>> Is and who we are today as as a country, as a universe. >> Narrator: Congratulations Reggie Jackson, (inspirational music) you are a CUBE alumni. (upbeat music) >> Announcer: Live from Las Vegas it's theCUBE covering Splunk.Conf19. Brought to you by Splunk. >> Okay, welcome back everyone it's theCUBE's live coverage here in Las Vegas for Splunk.Conf19. I am John Furrier host of theCUBE. It's the 10th Anniversary of Splunk's .Conf user conference. Our 7th year covering it. It's been quite a ride, what a wave. Splunk keeps getting stronger and better, adding more features, and has really become a powerhouse from a third party security standpoint. We got a C-SO in theCUBE on theCUBE today. Chief Information Security, John Frushour Deputy Chief (mumbles) New York-Presbyterian The Award Winner from the Data to Everywhere Award winner, welcome by theCube. >> Thank you, thank you. >> So first of all, what is the award that you won? I missed the keynotes, I was working on a story this morning. >> Frushour: Sure, sure. >> What's the award? >> Yeah, the Data Everything award is really celebrating using Splunk kind of outside its traditional use case, you know I'm a security professional. We use Splunk. We're a Splunk Enterprise Security customer. That's kind of our daily duty. That's our primary use case for Splunk, but you know, New York Presbyterian developed the system to track narcotic diversion. We call it our medication analytics platform and we're using Splunk to track opioid diversion, slash narcotic diversions, same term, across our enterprise. So, looking for improper prescription usage, over prescription, under prescription, prescribing for deceased patients, prescribing for patients that you've never seen before, superman problems like taking one pill out of the drawer every time for the last thirty times to build up a stash. You know, not resupplying a cabinet when you should have thirty pills and you only see fifteen. What happened there? Everything's data. It's data everything. And so we use this data to try to solve this problem. >> So that's (mumbles) that's great usage we'll find the drugs, I'm going to work hard for it. But that's just an insider threat kind of concept. >> Frushour: Absolutely. >> As a C-SO, you know, security's obviously paramount. What's changed the most? 'Cause look at, I mean, just looking at Splunk over the past seven years, log files, now you got cloud native tracing, all the KPI's, >> Frushour: Sure. >> You now have massive volumes of data coming in. You got core business operations with IOT things all instrumental. >> Sure, sure. >> As a security offer, that's a pretty big surface area. >> Yeah. >> How do you look at that? What's your philosophy on that? >> You know, a lot of what we do, and my boss, the C-SO (mumbles) we look at is endpoint protection and really driving down to that smaller element of what we complete and control. I mean, ten, fifteen years ago information security was all about perimeter control, so you've got firewalls, defense and depth models. I have a firewall, I have a proxy, I have an endpoint solution, I have an AV, I have some type of data redaction capability, data masking, data labeling capability, and I think we've seen.. I don't think security's changed. I hear a lot of people say, "Oh, well, information security's so much different nowadays." No, you know, I'm a military guy. I don't think anything's changed, I think the target changed. And I think the target moved from the perimeter to the endpoint. And so we're very focused on user behavior. We're very focused on endpoint agents and what people are doing on their individual machines that could cause a risk. We're entitling and providing privilege to end users today that twenty years ago we would've never granted. You know, there was a few people with the keys to the kingdom, and inside the castle keep. Nowadays everybody's got an admin account and everybody's got some level of privilege. And it's the endpoint, it's the individual that we're most focused on, making sure that they're safe and they can operate effectively in hospitals. >> Interviewer: What are some of the tactical things that have changed? Obviously, the endpoint obviously shifted, so some tactics have to change probably again. Operationally, you still got to solve the same problem: attacks, insider threats, etc. >> Frushour: Yeah. >> What are the tactics? What new tactics have emerged that are critical to you guys? >> Yeah, that's a tough question, I mean has really anything changed? Is the game really the game? Is the con really the same con? You look at, you know, titans of security and think about guys like Kevin Mitnick that pioneered, you know, social engineering and this sort of stuff, and really... It's really just convincing a human to do something that they shouldn't do, right? >> Interviewer: Yeah. >> I mean you can read all these books about phone freaking and going in and convincing the administrative assistant that you're just late for meeting and you need to get in through that special door to get in that special room, and bingo. Then you're in a Telco closet, and you know, you've got access. Nowadays, you don't have to walk into that same administrative assistant's desk and convince 'em that you're just late for the meeting. You can send a phishing email. So the tactics, I think, have changed to be more personal and more direct. The phishing emails, the spear phishing emails, I mean, we're a large healthcare institution. We get hit with those types of target attacks every day. They come via mobile device, They come via the phishing emails. Look at the Google Play store. Just, I think, in the last month has had two apps that have had some type of backdoor or malicious content in them that got through the app store and got onto people's phones. We had to pull that off people's phones, which wasn't pretty. >> Interviewer: Yeah. >> But I think it's the same game. It's the same kind to convince humans to do stuff that they're not supposed to do. But the delivery mechanism, the tactical delivery's changed. >> Interviewer: How is Splunk involved? Cause I've always been a big fan of Splunk. People who know me know that I've pretty much been a fan boy. The way they handle large amounts of data, log files, (mumbles) >> Frushour: Sure. >> and then expand out into other areas. People love to use Splunk to bring in their data, and to bring it into, I hate to use the word data leg but I mean, Just getting... >> Yeah >> the control of the data. How is data used now in your world? Because you got a lot of things going on. You got healthcare, IOT, people. >> Frushour: Sure, sure. >> I mean lives are on the line. >> Frushour: Lives are on the line, yeah. >> And there's things you got to be aware of and data's key. What is your approach? >> Well first I'm going to shamelessly plug a quote I heard from (mumbles) this week, who leads the security practice. She said that data is the oxygen of AI, and I just, I love that quote. I think that's just a fantastic line. Data's the oxygen of AI. I wish I'd come up with it myself, but now I owe her a royalty fee. I think you could probably extend that and say data is the lifeline of Splunk. So, if you think about a use case like our medication analytics platform, we're bringing in data sources from our time clock system, our multi-factor authentication system, our remote access desktop system. Logs from our electronic medical records system, Logs from the cabinets that hold the narcotics that every time you open the door, you know, a log then is created. So, we're bringing