Jeff Rick here with the kubera in Mountain View California had a really cool startup phantom they're coming at this autonomous vehicle thing from a very different direction they're not a car company it's a pure software play but it really has a huge impact on the autonomous vehicle industry autonomous vehicles are met for no driver you guys have a driver but you're really assisted driving from a remote location a third party who can provide a safety solution for a number of AV operators right let's say if it's a you know one of the big OMS of ride-sharing companies they can connect to vehicle remotely and when they move the steering wheel or press the gas or brake it would actually happen in real time right we think we have the ultimate fallback mechanism at this point which is actually still a human right the machine is very very good but for these edge case scenarios you still need to bring a human back into the loop road construction areas severe weather conditions all this stuff happen all the time ok an autonomous vehicles may struggle with the situation so phantom Otto provides a solution whatever the situation is get you around an obstruction pull you over to the side of the road so you're not blocking traffic and in a much safer situation and a human's cognitive ability to process information on the fly we think that's the hidden key to making autonomous vehicles a reality it's in life-saving technologies you use a lot of off-the-shelf really simple hardware to execute this there's logitech little steering wheels over there at the big curve sam sunscreens basic cameras on the car so i get in it right we just work regardless of the kind of vehicle that a company might utilize we have to be able to control that vehicle smoothly and safely how do you guys deal with the ladies issue obviously that's our secret sauce but we've been able to get that very very low we connect multiple network at the same time a PMT horizon you know and t-mobile and a few networks right once they're bonded to get a much stronger connection these are life-saving vehicles everyone wants these deployed as rapidly as possible but we also want that deployment itself to be as safe as possible triple A's did a survey recently issued 75% of consumers are afraid of trusting the Machine and that's on this vehicle if you take a step back and look at the forest and not the trees you have 1.2 million people dying every year worldwide due to traffic accident fatalities 40,000 in the u.s. in 2016 and 94% is due to human error if we had that happen even just for two weeks in aviation in the u.s. aviation wouldn't exist right it doesn't know it so if you eliminate the human for the most part from that equation you can save a lot of lives we do view there's going to be you know a big consumer adoption kind of hurdle to overcome and a piece of that is having the passengers in the car comfortable and feeling that someone it has their back right I saw somewhat of an awakening in the government like we're really scared of this being deployed but in reality we should be scared of this not being deployed right we are working with a variety of cybersecurity firms for making sure that our solution is extremely secure from the hardware that we can offer in the car to the software to the actual control center the operation center where the drivers driving you making sure that we have ended in security the a I would say it's about 97 98 percent of the way then a reality of having autonomous vehicles interacting with other autonomous vehicles might create new edge case scenarios that don't exist yet I think the regulators are coming to the realization at this point that if we want to get these vehicles deployed right now we need to have some sort of bridge to that technological gap to get us from 98 percent to a hundred percent right now it's a relatively small number of cars a small number of players but we see a huge opportunity and huge growth in the sector of the next five years it's okay I'll go take a drive yeah sure okay we're gonna check out we're gonna take a drive we'll see you in the car [Music] we are driving a Lincoln MKZ 2017 and the reason this vehicle is so good for autonomous vehicle development is because a lot of the driving steering gas and brakes is enabled through some a system called drive-by-wire okay that means it's an electronic signal that goes through the canvas and initiates these features locomotions in the vehicle electronically we can create an artificial electronic signal and inject it where it processes that information and artificially move the steering wheel or the brakes or the gas light that way [Music] [Music] getting ready check ready three two one there we go besides operating is our safety driver we haven't started going yet so you you are on call we look both ways now this is kind of interesting as I can see what then can't see who you can see what I can see so it's kind of an infinite loop you can see almost 360 degrees around the park dan can hear everything that we can hear in the vehicle if someone is haunting that and making a right-hand turn and you think not a very good right seat driver if I complain about people getting too close to the curb but good job then stand nice and wide for every latitude longitude coordinate we would get data points such as bandwidth and latency and if there's ever some sort of dead zone he or she would know that in advance and know that they could not engage to be able you give a geofence that off and to write if there's a dead zone correct make the car go around it even if it's something looked at this is good crap how consistent is the coverage the mobile cover do you find say t-mobile is not good in a certain area but AT&T is good okay then we would use AT&T service it's the latency of shifting we're always going to make sure that you can steer that you can have breaks and other stuff that isn't as high of a priority Falls lower down the list we're now going to go into gas station gas stations obviously don't have lane markings you're doing with pedestrians different vehicles coming in and out but for us obviously since we're being driven by a human we'll be able to go through just as though it was a human in the driver seat it's really just about a human being able to read the motions of the car right take a few inches forward then you pause it's understanding that or they give a scenario so that you understand when you can move forward or one you might need to peel back but at the end of the day you hope that at some point the autonomous vehicles will be able to handle an increase moon remember of easy choices well gathering data critical data right edge case scenario data so that we can feed that back to our customers so that they can have the data that they need to further train these vehicles [Music] that was fun great job out there thank you what does it feel like a driving this thing driving remotely is actually very different from driving a car normally and I know might sound obvious but there's a lot of things we take for granted driving the car for example you don't actually understand the momentum shifts that are happening in the vehicle so you don't know how hard you're braking or you might have a dip different depth perception because the optics on the cameras all these things kind of add up into completely different driving experience as I'm developing the system I'm testing it and seeing exactly the information that I need in order to create that safe and smooth driving experience and so I'm looking at what's difficult for me as a remote operator or what information am i lacking and then I go back and develop those things so at the federal level there's a bill in the house and the bill in the Senate neither of which have been passed but we expect that one will go the distance this year so you might actually have the rare scenario where the regulation outpaces the technology which is a good problem to have right it's not a problem at all I mean a human who's going to intervene on your behalf will be really important right on the business standpoint we have several deals are already closed some pilots planned over the next few months so you'll be seeing a lot more I think of us very soon out in the market thanks for sharing the right and taking care of us appreciate it thank you we're at phantom Auto in Mountain View California thanks for watching we'll catch you next time [Music]

>> Hey, welcome back everybody. Jeff Frick here with theCUBE. We're in Mountain View, California, at a really cool start-up, Phantom Auto. They're coming at this autonomous vehicle thing from a very different direction. They're not a car company, it's not BMW and Audi and Nissan and all the other people you hear about. It's a pure software play, but it really has a huge impact on the autonomous vehicle industry. We're excited with the guy who's putting all these development, business development deals together. He's Jordan Sanders, director of business development and operations. Jordan, great to see you. >> Yeah, thanks for having me. >> So, again, when I first heard about you guys I thought, "Okay, do I order "this to drive my grandfather to the store," because he shouldn't be driving even though he has his driver's license, but no, that's not it at all. You guys have a very specific target market and it's really more a biz dev than a direct-to-consumer market. >> Yeah, exactly, so we are a B2B business and our target customers are those who are closest to getting their autonomous vehicles on the road. And so, that's frankly where we're seeing the most traction for now, at this point, from customers. As you get closer to true deployment of level four robo-taxis you realize a need for remote assistance, and we think we have the best solution on the market. >> Jeff: Right. >> To actually remotely drive the car and have a human in the loop to promote safety and service. >> So, as you look at your kind of tam, your ecosystem that you're going to market with, obviously we all know Waymo. We see the cars driving around all the time, the Nest is right up the street, but how's that landscape evolving? You know, we obviously hear about Uber, we hear about Lyft, you hear little bits and pieces about BMW and different car companies. As you sit back from where you're sitting, how do you kind of segment the market, how do you figure out where you're going to go next? >> Yeah, it's an interesting question. I mean, right now, you know, there's obviously a lot of excitement around this market and where it will be in five years. Right now the number of actual autonomous vehicles deployed is relatively low, and so that is frankly what our business is tied to. Again, it's enabling every vehicle on the road to actually operate safely, and so in terms of total addressable market, how we see it evolving, right now it's a relatively small number of cars and a relatively small number of players, but we see huge opportunity and huge growth in the sector over the next five years and 10 years. >> Right, and obviously a big integration challenge for you guys because each platform that you partner with is, you know, we hear all the time, some of them are using some shared infrastructure, some of them are trying to use their own, some are RADAR, some are LIDAR, some are camera, some are combination, so from a business development point of view you guys have to integrate with all those different platforms. >> That's correct, and so that's from the very beginning, we're building our end-to-end service to be very flexible and the software piece especially can integrate with any vehicle, with any vehicle manufacturer, because frankly we want to be open to the market and we don't want to just cover, you know, one customer's vehicles. We are sort of a third party who can provide a safety solution for a number of AV operators. >> Right, now the other interesting thing that people probably don't think about is, you know, we hear all about the technology in the cars and the machines, right, and IOT and it's all about machines, but in bringing a human operator into the equation it's not just to operate the vehicle, it's actually a person and all that that means. I wonder if you can kind of explain how that impacts people's autonomous car vehicle when there's actually a person involved. >> Yeah, definitely, so I think, you know, I think about this from a personal standpoint, so part of me is very excited for autonomous vehicles and I've ridden in several autonomous vehicles, feel very comfortable in them very quickly, but I also live in Silicon Valley and not everyone does just get to zip around in autonomous vehicles and is working in this industry, and so we do view there's going to be a, you know, a big consumer adoption kind of hurdle to overcome, and a piece of that is having the passengers in the car comfortable and feeling that, you know, someone has their back, right? >> Jeff: Right. >> So that's a key part of what we believe that we deliver is a human touch to self-driving cars, which we think is very important just at a psychological level, knowing that you have somebody who is monitoring your ride and is ready to intervene and protect you, you know, in the event that something goes wrong with the ride. And the other thing is by having a human in the loop it also enables all sorts of interesting ways of providing better service, and that's going to be a very, a key piece of whenever everyone inside the car is a passenger, there are no longer drivers, we're passengers. There are going to be lots of opportunities for enhancing passenger experience, and we think part of that can be, you know, providing a human service, an actual human on the other end making you feel comfortable and also connecting you with almost like a concierge. >> Right, and like OnStar has been around forever, right, that's probably the first kind of two way- >> You said that, not me, yeah. >> Two way communication, right, into the vehicle, which at first was I think mainly a safety feature. You crash and it sends out a 911 and then I think they kind of evolved it into a little bit of a concierge service. >> Exactly, so again, there's certainly that piece that we think is going to be really important for consumer adoption. I mean, I think AAA did a survey recently that showed 75% of consumers are afraid of trusting a machine, an autonomous vehicle. Now, we're very confident that the AV tech, once you get inside an autonomous vehicle that you very quickly realize, "Wow, this is a great driver," and we're very bullish on, you know, autonomous vehicle technology and believe that it's very reliable. But again, in those edge case scenarios, having a human who's going to intervene on your behalf and be able to actually operate the vehicle will be really important. >> Right, so somebody's watching this and going, "Ha-ha-ha," you know, "I'm a hacker, I'm going to hack into the stream," and it's not going to be Ben, the nice, smooth driver taking over the car but some person that maybe we don't want taking over the car. So, in terms of security and network infrastructure, how much are you leveraging your partners' infrastructure, how much are you leveraging your own, where does kind of security fit in this whole puzzle? >> Yeah, it's a great question and certainly one that, you know, we're hearing from a lot of