere ServiceNow are doing, that area will be driven with AI workflows. So you'll see AI going off >>Is RPA a company is AI, is RPA a feed of something bigger? Or can someone have a company on RPA UI pass? One will be at their event this summer? Um, is it a product company? I mean, I mean, RPA is almost, should be embedded in everything. It's a feature. >>It is very good point. Very, very good thing. So one is, it's the category for sure. Like it's a category, it's an area where RPA maybe change the name. I call it much more about automation, workflow automation, but RPA and automation is a category. Um, it's a company also, but that automation should be ed in every area. Yeah. Like we call cloud NATO and AI NATO. It'll become automation. NATO. Yeah. And that's your thinking? So >>It's most interesting me. I think about the, what you're talking about. What's coming to my is I'm kinda having flashbacks to the old software model of middleware. Remember at middleware, it was very easy to understand it was middleware. It sat between two things and then the middle and it was software abstraction. Now you have all kinds of workflows abstractions everywhere. So multiple databases, it's not a monolithic thing. Right? Right. So as you break that down, is this the new modern middleware? Because what you're talking about is data workflows, but they might be siloed. Are they integrated? I mean, these are the challenges. This is crazy. What's the, >>So don't put the database became called polyglot databases. Yeah. I call this one polyglot automation. So you need automation as a layer, as a category, but you also need to put automation in every area like you you're talking about. It should be part of service. Now it should be part of ISRA, like every company, every Salesforce. So that's why you see it. MuleSoft and Salesforce buying RPA companies. So you'll see all the SaaS companies, cloud companies having an automation as a core. So it's like how you have a database and compute and sales and networking. You'll also have an automation as a layer <inaudible> inside every stack. >>All right. So I wanna shift gears a little bit and get your perspective on what's going on behind us. You can see, uh, behind us, you got the expo hall, got, um, we're back to vents, but you got, you know, AMD, Clum, Ove, uh, Dynatrace data, dog, innovative all the companies out here that we know. And we interview them all. They're trying to be suppliers to this growing enterprise market. Right. Okay. But now you also got the entrepreneurial equation. Okay. We're gonna have John Sado on from Deibel later today. He's a former NEA guy and we always talk to Jerry, Jen. We know all the, the VCs. What does the startups look like? What does the, to of the, in your mind, cuz you, I know you invest the entrepreneurial founder situation. Cloud's bigger. Mm-hmm <affirmative> global, right? Data's part of it. You mentioned data's code. Yes. Basically. Data's everything. What's it like for a first an entrepreneur right now who's starting a company. What's the white space. What's the attack plan. How do they get in the market? How do they engineer everything? >>Very good. So I'll give it to two things that I'm seeing out there. Remember days of Amazon created the startups 15 years back, everybody built on Amazon now Azure and GCP. The next layer would be is people don't just build on Amazon. They're going build it on top of snowflake. Companies are snowflake becomes the data platform, right? People will build on snowflake. Right? So I, my old boss Blankman trying to build companies on snowflake. So you don't build it just on Amazon. You build it on Amazon and snowflake. Snowflake will become your data store. Snowflake will become your data layer. Right? So I think that's the next level of <inaudible> trying to do that. So if I'm doing observability AI ops, if I'm doing next level of Splunk SIM, I'm gonna build it on snowflake, on Salesforce, on Amazon, on Azure, et cetera. >>It's interesting. You know, Jerry Chan has it put out a thesis a couple months ago called castles in the cloud where your moat is, what you do in the cloud. Not necessarily in the, in the IP. Um, Dave LAN and I had last reinvent, coined the term super cloud. Right's got a lot of traction and a lot of people throwing, throwing mud at us, but we were, our thesis was, is that what Snowflake's doing? What Goldmans Sachs is doing. You're starting to see these clouds on top of clouds. So Amazon's got this huge CapEx advantage. And guys like Charles Fitzgerald out there who we like was kind of shitting on us saying, Hey, you guys terrible, they didn't get him. Like, yeah, I don't think he gets it, but that's a whole, can't wait to debate him publicly on this. He's cool. Um, but snowflake is on Amazon. Yes. Now they say they're on Azure now. Cause they've got a bigger market and they're public, but ultimately without a AWS snowflake doesn't exist and, and they're reimagining the data warehouse with the cloud, right? That's the billion dollar opportunity. >>It is. It is. They both are very tight. So imagine what Frank has done at snowflake and Amazon. So if I'm a startup today, I want to everything on Amazon where possible whatever is, I cannot build, I'll make the pass layer. Remember the middle layer pass will be snowflake so I can build it on snowflake. I can use them for data layer. If I really need do size, I'll build it on force.com Salesforce. Yeah. Right. So I think that's where you'll. >>So basically the, the, if you're an entrepreneur, the, the north star in terms of the, the outcome is be a super cloud. It is, That's the application on another big CapEx ride, the CapEx of AWS or >>Cloud, and that reduce your product development, your go to market and you get use the snowflake marketplace to drive your engagement. >>Yeah. Yeah. How are, how is Amazon and the clouds dealing with these big whales, the snowflakes of the world? I mean, I know