in kind of everything that you would need to see. Aside from doing something with actual video cameras and tracking people in some augmented reality matrix whatever, we've got all the data sources to really pin down all the data that we need to pin down, "Okay, Nurse Sally, you know, you opened that cabinet on that day on your shift after you authenticated and pulled out this much Oxy and distributed it to this patient." I mean, we have a full picture and chain of everything. >> Full supply chain of everything. >> We can see everything that happens and with every new data source that's out there, the beauty of Splunk is you just add it to Splunk. I mean, the Splunk handles structured and unstructured data. Splunk handles cis log fees and JSON fees, and there's, I mean there's just, it doesn't matter You can just add that stream to Splunk, enrich those events that were reported today. We have another solution which we call the privacy platform. Really built for our privacy team. And in that scenario, kind of the same data sets. We're looking at time cards, we're looking at authentication, we're looking at access and you visited this website via this proxy on this day, but the information from the EMR is very critical because we're watching for people that open patient records when they're not supposed to. We're the number five hospital in the country. We're the number one hospital in the state of New York. We have a large (mumbles) of very important people that are our patients and people want to see those records. And so the privacy platform is designed to get audit trails for looking at all that stuff and saying, "Hey, Nurse Sally, we just saw that you looked at patient Billy's record. That's not good. Let's investigate." We have about thirty use cases for privacy. >> Interviewer: So it's not in context of what she's doing, that's where the data come in? >> That's where the data come in, I mean, it's advanced. Nurse Sally opens up the EMR and looks at patient Billy's record, maybe patient Billy wasn't on the chart, or patient Billy is a VIP, or patient Billy is, for whatever reason, not supposed to be on that docket for that nurse, on that schedule for that nurse, we're going to get an alarm. The privacy team's going to go, "Oh, well, were they supposed to look at that record?" I'm just giving you, kind of, like two or three uses cases, but there's about thirty of them. >> Yeah, sure, I mean, celebrities whether it's Donald Trump who probably went there at some point. Everyone wants to get his taxes and records to just general patient care. >> Just general patient care. Yeah, exactly, and the privacy of our patients is paramount. I mean, especially in this digital age where, like we talked about earlier, everyone's going after making a human do something silly, right? We want to ensure that our humans, our nurses, our best in class patient care professionals are not doing something with your record that they're not supposed to. >> Interviewer: Well John, I want to hear your thoughts on this story I did a couple weeks ago called the Industrial IOT Apocalypse: Now or Later? And the provocative story was simply trying to raise awareness that malware and spear phishing is just tactics for that. Endpoint is critical, obviously. >> Sure. >> You pointed that out, everyone kind of knows that . >> Sure. >> But until someone dies, until there's a catastrophe where you can take over physical equipment, whether it's a self-driving bus, >> Frushour: Yeah. >> Or go into a hospital and not just do ransom ware, >> Frushour: Absolutely. >> Actually using industrial equipment to kill people. >> Sure. >> Interviewer: To cause a lot of harm. >> Right. >> This is an industrial, kind of the hacking kind of mindset. There's a lot of conversations going on, not enough mainstream conversations, but some of the top people are talking about this. This is kind of a concern. What's your view on this? Is it something that needs to be talked about more of? Is it just BS? Should it be... Is there any signal there that's worth talking about around protecting the physical things that are attached to them? >> Oh, absolutely, I mean this is a huge, huge area of interest for us. Medical device security at New York Presbyterian, we have anywhere from about eighty to ninety thousand endpoints across the enterprise. Every ICU room in our organization has about seven to ten connected devices in the ICU room. From infusion pumps to intubation machines to heart rate monitors and SPO2 monitors, all this stuff. >> Interviewer: All IP and connected. >> All connected, right. The policy or the medium in which they're connected changes. Some are ZP and Bluetooth and hard line and WiFi, and we've got all these different protocols that they use to connect. We buy biomedical devices at volume, right? And biomedical devices have a long path towards FDA certification, so a lot of the time they're designed years before they're fielded. And when they're fielded, they come out and the device manufacturer says, "Alright, we've got this new widget. It's going to, you know, save lives, it's a great widget. It uses this protocol called TLS 1.0." And as a security professional I'm sitting there going, "Really?" Like, I'm not buying that but that's kind of the only game, that's the only widget that I can buy because that's the only widget that does that particular function and, you know, it was made. So, this is a huge problem for us is endpoint device security, ensuring there's no vulnerabilities, ensuring we're not increasing our risk profile by adding these devices to our network and endangering our patients. So it's a huge area. >> And also compatible to what you guys are thinking. Like I could imagine, like, why would you want a multi-threaded processor on a light bulb? >> Frushour: Yeah. >> I mean, scope it down, turn it on, turn it off. >> Frushour: Scope it down for its intended purpose, yeah, I mean, FDA certification is all about if the device performs its intended function. But, so we've, you know, we really leaned forward, our CSO has really leaned forward with initiatives like the S bomb. He's working closely with the FDA to develop kind of a set of baseline standards. Ports and protocols, software and services. It uses these libraries, It talks to these servers in this country. And then we have this portfolio that a security professional would say, "Okay, I accept that risk. That's okay, I'll put that on my network moving on." But this is absolutely a huge area of concern for us, and as we get more connected we are very, very leaning forward on telehealth and delivering a great patient experience from a mobile device, a phone, a tablet. That type of delivery mechanism spawns all kinds of privacy concerns, and inter-operability concerns with protocol. >> What's protected. >> Exactly. >> That's good, I love to follow up with you on that. Something we can double down on. But while we're here this morning I want to get back to data. >> Frushour: Sure. >> Thank you, by the way, for sharing that insight. Something I think's really important, industrial IOT protection. Diverse data is really feeds a lot of great machine learning. You're only as good as your next blind spot, right? And when you're doing pattern recognition by using data. >> Frushour: Absolutely. >> So data is data, right? You know, telecraft, other data. Mixing data could actually be a good thing. >> Frushour: Sure, sure. >> Most professionals would agree to that. How do you look at diverse data? Because in healthcare there's two schools of thought. There's the old, HIPAA. "We