customers. So, we are working with a variety of cybersecurity firms for making sure that our solution is extremely secure across multiple vectors, so whether it's just on the software piece or really our end-to-end solution, from the hardware that we can offer in the car, to the software, to the actual control center, the operation center where the driver's driving you, making sure that we have end-to-end security to avoid any situation like that. >> Right, so Jordan, for the people that aren't in Silicon Valley, what should they know about autonomous vehicles, how close are we, how much is it just, you know, stuff in the newspaper and you know, kind of nirvana still or just, you know, specialize Waymo vehicles that we see all the time in this neighborhood. How close is this to Main Street, how close is this to being that vehicle that picks me up when I get off the Caltrain to San Francisco and I need to go to a meeting over the Embarcadero? >> Yeah, so I think what people should know about this technology is that it is incredible technology that will be life-saving and that needs to get on the road, but that needs to happen in a safe manner and at a time where you can have full confidence in the operation and all settings, right. The technology is incredible, and so what Phantom Auto is here to do is to get these life-saving vehicles on the road quicker, and so what I would say to the average person who's a little uncertain of this technology is that it is incredible and you're going to enjoy the experience and it will be life-saving, and again, I think Phantom Auto is working to actually bring that experience to consumers by getting these robo-taxi services deployed. >> Jeff: Right. >> Pull out the safety driver and have a remote safety driver, a Phantom Auto remote operator ready to take over control of the vehicle in the event that you need assistance. >> And in terms of where you guys are as a company, right, you're a relatively small company, got this cool Lincoln here, where are you in terms of your company? Do you have POCs in place, do you have customers in place, kind of where is it in terms of the deployment of the technology within your ecosystem? >> Yeah, well we realize that we're bringing a very critical solution to these operators, so again, if you're an autonomous vehicle developer and operator and really thinking seriously about deployment you realize that you need a solution like ours, and so on the business standpoint we have several deals already closed, some pilots planned over the next few months, so you'll be seeing a lot more, I think, of us very soon out in the market. >> All right, now you're going to see more of us on the street. So, Jordan, let's stop talking and let's go take a ride in the car. >> Let's get in the car. >> All right, he's Jordan, I'm Jeff. We're getting in the car, thanks for watching. (techy music playing)

(click) >> Hey, welcome back everybody. Jeff Frick here with theCUBE. It's 2018. We just got out of the CES show and all the rage is autonomous vehicles. You can't get away from it. It's what everybody's talking about. Tesla just announced their autonomous truck, their autonomous Roadster. We're here in Palo Alto, right on San Antonio Road. Googleplex and Waymo's are right up the street. So everyone is all about autonomous vehicles, but we're excited to be here at Phantom Auto and they're taking a slightly different approach for a slightly different problem. We're excited to have Shai Magzimof. He's the co-founder and CEO of Phantom Auto. Shai, great to see you. >> Nice talking to you, yeah. Thanks for having me. >> So Phantom Auto, you guys just got back from CES. You were giving demos, but you weren't stuck in, like, the little lane that was protected. You were actually driving people all over the streets. >> We were driving on the Strip, yeah, yeah. We actually were picking people from the hotel lobby, so the valet guys would let us in with an empty vehicle. These videos are actually also online, and we drove them off the Strip and back to the hotel, or to another destination. >> So you're doing a whole different thing. You do not have an autonomous vehicle. >> It's not an autonomous vehicle. >> You were the ultimate chauffeur driven vehicle. >> Right. Right. So again, for the show, we did our job to show that the vehicle can drive without a driver in the driver's seat, but what we do is actually a safety solution for autonomous vehicles. And that safety is basically what happens if an autonomous vehicle artificial intelligence doesn't work. Let's say there's something that it cannot see, or something that, you know, an unidentified object, road construction areas, severe weather conditions, all this stuff happens all the time. And autonomous vehicles may struggle with the situation so Phantom Auto provides a solution that we work with these companies. We provide them that solution that allows remote operations, so someone will connect remotely. >> So let's back up a couple steps. Autonomous vehicles are meant for no driver. You guys have a driver but you're really assisted driving with a person from a remote location. So how do you describe that in a short category? I'm sure the analysts will want you to have a category. >> The category would be the same way you think about air traffic control, right, or any type of control center, like call control centers. Any type of support for customers, you would have a bunch of people sitting in front of computers, in our case they're sitting at computers with steering wheels, we'll see that later, and they can connect to a vehicle remotely, and when they move the steering wheel or press the gas or brake, it would actually happen in realtime. So we have this software that allows this realtime, critical communication for autonomous vehicles. >> Now what's weird is when we first heard about you guys, I'm thinking, okay what is the use case? Am I going to send the Phantom Auto to go pick up my hundred-year old grandfather who probably shouldn't be driving anymore, where you're escorting it. But really it's a very different application, and I don't think most people understand that, in autonomous vehicles, there's a whole lot of use cases still that they haven't quite figured out. My favorite one is when two of them pull up to a four-way stop, and neither of them wants to go first. They get stuck in a friendly lock, right, they get paper-logger, some poor kid has his foot in the intersection and is trying to wave the car through and it won't go through. So it's corner cases that you guys are all about, to really enable that next-stage of machinery. >> When I started a company, right, I'm a big believer in autonomous vehicle, I wanted to make them happen faster and sooner because it's life-saving technology. This is going to change the world. We all want it faster. Now, the reason why we're still not there yet is because there are many corner cases, edge cases, these situations where the machine didn't train enough for, and in this situation they provide a cover. So we have a person that would sit in an office, he doesn't have to be so close nearby. When we were in Vegas a couple weeks ago, the driver was in Mountain View, so Mountain View, California, Silicon Valley to Vegas, and he moves the steering wheel and he moves it real time. >> But he's driving the car. >> Yeah. >> So one of the great knocks on cloud, right, is latency, and clearly the use case that's always brought up is if you're in a self-driving car, you don't have time for the data to get it to the cloud and back to make a decision if a little ball rolls out into the street. So latency is a big issue. How do you guys deal with the latency issue? >> That's our secret sauce, obviously, but I'm happy to share as much as I can. The high level description would be, we connect multiple networks at the same time. We would usually have only AT&T in your cellphone, right, or in your car, and then we have AT&T, Verizon, T-Mobile, and a few networks, all of these together are bonded, and once they're bonded they get a much stronger connection. It sounds maybe easy, okay so let's plug a few phones and then get a really good connection, but it's much more complicated than that. We share and split the data across multiple networks at the same time, we prioritize the data. So, like a brake, it's very important, right, so if the remote operator is pressing the brake, you want it to be first in the vehicle, where the right side of the camera is not as critical, so lower latency for the brake, and then a little bit higher latency for something less important. >> So you've got dynamic, kind of, latent distribution. >> It's all dynamic, realtime, you know, so that's what we do, our real core. We provide this communication, real time, critical layer of communication for the video streaming and back of the data from the remote operator, back and forth all the time. >> So that's one big piece of it. Another big piece of it is the communications between the occupants in the vehicle and the driver. Another really important piece that obviously most people aren't thinking about for autonomous vehicles because they don't have that use case. But that's a pretty important piece of your solution. >> Yeah, that's a big one. I'd say that for this, you don't need to do a lot of innovation. It could be a simple call with the driver remotely. But, we're all about safety, right, and we're all about giving passengers this psychological trust, and it is true, you want to sit in a car that drives 100% of the time. If I tell you that your car today would go in and drives only 95% of the time, you would not buy this car. Same thing with autonomous vehicles. So we provide a safety and service layer. On the safety side, it's about assisting the vehicle when there's an emergency. It could be post-emergency or before it happens. Let's say you're just stuck in the middle of the lane and you don't know what happens. Even if the driver remotely wouldn't actually drive the car, you still want to be able to talk to somebody, right. So, I'd start with first the person, the driver, the human being would greet you when you enter the vehicle. It's an autonomous vehicle, he would say hello, how are you, nice to meet you, my name is let's say Ben- >> Ben is going to be your driver. >> Your driver soon, and Ben is going to tell you that whenever you have a problem, if you need any assistance, he would be there for you. That already gives you like a whole different type of experience, and when you leave the vehicle too, he's not going to be there all the time engaged with the car. The car is going to drive on an autonomous AV system, but at least he's there in case you need him. >> And again, the attention thing, which is an issue, you see with some of the test autonomous cars out there we were talking before we turned the cameras on, where the engineer's got his hands ready to grab the wheel if there's an emergency. That's not really Ben's role here. The car is going to take evasive action in terms of emergency. It's more to get out of like these weird corner cases as you said. >> Correct, it's not a test driver. Today, most autonomous vehicle companies still require and mandate it, it's actually illegal. By the regs, you have to have a person in the car. We also have a person in the car, and we do that same thing, although when Ben is driving, he's not replacing that person. He's just assisting when the autonomous vehicle system would have an issue. >> Right. So the next thing I think that's pretty interesting about your company, as you said, you're a software company. There is hardware components, you can see the back of the car, we'll take some film of the driving station, but you use a lot of off the shelf, really simple hardware to execute this. There's Logitech, little steering wheels are over there, it feels like a big video game, you've got the big, curved Samsung screens, basic cameras on the car, so talk about the opportunity to build a software company and you're leveraging somebody else's autonomous vehicle technology to really get in the middle of this with just software, a pretty cool opportunity. >> I'll tell you what. The best time of my life was earlier this year, when I was just putting this whole thing together because it was plugging in the hardware and the software, I did it together with a team that's also here in the office. Obviously, it was more challenging because from a software person to try and build this hardware, you know, is more challenging, but I'd say today, you can get anything on Amazon, you buy on eBay a part you need, you plug it in and it would just work. So, again, we did a lot of iteration, I'd say we spent a bit more money than we were supposed to. But, that works. >> Right. And then the last piece of the puzzle that I think is fascinating is the way you're going to integrate in with other people's autonomous vehicle, so again, we talked about Waymo up the street, the Google one, Uber is working on theirs, Volvo, every day you read about BMW, et cetera et cetera, so you really get to take advantage of those hardware systems, the sensor systems, the control systems, not only from those autonomous vehicles, but you're seeing now all this stuff that's coming in factory, right, avoidance collision and radar and all types of sensors, so you will have to be able to take advantage of those different platforms and integrate your system into those various platforms. >> Right. So we would work with a company, let's say if it's one of the big OEMs or ride-sharing companies, we would know how their vehicle is set up, all we need for our solution to work is a bunch of cameras and a few modems, right, so cameras everybody have, it's one of the most essential things in an autonomous vehicle- >> Right, right. >> We would just tag into these cameras, use the modems that we need for the software to run, and that's about it. So it's a pretty straightforward solution to allow remote control assistant for autonomous vehicles. >> I'm just curious, when you're talking to customers or potential partners, what is the piece that really resonates with them when you kind of explain your solution and how it fits with what they're trying to accomplish? >> Right, so our solution is really trying to help them reach market faster, so we're not replacing anybody's work. We're adding another layer of support and safety so when yous computer crashed, when your software crashed in the car, we're going to be there with another redundancy system to support with a driver remotely. So, that's what we do at the service level. >> Okay, so can I go take a drive? >> Yeah, sure. Let's do it. >> All right, we're going to check it out, we're going to take a drive. We'll see you in the car. Thanks for watching. (upbeat music)