they got a great relationship, uh, but snowflake now has to run a company they're public. Yeah. So, I mean, I'll say, I think they had Redshift. Amazon has got Redshift, um, but snowflakes, a big customer and the they're probably paying AWS, I think bills too. So >>John video it's like whole Netflix is, and Amazon prime Netflix runs on Amazon, but Amazon has Amazon prime that co-optation will be there. So Amazon will have Redshift, but Amazon is also partnering with, uh, snowflake to have native snowflake data warehouses, a data layer. So I think depending on the applic use case, you have to use each of the above. I think snowflake is here for a long term. So if I'm building an application, I want to use snowflake then, right. Think from stats. >>Well, I think that it comes back down to entrepreneurial hustle. Do you have a better product? Right. Product value will ultimately determine it as long as the cloud doesn't, You know, foreclose your value. That's right. With some sort of internal hack. But I think, I think the general question that I have is that I, I think it's okay to have a super cloud like that because the rising tide is still happening. Some point, when does the rising tide stop >>And >>The people shopping up their knives, it gets more competitive or is it just an infinite growth cycle? >>I think it's growth. You call it cloud scale. You invented the word cloud scale. So I think, look, cloud will continually agree, increase. I think there's, as long as there are more movement from on, uh, on-prem to the classical data center, I think there's no reason at this point, the rumor, the old lift and shift that's happening in like my business. I see people lift and shifting from the it operations, it helpless, even the customer service service now and, uh, ticket data from BMCs CAS like Microfocus, all those workloads are shifted to the cloud, right? So ticketing system is happening. Cloud system of record is happening. So I think this train has still a long way to go >>Made. I wanna get your thoughts for the folks watching that are, uh, enterprise buyers or practitioners, not suppliers to the market, feel free to text me or DMing next. Question's really about the buying side, which is if I'm a customer, what's the current, um, appetite for startup products, cuz you know, the big enterprises now and you know, small, medium, large, and large enterprise, they're all buying new companies cuz a startup can go from zero to relevant very quickly. So that means now enterprises are engaging heavily with startups. What's it like what's is there a change in order of magnitude of the relationship between startup selling to, or growing startup selling to an enterprise? Um, have you seen changes there? I mean I'm seeing some stuff, but why don't we get your thoughts on that? What, no, it >>Is. If I remember going back to our 2007 or eight, when I used to talk to you back then and Amazon started very small, right? We an Amazon summit here. So I think enterprises on the average used to spend nothing with startups. It's almost like 0% or one person today. Most companies are already spending 20, 30% with startups. Like if I look at a CIO, a line of business it's gone. Yeah. Can it go more? I think it can double in the next four, five years. Yeah. Spending on the startups. >>Yeah. And check our, uh, AWS startups.com. That's a site that we built for the startup community for buyers and startups. And I want get your reaction because I, I reference the URL cause it's like, there's like a bunch of companies we've been promoting because the solutions that startups have actually are new stuff. Yes. It's bending, it's shifting left for security or using data differently or are um, building tools and platforms for data engineering. Right. Which is a new persona that's emerging. So you know, a lot of good resources there. Um, and goes back now to the data question. Now, getting back to your, what you're working on now is what's your thoughts around this new, um, data engineering persona. You mentioned a AIOps we've been seeing AOPs IOPS blue booming and that's creating a new developer paradigm that's right. Which we call and coin data as code data as code is like infrastructure as code, but it's for data, right? It's developing with data, right? Retraining machine learnings, going back to the data lake, getting data to make, to do analysis, to make the machine learning better post event or post action. So this, this to engineers like an SRE for data, it's a new, scalable role we're seeing. Do you see the same things? Do you agree? Um, do you disagree or can you share >>Yourself? I, no, I have a lot of thoughts that first is I see the AOP solutions in the future should be not looking back. I need to be like we are in San Francisco bay. That means earthquake prediction. Right? I want AOPs to predict when the outages are gonna happen. When there's a performance issue. I don't think most AOPs vendors have not gone through it. Like I spend a lot of time with data dog, Cisco app dynamic, right? Dynatrace, all this solution will go future towards predict to proactive solution with AOPs. But what you bring of a very good point on the data side, I think like we have a Amazon marketplace and for startup, there should be data exchange where you want to create for AOPs and AI service desk customers that give the data, share the data because we thought the data algorithms are useless. I can come the best algorithm, but I gotta train them, modify them, tweak them, make >>Them >>Better, make them better. Yeah. And I think there are a whole data exchange is the industry has not thought through something you and me talk many times. Yeah. Yeah. I think the whole, that data is very important. >>You've always been on, on the Vanguard of data because, uh, it's been really fun. Yeah. >>Going back to big data days back in 2009, you know, >>Look at, look how much data bricks has grown. >>It is double, the >>Key cloud air kinda went private, so good stuff. But what are you working on right now? Give a, give a, um, plug for what you're working on. You'll still invest strength. >>I do still invest, but look, I'm a hundred percent on ISRA right now. I'm the CEO there. Yeah. Okay. >>So >>Right. ISRA is my number one baby right now. So I'm looking at that growing customers and my customers. Some of them you like it's zoom auto desk, MacAfee, uh, grantor. So all the top customers, um, mainly for it help desk customer service ops. Those are three product lines and going after enterprise and commercial deals. >>And when should someone buy your product? What what's their need? What category is it? >>I think the look whenever somebody needs to buy the product is if you need AOP solution to predict, keep your lights on, predict ours one area. If you want to improve employee experience, you are using a slack teams and you want to automate all your workflows. That's another value. Prop. Third is customer service. You don't want to hire more people to do it. Some of the areas where you want to scale your company, grow your company, eliminate the cost customer service. >>Great stuff, man. Great to see you. Thanks for coming on. Congratulations on the success of your company and your investments. Thanks for coming on the key. Okay. I'm John fur here at the cube live in San Francisco for day one of two days of coverage of Aish summit 2022. And we're gonna be at a summit in San, uh, in New York in the summer. So look for that on this calendar, of course, go to Aish startups.com and mention that it's ay for all the hot startups and of course the cube.net and Silicon angle.com. Thanks for watching. We'll be back more coverage after this short break.

>> Announcer: Live from Orlando, Florida, it's the Cube. Covering Servicenow, Knowledge 17. Brought to you by Servicenow. >> Welcome back to Orlando everybody this is the Cube the leader in live tech coverage, we go out to the events, we extract the signal from the noise, and we are here for our fifth year at Knowledge this is Knowledge 17, Sean Convery's here he's the general manager of the security business unit at Servicenow, an area that I'm very excited about Shawn. Welcome back to the Cube, it's good to see you again. >> It's great to be here, thanks for having me. >> So let's see you guys launched last year at RSA we talked in depth at Servicenow Knowledge about what you guys were doing. You quoted a stat the other day which I thought was pretty substantial at the financial analyst meeting, 1.1 million job shortfall in cyber. That is huge. That's the problem that you're trying to address. >> Well it's unbelievable, I was- you know we were just doing the keynote earlier this morning and I was recounting, most people in security get in it because they have some, you know desire to save the world right? To to- they watched a movie, they read a book, they're really excited and motivated to come in- >> What's was yours, was it comic book, was it- >> It was, uh, War Games with Matthew Broderick, I was 10 years old which totally dates me, movie came out in '83 so nobody has to look it up. (laughing) And you know I was just, you know blown away by this idea of using technology and being able to change things and the trouble is analysts show up to work and they don't have that experience, and nobody's expected, but they're not even close right? They wind up being told okay here's all this potential phishing email, we'd like you to spend 20 minutes on each one trying to figure out if it actually is phishing. And there's 600 messages. So tell me when you're done and I'll give you the next 600 messages. And so it's not motivating >> Not as sexy as War Games. >> It's not as sexy as War Games exactly. And then the CICO's say, well I can't even afford the people who are well trained. So I hire people right out of school, it takes me six months to train them, they're productive for six months, and then they leave for double their salary. So you wind up with a, sort of a 50 percent productivity rate out of you new hires, and it's just, it's just a recipe for for the past right? You know, we need to think more about how we, how we change things. >> So let's sort of remind our audience in terms of security, you're not building firewalls, you're not, you know competing with a lot of the brand name securities like MacAfee or FireEye, or Palo Alto networks, you're complementing them. Talk about where you fit in the security ecosystem. >> Sure. So if you boil down the entire security market, you can really think about protection and detection as the main two areas, so protection think of a firewall, an antivirus, something that stops something bad, and think of detection as uh, I'm going to flag potentially bad things that I think are bad but I'm not to certain that I want to absolutely stop them. And so what that does is it creates a queue of behavior that needs to be analyzed today by humans, right? So this is where the entire SIM market and everything else was created to aggregate all those alerts. So once you've got the alerts, you know awesome, but you've got to sort of walk thought them and process them. So what Servicenow has focused on is the response category. And visualization, aggregation is nice, but will be much better is to provide folks the mechanism to actually respond to what's happening. Both from a vulnerability standpoint, and from an incidence standpoint. And this is really where Servicenow's expertise shines because we know workflow, we know automation, we know about system of action, right? So that's our pedigree and IT frankly is several years ahead of where the security industry is right now until we can leverage that body of expertise not just with Servicenow, but with now all of our partners to help accelerate the transformation for security team. >> So I got to cut right to the chase. So last year we talked about- and