don't share anything." That client privacy, you mentioned that, to full sharing to get the maximum out of the AI or machine learning. >> Sure. >> How are you guys looking at that data, diverse data, the sharing? Cause in security sharing's good too, right? >> Sure, sure, sure. >> What's your thoughts on sharing data? >> I mean sharing data across our institutions, which we have great relationships with, in New York is very fluid at New York Presbyterian. We're a large healthcare conglomerate with a lot of disparate hospitals that came as a result of partnership and acquisition. They don't all use the same electronic health record system. I think right now we have seven in play and we're converging down to one. But that's a lot of data sharing that we have to focus on between seven different HR's. A patient could move from one institution to the next for a specialty procedure, and you got to make sure that their data goes with them. >> Yeah. >> So I think we're pretty, we're pretty decent at sharing the data when it needs to be shared. It's the other part of your question about artificial intelligence, really I go back to like dedication analytics. A large part of the medication analytics platform that we designed does a lot of anomaly detections, anomaly detection on diversion. So if we see that, let's say you're, you know, a physician and you do knee surgeries. I'm just making this up. I am not a clinician, so we're going to hear a lot of stupidity here, but bare with me. So you do knee surgeries, and you do knee surgeries once a day, every day, Monday through Friday, right? And after that knee surgery, which you do every day in cyclical form, you prescribe two thousand milligrams of Vicodin. That's your standard. And doctors, you know, they're humans. Humans are built on patterns. That's your pattern. Two thousand milligrams. That's worked for you; that's what you prescribe. But all of the sudden on Saturday, a day that you've never done a knee surgery in your life for the last twenty years, you all of a sudden perform a very invasive knee surgery procedure that apparently had a lot of complications because the duration of the procedure was way outside the bounds of all the other procedures. And if you're kind of a math geek right now you're probably thinking, "I see where he's going with this." >> Interviewer: Yeah. >> Because you just become an anomaly. And then maybe you prescribe ten thousand milligrams of Vicodin on that day. A procedure outside of your schedule with a prescription history that we've never seen before, that's the beauty of funneling this data into Splunk's ML Toolkit. And then visualizing that. I love the 3D visualization, right? Because anybody can see like, "Okay, all this stuff, the school of phish here is safe, but these I've got to focus on." >> Interviewer: Yeah. >> Right? And so we put that into the ML Toolkit and then we can see, "Okay, Dr. X.." We have ten thousand, a little over ten thousand physicians across New York Presbyterian. Doctor X right over here, that does not look like a normal prescriptive scenario as the rest of their baseline. And we can tweak this and we can change precision and we can change accuracy. We can move all this stuff around and say, "Well, let's just look on medical record number, Let's just focus on procedure type, Let's focus on campus location. What did they prescribe from a different campus?" That's anomalous. So that is huge for us, using the ML Toolkit to look at those anomalies and then drive the privacy team, the risk teams, the pharmacy analytics teams to say, "Oh, I need to go investigate." >> So, that's a lot of heavy lifting for ya? Let you guys look at data that you need to look at. >> Absolutely. >> Give ya a (mumbles). Final question, Splunk, in general, you're happy with these guys? Obviously, they do a big part of your data. What should people know about Splunk 2019, this year? And are you happy with them? >> Oh, I mean Splunk has been a great partner to New York Presbyterian. We've done so much incredible development work with them, and really, what I like to talk about is Splunk for healthcare. You know, we've created, we saw some really important problems in our space, in this article. But, we're looking, we're leaning really far forward into things like risk based analysis, peri-op services. We've got a microbial stewardship program, that we're looking at developing into Splunk, so we can watch that. That's a huge, I wouldn't say as big of a crisis as the opioid epidemic, but an equally important crisis to medical professionals across this country. And, these are all solvable problems, this is just data. Right? These are just events that happen in different systems. If we can get that into Splunk, we can cease the archaic practice of looking at spreadsheets, and look up tables and people spending days to find one thing to investigate. Splunk's been a great partner to us. The tool it has been fantastic in helping us in our journey to provide best in-class patient care. >> Well, congratulations, John Frushour, Deputy Chief Information Security Officer, New York Presbyterian. Thanks for that insight. >> You're welcome. >> Great (mumbles) healthcare and your challenge and your opportunity. >> Congratulations for the award winner Data to Everything award winner, got to get that slogan. Get used to that, it's two everything. Getting things done, he's a doer. I'm John Furrier, here on theCube doing the Cube action all day for three days. We're on day two, we'll be back with more coverage, after this short break. (upbeat music)

>>live from Las Vegas. It's the Cube covering Splunk dot com. 19. Brought to You by spunk. >>Hey, welcome back. Everyone's live Cube coverage in Las Vegas. That's plunks dot com. 2019 thistles their annual customer conference, where they unleash all the new technologies, announce all the new things. Everyone's here. It's the 10th anniversary of Splunk dot com cubes. Seventh year we've been covering slung been quite the journey from scrappy, startup going public growth phase. Now market leader on Outside has to come to success from the products and the engineering. And, of course, the people in the field that that served customers. And we're here with Susan St Leger, who's the president of worldwide field operations. Thanks for coming back to see you. >>Thank you, John. It's exciting to be here. >>So in the keynote, bringing data to every outcome is really the theme. Um, you seem to got a spring to your step here. You excited this year? What an amazing successful show because you got a platform. But the proof is out there. You got that ecosystem. You got people building APS on top of it. It's kind of all coming together this year, >>It sure is experience. It's it's it's just it's a huge leap forward, and I think so. Much of it is a vision of data to everything. And if you think about it, we talk about. We want to bring data to every question, every problem in every action. And the biggest thing you're going to see that you did see in the show is it's no longer just about the Splunk index. We're going to help you get you get value out of data wherever it lives. >>You had some big news on acquisition front Signal FX. Big chunk of change for that company. Private hot category. Observe ability, which really taste is out. That next 20 mile stare in the marketplace, which is cloud native. >>That's a >>cloud Service is, which comes together in the platform with logging coming together. >>Yeah, so exciting Way looked hard at that entire market, and signal FX was definitely the right answer. They operated