>>from around the globe. It's the Cube with digital coverage of data automated and event. Siri's brought to you by Iot. Tahoe. Okay, we're back with Adam Worthington. Who's the CTO and co founder of Ethos Adam. Good to see you. How are things across the pond? >>Thank you. I'm sure that a little bit on your side. >>Okay, so let's let's set it up. Tell us about yourself. What your role is a CTO and give us the low down on those. >>Sure, So we get automatic. As you said CTO and co founder of A were pretty young company ourselves that we're in our sixth year and we specialize in emerging disruptive technologies within the infrastructure Data center kind of cloud space. And my role is the technical lead. So it's kind of my job to be an expert in all of the technologies that we work with, which can be a bit of a challenge if you have a huge portfolio, is one of the reasons we deliberately focusing on on also kind of a validation and evaluation of new technologies. Yeah, >>so you guys are really technology experts, data experts and probably also expert in process and delivering customer outcomes. Right? >>That's a great word there, Dave Outcomes. That's a lot of what I like to speak to customers about on. Sometimes I get that gets lost, particularly with within highly technical field. I like the virtualization guy or a network like very quickly start talking about the nuts and bolts of technology on I'm a techie. I'm absolutely a nerd, like the best tech guitar but fundamentally reporting in technologies to meet. This is outcomes to solve business problems on on to enable a better way. >>Love it. We love tech, too, but really, it's all about the customer. So let's talk about smart data. You know, when you when you throw in terms like this is it kind of Canfield Buzz Wordy. But let's let's get into the meat on it. What does that mean to you? One of the critical aspects of so called smart data >>cool probably hoped to step back a little bit and set the scene a little bit more in in terms of kind of where I came from, the types of problems that I'm really an infrastructure solution architect trace on what I kind of benefits. We organically But over time my personal framework, I focused on three core design principles whatever it was I was designing. And obviously they need different things. Depending on what technology area is that we're working with. That's pretty good on. And what I realized that we realized we started with those principles could be it could be used more broadly in the the absolute best of breed of technologies. And those really disrupt, uh, significantly improve upon the status quo in one or more of those three areas. Ideally or more simple, more on if we look at the data of the challenges that organizations, enterprises organizations have criticized around data and smart fail over the best way. Maybe it's good to reflect on what the opposite end of the story is kind of why data is often quite dumb. The traditional approaches. We have limited visibility into the data that we're up to the story using within our infrastructure as what we kind of ended up with over time, through no fault of the organizations that have happened silos, everyone silos of expertise. So whether that be, that's going out. Specialized teams, socialization, networking. They have been, for example, silos of infrastructure, which trade state of fragmentation copies of data in different areas of the infrastructure on copies of replication in that data set or reputation in terms of application environments. I think that that's kind of what we tend to focus on, what it's becoming, um, resonating with more organizations. There's a survey that one of the vendors that we work with actually are launched vendor 5.5 years ago, a medical be gone. They work with any company called Phantom Born a first of a kind of global market, 900 respondents, all different vectors, a little different countries, the U. S. And Germany. And what they found was shocking. It was a recent survey so focused on secondary data, but the lessons learned the information taken out a survey applies right across the gamut of infrastructure data organizations. Just some stats just pull out the five minutes 85% off the organization surveyed store between two and five stores data in 3 to 5 clouds. 63% of organizations have between four and 16 coffees of exactly the same data. Nearly nine out of 10 respondents believe that organizations, secondly, data's fragmented across silos are touched on is would become nearly impossible to manage over the long term on. And 91% of the vast majority of organizations leadership were concerned about the level of visibility their teams. So they're the kind of areas that a smart approach to data will directly address. So reducing silos that comes from simplifying so moving away from complexity of infrastructure, reducing the amount of copies of data that we have across the infrastructure and reducing the amount of application environment. I mean, Harry, so smarter we get with data is in my eyes. Anyway, the further we moved away from this, >>there was a lot in that answer, but I want to kind of summarize it if I can talk. You started with simplicity, flexibility, efficiency. Of course, that's what customers want. And then I was gonna ask you about you know, what challenges customers are facing, and I think you laid it out here. But I want to I want to pick on a couple of some of the data that you talked about the public cloud treat that adds complexity and diversity in skill requirements. The copies of data is so true, like data is just like like if rebels, If you Star Trek franchise, they just expand and replicate. So that's an expense, and it adds complexity. Silo data means you spend a lot of time trying to figure out who's got the right data. What's the real truth with a lot of manual processes involved in the visibility is obviously critical. So those are the problems on. But course you talked about how you address those, But But how does it work? I mean, how do you know what's what's involved in injecting smarts into your data? Lifecycle >>that plane, Think about it. So insurance of the infrastructure and say they were very good reasons why customers are in situations they have been in this situation because of the limits are traditional prices. So you look at something is fundamental. So a great example, um on applications that utilize the biggest fundamentally back ups are now often what that typically required is completely separate infrastructure to everything else. But when we're talking about the data set, so what would be a perfect is if we could back up data on use it for other things, and that's where a, uh, a technology provider like So So although it better technology is incredibly simple, it's also incredibly powerful and allows identification, consolidation. And then, if you look at just getting insight out of that fundamentally tradition approaches to infrastructure, they're put in a point of putting a requirement. And therefore it wasn't really incumbent exposed any information out of the data that's stored within the division, which makes it really tricky to do anything else outside of the application. That that's where something like Iot how come in in terms of abstracting away the complexity more directly, I So these are the kind of the area. So I think one of my I did not ready, but generally one of my favorite quotes from the French philosopher and a mathematician, Blaise Pascal, he says, I get this right. I have written a short letter, but I didn't have time. But Israel. I love that quite for lots of reasons, that computation of what we're talking about, it is actually really complicated to develop a technology capability to make things simple, more directly meet the needs of the business. So you provide self service capabilities that they just need to stop driving. I mean making data on infrastructure makes sense for the business users. Music. It's My belief is that the technology shouldn't mean that the users of the technology has to be a technology expert what we really want them to be. And they should be a business experts in any technology that you should enable on demand for the types of technologies to get me excited. They're not necessarily from a ftt complicated technology perspective, but those are really focused on impressive the capability. >>Yeah. Okay, so you talked about back up, We're gonna hear from Kohi City a little bit later and beyond backup data protection, Data Management, That insight piece you talked earlier about visibility, and that's what the Iot Tahoe's bringing table with its software. So that's another component of the tech stack, if you will, Um, and then you talk about simplicity. We're gonna hear from pure storage. They're all about simple storage. They call it the modern data experience. I think so. So those are some of the aspects and your job. Correct me. If I'm wrong is to kind of put that all together in a solution and then help the customer realize that we talked about earlier that business out. >>Yeah, it's that they said, in understanding both sides so that it keeps us on our ability to be able to deliver on exactly what you just said. It's being experts in the capabilities and new and better ways to do things but also having the kind of business under. I found it to be able to ask the right questions, identify how new a better price is positions and you touched on. Yet three vendors that we work with that you have on the panel are very genuinely of. I think of the most exciting around storage and pure is a great one. So yes, a lot of the way that they've made their way. The market is through impressive C and through producing data redundancy. But another area that I really like is with that platform, you can do more with less. And that's not just about using data redundancy. That's about creating application environment, that conservative, then the infrastructure to service different requirements are able to do that the random Io thing without getting too kind of low level as well as a sequential. So what that means is that you don't necessarily have to move data from application environment a do one thing. They disseminate it and then move it to the application environment. Be that based environment three in terms of an analytics on the left to right work. So keep the data where it is, use it for different requirements within the infrastructure and again do more with less. And what that does is not just about simplicity and efficiency. It significantly reduces the time to value. Well at that again resonates that I want to pick up a soundbite that resonates with all of the vendors we have on the panel later. This is the way that they're able todo a better a better TCO better our alliance significantly reduce the value of data. But to answer your question, yeah, you're exactly right. So it's key to us to kind of position, understand? Customer climbs, position the right technology. >>Adam. I wonder if you could give us your insights based on your experience with customers in terms of what success looks like. I'm interested in what they're measuring. I'm big on and end cycle times and taking a systems view, but of course you know customers. They want to measure everything, whether it's the productivity of developers or, you know, time to insights, etcetera. What >>are >>they? One of the KP eyes that are driving success and outcomes? >>Those capabilities on historically in our space have always been a bit really. When you talk about total cost of ownership, talk about return on investment, you talk about time to value on. I've worked in many different companies, many different infrastructure, often quite complicated environments and infrastructure. I'm being able to put together anything Security realistic gets proven out. One solution gets turned around our alliance TCO is challenging. But now with these new, a better approach is that more efficient, enables you to really build a true story and on replicate whatever you want. Obviously ran kind of our life, and the key thing is to say from data, But now it's time to value. So what we what? We help in terms of the scoping on in terms of the understanding what the requirements are, we specifically called out business outcomes what organizations are looking to achieve and then back on those metrics, uh, to those outcomes. What that does is a few different things, but it provides a certain success criteria. Whether that's success criteria within a proof of concept of the mobile solutions on being able to speak that language on before, more directly meet the needs of the business kind of crystallized defined way is we're only really be able to do that. Now we work with >>Yeah, So when you think about the business case, they are a why benefit over cost benefit obviously lower tco you lower the denominator, you're going to increase the output in the value. And then I would I would really stress that I think the numerator, ultimately especially in a world of data, is the most important. And I think the TCO is fundamental. It's really becoming table stakes. You gotta have simple. You've gotta have efficient. You've got to be agile. But it enables that that numerator, whether that's new customer revenue, maybe, you know, maybe cost savings across the business. And again that comes from taking that systems view. Do you >>have >>examples that you can share with us even if they're anonymous, eyes the customers that you work with that or maybe a little further down on the journey, or maybe not things that you can share with us that are proof points here. >>Sure, it's quite easy and very gratifying when you've spoken to a customer. We know you've been doing this for 20 years, and this is the way that your infrastructure if you think about it like this, if we implemented that technology or this new approach, then we will enable you to get simple, often ready, populous. Reduce your back. I worked on a project where a customer accused that back book from I think it was. It was nine. Just under 10. It was nine fully loaded. Wraps back. We should just for the it you're providing the fundamental underlying storage architectures. And they were able to consolidate that that down on, provide additional capacity. Great performance. The less than half Uh huh. Looking at the you mentioned data protection earlier. So another organization. This is a project which is just kind of nearing completion of the moment. Huge organization. They're literally petabytes of data that was servicing their back up in archive. And what they have is not just the reams of data, they have the combined thing. I different backup. Yeah, that they have dependent on the what area of infrastructure they were backing up. So whether it was virtualization that was different, they were backing up. Pretty soon they're backing up another database environment using something else in the cloud. So a consolidated approach that we recommended to work with them on they were able to significantly reduce complexity and reduce the amount of time that it system what they were able to achieve. And this is again one of the clients have they've gone above the threshold of being able to back up. When they tried to do a CR, you been everything back up into in a second. They want people to achieve it. Within the timescales is a disaster recovery, business continuity. So with this, we're able to prove them with a proof up. Just before they went into production and the our test using the new approach. And they were able to recover everything the entire interest in minutes instead of a production production, workloads that this was in comparison to hours and that was those hours is just a handful of workloads. They were able to get up and running with the entire estate, and I think it was something like an hour on the core production systems. They were up and running practically instantaneously. So if you