(upbeat music) >> Narrator: Live from Las Vegas, it's theCUBE, covering Splunk .Conf19. Brought to you by Splunk. >> Welcome to theCUBE everybody, we're here in Las Vegas for Splunk's .Conf, I'm John Furrier, host of theCUBE, here with Lisa Martin for the next three days. Lisa will be here tomorrow and the next day. I'm going to be carrying it solo, this is our seventh year .Conf, Splunk's conference celebrating their 10th year. Our first guest is Melissa Zicopula, vice president of managed services of Herjavec Group. Robert's been on before, welcome to theCUBE. >> Thank you. >> I always get that, Herjavec? >> Herjavec Group. >> Herjavec Group. >> Happy to be here. >> Well known for the Shark Tank, but what's really interesting about Robert and your company is that we had multiple conversations and the Shark Tanks is what he's known for in the celebrity world. >> Melissa: Yes. >> But he's a nerd, he's a geek, he's one of us! (laughing) >> He's absolutely a cyber-security expert in the field, yes. >> So tell us what's going on this year at .Conf obviously security continues to be focus you guys have a booth here, what's the message you guys are sharing, what's the story from your standpoint? >> Yeah, so we do, Herjavec we're focusing on managed security services, where information security is all we do, focusing on 24/7 threat detection, security operations and also threat management. So, we want to be able to demo a lot of our capabilities, we're powered by Splunk, our HG analytics platform uses, heavily uses Splunk on the back end. So we want to be able to showcase for our customers, our clients, our prospects different types of use cases, different types of ways to detect malicious activity, while leveraging the tool itself. >> And data we're been covering since 2013, Splunk's .Conf, it's always been a data problem, but the data problem gets bigger and bigger, there's more volume than ever before which shifts the terms to the adversaries because ransomware is at an all time high. >> Melissa: Sure. >> Data is where the value is, but that's also where the attack vectors are coming from. This isn't going away. >> Absolutely, yeah, we want to focus on not just what type of data you're ingesting into your instance but to also understand what types of log sources you're feeding into your sim today. So we have experts actually focus on evaluating the type of log sources we're bringing in. Everything from IPS, to AV, to firewall you know, solutions into the sim so that way we can build use cases those, to be able to detect different types of activity. We leverage different types of methodologies, one of them is Mitre framework, CIS top 20. And being able to couple those two together it's able to give you a better detection mechanism in place. >> I want to some kind of, clarification questions because we talked to a lot of CSOs and CIOs and and CXOs in general. >> Melissa: Sure. >> The roles are changing, but the acronyms of the providers out in the market place are specializing, some have unique focuses, some have breadth, some have depth, you guys are an MSSPP. So, MSSPP, not to be confused with an MSP. Or ISV, there's different acronyms, what is the difference between an MSSPP versus an MSP? >> Melissa: Correct, so it's, we are a MSSP, which is a Managed Security Service Provider. And what we do is just, we're focused on we're very security-centric. So information, security is all we do everything from threat detection, we even have a consulting advisory role where we're actually doing penetration exams. We're PCI compliant, obviously SOC operations are the bread and butter of our service. Whereas, other MSPs, Managed Services Providers, they can do anything from architecture, network operations in that purview. So, we're focused on more of SIM solutions, endpoint, being able to manage any of your security technologies. And also, monitor them to take a fact into the SOC. >> So you guys are very focused? >> Melissa: Very focused on security. >> Then what's the key decision point for a customer to go with you guys, and what's the supplier relationship to the buyer because they're buying everything these days! >> Melissa: Sure. >> But they want to try and get it narrowed down so the right people are in the right place. >> Melissa: Yeah, so one of the great things about Herjavec Group is we are, you know, we're vendor agnostic, we have tons of experts in, you know, expertise resources that monitor, manage different types of technologies. Whether it's Splunk and other technologies out there, we have a team of people, that are very, very, you know, centric to actually monitor and manage them. >> How big is Splunk, in relative with your services? How involved are they with the scope? >> Melissa: Over 60% of our managed clients today, utilize Splunk, they're heavy Splunk users, they also utilize Splunk ES, Splunk Core, and from a management side, they're implementing them into their service. All of the CSOs and CROs or CIOs are leveraging and using it, not just for monitoring and security but they're also using it in development environments, as well as their network operations. >> So, one of the things I've been, I won't say preaching, because I do tend to preach a lot, but I've been saying and amplifying, is that tools that have come a long in the business and there's platforms and Splunk has always kind of been that, a platform provider, but also a good tool for folks. But, they've been enabling value, you guys have built an app on Splunk, the proprietary solutions. >> Absolutely. >> Could you tell me about that because this is really where the value starts to shift, where domain expertise focused practices and services, like you guys are doing, are building on someone else's platform with data, talk about your proprietary app. >> Absolutely, so we discovered, a few years ago, was that customers needed help getting to the data faster. So we were able to build in built-in queries, you know literally one click, say if you wanted to