a scale similar to us. They know how to how to operate it that scale, and so they're gonna be able to serve our customers well. And our view of the world is it's going to be hybrid for a very long time. But they serve that new cloud native world better than anybody else. It's It's when you do monitoring the cloud native world. It's really interesting to think about it. It's all made up of Micro service is right. So thousands of Micro Service's hundreds, thousands of Micro Service's and so in traditional monitoring, it's always you're tryingto monitor things you know could go wrong. In a microt service landscape, you don't know everything that could possibly go wrong. And so it's a level of complexity that's just very different. And so it's all about instrument ing, so that when something does go wrong, you can solve it. >>You guys have a very loyal based customer base, and that's again testament success. But the product has changed, and the value problems is emerging even further with data. That's a big theme. Data to everywhere, everything and security has come up on the radar a few years ago, here, the show. But this almost is a full blown security show at this point, because security center of everything you can't ignore it's become a centerpiece of everything data, the access to the diversity, How is that impacting the field because you're not. I mean, I guess you're a security company enabler and solve security problems. Date is a big part of it. Sure, I was at shaping your operations, >>So I think the thing to understand is correct. We're not just a security company, but we are number one in the security Magic quadrant. We're number one in both I. D. C and Gardner, and so that's important. But what happens is all the data the equal act for security can also be used for all these other use cases. So, generally speaking, whatever you're collecting for security is also valuable for I t operations, and it's also valuable for many other use cases. So I'll give you an example. Dominoes, which is a great customer of ours. They're gone 65% of their orders now come in digitally, okay? And so they monitor the entire intend customer experience. But they monitor it not only from a nightie operations perspective. That same data that they used righty operations also tells them you know what's being ordered, what special orders are being made and they use that data for promotions based upon volume and traffic and timing. they actually create promotion. So now you're talking about the same data that he collected for security night operations you can actually use for promotions, which is marketing is >>not a lot of operating leverage in data. You're getting out this. The old model was is a database. Make a queer. You get a report. Little time problem there. But now you have. Well, that other date is over there in another database. Who runs that data? So the world has certainly changes now, data needs to be addressable. This seems to be a big theme here on undercurrent. I know data to everywhere is kind of global theme, but don't diverse data feeds a I cracked and address ability allows for application access. >>Correct. So we look at the entire data landscape and say, we want to help you get data value out of your data wherever it lives. And it's right now, we've changed to the point where we are operating on data in motion, which is with data stream processor, which is hugely beneficial. You mentioned you know, a I m l way actually do something so unique from an ML perspective because we're actually doing the ml on the live streaming so, so much more valuable than doing it in batch mode. And so the ability to create those ML models by working on live data is super powerful. >>Good announcement. So you guys had the data processor. You have the search fabric, >>data fabric search, >>real time and acceleration our themes there. I want to get your thoughts on your new pricing options. Yes. Why now? What's that mean for customers? >>So if we want to bring data to everything, we have to allow them to actually get all the data right? So we needed to give them more flexible models and more alternative models. So for some people and just motto is very comfortable. But what they want it was more flexibility. So if you look at our new traunch pricing are predictable pricing, there's a couple of things that we've done with it. Number one is from 125 gig all the way up to unlimited. We'll show your predictable pricing so you don't have to guess. Well, if I move from 20 terabytes 2 50 what's that gonna cost me? We're gonna tell you, and you're gonna know and so That's one. The second thing is you don't have to land on the exact ingest. So before, if you bought a terabyte, you got a terabyte. Right now there's a traunch from 1 to 2 terabytes. There's a trunk from 2 to 5 terabytes. And so it gives the customers flexibility so that they don't have to worry about it coming back to buy more right away. >>So that's kind of cloud by as you go variable pricing. Exactly. I want your thoughts on some of the sales motions and position and you guys have out in the field. Visa VI. The industry has seen a lot of success and say Observe ability. For instance, Southern to Rick and Kartik About this. Yes, you guys are an enterprise software cloud and on premises provider you Enterprise sales motion. >>Yes, >>there's a lot of other competition up there that sells for the SNB. They're like tools. What's the difference between an offering that might look like Splunk but may be targeting the SNB? Small means business and one that needs to be full blown enterprise. >>Yeah, so I think the first and foremost most of the offerings that we see land in S and B. They have scale issues over time, I and so what we look at it and say is and they're mostly point products, right? So you can you can clutter up your environment with a bunch of point products, doing all these different things and try and stitch them together. Or you can go with this fun clock for him. So which allows you thio perform all of the same operations, whether B I t Security or Data Analytics in general. But it really isn't. It's about having the platform. >>You guys, what reduced the steps it takes to implement our What's the value? I guess. Here's Here's the thing. What's the pitch? So I'm on Enterprise. I'm like, Okay, I kept Dad. I got a lot of potential things going on platform. I need to make my data work for me any day to be everywhere. I au g Enterprise Cloud. What's the Splunk pitch? >>So our pitches were bringing dated everything, and first and foremost it's important. Understand why? Because we believe at the heart of every problem is a data problem. And we're not just talking t and security. As you know, you saw so many examples. I think you talk to his own haven earlier this week. Right? Wildfires is a data problem New York Presbyterian is using using us for opioid crisis. Right? That's a data problem. So everything's a data problem. What you want is a platform that can operate against that data and remove the barriers between data and action. And that's really what we're focused on. >>He mentions own haven that was part of Splunk Ventures Fund. You have a social impact fund? Yes, what's the motivation line that is just for social good? Is there a business reason behind it or both? >>What's this? So we actually have to social focuses. One is long for good, and that is non profit. What we announced this, what we announced a couple weeks ago that we reiterated yesterday was the spunk, social impact funds, a splint venture social impact fund, and this is to