look at really stepping back what the customers are looking to the chief, they want to be able to if there is any issues recover from those issues, understand what they're dealing with. Yeah, On another, we have customers that we work with recently what they had huge challenges around and they were understandably very scared about GDP are. But this is a little while ago, actually, a bit still no up. A conversation has gone away. Just everybody are still speaks to issues and concerns around GDP are applying understanding whether they so put in them in us in a position to be able to effectively react. Subject That was something that was a key metric. A target for on infrastructure solution that we work with and we were able to provide them with the insight into their data on day enables them to react to compliance. And they're here to get a subject access request way created in significantly. I'm >>awesome. Thank you for that. I want to pick up on a little bit. So the first example you get your infrastructure in order to bust down those silos and what I've when I talk to customers. And I've talked to a number of banks, insurance companies, other financial services of manufacturers when they're able to sort of streamline that data lifecycle and bring in automation and intelligence, if you will. What they tell me is now they're able to obviously compress the time to value, but also they're loading up on way more initiatives and projects that they can deliver for the business. And you talk for about about the line of business having self served. The businesses feel like they actually are really invested in the data, that it's their data that it's not, you know, confusing and a lot of finger pointing. So so that's that's huge on. And I think that your other example is right on as well of really clear business value that organizations are seeing. So thanks for those you know. Now is the time really, t get these houses in order, if you will, because it really drives competitive advantage, especially take your second example in this isolation economy, you know, being able to respond things like privacy are just increasingly critical. Adam, give us the final thoughts. Bring us home in this segment, >>not the farm of built, something we didn't particularly touch on that I think it's It's fairly fairly hidden. It isn't spoken about as much as I think it is that digital approaches to infrastructure we've already touched on there could be complicated on lack of efficiency, impact, a user's ability to be agile, what you find with traditional approaches. And you already touched on some of the kind of benefits and new approaches that they're often very prescriptive, designed for a particular as the infrastructure environment, the way that it served up to the users in a kind of A packaged either way means that they need to use it in that whatever way, in places. So that kind of self service aspect that comes in from a flexibility standpoint that for me in this platform approach, which is the right way to address technology in my eyes enables it's the infrastructure to be used effectively so that the business uses of the data users what we find in this capability into their hand and start innovating in the way that they use that on the way that they bring benefits a platform to prescriptive, and they are able to do that. So what you're doing with these new approaches is all of the metrics that we touched on fantastic from a cost standpoint, from a visibility standpoint. But what it means is that the innovators in the business want to really, really understand what they're looking to achieve and now tools to innovate with us. Now, I think I've started to see that with projects that were completed, you could do it in the right way. You articulate the capability and empower the business users in the right way. Then very significantly better position. Take advantage of this on really match and significantly bigger than their competition. >>Super Adam in a really exciting space. And we spent the last 10 years gathering all this data, you know, trying to slog through it and figure it out. And now, with the tools that we have and the automation capabilities, it really is a new era of innovation and insights. So, Adam or they didn't thanks so much for coming on the Cube and participating in this program >>Exciting times. And thank you very much today. >>Alright, Stay safe and thank you. Everybody, this is Dave Volante for the Cube. Yeah, yeah, yeah, yeah

>>Fly from San Francisco. It's the cube covering RSA conference, 2020 San Francisco brought to you by Silicon angle media. >>Hey, welcome back everybody. Jeff, Rick here with the cube. We're at the RSA conference in downtown San Francisco at Moscone. It's the fourth day of the show, 40,000 some odd people here. It's all about security. It's the biggest security show in the world despite the fact that there were some challenges with the coronavirus this year and you know, people were kind of wondering how that was going to shake out. There's been a lot of kind of weird stuff going on in the conference scene, but a lot of people got here, a lot of conversations around security and we're really happy to have really a seasoned vet. He's been through this cycle of security a couple of times that you said he's done four different startups. We're happy to have him as all of our Fredericks, the VP security product. That's blown. Good to see all of her. >>Thank you. Great to be here. Absolutely. So let's take a step back. You've been coming to this show for a little while. What's kind of your, your impression of the show? Well, it's really interesting this year, you know, I think it's a, I'd say the energy level is somewhat flat and I think it's a sign of our industry maturing and getting to the point where, you know, you used to see, uh, some pretty big disruption every few years when compute changes the threats or attack surface moves and the threats change with it. But things have been relatively stable. You know, the cloud is really the biggest, most recent, uh, innovation. And so there really hasn't been, I think any massive disruption in our industry for a little bit, but a lot of just continuous iteration and improvement on existing technologies. Right? There's some big ones coming down the pike though, right? >>One of the big ones that's going to have a huge impact is five G and IOT. Uh, suddenly now that you know these things, people think five GC can talk to your mom faster on the phone. That's not what it's about at all, right? It's a speed of machines and the speed in which these transactions are going to be happening. Not to mention all those connected devices, all those new attack surfaces, very, very revolutionary. And yet the theme here is the human elements. So when you think about speed of machines and, and increasing, uh, the kind of frequency of bot attacks, this and that, and yet there's still people that gotta be on the hook and responsible for this stuff. How do you think about it and has you actually use things like AI to help the people fight the machines? Yeah, I know it's a really good question. >>So typically over the years, right, attackers have targeted compute, uh, operating systems, applications, servers, and so on. But we've, we've done a really good job of starting to lock those down, finding those vulnerabilities, patching them, fixing them, you know, that's, it's not a panel, it's, it hasn't been solved, right? That's, it's an ongoing issue. But attackers have moved onto the weakest link, which is people, right? If I can convince you to send me your, you know, your bank account information or that access to your account and wire money out of your account, right? It's a lot easier than having to find a vulnerability in Microsoft windows these days, which used to be pretty easy back 20 years ago. Used to, they're there, they're by the dozens. Right. But, but now they're getting better on the fishing too. And now spear fishing. Right. I, I had a friend in commercial real estate who, who told me this email that he got like from his banker, you know, talking about a transaction with a business associate using vocabulary words that that would normally be used in their exchange to the point where he called the guy and said, did you send this to me? >>Um, so you know, the, the, the, the bad English bad grammar and, and kind of funky word selection isn't necessarily that red flag that it used to be that don't click on here and we're still getting, you know, this, this attacking is happening. So how do, how do people get more sophisticated in light of kind of these more sophisticated attacks on the people? >>Yeah, so I think there's two things. One is, you know, it hidden in there is, and that type of an attack is typically wire instructions, right? If it's, if I'm buying a house, my escrow company or title company is going to send me wire instructions to send the money for the down payment on that house for example. You know, that's, that's been a very, very common attack where, you know, title companies may not be the most sophisticated, like many of the organizations that are here today. Uh, so definitely fall victims. So that's, that's definitely a growing problem and a growing attack surface. We also see, uh, you know, the need for new technologies like natural language understanding, actually understanding the context of the data. Uh, for example, what's the intent behind it? What's the meaning? Sure, it's not going to be misspelled. But can I find other relevant factors or attributes of that email that, uh, point out at red flag or something that I need to be concerned about before I actually click on it or open it or, or act on it? >>Right. So the company that you, uh, led before spunk acquired you, Phantom, you talked a lot about they're trying to help, help to see Sox do a better job, help them kind of filter, filter what they don't need to respond to, prioritize what they need to respond to and then respond quicker when they do. That's right. A little bit more about how that works and what's kind of the impact of having that technology on the front line. >>Yeah, so five years ago, automation and security really didn't exist. Uh, we created a new category called soar security, orchestration, automation and response. And, uh, it's a technology that allows you to automate what a SOC analyst would typically do by hand. So typically, you know, if an analyst is looking at an event, uh, it would take them 10 minutes, best best-case, 11 hours, worst-case, to analyze that and do all the work that they need to do to triage it. By automating, we're able to reduce that down to a best case of one second, worst case of 10 minutes using automated playbooks. So we're able to get a, uh, a massive performance improvement by automating, by creating a playbook of those rout routine things that an analyst would do by hand. And that frees up the analyst to do more proactive, higher order activities, things that actually require the human thought versus the repetitive work which we're very happy about. >>And are most of those types of, of of uh, processes that you automated? Just check, just to get, you know, kind of checking boxes if you will, almost like a pre-flight to make sure that you kind of have the simple things covered or you know, what are some of the activities that you've been able to automate? >>Yeah, so it's interesting these, these platforms have become very flexible and multipurpose. So today we integrate with over 300 different security vendors that are on the showroom floor here today to let you automate in those products. So the typical large enterprise has maybe 60 70 security products that they're all managing from a browser tab or a different login. What soar platforms do is they tie those together and allow you to manage those products very rapidly. In the case of an event. So for example, you know, if I have a, a, a phishing email, I can take the attachment detonated in a sandbox from any of the sandbox vendors here on the showroom floor. Look it up in my reputation service like my virus total reversing labs for example, look it up on my EDR product on the endpoint to see do any of my endpoints actually have this file. And then I could take remediate, remediate of action and actually block the user, take the endpoint off the network using a Nack product that's here, uh, and so on, or block it on the firewall. So there's many different types of scenarios. >>It's that whole chain that you just described potentially would be something that you build into this playbook and have that happen automatically. Yes. Oh, that's a huge time saver. Huge time saver. So as you look forward, kind of at the power of AI, right? It's good news, bad news, right? Good news. You're going to have a lot more horsepower and computational wizardry at your fingertips. Bad news is the bad guys are also going to have a lot more computational power and wizardry at the end of their fingertips. So how do you, you know, kind of see the battle continuing to play out? Where do you really see great opportunities with, with this evolving AI to do things that you just couldn't do before? >>Yeah, look, I at attackers have been using automation and AI against us for, for many years now. So we're just starting to catch up and use it effectively to defend ourselves. Uh, you know, it'll be very interesting to see where this goes. I don't know if I can predict, but imagine machines fighting machines just like in real life and robotics and so on. In real physical kinetic warfare. Imagine the same thing happening in cyber here is entirely conceivable, but I don't think we're quite there yet. I mean, we obviously see botnets and other automated attacks that are already very rampant and then automated countermeasures that are there as well. So it'd be very interesting to even have, you know, maybe one year here we'll have uh, you know, robot Wars for cyber and have, you know, technologies battle each other to see who your >>wins. But what's crazy is as much as the bots are fighting the bots, you know, we have, uh, people in like Rachel tow back, we fed on a couple of times. She's, she does social hacking and uh, and she's basically a hundred percent, uh, successful in just calling people on the phone and giving them to provide her the details. So it still is going to keep the people in the loop. We're still going to have to, you know, make sure that they're not the weakest link. Absolutely. Yeah. All right, good. So final thoughts as you ahead into 20, 20 the year, we're going to know everything with the benefit of hindsight. Well, look, I think one thing we're seeing, there's so many vendors here, uh, things are coming together. Again, our customers are looking to consolidate, they're looking to reduce. And one thing that we're very heavily focused on at Splunk is creating a single work surface for analysts. So they don't have to deal with dozens of different consoles. Right. We're very, very focused on that. Working 70 tabs to work process is not a, not very efficient. So ideal. No. All right. All over. Well, thanks for, uh, for taking a few minutes to stop and buy and a continued success for you and Splunk. Thank you. Alrighty. He's all around. Jeff, you're watching the cube. We're an RSA 2020 and downtown San Francisco. Thanks for watching. See you next time.