of course every time we get a briefing for instance from a security vendor, where- we're given a stat that is on average it takes 200 sometimes you've seen as high as 300 but let's say 200 days to detect an incident then the answer is so buy our prevention, or our detection solution. >> Yeah. >> I asked you last year and I tweeted out, you know a couple days ago is, has Servicenow affected that? Can you affect- I asked you last year, can you affect that, can you compress that timeframe, you said "we think so." Um what kind of progress have you made? >> Sure so you have to remember about that 200 day stat that that is a industry average across all incidents right? So the Ponemon institute pulls this data together once a year, they survey over 300 companies, and they found that I think it's 206 days is the average right now. And so to identify an- a breach, and then another 75 days to contain it. So together it's nine months, which is a frighteningly long period of time. And so what we wanted to do is measure across all of our productions security operations customers what is their average time to identify and time to contain. So it turns out, it's so small we have to convert it to hours. It's 29 hours to identify, 33 hours to contain, which actually is a 160x improvement in identification, and a 50x improvement in containment. And so we're really excited about that. But you know, frankly, I'm not satisfied. You know, I'm still measuring in hours. Granted we've moved from months to hours, but I want it from hours, to minutes, to seconds, and really, you know we can show how we can do that in minutes today with certain types of attacks. But, there's still the long breaches. >> That's a dramatic reduction, you know I know it's, that 206 whatever it is is an average of averages. >> For sure. >> But the delta between what you're seeing and your customer base is not explainable by, oh well the Servicenow customers just happen to be better at it or lucky year, it's clearly an impact that you're having. >> Well sure, let's be you know as honest as we can be here right? The, you know the people who are adopting security operations are forward thinking security customers so you would expect that they're better, right? And so your- there program should already be more mature than the average program. And if you look across those statistics, like 200 and some days, you know that includes four year long breaches, and it also includes companies that frankly don't pay as much attention to security as they should. But even if you factor all of that out, it's still a massive massive difference. >> So if I looked at the bell curve of your customers versus some of the average in that survey, you'd see, the the shift, the lump would shift way to the left, right? >> Correct. Correct. And, and you know we actually have a customer, Ron Wakely from ANP Financial Services out of Australia, who was just up on stage talking about a 60 percent improvement in his vulnerability and response time. So from identifying the vulnerabilities via Quaales, Rapid 7, Tenable, whoever their scanning vendor is, all the way through IT patching, 60 percent faster, and given that, I think it's something like 80 percent of vulnerabi- or 80 percent of attacks, come from existing vulnerabilities, that's big change. >> So do get- you got to level it when you're measuring things and you change the variable that you're measuring, as opposed to the number, right? That means you're doing a good thing. So to go from, from hours to minutes, is it continuous improvement, or are there some big, you know potential challenges that you can see that if you overcome those challenges, those are going to give you some monumental shifts in the performance. >> I, I think we're ready. I think when we come back next year, the numbers will be even better and this is why, so many of our customers started by saying "I have no process at all, I have manual, you know I'm using spreadsheets, and emails, and notebooks, you know, and trying to manage the security incident when it happens." So let me just get to a system of action, let me get to a common place where I can do all of this investigation. And that's where most of our production customers are so if you look across the ones who gave us the 29 hour and the 33 hour set, that really just getting that benefit from having a place for everybody to work together where we're going, but this is already shipping in our product is the ability to automate the investigation, so back to, back to the, you know, the poor 10 year old who didn't get to save the world, you know, now he gets to say, this entire investigation stage is entirely automated. So if I hand an analyst, for example, an infected server, there's 10 steps they need to do before they even make a decision on anything right? They have to get the network connections, get the running processes, compare them to the processes that should be on the system, look up on a reputation site all the ones that are wrong like all these manual steps. We can automate that entire process so that the analyst gets to make the decision, he's sort of presented the data, here's the report, now decide. The analogy I always use is the, the doctor who's sort of rushing down in an ER show, and somebody hands him an MRI or an X-ray and he's looking at it, you know, through the fluorescent, you know, lights as he's walking and he's like "oh" you know "five millileters of" whatever and "do this" right? >> Right. >> That's the way an analyst wants to work right? They want the data so they can decide. >> I tell you this is the classic way that machines help people do better work right? Which we hear about over and over and over. Let the machines do the machine part, collecting all the shitty boring data, um, and then present you know the data to the person to make the decision. >> Absolutely. >> Probably with recommendations as well right? With some weighted