invest in for profit companies using data for social good. And the whole reason is that we look at it and so we say we're a platform. If you're a platform, you want to build out the ecosystem, right? And so the Splunk Innovation Fund splint Ventures Innovation Fund is to invest in new technology focused on that that brings value out of data. And on the other side, it's the spunk. Social impact. Thio get data companies that are taking data and creating such a >>Splunk for good as Splunk employees or a separate nonprofit. And >>it's not a separate nonprofit entity, but it is what we what we invest in. Okay. >>Oh, investing in >>investing in non for profit. Exactly like when we talked about the Global Emancipation Network right, which uses Splunk to fight human trafficking. That's on the nonprofit side. >>So take me through. This is a really hot area we've been covering for good because all roads I want now is for bad. Mark Zuckerberg's testifying from the Congress this morning kind of weird to watch that, actually, but there's a lot of good use cases. Tech tech can be shaped for good. A lot of companies are starting and getting off the ground for good things, but they're kind of like SMB, but they want the Splunk benefit. How do they engage with spunk if I'm gonna do ah social impact thing say cube for good? I got all this Tech. How do I engage punk? I wanted, but I don't know what to do. Have access to tools? How do I buy or engage with Splunk? >>Yes, start parties. Fund managers is making sure it's not just money, right? It's money, its access to talent. It's access to our product. And it's, you know, help with actually thinking through what they're trying to achieve, so it really is the entire focus. It's not just about the tech, Thea. Other thing I would say is you saw that we put out a Splunk investigate, and you also saw us talking about spunk, business slow and mission control. Those air now all built on a native SAS platform. And so the ability for our ecosystem now to go build on a native son platform is going to be incredibly powerful. >>So you expect more accelerated opportunities that all right, what's your favorite customer success stories? I know it's hard to pick your favorites, like picking a favorite child may be filled with the categories. Most ambitious class clown class favorite me. What's the ones you would call a really strong, >>so hit on a couple of my lover Domino story and the other one that I love, that I touched on. But I want to expand on because I think it's an amazing story. Is New York Presbyterian on using the Yes See you sprung for traditional security for private patient privacy. They also use it for medical devices. But here's the thing they use it for to help the opioid crisis. And you're like, How is opioid crisis a data problem? What they do is they actually correlate all the data that so doctors are prescribing the opioids who they're prescribing them to a number of prescriptions being building their pharmacy and then the inventory of opioids. Because they actually have sensors on all the cabinets where they get the opioids, they correlate all the data, and they make sure that if they understand if opioids being stolen from the hospital, because what people don't understand is that the opioid a lot of big part of the opioid crisis starts with hospitals to say of such a big volume of opioids. And so that, to me, is just I guess I love it because it's a great customer success story. But it's also again, it's so much fun doing good problem. >>A lot of deaths. I gotta ask you around your favorite moments here dot com, and you're a lot of conversations in your customer conversations this year. Let's do a little Splunk of the Cube right now can take the patterns, all the data, your meetings. What's the top patterns that are emerging? What are some of the top conversation themes that just keep popping up with customer? Specifically, >>I think the biggest thing is that they have seen more innovation unleash this year than they have ever seen in one year from Splunk. The other thing is that we've gone far outside of our traditional spunk index right and that the portfolio has grown so much and that we're allowing them to operate and get value out of the data wherever it lives. So data in motion and then you saw in data fabric search. We'll let you query not only the Splunk indices, but also H D. F s and s three buckets and more buckets to come. So more sinks if you will. So, really, what we're trying to do is say, we're just going to be your date a platform to help you get value >>Susan, you're a great leader and slung. Congratulations on your success again. They continue to grow every year. Splunk defies the critics. Now you're a market leader. Culture is a big part of this. What is your plans this year To take it to the next level? You're president of field worldwide, field operations, global business landscape. What are some of your goals and objectives on culture >>and the culture? So thank you, Jon. First of all, for your comments and were so committed to our culture, I think you know, as you grow so quickly, it takes a real effort to stay focused on culture way, have an incredible diversity and inclusion program. Onda We do way. It's a business imperative for us. Every single leader has diversity, diversity, inclusion, focuses and targets. And so I think that's a huge part of our culture. And the reason I say that, John, I don't know if you've ever heard about a 1,000,000 data points. Did anybody ever way Always talk about, you know in different different settings will share a couple of our 1,000,000 data points. What we want to make sure is a culture is that way. >>We >>have our employees showing up with their authentic self and because you do your best work when you can show up is your authentic self. And so we have people share a handful of their 1,000,000 data points at all different times throughout the year to get to know each other as individuals, as human beings and really understand what matters to each other. And I love that 1,000,000 data points culture, and I got that. We truly live it. And again it's It's about authenticity. And so I think that's what makes us incredibly special. >>And inclusion helps that trust >>fund elaboration, yes, and also just add to that. We're very proud of the fact that we made the fortune list this year for best places to work for women. So it shows that our focus, you know, we started. We started revealing our metrics just about two years ago, and we've had significant improvement way. Believe that what you focus on what you measure is what you improve. So we started measuring and improving it, and this year we made the list for a fortune that's called walking. It is Congratulations. Thank you. We're very excited about >>awesome on global expansion. I'm assuming is on the radar. Well, >>always, especially at this point. We're ready to double down and some of the tier one mark. It's a lovely for sure >>wasn't saying. Legend. President of worldwide field operations here inside the Cube. Where day to slung dot com 10th anniversary of their customer conference Our seventh year covering Splunk Amazing Ride They continue to ride the big wave. Thats a Q bring you all the data on insights here. I'm John Ferrier. Thanks for watching.