>>law from Las Vegas. It's the Q covering a ws re invent 2019. Brought to you by Amazon Web service is and in along with its ecosystem partners. >>Welcome back to Las Vegas. Lisa Martin with John Ferrier, The Cube at AWS Reinvent 19 Lots of buzz. You can probably hear a little bit of it behind us here. There's about 65,000 people projected to be at a W s reinvent this week. Wow, we're very excited to welcome a distinguished guest and a distinguished architect from Splunk. Back to the Q r didn't murder, do you? Welcome back. >>Thank you very much. Thanks for having me back. >>Great to have you here. So let's kind of talk about here. We are re invent lots of news, lots of stuff. Lots of buzz going on. What kind of the latest with Splunk and a del us. >>All right, so the latest Splunk is obviously acquired us significance. The deal closed in trouble, So we're very excited about that. Um on we really feel that it's a it's a manager off complementary technologies, which is what I want some of the things we probably we can discuss later We're also very excited because we got acquired. Then we were able to go to dot com where we, you know, introduce the combined companies together. But then, at a cubicle on recently, we made a couple of very interesting product announcement that we're excited about, which is way discussing lots of reinvent conference. The 1st 1 is we have a brand new kubernetes experience called the community's Navigator, which we feel is a far, far better way Thio understand and make sense of the community environment. As you know, it's taking getting a lot of traction as a technology. So we're very excited about that because it not only gives you the infrastructure of you, but it also gives it the operators view, which I think operas. We really appreciate it. Three other thing that we're also focusing on. Obviously, if Splunk acquired US logs is an important part of this equation way are doubling down on the ability to ingest logs and make metrics out of them. You know, one of the things we've always discussed is how metrics every lightweight and actionable think that you can put on dashboard. You could put a lot son on the ability. Doing just logs and make them into metrics gives you that capability on the log data. We had a very interesting announcement around AWS. Fire lands on so on where you would be able to take love data from Splunk or other sources, and they bring them in as metrics to the system. The 13 has to do with the growing traction off open source standards. So we were actually very excited to make some contributions in the open telemetry project that we can discuss also later. But the idea is we want to promote open standards on open source, especially in instrumentation in the monitoring. Really? So that's kind of what's new >>question that's here at Amazon this week in this points to your success is observe ability, jazz he's laying out. This is distributed cloud Senator Gravity public Cloud Edge Outpost, Native AWS, Outpost five G with Verizon Wavelength All points to a lot of things. Move around, move compute to the edge where the data is so it speaks of large scale people having a hard time of doing it themselves on observe abilities. Harder and harder to roll your own are managed multiple tools. What are you guys doing to solve that problem? And how do you shape that going forward? >>That's a great question. Like the thing that blows my mind every time I come to reinvent is just the sheer variety of new things that comes across on. People are adopting them. All of these, he mentioned a bunch of different service is that I've got a lot of traction, got a lot of users, so that's happening across the user base. And then the question on D A. Y is because it's no longer about just building a database or, you know, things that you can sort some data and make some credit. It's about building the solution. A good solution. Need to support all the system. The service is that the customer the engineers are using right, so just keeping up with the sheer pace of innovation. Keeping that system up today is extremely, extremely hard. And so I feel that in generous making, less and less sense for most companies to try to roll their own observe ability, they would rather choose good tools that can sort of empower them that can able to move faster and invest in the people and process is part of it, which is also very, very key because >>the downside of rolling your own doing it yourself sure, what are some of the consequences that might happen? >>So in general, the people, the reason people want to build a couple of reasons, right? So one is they might undervalue, like the capabilities that good of the ruling might provide you, they might be afraid of the cost, like observe ability was cheap or free. Most people probably wouldn't build it. Some of them still vote because they might be afraid of vendor locking. Vendor lock in is a problem, and you don't want to be locked into vendors. Right? And what I feel in the terms of the risks is like if you consider observe ability as a cost center and not as an enabler, then you probably gonna try to do D i Y. But I think the view to the right view to have is think of it is something that accelerates your innovation and some of the risks of the advice. If you don't build something that's really capable that can that can do all the border or something that a system. Should you're gonna get slowed down, your innovation is gonna get slowed down. Another very thing, common pattern that we see a lot is maintaining, maintaining that it is a lot of resource is and people to build and maintain such a system. It's easy to prototype something and get it going, But are you going to be able to maintain the head count higher and grow the team on a long term basis? Because it's not something you can suddenly decide? Oops. I made a mistake. Time for a change. >>But change is difficult in any aspect of life. Changed management is something that we talk about office. It's way easier said than done. One of the things Andy Jassy talked about this morning and alluded to this and John's exclusive interview with him the other day was that the transformation needs to start at the top. It needs to be an executive level, a senior level and an aggressive tops down push in your experience in the last couple of years, what are some of the things that you're seeing companies in terms of the senior leadership embracing a understanding where D I y is useful where it's not, but also pushing that I want Oh my God, guys pushing it down from the top. So folks understand why this type of change is fundamental to a business to be competitive, >>right? So in general lighting, the focus is all on, like innovating, faster moving faster, keeping customers happy. Fundamentally, that's what we're doing. You know, our CMO Tom Bueller likes to say that you know the business. The Internet moves at the speed of life, a speed of life, Israel time, right? And so outages, Any kind of issues. They really affect your brand. And that's something that we need to avoid, like the plague, right? And that's gonna wear again. Observe. Ability comes in because this is the thing that's gonna allow you to find out renting There are. But more importantly, even when you don't have outages, the confidence that teams get in making changes, whether it be configuration changes or coat, which is a setup because they have a good system backing them up, is very, very critical. Right now. You can go D i y. You can go with a vendor solution, potentially terrifying, especially you can build one, but I think from top down. The important thing is like you have to be very clear about what you want out of it. And what are those things that you want to accelerate or make better in your organization? If your goal is, I want faster innovation, more code pushes, more changes, less deception like I feel that message needs to be done so that engineers understand that from management perspective, there's full support for this on their empowering you again. Where the two comes from is less important. But I think having those goals very clear and having that culture set from the top is very critical. >>A lot of open source discussions were hearing it here, laying out multiple databases you got pie towards you got tensorflow in machine, learning side on more and more kubernetes again, that's all speaks to where the service measures air going in. Micro Service's There's a lot of talk around open instrumentation open telemetry. What's your take on this? What is what's going on there? Can you share your commentary on those two things? >>Yes, so injured, as you know, like from the beginning, where since in Olympics started, we always believed that instrumentation should be open standards based. There should not be propriety instrumentation. They should be vendor lock in. It was a little bit perhaps ahead of the time, and we started off, but you can see that trend really accelerating now. But at this point, because of the sheer variety of service is and so on, it's very, very hard to build proprietary everything that supports all the all the things out there. What we're seeing is more bottoms up, open source, open standards efforts. Right, And that is great because A for the guys who are doing d i y. Because they don't want vendor lock in open standards is great because you're not really locked into a vendor in your environment. What you're doing is using a different back end, whether it be you know, your own or would it be a vendor's? Some of the things that we're doing is we're actually very happy to see this acceleration, and we're actually helping make that more so. Way just contributed pretty significant open telemetry project, which, as you know, is a way to instrument your environment for traces and metrics and logs eventually and so we actually donated the signal if Ickes smart Asian, which is pretty wonderful because it's a survey that's an agent that's running on your instances on your host, discovers as nuisances pop up. So, you know, speaking of community is the perfect fit for that, and it will start monitoring them and sending you did up on by making it by donating it to open telemetry. Were hoping to sort of accelerate out of the goodness and so that you know, all customers all use it. Whether they're significant customers or not should be able to benefit from that. >>Is an open source the source code? Or is it open as >>it's open source? There's two aspects to it is open standards as well as open. Both of them are happening because through the Amish in acquisition, we're now actually a pretty cool part of the open telemetry effort. So we're not really helping find finalize the standards, but also donating actual source code and components. >>Take a minute to explain. Signal FX is evolution now that you're in Splunk, right? What's changed? What's still the same? What's how is it? Evolve, how a signal effects evolved because you guys were really early ahead of it. A lot of people, but a lot of market power, great customer base and tech. What's the impact of Splunk and signal FX? >>Yes. So you know there's this cliche which is one plus one equals three. It kinda almost feels true here because, like I really, every time I think about this acquisition, it just feels how complimentary these two companies were because we have metrics and traces. Blanc has the best loss platform. But one of the things that we lot of times don't understand is he also a bunch of other technology which is highly relevant to the observe ability, space. For example, the acquired A company called Phantom, which is into automation, which is right up our alley because I feel like after all this mess has died down a little bit on communities, automation is gonna be the next frontier. They're fantastic. Automation platform built the security automation tool called Mission Control based on that, and now we're looking at how we can bring that into observe ability. Another example is incident management, Broncos Victor Ups, which is again exactly right up our alley. So we feel that we can really build a portfolio of solutions that work really, really well, that's one aspect. The other aspect, as you mentioned, is just the market power. And the resource is that's behind us, which is wonderful. For example. They're quite our mission, which is a fantastic complimentary technology to us, and we're working very quickly to sort of integrate the two together. Similarly, is getting the introductions. Having the financial benefit of a Splunk behind us is wonderful to have. So I think it'll only accelerate our >>congratulations on a great venture. I know you guys stayed the course and rightfully so great payday. But great outcome with Splunk Win is a win win. Yes, I gotta ask you the entrepreneurial question because a lot of people are saying, Oh my God, Amazon sucking up all the auction out of the room, Large scale. Got red shifts taking over this. That's taking over that someone's eating someone. Okay, I don't believe that. I believe that there's still a lot of opportunity for entrepreneurs because of this Born in the cloud and reborn in the cloud a new next gen architectures are developing with EJ. What's your opinion on this? As a cloud of alls What's the dynamics? And entrepreneurs and people thinking about innovating and either pivoting or reimagine their business? How should they be thinking about how to win in the new model? What are some of the architectural things that could bet on? What's your expert opinion on that? >>That's a good question. So I have some thoughts on it. Everybody might area once, right? So I feel like move to cloud is just happening. It's happened. Everything is going to move to the cloud. So I think the fundamental technologies like the databases, etcetera, that cloud provided they're always gonna have an advantage because they're going to be able to run it in a more performance way. But the thing that they're doing us a great favour are entrepreneurs is they're making a lot of different service is available to us now. They're not always necessarily all working well together to solve a specific use case. So I feel that they're giving us a tool set, among other things, to combined together to provide solutions for the problems that users organizations are facing. Not necessarily the platform but but the solution, the vertical on top of it. I think there's a lot of opportunity there, as well as sort of just new types of technology you can. As an entrepreneur, you can still build technology that the cloud provider might find as valuable, and they might want to buy you there right when I use you. So there's always opportunity there. But I think they're so busy building that the substrate, this enormous amount of opportunities for further up north. That's kind of my opinion. >>That's great opinion. >>Last question for you on the parlay of opportunity and the career that you've had as cloud is evolving the next gen of the cloud to Toto that John's calling it, and data becomes the critical element that can fine business differentiation and competitive advantages. What are some of the next industries you really think our prime to completely transform? If they get it right, >>I think we're still stop. It is a whole lot of talk of machine learning. I think we're just scratching the surface. I think what's happened is at this point it has become accessible enough on viable enough to be applied to different places. So every day we see a new headline where basically similar techniques were applied to this use case or that this case, and it's amazing being health care, transportation, you name it like digital business. It's happening all the way on our side, on our side of the fence. I feel a Splunk or a signal effects. We want to see a lot of that happening on our side of the fence, because again, because of the complexity, wonder thing that we have discussed with John earlier is how we feel machine learning and artificial intelligence gonna help us operate more efficiently because humans are going to be able to not really rock the entire complexity of what's out there. So I feel there's a lot of assistance that it can provide. That's one area which I think is interesting, And I feel also that one of the things we discussed within Signal FX is his move towards automation automated everything because complex systems, they just need to run themselves At some point. Humans cannot really go and make all the decisions like my my mainframe, itjust kind offer it to tell you we're not really in the middle of it, right to some extent. Similarly, I feel there's not a lot of action gonna happen on Automated Cloud and automated opposite really automated everything. So I think that's another sort of big area that I see happening on one thing that I also like to say that I don't want to make predictions because, like the world is so different from 10 years ago to now, it just blows my mind. I don't know whether I would have been able to sort of think what's gonna happen. So I only wonder what the next five years they're gonna >>bring. Love that opponent. You're >>right. Even a few years ago today, mine are just thank you for joining John A B on today. We appreciate your time. >>Thank you very much >>for John Ferrier. I'm Lisa Martin. You're watching the Cube from Reinvent 19 and Vegas will be right back.