average recommendations >> Yeah and this is where it gets really exciting, because the more we start automating these tasks, you know the human still wants to make the decision but as we grow and grow this industry, one of the benefits of us being in a cloud, is we can start to measure what's happening across all of our customers, so when attack X occurs, this is the behavior that most of our customers follow, so now if you're a new customer, we can just say "in your industry, customers like you tend to do this". >> Right. >> Right? And really excited by what our engineering team is starting to put together. >> Do you have a formal, or at some point maybe down the road a formal process where customers can opt in to an aggregation of, you know we're all in this together we're probably going to share our breach data with one another so that we can start to apply a lot more data across properties to come to better resolutions quicker. >> Well we actually announced today something called trusted security circles. So this is a capability to allow all of our customers to share indicators, so when you're investigating an issue, the indicators are something that are called an indicator of compromise, or an IOC, so we can share those indicators between customers, but we can do that in an anonymous way right? And so you know, the analogy I give you is, what do you do when you lose power in your house? Right? You grab the flashlight, you check the breakers, and then you look out the window, because what are you trying to find out? >> Is anybody else out? >> Is anybody else out exactly. So, you can't do that in security, you're all alone, because if you disclose anything, you risk putting your company further in a bad spot right? Cause now it's reputation damage, somebody discloses the information, so now we've been able to allow people to do this anonymously right so it's automatic. I share something with both of you, you only see that I shared if it's relevant, meaning the service now instance found it in your own environment, and then if all three of us are in a trusted circle, when any one of us shares, we know it was one of the three, but we don't know which one. So the company's protected. >> So just anecdotally when I speak to customers, everybody still is spending more on prevention than on detection. And there's a recognition that that has to shift, and it's starting to. Now you're coming in saying, invest in response. Which, remember from our conversation last year is right on I'm super excited about that because I think the recognition must occur at the board room that you are going to get infiltrated it's the response that is going to determine the quality of your security. And you still have to spend on prevention and detection. But as you go to the market, first of all can you affirm or deny that you're seeing that shift from prevention to detection in spending, is it happening sort of fast enough, and then as you go in and advise people to think about spending on responding, what's their reaction? What are you finding is the, are the headwinds and what's the reception like? >> Sure. So you know to answer your first question about protection to detection, I would say that if you look at the mature protection technologies, right they are continuing to innovate, but certainly what you would expect a firewall to do this year, is somewhat what you expected it to do last year. But the detection category really feels like where there's a lot of innovation, right? So you're seeing you know new capabilities on the endpoint side network side, anomol- you're just seeing all sorts of diff- >> Analytics. >> Analytics, absolutely. And so uh, I do see more spent simply because more of these attacks are too, too nasty to stop, right? You sort of have to detect them and do some more analysis before you can make the decision. To your second question about, you know, what's the reception been when we started talking about response. You know, I haven't had a single meeting with a customer where they haven't said, "wow" like "we need that", right? It was very- I've never had anybody go "Well yeah our program is mature, we're fine, we don't need this." Um, the question is always just where do we start? And so we see, you know vulnerability management as one great place to start incident response is another great place to start. We introduced the third way to start, just today as well. We started shipping this new capability called vendor risk management, which actually acknowledges the the, you know we talked about the perimeter list network what five years ago? Something like that, we're saying oh the perimeter's gone, you know, mobile devices, whatever. But there's another perimeter that's been eroding as well, which is the distinction between a corporate network and your vendors and suppliers. And so your vendors and suppliers become massive sources of potential threat if they're not protected. And so the assessment process, you know, there's telcos who have 50,000 vendors. So you think about the exposure of that many companies and the process to figure out, do they have a strong password policy, right? Do they follow the best practices around network security, those kinds of things, we're allowing you to manage that entire process now. >> So you're obviously hunting within the service now customer-based presumably, right? You want to have somebody to have the platform in order to take advantage of your product. >> Sure. >> Um, could you talk about that dynamic, but also other products that you integrate with. What are you getting from the customers, do I do I have this capability- this is who I use for firewall who I use for detection do you integrate them, I'm sure you're getting that a lot. Maybe talk to that. >> Sure sure. So first off, it's important to share that the Servicenow platform as a whole is very easy to integrate with. There's API's throughout the entire