(upbeat music) >> Announcer: Live from Orlando Florida, it's theCUBE, covering .conf18. Brought to you by Splunk. >> Welcome back to .conf18 everybody. I'm Dave Vellante with Stu Miniman, and you're watching theCUBE, the leader in live tech coverage. We love to go out to the events, extract the signal from the noise. A lot of focus today, Stu, on security and Haiyan is here. Haiyan Song is the Senior Vice President and General Manager of Security at Splunk. Great to see you again. >> Thank you for having me. >> You're very welcome. Fifth time I think for you on theCUBE So you're super alum. And really always appreciate your deep knowledge. As I said, today was security day. A lot of customers talking about security. It's obviously a strong hold of Splunk. But, give us the update. What's new this year with you? We talked a year ago in D.C. What's happening with you guys? >> Well this is the year that we really went out and shared our vision of what SOC looks like in 2020. And we call it the Vision of SOC 2020. And on a very high level, we envision that in a couple of years with the technology like analytics, and operations, automation, orchestration, we envision that 90% of the Tier 1 work that a SOC analyst would be doing will be automated. And with that automation we are envisioning that most of the time, more than 50% of the time, the SOC analyst can actually focus on detection logic and really responding to things, that requires the human skills and insights. And we're also envisioning that by that time, there will be a place, one place, where things for response gets orchestrated versus people have to go to twenty different places trying to figure out what's going on. So, that sort of, from a business perspective but to deliver that, there's really, sort of ten, we share the ten big we call it core capabilities, that capability road map to SOC 2020. And for us, we feel really fortunate that with the acquisition of Phantom, we are really able to bring that full stack together, to deliver that capability. So we have data platform. You heard all the exciting news on what we are doing, with data fabric search, stream processing, and amplifying the performance analytics. You heard all those things that we're putting into IT, and security, ES, UBA, and then last but not least is the ability to orchestrate, to automate, to collaborate. So I think we're really uniquely positioned, because we can bring all three together. That's the full stack to deliver on that vision. >> So let's talk a little bit more about that vision. So, I mean my rudimentary understanding is you really had a reactive mode in the past. It's kind of herding cats, trying to figure out, okay I'm going to to try to respond to an incident. Then you started to use data and analytics to try to prioritize, to focus on those things that aren't going to be a false positive or of high value. What you're putting forth is a vision where a lot of that heavy lifting goes away. Machine intelligence is either augmenting, or making decisions about which items to go after. Talk more about that world. What does it look like? What's the role of the security professional in that new world? >> Yeah, there's two parts we do in the Security Operations Center. Detecting things and responding things and taking care of sort of the incidents. So a lot of the things you really touched on is how we have applied machine learning and analytics and really leveraging the business context. The feature we talked about, the distribute, the data fabric search is a really powerful tool. Now we can reach out and get lot more information to help you make better decisions to reduce the reshow of noise to signal, or signal to noise, and whichever way you want to see it up and down. So, that world we expect more machine learning, more data modeling, more threat modelings so we can really sort of incorporate business, sort of context, so risks become a one key thing to help people prioritize. That's our product ES, and UBA, and you heard about the whole predictive capabilities in IT. I think all of those will be sort of that world. And the second part of what we do is if something does happen now we really got the signal. What do you do about it? We envision that world lot of initial men did prep work. Like, oh I want to find out if this ID belongs to which organization? Is this really a signature in the virus total, sort of database and what happened, so that whole prep hopefully, will be done for you before you even get started into an incident. And furthermore, if we have responded to those type of incidents before, we actually would like to give you a recommendation, this is what happened before, this is what worked, and why don't you think about this playbook and automate this part? So, I think the world in 2020, is going to be a lot of augmentation. >> One of the things we've heard from a number of your customers, is security in DevOps and how they are using the DevOps mentality to make security more pervasive and integrated in everything they do. Could you explain how Splunk fits into that discussion? >> Yeah, so DevSecOps, I think that's, sort of, the term you might be eluding to and I think the cloud adoption, the acceleration, and the new IT is really, sort of, bringing that into focus for us. Splunk plays to that in several ways. We have a security business, we have a IT business, and you may have heard we just acquired another company called VictorOps after Phantom. So they're really helping the DevOps world and try to coordinate and enable collaboration. So we definitely expect that capability will show up in the security side to help the DevOps, DevSecOps' world and we are also, as a company, taking data security really seriously. So we are putting a lot of, you know, you saw the data stream processing and one of the capabilities to obfuscate credit card and for GDPR and a lot of other things, there's that mending. You got to give people the control of things so there is a lot of that. We're taking into consideration and putting that into the product and the other thing is, really, we ourselves operate probably one of the biggest, sort of, cloud capabilities on AWS and we have infused a lot of best practices around, how do you automate? How do you protect? How do you be compliant? And how do you insure customer have control? And there's a lot of work we're doing there and practicing DevSecOps ourselves. >> Haiyan, in thinking about the Splunk portfolio and in the context of the vision that you guys laid out, how does Splunks existing portfolio fit in to that vision and where are the gaps? What has to evolve, whether it's your capabilities, or the industry's MI, ML, or machine learning capabilities? Where are the gaps? >> So I think in many ways the ten core capabilities were laid out. I going to try to go through them in my head. So. >> Okay. >> Ingest. Detect. Predict. and then automate. Orchestrate. Recommend. Investigate. Case Management. Collaborate. And reporting. So those are the ten. When we were sharing with our audience, we actually look at our ES, UBA, and Phantom. We are able to give them all those capabilities to get started on their path for SOC 2020. But we also realize and recognize that all those capabilities, I'll give you an example, Case Management, now there is more and more requirements coming to the security side to say I want you to bring all the different things together, and I want you to take in the automated playbooks and how this plays into those, so there's always room for us to continue to enhance those capabilities. But, we also see the opportunity for us to bring all those things in a more seemless way into, sort of, one full stack, the full stack that gives you, you know, I don't know if you heard the term, powering the OODA Loop? Right, the observe, orient, decide, and act. And that was really, sort of, military