>> Announcer: Live from Las Vegas, it's theCUBE, covering Splunk .conf19 , brought to you by Splunk. >> Okay, welcome back, everyone. It's theCUBE's live coverage of, we're on day three of our three days of coverage of .conf from Splunk. This is their 10th anniversary, and theCUBE has been there along the way, riding the data wave with them, covering all the action. Our next guest is Jill Cagliostro, who's a product strategist at Anomali, who also has a sister in cyber. So she's got the cyber sisters going on. Jill, great to have you on. Looking forward to hearing about your story. >> Great, thanks. I'm glad to be here. I've been in the security industry for about seven years now. I started when I was 19, and my sister had started before me. She's a few years older than me, and she started out doing defense contracting on the cyber side. And she just kind of ended up in the internship looking for a summer job, and she fell in love. And as I got to kind of learn about what she was doing and how it all worked together, I started to pursue it at Georgia Tech. And I joined our on campus hacker's group club, Grey Hat. I was the first female executive. That was fun. I ended up getting an internship from there with ConocoPhillips and Bishop Fox, and moved on to the vendor side eventually with a brief stop in security operations. >> And so you have a computer science degree from Georgia Tech, is that right? >> I do, and I'm actually pursuing my master's in their online master's in cyber security program right now as well. >> Awesome. Georgia Tech, great school. One of the best computer science programs. Been following it for years. Amazing graduates come out of there. >> Yeah, we've got some pretty impressive graduates. >> So you just jumped right into cyber, okay. Male-dominated field. More women are coming in, more than ever now because there's a big surface area in security. What's your-- What attracted you to cyber? So, I love that it's evolving, and it allows you to think about problems in different ways, right. It's a new problem, there's new issues to solve, and I've been exposed to technology from a young age. I went to an all girls high school which had a really strong focus on STEM. So, I took my first computer science class at 15, and it was in an environment of all women that were incredibly supportive. I actually started a scholarship at our high school to get more women to look at technology longer term as career options, and I go back and speak and teach them that technology is more than coding. There's product management, there's, you know, customer success, there's sales engineering, there's marketing, there's so much more in the space than just coding. So, I really try to help the younger generation see that and explore their options. >> You know that's a great point, and, you know, when I was in the computer science back in the '80s, it was coding. And then it was--well, I got lucky it was systems also, a lot of operating systems, and Linux revolution was just begun coming on the scene. But it's more than that. There's data, data analytics. There's a whole creative side of it. There's a nerdy math side. >> The user experience. >> John: There's a huge area. >> Work flows and processes is something that is so needed in the security industry, right. It's how you do everything. It's how you retain knowledge. It's how you train your new staff. And even just building processes, is something that can be tedious, but it can be so powerful. And if that's something your used to doing, it can be a great field to build. >> Well, you're here. It's our third day at the .conf, our seventh year here. What's your take of Splunk, because you're coming in guns blaring in the industry. You've got your cyber sister; she's at AWS. You see Splunk now. They've got a lot of capabilities. What's the security conversations like? What are people talking about? What's the top story in your mind here at .comf for security and Splunk? >> Yeah, so I'm actually a Splunk certified architect as well. Splunk was one of the first security tools that I really got to play with, so it's near and dear to my heart. And I get to work with-- I'm over at Anomali, which is a threat intelligence company, and I get to work with our own art, Splunk integration. So, what we do is we enable you to bring your intelligence into Splunk to search against all of the logs that you're bringing there to help you find the known data in your environment. And so, that's if you're a Splunk Enterprise customer or Splunk Core. But if you're an Enterprise Security customer, they have the threat intel component of their product, which we integrate with seamlessly. So, the components are really easy to work with, and we help you manage your intelligence a little bit more effectively, so you can significantly reduce your false positive rate while working within the framework you're comfortable in. And one of the-- >> What's the problem-- What's the problems statement that you guys solve? Is there one specific thing? >> God, there's--Yes there's quite a few issues, right. I would say the biggest thing that we solve is enabling our customers to operationalize their intelligence. There's so much information out there about the known bad, and CCOs and CEOs are sending emails every day, "Are we impacted? "Are we safe?" And we enable you to answer those questions very easily and very effectively. One of the other big trends we see is there is an issue in knowledge gaps, right. The industry is evolving so quickly. There's so much to know. Data on everything, right. So, we have another way that we can work with Splunk that isn't a direct integration, and it's our product called Anomali Lens. And what it does is it uses natural language processing to interpret the page that you're on and bring the threat intelligence to you. So, if you're looking at a Splunk search page, you know, investigating an incident on brute force, and you have a seemingly random list of IPs in front of you, and you need to know what does everyone else know about these, to make your job easier, you can scan it with Lens, and it'll bring the information right there to you. You don't have to go anywhere else. You can stay in the Splunk UI that you love. >> What's some exciting things you're working on now that you think people should know about that if maybe covered in the press or in the media or in general? What is some exciting areas that are happening? >> Yeah, so Lens is pretty exciting for us. We just launched that last month. We're doing a lot. So, we also have a product called Anomali Match, which is purpose built for threat intel because often what we see is when a breach happens, the indicators that you need to know if they're in your environment, they don't come to light until six months to a year later. And then being able to go backwards in time to answer that question of were you impacted can be very difficult and very expensive, right. Anomali Match is purpose built to answer those questions. So, as the indicators become available, you know immediately was I impacted on the order of seconds. So, it just enables you to answer your CEOs a little faster, right, and get better visibility into your environment. >> So when you look at data to everything, how do you see it evolving as more volume comes in? There's more threat surface area out there. >> Right, and continues to increase it's bounds. >> How should people be thinking about it as they zoom out and think architecturally, "I got to lay out my enterprise strategy. "I bought a few tools that try to be platforms, "but I need a broader playbook. "I need something bigger to help me." >> You've got to take a step back and get a little altitude, right? >> John: Yeah, take a little step back, yeah. >> Yeah, so threat intelligence should really be driving your whole security practice. We already know, for the most part, who's attacking who and what they're trying to do. And so, threat intelligence shouldn't just be an integration into Splunk, although that is a critical component of it. It should be informing, you know, your security practices where you stand up offices. There may be locations that are higher risk for you as a particular type of entity. And all this information is available, but you have to just get access to it. You need one place to stop where you can google the threat intel, and that's what Anomali ThreatStream, our flagship product, aims to do. And Lens just makes it more accessible than ever. Rather than having to go look it up yourself, it brings it to you. And so, we're trying to augment the knowledge base without having to memorize everything. That's what we need to do is we need to find ways to bring this information and make it more accessible so you don't have to look in three tools to find it. >> So, I got to ask you and change topics. As the younger generation comes into the industry, one of the things that I'm seeing as a trend is more developers are coming in. And it's not just so much devops, whose clouds gray, we love devops, but ops, network ops and security ops, are also a big part of it. People are building applications now. So, like, you're seeing startups that have been tech for good startups coming out, where you're seeing a great examples of people literally standing up applications with data. What's the young generation-- because there's a hacker culture out there that can move fast, solve a problem, but they don't have to provision a lot of stuff. That's what cloud computing does. But now Splunk's the world. Data's becoming more accessible. Data's the raw materials to get that asset or that value. What are developers-- how do you see the developers programming with data? >> So, they're looking at their jobs and saying, "What am I bored doing "that I have to do over and over every day, "and how can I automate it?" So, there's a lot of store technology. Splunk also has Phantom, and that's enabling our developers, our younger generation who grew up around Python and coding, to quickly plug a few pieces together and automate half their jobs, which gives them the time to do the really interesting stuff, the stuff that requires human intervention and interpretation, and analysis that can't be coded. And it's just giving us more time and more resources to put-- >> What kind of things are they doing with that extra time? Creative things, pet projects, or critical problems? >> Oh, God, so many pet projects. God, what are you interested in? I've seen things being done to like mine bit coin on the side, right, to make a little extra cash. That's always fun. I've seen people automate their social media profile. I've seen threat researchers use scripting to help them find new information on the internet and reshare it to build their public brand. That's a really big component of the younger generation that I don't think was as big in previous generations, where your public brand matters more than ever. And so, we're bringing that into everything we do. It's not just a job, it's a lifestyle. >> Sharing's a big ethos, too, sharing data. How important is sharing data in the security culture? >> Oh, it's critical. So, I mean, sharing data's been happening for forever, right. Company A has always been calling up their friend at company B, "Hey, we see this thing. "You might want to take a look, "but you didn't hear it from me," right. But through intel platforms, not just ThreatStream but all of them, allow you to share information at a larger scale ever than ever before. But it also, it gives you the ability to remain anonymous. Everyone's really scared to put into writing, "Hey, we saw this at our company," 'cause there's the risk of attribution, there's legal requirements, right. But with automated sharing you can retain a little bit of-- you can be a little bit anonymous. So, you can help the others be protected without exposing yourself to additional risk. >> Jill, you're awesome to have on theCUBE. Love to get the perspective of the young, up and coming, computer science, cyber, cyber sister. >> Cyber sister. >> John: You can just, other--where does she work? Amazon? >> She's over at AWS now. She just moved over a couple of weeks ago. We actually used to work together at Anomali. She did presales, and I did post sales. It was a lot of fun. >> And she hooked you into security, didn't she? >> Oh, she did, for better or worse, although I hope she's not watching. >> She will. She'll get a clip of this, I'll make sure. Jill, final question. The Splunk this year .conf, what's your takeaway? What are you going to take back to the office with you or share with your friends if they say, "Hey, what was the big story happening at Splunk this year?" What's going on here this year? >> The big thing is the data. The data is more accessible than ever before, so we're being challenged by Splunk to find new ways to use it, to innovate new ways. And I think that's kind of been their messaging the whole time, "Hey, we're giving you the power to do what you want. "What are you going to do with it?" This is my third Splunk conference in a row, and every year it just gets more and more exciting. I can't wait to see what next year holds. >> They allow people to deal with data, messy data to good data. >> Clean it up. >> John: Clean it up >> Make it easy to search across multiple data sources from one command line. Their user experience is the most intuitive I've used in terms of the log management solutions. >> Jill, great to have you, great insights. Thanks for sharing the data >> Thanks so much, John. >> John: here on theCUBE. Sharing data on theCUBE, that's what we do. We bring the data, the guests, we try to create it for you. Of course, we're data-driven, we're a CUBE-driven. I'm John Furrier, here from .conf, the 10th anniversary. We've been here from the beginning, riding the data tsunami waves. Waves plural 'cause there's more waves coming. I'm John Furrier. Thanks for watching. (upbeat music)

>> Announcer: Live from Las Vegas, it's theCUBE! Covering Splunk .conf19. Brought to you by Splunk. Okay, welcome back, everyone. This is day three live CUBE coverage here in Las Vegas for Splunk's .conf. Its 10 years anniversary of their big customer event. I'm John Furrier, theCUBE. This is our seventh year covering, riding the wave with Splunk. From scrappy startup, to going public company, massive growth, now a market leader continuing to innovate. We're here with the CEO, Doug Merritt of Splunk. Thanks for joining me, good to see you. >> Thank you for being here, thanks for having me. >> John: How ya feelin'? (laughs) >> Exhausted and energized simultaneously. (laughs) it was a fun week. >> You know, every year when we have the event we discuss Splunk's success and the loyalty of the customer base, the innovation, you guys are providing the value, you got a lot of happy customers, and you got a great ecosystem and partner network growing. You're now growing even further, every year it just gets better. This year has been a lot of big highlights, new branding, so you got that next level thing goin' on, new platform, tweaks, bringing this cohesive thing. What's your highlights this year? I mean, what's the big, there's so much goin' on, what's your highlights? >> So where you started is always my highlight of the show, is being able to spend time with customers. I have never been at a company where I feel so fortunate to have the passion and the dedication and the enthusiasm and the gratitude of customers as we have here. And so that, I tell everyone at Splunk this is similar to a holiday function for a kid for me where the energy keeps me going all year long, so that always is number one, and then around the customers, what we've been doing with the technology architecture, the platform, and the depth and breadth of what we've been working on honestly for four plus years. It really, I think, has come together in a unique way at this show. >> Last year you had a lot of announcements that were intentional announcements, it's coming. They're coming now, they're here, they're shipping. >> They're here, they're here. >> What is some of the feedback you're hearing because a lot of it has a theme where, you know, we kind of pointed this out a couple of years ago, it's like a security show now, but it's not a security show, but there's a lot of security in there. What are some of the key things that have come out of the oven that people should know about that are being delivered here? >> So the core of what we're trying to communicate with Data-to-Everything is that you need a very multifaceted data platform to be able to handle the huge variety of data that we're all dealing with, and Splunk has been known and been very successful at being able to index data, messy, non-structured data, and make sense of it even though it's not structured in the index, and that's been, still is incredibly valuable. But we started almost four years ago on a journey of adding in stream processing before the data gets anywhere, to our index or anywhere else, it's moving all around the world, how do you actually find that data and then begin to take advantage of it in-flight? And we announced that the beta of Data Stream Processor last year, but it went production this year, four years of