get to a statistical side of how many data sources are logging your SIM, is the data, you know, modeling complete, you know, is there anything missing in the environment or are there any gaps that we need to fill? You're able to do it by just clicking on a couple of different, you know, buttons within the tool itself. It gives you a holistic view of not just the alerts that are firing in your environment but all the data log sources that are coming into your SIM instance. It's a one stop shop. And also, what's great about it, is that it also powers Splunk ES, so Splunk ES also has similar tools and they are, literally, I mean that tool is so great you can go in, you can look at all the alerts, you can do an audit trail, you can actually do drill-down analysis, you can actually see the type of data like PCAP analysis, to get to the, you know, the type of activity you want to get to on a granular level. So, both tools do it really well. >> So you have hooks into ES, Splunk ES? >> Yes, we can actually see, depending on the instance that it's deployed on, 'cause our app is deployed on top of Splunk for every customer's instance. They're ale to leverage and correlate the two together. >> What are some of the trends in the marketplace that you're seeing with your customers? Obviously, again, volumes are increasing, the surface area of attacks is coming in it's more than log files now, it's, you got traces, you got other metrics >> Melissa: Sure. >> Other things to measure, it's almost It's almost too many alerts, what do you-- >> Yeah, a lot of KPI's. The most important thing that any company, any entity wants to measure is the MTTD, the Mean Time To Detection, and also mean time to resolve, right? You want to be able to ensure that your teams are have everything at their fingertips to get to the answer fast. And even if there's an attack or some type of breach in their environment, to at least detect it and understand where it is so they can quarantine it from spreading. >> What's the biggest surprise that you've seen in the past two years? I mean, 'cause I look back at our interviews with you guys in 2013, no 2015. I mean, the narrative really hasn't changed global security, I mean, all the core, top line stories are there, but it just seems to be bigger. What's the big surprise for you in terms of the marketplace? >> The big surprise for me is that companies are now focusing more on cyber-hygiene. Really ensuring that their infrastructure is you know, up to par, right? Because you can apply the best tools in-house but if you're not cleaning up you know, your backyard (laughing) it's going to get tough. So now we have a lot of entities really focusing and using tools like Splunk you know, to actually analyze what's happening in their environment, to clean up their back of house, I would say and to put those tools in place so they could be effective. >> You know, that's a classic story clean up your own house before you can go clean up others, right? >> Right. >> And what a trend we've been seeing in the marketplace on theCUBE and talking to a lot of practitioners is, and channel partners and suppliers is that, they tend to serve their customers, but they don't clean up their own house and data's moving around so now with the diversity of data, they've got the fabric search, they got all kind of new tools within Splunk's portfolio. >> It's a challenge, and it could be you know, lack of resources, it just means that we have you know, they don't have the right expertise in-house so they used managed security providers to help them get there. For example, if a network, if we identify the network being flat, we can identify you know, how to help them how to be able to kind of, look at the actual security landscape and what we need to do to have good visibility in their environment from places they didn't know existed. >> What's the one, one or two things that you see customers that need to do that, they aren't doing yet? You mentioned hygiene is a trend, what are some other things that that need to be addressed, that are almost, well that could be critical and bad, but are super important and valuable? >> I think now a lot of, actually to be quite honest a lot of our clients today or anyone who's building programs, security programs are getting you know, very mature. They're adopting methodologies, like Mitre Framework, CIS Top 20, and they're actually deploying and they're actually using specific use cases to identify the attacks happening in their environment. Not just from a security-centric standpoint but also from an operations side you know, you could identify misconfigurations in your environment, you can identify things that are you know, just cleaning up the environment as well. >> So, Splunk has this thing called SOAR, Security-- >> Automation. >> Orchestration Automation Recovery, resilience whatever R, I think R stands for that. How does that fit in to your market, your app and what you guys are doing? >> So it definitely fits in basically, being able to automate the redundant, mundane types of tasks that anyone can do, right? So if you think about it, if you have a security operations center with five or 10 analysts, it might take one analyst to do a task, it might take them two or three hours, where you can leverage a tool like Phantom, any type of SOAR platform to actually create a playbook to do that task within 30 seconds. So, not only are you minimizing the amount of you know, head count to do that, you're also you know, using your consistent tool to make that function make that function you know, more, I want to say enhanced. So you can build play books around it, you can basically use that on a daily basis whether it's for security monitoring or network operations, reporting, all that becomes more streamlined. >> And the impact to the organization is those mundane tasks can be demotivating. Or, there's a lot more problems to solve so for productivity, creativity, can you give some examples of where you've seen