strategy for the fighter pilots to say the whole premise is whoever can power that loop, and execute the fastest, wins. >> It's like readying fire but more data focused. >> More data focused, I like that. So for us, it's really how do we bring the portfolio together, so they can really power that loop in a very intuitive way. And in a very open way. I want to make sure that I iterate that reiterate our commitment to be open. There's data layer, there is analytics layer, there's operational layer. We want to be that company can bring the full stack make them work really well. But, in the meantime work well with other data, with other analytics, detection engines, and other ways to operate. So being open is very important. >> And you'll automate as many of those or all of those ten that you mentioned. Do you automate the run book? >> Automated run book is what Phantom is all about and the run book gets more and more sophisticated and I think we give people the ways to say if on day one, you don't want to automate everything, especially shutting down his email, then you have the choice. But, it's as you learn, as you become more confidence, and you have that under your control. How much you want to automate, and hopefully, as more automated actions are taken, we get to analyze those and start making recommendations so you become more comfortable with that. >> So I understand New York Presbyterian was in your session. And, you were talking about going beyond security. I often like to say that security and privacy are two different sides of the same coin. But, when they talked about going, well share with us, what you learned from them. >> Yeah you have really the best phrase to say they are both sides and as a security professional in the digitized world I don't think you have a boundary to say my job starts with SOC and ends with SOC. It goes way beyond. It goes into data privacy. It goes into even fraud analytics, because a lot of things are happening online. It also goes into compliance. And, it's interesting that we thought years ago, compliance was driving investment. I think now with GDPR, with some of the data privacy challenges we've seen, that's impacting the masses, the criticalness of compliance is actually coming back. So the story that I was super impressed that our customer, New York Presbyterian shared with us is they had a challenge of really managing all this sort of patient records, and try to understand the staff's activities. Because, the auditors have a certain set of things. You know you shouldn't be snooping around the patient's record, if its your neighbor, or your buddy. So they used Splunk and they powered, sort of, us with a lot of the data from various applications. They have probably 20 data sources, that's very healthcare centric. We partnered up, we had our product expert, and fraud experts on that. And, we built a privacy platform, a early version of that, and they showed it to their privacy officers, and they basically said we've not seen anything like this to give us the flexibility and ease of use to be able to bring everything together. And, they did even more than that. If you have time I'll share with you on the opiate diversion capabilities they started building with. >> Dave: Oh, yeah talk about that, yeah please >> So we were thinking, we're just going to help them with compliance that makes their organization more compliant and better, but they didn't stop there. They said well, based on the power we're able to, really, leverage from the Splunk platform, we see the data we have for our pharmacies, there's a lot of prescription, sort of, information and with the world that's battling the opiate epidemic, we think we can actually analyze the data and give us early patterns and earnings, warnings of what might be happening. So, that's the next project we're partnering up. And for us we have technology, and customer have domain knowledge, have data. I think that's a great partnership. And they are willing, they are wanting us to go evangelize 'cause they want the whole industry to benefit, they want the nation to benefit. >> Well we saw this week on 60 Minutes, did you see that story? The one pharmaceutical company got in big trouble and a doctor went to jail. The pharmaceutical company was shipping 500 million Oxycontin pills into Florida. This is a state with a population of 20 million. Something was wrong. Obviously those were hitting the streets. And, this individual this doctor went to jail for life. So, data analysis could identify that. >> Data was there. I think it's the inside to look for the ways, to look for those things and having that inside drive decisions is really the partnership we have with our customers >> We're seeing that, g'head Stu. >> Yeah I was just, you spoke on a panel of the Grace Hopper event. >> Haiyan: Last week. >> We've been hearing great messages of diversity at this show. You had the Carnival Cruise CEO up on stage giving some great discussion points yesterday. Maybe you could share a little bit of your experience at the show and the panel that you were on. >> The Grace Hopper is such an amazing event and we see so many college grads and people, sort of, starting their career and that is like the go to place. And I see all the big companies, big, or small actually, putting so much effort to try to really evangelize to that audience. 'Cause California just passed, the Governor just signed into law, they require a woman on the board, as part of the requirements because diversity is being proven to bring better decision making into the board and I, myself, can tell you that my security leadership team over the years become more and more diverse. I don't think diversity is just gender diversity. I think diversity needs to go beyond gender. It's background where people who are from the private sector, from the government, where people from different Geo's of the world. That sort of richness of perspective always give us the best, sort of, angles to think about and validating, and debating on our, sort of, strategies. And going back to Grace Hopper, the panel that I was on was really sharing with the people who are there, what are some of the things that you should be prepared for if you want a cyber security career. And the part is not try to, oh here's a high bar. We really try to encourage everyone, whether you're technical, or you just having great analytical skills. I think one of my fellow panelist, she made a comment I thought was super funny. She was a CEO of a company and she said, sometimes women just have to have enough confidence and to go take the risk, grab the opportunity. She use the word, sometimes you have to fake it until you prove it and until you make it. And she's really just encouraging the attendees, just step up take the opportunity. I am in total agreement with that. >> Lean in baby. >> Lean in. That's another way to do it. >> Haiyan thanks so much for coming back in theCUBE. Really great to see you again. >> Thank you for having me. >> You're very welcome. All right, keep it right there everybody. Stu and I will be right back with our next guest. Right after this short break. We're live from Orlando, Splunk .conf18 You're watching theCUBE. (upbeat music)