development, a ton of patents, a 40 plus person, 50 plus person, development team behind that, a lot of hard engineering, and really elegant interface to get that there. And then on the other end, to complement the index, data is landing all over the place, not just in our index, and we're very aware that different structures exist for different needs. A data warehouse has different properties than a relational database which has different properties than a NoSQL column store in-memory database, and data is going to only continue to be more dispersed. So again, four plus years ago we started on what now is Data Fabric Search which we pre-announced in beta format last year. That went production at this show, but the ability to address a distributed Splunk landscape, but more importantly we demoed the integration with HTFS and S3 landscapes as the proof point of we've built a connector framework, so that this really cannot just be a incredibly high-speed, high-cardinality search processing engine, but it really is a federated search engine as well. So now we can operate on data in the stream when it's in motion. We obviously still have all the great properties of the Splunk index, and I was really excited about Splunk 8.0 and all the features in that, and we can go get data wherever it lives across a distributed Splunk environment, but increasingly across the more and more distributed data environment. >> So this is a data platform. This is absolutely a data platform, so that's very clear. So the success of platforms, in the enterprise at least, not just small and medium-sized businesses, you can have a tool and kind of look like a platform, there's some apps out there that I would point to and say, "Hey, that looks like a tool, it's really not a platform." You guys are a platform. But the success of a platform are two things, ecosystem and apps, because if you're in a platform that's enabling value, you got to have those. Talk about how you see the ecosystem success and the app success. Is that happening in your view? >> It is happening. We have over 2,000 apps on our Splunkbase framework which is where any of our customers can go and download the application to help draw value of a Palo Alto firewall, or ensure integration with a ServiceNow trouble ticketing system, and thousands of other examples that exist. And that has grown from less than 300 apps, when I first got here six years ago, to over 2,000 today. But that is still the earliest inning, for earliest pitch and your earliest inning journey. Why are there 20,000, 200,000, two million apps out there? A piece of it is we have had to up the game on how you interface with the platform, and for us that means through a stable set of services, well-mannered, well-articulated, consistently maintained services, and that's been a huge push with the core Splunk index, but it's also a big amount of work that we've been doing on everything from the separation between Phantom runbooks and playbooks with the underlying orchestration automation, it's a key component of our Stream Processor, you know, what transformations are you doing, what enrichments are you doing? That has to live separate than the underlying technology, the Kafka transport mechanism, or Kinesis, or whatever happens in the future. So that investment to make sure we got a effective and stable set of services has been key, but then you complement that with the amazing set of partners that are out here, and making sure they're educated and enabled on how to take advantage of the platform, and then feather in things like the Splunk Ventures announcement, the Innovation Fund and Social Impact Fund, to further double down on, hey, we are here to help in every way. We're going to help with enablement, we're going to help with sell-through and marketing, and we'll help with investment. >> Yeah, I think this is smart, and I think one of the things I'll point out is that feedback we heard from customers in conversations we had here on theCUBE and the hallway is, there's a lot of great feedback on the automation, the machine learning toolkit, which is a good tell sign of the engagement level of how they're dealing with data, and this kind of speaks to data as a value... The value creation from data seems to be the theme. It's not just data for data's sake, I mean, managing data is all hard stuff, but value from the data. You mentioned the Ventures, you got a lot of tech for good stuff goin' on. You're investing in companies where they're standing up data-driven companies to solve world problems, you got other things, so you guys are adjusting. In the middle innings of the data game, platform update, business model changes. Talk about some of the consumption changes, now you got Splunk Cloud, what's goin' on on (laughs) how you charge, how are customers consuming, what moves did you guys make there and what's the result? >> Yeah, it's a great intro on data is awesome, but we all have data to get to decisions first and actions second. Without an action there is no point in gathering data, and so many companies have been working their tails off to digitize their landscapes. Why, well you want a more flexible landscape, but why the flexibility? Because there's so much data being generated that if you can get effective decisions and then actions, that landscape can adapt very, very rapidly, which goes back to machine learning and eventual AI-type opportunities. So that is absolutely, squarely where we've been focused, is translating that data into value and into actual outcomes, which is why our orchestration automation piece was so important. One of the gating factors that we felt has existed is for the Splunk index, and it's only for the Splunk index, the pricing mechanism has been data volume, and that's a little bit contrary to the promise, which is you don't know where the value is going to be within data, and whether it's a gigabyte or whether it's a petabyte, why shouldn't you be able to put whatever data you want in to experiment? And so we came out with some updates in pricing a month and change ago that we were reiterating at the show and will continue to drive on a, hopefully, very aggressive and clear marketing and communications framework, that for people that have adjusted to the data volume metric, we're trying to make that much simpler. There's now a limited set of bands, or tiers, from 100 gigs to unlimited, so that you really get visibility on, all right, I think that I want to play with five terabytes, I know what that band looks like and it's very liberal. So that if you wind up with six and a half terabytes you won't be penalized, and then there's a complimentary metric which I think is ultimately going to be the more long-lived metric for our infrastructurally-bound products, which is virtual CPU or virtual core. And when I think about our index, stream processing, federated search, the execution of automation, all those are basically a factor of how much infrastructure you're going to throw at the problem, whether it's CPU or whether it's storage or network. So I can see a day when Splunk Enterprise and the index, and everything else at that lower level, or at that infrastructure layer, are all just a series of virtual CPUs or virtual cores. But I think both, we're offering choice, we really are customer-centric, and whether you want a more liberal data volume or whether you want to switch to an infrastructure, we're there and our job is to help you understand the value translation on both of those because all that matters is turning it into action and into doing. >> It's interesting, in the news yesterday quantum supremacy was announced. Google claims it, IBM's debating it, but quantum computing just points to the trend that more compute's coming. So this is going to be a good thing for data. You mentioned the pricing thing, this brings up a topic we've been hearing all week on theCUBE is, diverse data's actually great for machine learning, great for AI. So bringing in diverse data gives you more aperture into data, and that actually helps. With the diversity comes confusion and this is where the pricing seems to hit. You're trying to create, if I get this right, pricing that matches the needs of the diverse use of data. Is that kind of how you guys are thinkin' about it? >> Meets the needs of diverse data, and also provides a lot of clarity for people on when you get to a certain threshold that we stop charging you altogether, right? Once you get above 10s of terabytes to 100 terabytes, just put as much data in as you want. The foundation of Splunk, going back to the first data, is we're the only technology that still exists on the index side that takes raw, non-formatted data, doesn't force you to cleanse or scrub it in any way, and then takes all that raw data and actually provides value through the way that we interact with the data with our query language. And that design architecture, I've said it for five, six years now, is completely unique in the industry. Everybody else thinks that you've got to get to the data you want to operate on, and then put it somewhere, and the way that life works is much more organic and emergent. You've got chaos happening, and then how do you find patterns and value out of that chaos? Well, that chaos winds up being pretty voluminous. So how do we help more organizations? Some of the leading organizations are at five to 10 petabytes of data per day going through the index. How do we help everybody get there? 'Cause you don't know the nugget across that petabyte or 10 petabyte set is going to be the key to solving a critical issue, so let's make it easy for you to put that data in to find those nuggets, but then once you know what the pattern is, now you're in a different world, now you're in the structured data world of metrics, or KPIs, or events, or multidimensional data that is much more curated, and by nature that's going to be more fine-grained. There's not as much volume there as there is in the raw data. >> Doug, I notice also at the event here there's a focus on verticals. Can you comment on the strategy there, is that by design? Is there a vertical focus? >> It's definitely by design. >> Share some insight into that. >> So we launched with an IT operations focus, we wound up progressing over the years to a security operations focus, and then our doubling down with Omnition, SignalFx, VictorOps, and now Streamlio is a new acquisition on the DevOps and next gen app dev buying centers. As a company and how we go to market and what we are doing with our own solutions, we stay incredibly focused on those three very technical buying centers, but we've also seen that data is data. So the data you're bringing in to solve a security problem can be used to solve a manufacturing problem, or a logistics and supply chain problem, or a customer sentiment analysis problem, and so how do you make use of that data across those different buying centers? We've set up a verticals group to seed, continue to seed, the opportunity within those different verticals. >> And that's compatible with the horizontally scalable Splunk platform. That's kind of why that exists, right? >> That the overall platform that was in every keynote, starting with mine, is completely agnostic and horizontal. The solutions on top, the security operations, ITOps, and DevOps, are very specific to those users but they're using the horizontal platform, and then you wind up walking into the Accenture booth and seeing how they've taken similar data that the SecOps teams gathered to actually provide insight on effective rail transport for DB cargo, or effective cell tower triangulation and capacity for a major Australian cell company, or effective manufacturing and logistics supply chain optimization for a manufacturer and all their different retail distribution centers. >> Awesome, you know, I know you've talked with Jeff Frick in the past, and Stu Miniman and Dave Vellante about user experience, I know that's something that's near and dear to your heart. You guys, it has been rumored, there's going to be some user experience work done on the onboarding for your Splunk Cloud and making it easier to get in to this new Splunk platform. What can we expect on the user experience side? (laughs) >> So, for any of you out there that want to try, we've got Splunk Investigate, that's one of the first applications on top of the fully decomposed, services layered, stateless Splunk Cloud. Mission Control actually is a complementary other, those are the first two apps on top of that new framework. And the UI and experience that is in Splunk Investigate I think is a good example of both the ease of coming to and using the product. There's a very liberal amount of data you get for free just to experiment with Splunk Investigate, but then the onboarding experience of data is I think very elegant. The UI is, I love the UI, it's a Jupyter-style workbook-type interface, but if you think about what do investigators need, investigators need both some bread crumbs on where to start and how to end, but then they also need the ability to bring in anybody that's necessary so that you can actually swarm and attack a problem very efficiently. And so when you go back and look at, why did we buy VictorOps? Well, it wasn't because we think that the IT alerting space is a massive space we're going to own, it's because collaboration is incredibly important to swarm incidents of any type, whether they're security incidents or manufacturing incidents. So the facilities at VictorOps gave, on allowing distributed teams and virtual teams to very quickly get to resolution. You're going to find those baked into all products like Mission Control 'cause it's one of the key facilities of, that Tim talked about in his keynote, of indulgent design, mobility, high collaboration, 'cause luckily people still matter, and while ML is helping all of us be more productive it isn't taking away the need for us, but how do you get us to cooperate effectively? And so our cloud-based apps, I encourage any of you out there, go try Splunk Investigate, it's a beautiful product and I think you'll be blown away by it. >> Great success on the product side, and then great success on the customer side, you got great, loyal customers. But I got to ask you about the next level Splunk. As you look at this event, what jumps out at me is the cohesiveness of the story around the platform and the apps, ecosystem's great, but the new branding, Data-to-Everything. It's not product-specific 'cause you have product leadership. This is a whole next level Splunk. What is the next level Splunk vision? >> And I love the pink and orange, in bold colors. So when I've thought about what are the issues that are some of the blockers to Splunk eventually fulfilling the destiny that we could have, the number one is awareness. Who the heck is Splunk? People have very high variance of their understanding of Splunk. Log aggregation, security tool, IT tool, and what we've seen over and over is it is much more this data platform, and certainly with the announcements, it's becoming more of this data fabric or platform that can be used for anything. So how do we bring awareness to Splunk? Well, let's help create a category, and it's not up to us to create the category, it's up to all of you to create the category, but Data-to-Everything in our minds represents the power of data, and while we will continue internally to focus on those technical buying centers, everything is solvable with data. So we're trying to really reinforce the importance of data and the capabilities that something like Splunk brings. Cloud becomes a really important message to that because that makes it, execution to that, 'cause it makes it so much easier for people to immediately try something and get value, but on-prem will always be important as well 'cause data has gravity, data has risk, data has cost to move. And there are so many use cases where you would just never push data to the cloud, and it's not because we don't love cloud. If you have a factory that's producing 100 terabytes an hour in a area where you've got poor bandwidth, there's no option for a cloud connect there of high scale, so you better be able to process, make sense of, and act on that data locally. >> And you guys are great in the cloud too, on-premise, but final word, I want to get your thoughts to end this segment, I know you got to run, thanks for your time, and congratulations on all your success. Data for good. There's a lot of tech for bad kind of narratives goin' on, but there's a real resurgence of tech for good. A lot of people, entrepreneurs, for-profit, for-nonprofit, are doing ventures for good. Data is a real theme. Data for good is something that you have, that's part of the Data-to-Everything. Talk about the data for good real quick. >> Yeah, we were really excited about what we've done with Splunk4Good as our nonprofit focused entity. The Splunk Pledge which is a classic 1-1-1 approach to make sure that we're able to help organizations that need the help do something meaningful within their world, and then the Splunk Social Impact Fund which is trying to put our money where our mouth is to ensure that if funding and scarcity of funds is an issue of getting