that shift into the personnel, HR side the human resource side of it? >> Yeah, absolutely so you know, you want to be able to have something consistent in your environment, right? So you don't want others to get kind of, get bored or you know, when you're looking at a platform day in and day out and you're doing the same task everyday, you might miss something. Whereas, if you build an automation tool that takes care of the low hanging fruit, so to speak, you're able to use a human component to put your muscles somewhere else, to find some you know, the human element to actually look for any types of malicious anomalies in the environment. >> How much has teamwork become a big part of how successful companies manage a security threat landscape? >> Very, very important. I mean, you're talking about leveraging different teams on the engineering side, on the operations side, even you know, coupling that with business stakeholders. You absolutely need to get the business involved so they have an understanding of what's critical to their environment, what's critical to their business, and making sure that we're taking security, obviously seriously, which a lot of companies know already, but not impeding on the operation. So doing it safely without having to minimize impact. >> Well let's just, I got to ask you this question around kind of, doing the cutting edge but not getting bled out, bleeding edge, bleeding out and failing. Companies are trying to balance you know, being cutting edge and balancing hardcore security Signal FX is a company that Splunk bought, we've been following them from the beginning. Strong tracing, great in that cloud native environment. So cloud native with micro services is super hot in areas you know, people see with Kubernetes and so on happening, kind of cutting edge though! >> Melissa: Right. >> You don't want to be bleeding edge 'cause there's some risks there too so, how do you guys advise your clients to think about cloud native with Splunk and some of the things that they're there but as the expression goes "there's a pony in there somewhere" but it's risky still, but certainly it's got a lot of promise. >> Yeah, you know, it's all about you know, everyone's different, every environment's different. It's really about explaining those options to them what they have available, whether they go on the cloud, whether they stay on-prem, explaining them from a cost perspective, how they can implement that solution, and what the risks are involved if they had and how long that will take for them to implement it in their environment. >> Do you see a lot of clients kicking the tires in cloud native? >> A lot of customers are migrating to cloud. One, because they don't have to keep it in a data warehouse, they don't have to have somebody manage it, they don't have to worry about hardware or licenses, renewals, all that. So, it's really easy to spin up a you know, a cloud instance where they can just keep a copy of it somewhere and then configure it and manage it and monitor it. >> Melissa, great insight, and love to have you on theCUBE, I got to ask you one final question >> Melissa: Sure. >> As a, on a personal note well, personal being you're in the industry you know, I hear a lot of patterns out there, see a lot of conversations on theCUBE. One consistent theme is the word scale. Cloud brings scale to the table, data scaling, so data at scale, cloud at scale, is becoming a reality for customers, and they got to deal with it. And this also impacts the security piece of it. What are some of the things that you guys and customers are doing to kind of one, take advantage of that wave but not get buried into it? >> Absolutely, so you just want to incorporate into the management life cycle, you know you don't want to just configure then it's one and done, it's over. You want to be able to continually monitor what's happening quarter over quarter you know, making sure that you're doing some asset inventory, you're managing your log sources, you have a full team that's monitoring, keeping up with the processes and procedures, and making sure that you know, you're also partnering with a company that can can follow you you know, year over year and build that road map to actually see what you're building your program, you know. >> So here's the personal question now, so, you're on this wave, security wave. >> Melissa: Sure. >> It's pretty exciting, can be intoxicating but at the same time, it's pretty dynamic. What are you excited about these days in the industry? What's really cool that you're getting jazzed about? What's exciting you in the industry these days? >> Automation, absolutely. Automation, being able to build as many playbooks and coupling that with different types of technologies, and you know, like Splunk, right? You can ingest and you can actually, automate your tier one and maybe even a half of a tier two, right, a level two. And that to me is exciting because a lot of what we're seeing in the industry now is automating as much as possible. >> And compare that to like, five years ago in terms of-- >> Oh absolutely, you know, SOAR wasn't a big thing five years ago, right? So, you had to literally sit there and train individuals to do a certain task, their certain function. And then you had to rely on them to be consistent across the board where now, automation is just taken that to the next level. >> Yeah it's super exciting, I agree with you. I think automation, I think machine learning and AI data feeds, machine learning. >> Michelle: Right. >> Machine learning is AI, AI is business value. >> Being able to get to the data faster, right? >> Awesome, speed, productivity, creativity, scale. This is the new formula inside the security practice I'm John Furrier with theCUBE. More live coverage here for the 10th anniversary of Splunk .Conf, our seventh year covering Splunk from a start-up, to going public, to now. One of the leaders in the industry. I'm John Furrier, we'll be right back. (techno music)