system, you know we can very easily parse even emails, we have a lot of customers that you know have an email generated from an alert system, and we can parse out everything in the email and map it right into a structured workflow, so you can kind of move from unstructured email immediately into now it's in service now. But we have 40 vendors that we directly integrate with today and when I was here about a year ago, I think that number was maybe three or two. And so we're up at 40 now, and that really encompasses a lot of the popular products so we can for example, you know, a common use case, we talked about phishing a little bit right? You know, let me process a potential phishing email, pull out the URL, the subject line, all the things that might indicate bad behavior, let me look them up automatically on these public threat sources like Virus Total or Meta Defender, and then if the answer is they don't think it's bad, I can just close the incident right? If they think it's bad, now I can ask the Palo Alto Firewall, are you already blocking this particular URL, and if the Palo Alto Firewall says "yeah I was already blocking it", again you can close the incident. Only the emails that were known to be bad, and your existing perimeter capabilities didn't stop, did you need to involve people. >> I have to ask you, it goes back to the conversation we had with Robert Gates last year, but I felt like Stuxnet was this milestone, where the, the game just got escalated big time. And it went from sort of harmless, sometimes not harmless, really up the level of risk. Because now others, you know the bad guys really dug into what they could do, and it became pretty substantial. I was asking Gates generally about some future warfare in cyber, and he, this is obviously before the whole Russian hacking, but certainly Snowden and Wikileaks and so fourth was around. And he said, "The United States has to be very careful about how it responds. We have maybe many more capabilities but if we show our hand, others are going to see those weapons, and have access to those weapons, cause it's digital." I wonder as a security expert if you could sort of comment on the state of security, the future of that threat generically, or generally. Where do you see that going? >> Well there's a couple of things that come to mind as you're talking. Uh, one is you're right, Stuxnet was an eye opener I think for a lot of people in the industry that that, that these kinds of vulnerabilities are being used for, you know nation state purposes rather than, you know just sort of, uh random bad behavior. So yeah I would go back to what I said earlier and say that, um, we have to take the noise, the mundane off the table. We have to automate that, you're absolutely right. These sort of nation state attackers, if you're at a Global 2000 organization, right your intellectual property is valuable, the data you have about your employees is valuable, right all this information is going to be sought by competitors, by nation states, you have to be able to focus on those kinds of attacks, which back to my kind of War Games analogy, like that's what these people wanted to do, they wanted to find the needle in the haystack, and instead they're focusing on something more basic. And so I think if we can up the game, that changes things. The second, and really interesting thing for me is this challenge around vulnerability, so you talked about Gates saying that he has to be careful sort of how much he tips his hand. I think it was recently disclosed that the NSA had a stockpile of vulnerabilities that they were not disclosing to weaponize themselves. And that's a really paradoxical question right? You know, do you share it so that everybody can be protected including your own people, right? Imagine Acrobat, you find some problem in Acrobat, like well do you use it to exploit the enemy, or do you use it to protect your own environment? >> It's quite a dilemma. >> You- it's a huge dilemma cause you're assuming either they have it or they don't have the same vulnerability and so I'm fascinated by how that whole plays out. Yeah, it's a little frightening. >> And you know, in the land of defense, you think okay United States, you know biggest defense, spends the most money, has the, you know the most, you know, amazing machines whatever. Um, but in cyber, you know you presume that's the case, but you don't really know, I think of high frequency trading, you know, it was a lit of Russian mathmeticians that actually developed that, so clearly other states have, you know smart people that can you know create, you know, dangerous threats. And it's, it's- >> You only have to live once to, that's kind of the defense game. You got to defend them all, you have to bat 1000 on the defense side, or you know, get it and react, from the other guys side, he can just pow pow pow pow pow, you just got to get through once. >> So this is why your strategy of response is such a winner. >> Well this is where it comes back to risk as well right? At the end of the day you're right, you know a determined adversary you know, sorry to break it to everybody at some point is going to be able to find some way to do some damages. The question is how do you quantify the various risks within your organization? How do you focus your energy from a technology perspective, from a people standpoint, on the things that have the most potential to do your organization harm, and then, you know there's just no way people can stop everything unless you, you know unplug. >> And then there's the business. Then there's the business part of it too right? Cause this is like insurance when do you stop buying more insurance, you know? You could always invest more at what point does the investment no longer justify the cost because there's no simple answer. >> Well this is where, uh you know, we talked to chief information security officers all the time who are