(upbeat techno music) >> Announcer: Live, from Orlando, Florida. It's The Cube. Covering ServiceNow Knowledge17. Brought to you by ServiceNow. (upbeat techno music) >> We're back at Knowledge17. Dave Vellante with Jeff Frick. Josh Gluck is here, he's the deputy CIO of Weill Cornell Medical College in the big apple. Thanks for coming to The Cube. >> Thanks very much for having me. >> Tell us about Weill Cornell, It's a collaboration with Sloan Kettering, originally, and ... >> Yeah, we're a three part, mission-oriented institution. Patient care, being first. Our physician organization delivers patient care in New York City. We're partnered with New York Presbyterian Hospital, Memorial Sloan Kettering Cancer Center, and also the hospital for special surgery. >> So, let's get right into it. CIO, you were probably doing some of the CIO activities here, this week. Love to hear about that. But let's get right into how you're, you know, using automation, how you're using the ServiceNow platform. Let's talk in the context of IT transformation. >> Yeah. So we've been a ServiceNow customer since 2012. We actually went live on 12/12/12. Everybody thought that was a joke, but it turned out to be the real "go live" date. You know, and as the platform's matured, and as our organization's matured, you know, we started focused on ITSM, strictly. Over the last few years though, we've found that, you know, our focus for ServiceNow should be the equivalent of building a 3-1-1 platform for the administrative departments. So we've onboarded folks in HR. We're doing case management now with ServiceNow. Obviously all the ITSM, ITIL-based processes. We've worked with our Department of Environmental Health and Safety. To help them with some of the regulatory compliance, about workflows that they need to have in place. We've also built out Project and Portfolio Management in ServiceNow, and we've been doing it, actually, since the beginning. We worked with ServiceNow pretty intimately to build out those functions. And now, we're actually at the point where, the platform has surpassed what we custom developed back in the early days. And we're really focused on understanding where we can unwrap some of those customizations, and just go to the native portfolio. >> Yeah, I wanted to ask you about that. >> Yeah. >> So, that's not an uncommon story and how complicated is it to unwrap that stuff? 'Cause obviously, you don't want the custom mods there if you don't have to have them. >> Yeah, well you know we spent, what, five, six years now, focused on developing the platform to meet our needs, meet our process. You know, we're academics at heart. Right, being part of Cornell University. So, I think we have a habit of sometimes overthinking solutions. So, our customizations are pretty complex. We also though, understand that it's a heavy lift for us to keep it up. So, we partner with ServiceNow, we've had them come in and help us to an evaluation of what really could be done with a slight change to our process. Or, even just direct support for our process, straight out of the box. We're really excited about the stuff that's coming out of Jakarta. >> Okay, so it's fair to say, I mean, we've all been there. Where you have software development problems, and you go "ah, jeez, I wish I had done it differently." But, when we talk to folks like you, that are unwrapping, unraveling, custom mods, there's no regrets. You got a lot of value >> Josh: Yeah, no. >> out of 'em. And now you're moving forward, right? >> Josh: Yep. Yeah we >> That's interesting. >> Josh: Definitely did the right thing, at the right time. You know, we went through an evolution, in the way that we did Project and Portfolio Management internally at Weill Cornell. And we're focused on some of the high-level problems, high-order problems today, that some organizations may not get to. Right, we're doing resource management, proactive scheduling, and you know, for us to get to the next level, the enhancements that are available in Jakarta are around time-carding and resource management, are really going to help us, I think, not overthink the problem. And come to some standard that the rest of the industry, or other verticals are using, in how they do their resource management. >> And Josh, the 3-1-1 concept is interesting. When did you go from "this is our an ITSM tool, that's going to be pretty cool." >> Yeah. >> To "this is a platform, that we can now take this kind of 3-1-1 approach, and use that as kind of an overarching mission, >> Yeah. >> for that which you're trying to accomplish"? >> I think the concept ... I think when we first went into partnership with ServiceNow, we knew that we wanted it to be more than just a replacement for heat, right? I've actually been with two different organizations. New York Presbyterian Hospital and Weill Cornell, who have come from other ITIL platforms, ITSM platforms, and moved to ServiceNow. I was a BMC Remedy customer for a long time at New York Presbyterian. We were a heat customer at Weill Cornell, prior to going to ServiceNow. So, I think we were all familiar with the fact that it doesn't make sense to buy these point products, to do all of these different workflows. Let's buy a platform. ServiceNow represented that platform. Even in its early stages, we knew that we wanted to do more with it. We had conversations about process users. And I know you guys were talking a little bit before about changes to the license model that are happening. >> Dave: Yep. >> But we really wanted it to be something we could develop further. Our first project just happened to be, in both cases "we have an ITSM platform that isn't working." Remedy at NYP, heat at Weill Cornell. "Let's get off of it, and get onto ServiceNow." But I think, we didn't start calling it the 3-1-1 until maybe a year or two ago. >> Okay. >> And it really started with Case Management. I think that was a big deal. >> It's a good little marketing, CIO selling. >> Josh: Yeah. >> You know, Daniel Pink. How large of an organization ... >> Josh: Is, IT, or Weill Cornell itself? >> Weill Cornell. >> We're between ... We're about five-thousand and change. >> Okay, so not enormous. But, the reason for the question is, at what point does it make sense to bring in a ServiceNow? You know, our little fifty-person company. You know, we're trying ... >> Josh: Yeah. But it's still not there yet. Is it size of company? Is it size of problem? What is your advice there? >> You know, I think it's actually a good idea for most mid-level companies to talk to ServiceNow. And I think there's even a play for some small businesses. It depends on what you want to get out of the tool. Right? I mean, if you're going to use it as just a simple incident-response system, which isn't really the value that ServiceNow provides, it might be a hard sell. But, because it's a hosted system, because there is such a wealth of partners in the community now, and such a following for ServiceNow, I don't know. If you were a ten-person organization and you were customer focused, and you wanted to use it to do ... >> Jeff: Yep, yeah, that makes sense. A couple of different business processes, it could actually make sense for you. >> Josh, really tight schedule today, we'll give you the last word on Knowledge17, some of the things that have excited you, what's the bumper sticker on K17 for you? >> I think the keynotes have been great. I think you guys at The Cube have been doing a great job, of also, >> Dave: Thank you very much, appreciate that. >> you know, getting people up here and asking 'em tough questions and stuff. I appreciate you going easy on me. Than you. But, it's been great. It's been a really good show. >> Well come back again, and we'll really go at it. So, thanks very much Josh, >> Josh: Thank you. appreciate your time. Alright, keep it right there everybody. We'll be back with our next guest, right after this short break. (upbeat techno music)