struggling with the board of directors conversation. How do I actually have an emotional conversation that's not mired in data on how things are going? And today they often have to fall back on stats like you know we process 5 million alerts per day, or we have, you know x number of vulnerabilities. But with security operations what they can do is say things like well my mean time to identify, you know was 42 hours, and this quarter it's 14 hours, and so the dollars you gave me, here's the impact. You know I have 50 critical vulnerabilities last quarter, this quarter I have 70, but only on my mission critical system, so that indicates future need to fund or reprioritize, right? So suddenly now you've got data where you can actually have a meaningful conversation about where things are from a posture prospective. >> These are the assets that we've, you know quantified the value of, these are the ones that were prioritizing the protection on and here's why we came up with that priority, let's look at that and, you know agree. >> Exactly. You know large organizations, I was talking to the CISO of a fortune ten, 50 I guess and he was sharing that it takes 40 percent of their time in incident response is spent tracking down who owns the IP address. 40 percent. So imagine, you spent 40 percent of a, you know 25 hour response time investigating who owns the asset, and then you find out it's a lab system, or it's a spare. You just wasted 40 percent of your time. But if you can instead know, oh this is your finance reporting infrastructure, okay you super high priority, let's focus in on that. So this is where the business service mapping, the CMDB becomes such a differentiator, when it's in the hands of our customers. >> Super important topic Sean Convery, thanks very much for coming back in the cube and, uh great work. Love it. >> It's great to be here, thanks for having me. >> Alright keep it right there everybody we'll be right back with our next guest, this is the Cube, we're live from Servicenow Knowledge 17 in Orlando. We'll be right back.

>> Narrator: Live from Boston, Massachusetts, this is theCUBE, covering Spark Summit East 2017. Brought to you by Databricks. Now, here are your hosts, Dave Vellante and George Gilbert. >> Welcome back to day two in Boston where it is snowing sideways here. But we're all here at Spark Summit #SparkSummit, Spark Summit East, this is theCUBE. Sound like an Anglo flagship product. We go out to the event, we program for our audience, we extract the signal from the noise. I'm here with George Gilbert, day two, at Spark Summit, George. We're seeing the evolution of so-called big data. Spark was a key part of that. Designed to really both simplify and speed up big data oriented transactions and really help fulfill the dream of big data, which is to be able to affect outcomes in near real time. A lot of those outcomes, of course, are related to ad tech and selling and retail oriented use cases, but we're hearing more and more around education and deep learning and affecting consumers and human life in different ways. We're now 10 years in to the whole big data trend, what's your take, George, on what's going on here? >> Even if we started off with ad tech, which is what most of the big internet companies did, we always start off in any new paradigm with one application that kind of defines that era. And then we copy and extend that pattern. For me, on the rethinking your business the a McGraw-Hill interview we did yesterday was the most amazing thing because they took, what they had was a textbook business for their education unit and they're re-thinking the business, as in what does it mean to be an education company? And they take cognitive science about how people learn and then they take essentially digital assets and help people on a curriculum, not the centuries old sort of teacher, lecture, homework kind of thing, but individualized education where the patterns of reinforcement are consistent with how each student learns. And it's not just a break up the lecture into little bits, it's more of a how do you learn most effectively? How do you internalize information? >> I think that is a great example, George, and there are many, many examples of companies that are transforming digitally. Years and years ago people started to think about okay, how can I instrument or digitize certain assets that I have for certain physical assets? I remember a story when we did the MIT event in London with Andy MacAfee and Eric Binyolsen, they were giving the example of McCormick Spice, the spice company, who digitized by turning what they were doing into recipes and driving demand for their product and actually building new communities. That was kind of an interesting example, but sort of mundane. The McGraw-Hill education is massive. Their chief data scientist, chief data scientist? I don't know, the head of engineering, I guess, is who he was. >> VP of Analytics and Data Science. >> VP of Analytics and Data Science, yeah. He spoke today and got a big round of applause when he sort of led off about the importance of education at the keynote. He's right on, and I think that's a classic example of a company that was built around printing presses and distributing dead trees that is completely transformed and it's quite successful. Over the last only two years brought in a new CEO. So that's good, but let's bring it back to Spark specifically. When Spark first came out, George, you were very enthusiastic. You're technical, you love the deep tech. And you saw the potential for Spark to really address some of the problems that we faced with Hadoop, particularly the complexity, the batch orientation. Even some of the costs -- >> The hidden costs. >> Associated with that, those hidden costs. So you were very enthusiastic, in your mind, has Spark lived up to your initial expectations? >> That's a really good question, and I guess techies like me are often a little more enthusiastic than the current maturity of the technology. Spark doesn't replace Hadoop, but it carves out a big chunk of what Hadoop would do. Spark doesn't address storage, and it doesn't really have any sort of management bits. So you could sort of hollow out Hadoop and put Spark in. But it's still got a little ways to go in terms of becoming really, really fast to respond in near real time. Not just human real time, but like machine real time. It doesn't work sort of deeply with databases yet. It's still teething, and sort of every release, which is approximately every 12 to 18 months, it gets broader in its applicability. So there's no question sort of everyone is piling on, which means that'll help it mature faster. >> When Hadoop was first sort of introduced to the early masses, not the main stream masses, but the early masses, the profundity of Hadoop was that you could leave data in place and bring compute to the data. And people got very excited about that because they knew there was so much data and you just couldn't keep moving it around. But the early insiders of Hadoop, I remember, they would come to theCUBE and everybody was, of course, enthusiastic and lot of cheerleading going on. But in the hallway conversations with Hadoop, with the real insiders you would have conversations about, people are going to realize how much this sucks some day and how hard this is and it's going to hit a wall. Some of the cheerleaders would say, no way, Hadoop forever. Now you've started to see that in practice. And the number of real hardcore transformations as a result of Hadoop in and of itself have been quite limited. The same is true for virtually, most anyway, technology, not any technology. I'd say the smartphone was pretty transformative in and of itself, but nonetheless, we are seeing that sort of progression and we're starting to see a lot of the same use cases that you hear about like fraud detection and retargeting as coming up again. I think what we're seeing is those are improving. Like fraud detection, I talked yesterday about it used to be six months before you'd even detect fraud, if you ever did. Now it's minutes or seconds. But you still get a lot of false positives. So we're going to just keep turning that crank. Mike Gualtieri today talked about the efficacy of today's AI and he gave some examples of Google, he showed a plane crash and he said, it said plane and it accurately identified that, but also the API said it could be wind sports or something like that. So you can see it's still not there yet. At the same time, you see things like Siri and Amazon Alexa getting better and better and better. So my question to you, kind of long-winded here, is, is that what Spark is all about? Just making better the initial initiatives around big data, or is it more transformative than that? >> Interesting question, and I would come at it with a couple different answers. Spark was a reaction to you can't, you can't have multiple different engines to attack all the different data problems because you would do a part of the analysis here, push it into a disk, pull it out of a disk to another engine, all of that would take too long or be too complex a pipeline to go from end to the other. Spark was like, we'll do it all in our unified engine and you can come at it from SQL, you can come at it from streaming, so it's all in one place. That changes the sophistication of what you can do, the simplicity, and therefore how many people can access it and apply it to these problems. And the fact that it's so much faster means you can attack a qualitatively different setup of problems. >> I think as well it really underscores the importance of Open Source and the ability of the Open Source community to launch projects that both stick and can attract serious investment. Not only with IBM, but that's a good example. But entire ecosystems that collectively can really move the needle. Big day today, George, we've got a number of guests. We'll give you the last word at the open. >> Okay, what I thought, this is going to sound a little bit sort of abstract, but a couple of two takeaways from some of our most technical speakers yesterday. One was with Juan Stoyka who sort of co-headed the lab that was the genesis of Spark at Berkeley. >> AMPLabs. >> The AMPLab at Berkeley. >> And now Rise Labs. >> And then also with the IBM Chief Data Officer for the Analytics Unit. >> Seth Filbrun. >> Filbrun, yes. When we look at what's the core value add ultimately, it's not these infrastructure analytic frameworks and that sort of thing, it's the machine learning model in its flywheel feedback state where it's getting trained and re-trained on the data that comes in from the app and then as you continually improve it, that was the whole rationale for Data Links, but not with models. It was put all the data there because you're going to ask questions you couldn't anticipate. So here it's collect all the data from the app because you're going to improve the model in ways you didn't expect. And that beating heart, that living model that's always getting better, that's the core value add. And that's going to belong to end customers and to application companies. >> One of the speakers today, AI kind of invented in the 50s, a lot of excitement in the 70s, kind of died in the 80s and it's coming back. It's almost like it's being reborn. And it's still in its infant stages, but the potential is enormous. All right, George, that's a wrap for the open. Big day today, keep it right there, everybody. We got a number of guests today, and as well, don't forget, at the end of the day today George and I will be introducing part two of our WikiBon Big Data forecast. This is where we'll release a lot of our numbers and George will give a first look at that. So keep it right there everybody, this is theCUBE. We're live from Spark Summit East, #SparkSummit. We'll be right back. (techno music)