to effective outcomes, that we can be there to support. At this show we've featured three awesome charities, Conservation International, NetHope, and the Global Emancipation Network, that are all trying to tackle really thorny problems with different, in different ways, different problems in different ways, but data winds up being at the heart of one of the ways to unlock what they're trying to get done. We're really excited and proud that we're able to actually make meaningful donations to all three of those, but it is a constant theme within Splunk, and I think something that all of us, from the tech community and non-tech community are going to have to help evangelize, is with every invention and with every thing that occurs in the world there is the power to take it and make a less noble execution of it, you know, there's always potential harmful activities, and then there's the power to actually drive good, and data is one of those. >> Awesome. >> Data can be used as a weapon, it can be used negatively, but it also needs to be liberated so that it can be used positively. While we're all kind of concerned about our own privacy and really, really personal data, we're not going to get to the type of healthcare and genetic, massive shifts in changes and benefits without having a way to begin to share some of this data. So putting controls around data is going to be important, putting people in the middle of the process to decide what happens to their data, and some consequences around misuse of data is going to be important. But continuing to keep a mindset of all good happens as we become more liberal, globalization is good, free flow of good-- >> The value is in the data. >> Free flow of people, free flow of data ultimately is very good. >> Doug, thank you so much for spending the time to come on theCUBE, and again congratulations on great culture. Also is worth noting, just to give you a plug here, because it's, I think, very valuable, one of the best places to work for women in tech. You guys recently got some recognition on that. That is a huge accomplishment, congratulations. >> Thank you, thank you, we had a great diversity track here which is really important as well. But we love partnering with you guys, thank you for spending an entire week with us and for helping to continue to evangelize and help people understand what the power of technology and data can do for them. >> Hey, video is data, and we're bringin' that data to you here on theCUBE, and of course, CUBE cloud coming soon. I'm John Furrier here live at Splunk .conf with Doug Merritt the CEO. We'll be back with more coverage after this short break. (futuristic music)

>>live from Las Vegas. It's the Cube covering Splunk dot com. 19. Brought to you by spunk >>Welcome back, everyone to keep live coverage here in Las Vegas for Splunk dot com. 10th anniversary. 10 years of doing their big customer shows. Cubes. Seventh year of covering Splunk I'm John Ferrier, Host Cube. Our next guest is Cube. Alumni seem Haji, senior director and head of platform on industry for Splunk Knows the business way last topped. 2014 Great to see you. >>Good to see you again, John. You've been busy. I have. It's been a busy time. It's Plunk. >>You have been in the data business. We've been following your career for the years. Data stacks now Splunk on other endeavors. But you've been in the data, even swim in the data business. You've seen clouds scale, you understand. Open source. You understand kind of big dynamics. Splunk has a full enabling data platform. Started out with logs keeps moving along the by companies that interview. But this'll platform concept of enabling value valued customers has been a big part of the success that it continues to yield success every year. When people say no, what is successful data playful because everyone wants to own the data layer because we just want to get value on the data. So what as a product market, our product person, what is the date of platform? >>So it's really a question and, you know, you gonna hit the nail on the head when you said we've been talking about the data platform for several years, like decades. Almost so if you think about, you know, data platform, like, way back when and I'm dating myself. When I graduated from college, you know, people were looking for insights right there. Like give me a report, give me a dashboard way. Went into data, databases of data, warehouses. Enabling this you actually think about the data platform or data to everything. Platform is, as we explore. Call it. It has five critical elements in my in my mind. You know, the first is how do you get all of your information? Like the data that's coming in from networks, logs, applications, people, you and I generate a ton of data. How do we get this all together into a single place so you can get insights on it? 1 may think that it's pretty easy, but the truth is, we've been struggling as an industry with for decades. So it's fun to think what super unique is you can actually bring in any of the data. And some of the challenges that customers have had in the past is way forced them to structure this state of before they can ask questions of it. What's wrong? It's free form. You can bring it in any information and then structured when you're ready to ask that question. So you know a data platform. Number one is flexibility in the way you bring your data second. And you know this being the business is getting real time insights, alerts on your phone, real time decision ing and then you have, you know, operating in different ways on cloud on premises, hybrid environments. That's the third. And I think the fourth and the fifth are probably the most important, and into related is allowing like a good data platform caters to everyone in the or so from your most non technical business user to the most technical data admin I t. Guy security analysts with giving them the same information but allowing them to view it in many different ways and ask different questions of it. So we call this, you know, explained is from a product marketing in a business standpoint way Refer to it as many lenses on your same data. Good data platforms do that while allowing an empowering different users. So those are the five in my >>love kicking out on platform converses. Second, we could talk for now, but I know you got busy. I want to ask you all successful platforms in this modern era of rocket texture. When you get cloud scale, massive data volumes coming in need key building blocks. Take me through your view on why Splunk been successful plateau because you got a naval value from the dorm room to the boardroom. So we've gotta have that use case breath what you do. What key building blocks of this point. Data platform. >>Great question. And, you know, we've we've kind of figured this out is a cz. Well, a cz have been working on building out these building blocks at a most critical customers, right? Did you think about it? You start with the core, the index, if you will. And that's your place to bring you know, slung started with all your logs together and it's your single go to place then, as you think about it, with working with customers, they need massive date engines. So what we just announced today the general availability of data stream processor and data fabric search. It allows you to have those two massive engines from How do I bring my streaming data in to have Can I do massive scale processing? Thea other elements around a machine learning right. So in a world where we're moving to automation, that's super critical to the success. And then you have consuming the way you consume insights or uses consuming sites. If you think about you and I and this amount of time we spend on our phone, how do we make it easy for people to act on their information to those your core platform building blocks give index. You have your date engines, you have a I am l. You have your business analytics and then you have your portfolios on top, which is use case specific, if you will. For I t for security and then for de mops. >>That's awesome. And let's get into the news you were your product. Kino today? Yes, they was opening day. But I want to read the headline from Lung press release and commentary. Don't get your reaction to it. Splunk Enterprising X Man's data access with data fabric search and data stream processor powers Uses with context and collaboration keywords context in their collaboration. House search is a hard problem. Discovery. We've seen carnage and people trying things. You guys do a lot of data. Lot of diverse date has been a big team here, right? Your customers have grown with more data coming in. Why these two features important. What's the keys? Behind the fabric search on the data processor is that the real time is the date acceleration. What are some of the key value points? What people know about the fabric surge processor. >>So actually, let me start with the data stream processor. You know, with DSP, what we're really doing is looking at streaming data. So when you think about the real time customers I ot sensor data, anything that's coming on the wire data stream processor lets you bring that in display. Now, the uniqueness of data stream processor is you wanted Thio, you didn't have to bring it in. Splunk. You can actually like process that live on the wire and it works just as well. Not do fabric search. It's, you know, you alluded to this earlier. It's how do you search across your massive data leaks warehouses that exist without having to bring it all in one place. So in the product, he notes Demo. Today we showed a really cool demo of a business and bliss user, really solving a business problem while searching across S three Duke and data that's sitting in instruct and then with the fabric search, you can also do massive, like federated, like global size searches on the context and collaboration. That's really once you have all this data in Splunk, how do you How do you like your users? Consume it right? And that's the mobile connected experiences A cz well, a cz Phantom and Victor Rapps like really activating this data in automating it. >>I want to get your thoughts on something that we've been seeing on the Q. And I've been kind of promoting for about a year now, and it really came back for you. Go back to the early days of duping big data. And, you know, you know, those days getting diverse data is hard. And so because it's a different formats on the database scheme is Andorran structured to find that databases in a way hamper hinder that capability. We've been saying that diverse data gives a better machine, makes machine learning better. Machine learning is a day I provides business benefits. This flywheel is really important. And can you give an example of where that's playing out and spunk? Because that seems to be the magic right now. Is that getting the data together, knowing what day it is? No blind spots. As much as that is, it's possible. But getting that flag will doing better. Better diverse data, better machine learning better. Ay, I better I better business value. I >>think it comes down to the word divers, right? So when you're looking at data coming in from many different sources, you also get a holistic perspective on what's going on in your business. You get the insight on what your customers may be doing in engaging with your business. You get insight on how your infrastructure is performing and the way you can optimize people to the business from you know you need to. The ops and operations is to like how customers are working and interacting with your business. The other piece is when you think about machine learning in the I A. CZ, you automate this. It's a lot easier when you have the holistic context, right? So, you know, diverse data means more context. More context means better insight into what you're trying to get to. It's just gonna rounds out. The perspective I often refer to it is it's adding a new dimension to something you already know >>and opens up a whole nother conscious around. What is the practitioners? Role? Not just a database administrator is setting up databases because you're getting at, you know, context is important. What's the data about the data? What dough I keep what should be addressable foran application. Is this relevant content for this some day, it is more valuable than others at any given time, so address ability becomes a big thing. What's your vision around this idea of data address ability for applications? >>So, you know, just going back to what you said about the administrators and the doers we call them the doers there. The innovators right there. The bill, people building the cool stuff. And so when you actually can bring these elements in for them, you really are giving them the ability to innovate and do better and have that accessibility into the information and really kind of like, you know, like Bill the best that they could write. So, you know, we've been saying Turn data into doing and it really is true. Like these are again the architects of what's happening and they're the people, like taking all this diverse data, taking the machine, learning, taking the technology of the building blocks and then turning it into, like, hold doing that we d'oh! >>It's interesting with markets change him. It actually changed the role of the database person makes them broader, more powerful. >>Yes, and because you know they're the ones fueling the business. >>Thanks for coming. I really appreciate the insight. I wish we had more time on a personal question. What's exciting You in the industry these days? Actually, you're exploring. Companies continue to grow from start up the i p o massive growth now to a whole nother level of market leadership to defend that you put some good products out there. What? What are you getting excited about these days from tech standpoint? >>You know, I think it's we're finally getting it. We're finally getting what you know. Being a data to everything. Platform is, for example, right after the keynote. I had more than a few people come up to me and say, Well, you know, that made sense, right? Like when we think about Splunk is the data to everything platform on what data platforms are meant to dio and how they should operate. So I think the industry is finally getting their What's exciting me next is if you look behind us and all the industry traction that we're seeing. So you know, taking technology and data beyond. And really enabling businesses from financial service is to healthcare to manufacturers to do more. You know, the businesses that traditionally, like, maybe have not been adopting technology as fast as software companies. And now we're seeing that, and that's super exciting. >>You know, I always get into these kind of philosophical debates with people. Either on the Cube are are off the Cube, where you know what is a platform success look like, you know, I always say, I want to get your reaction to this. I always say, if it's got applications or things being enabled value on a healthy ecosystem, so do you agree with that statement? And if so, what's the proof points for Splunk on those two things? What is defining that? What a successful platform looks like? >>You know that I do agree with you. And when I think about a successful platform, it's if I look around this room and just see how you know, like New York Presbyterian as using Splunk Thio like we heard from Dell today an intel. So when you see the spectrum of customers using Splunk across a variety of successes, it's that super exciting to me that tells me that you know what it is everything when you say date it. Everything >>all right? We got a fun job these days. >>D'oh to be here. So it's great. >>Great to see you. Thanks for coming back on the Cube. I'm looking forward to catching up. I'm John Kerry here on the Cube. Let's see what she's awesome. Cube alumni from 2014. Now it's blonde leading the product efforts and marketing. I'm John. Where were you watching the Q. Be right back after this short break

>>live from Las Vegas. It's the Cube covering Splunk dot com. 19. Brought to you by spunk. >>Okay, welcome back. Everyone's two cubes. Live coverage in Las Vegas. Force plunks dot com This is their annual conference. A 10 year anniversaries. Cubes coverage. For seven years I've been covering this company from Start up the I P O to Grove to now go on to the next level as a leader and security. Our next guest is Scott Ward, principal solutions architect for AWS. Amazon Web service is obsolete, reinvents coming up. I'm sure you're super busy, Scott, but you're here at Splunk dot com there big partner of AWS? Yeah, >>Yeah, definitely. I mean flux. Ah, great partner that we've had a strong relationship was flown for quite a long time. Both sides of the house eight of us and slugger are leaning in thio help add value to our mutual customers, say, even building on that spokesman, a >>longtime customer. And so you guys are really focused on cloud security had your inaugural reinforce event in Boston this year, of which we broadcasted live videos on YouTube, youtube dot com says silken angle interested. But this was really kind of, Ah, watershed moment because it wasn't your classic security show. He was a cloud security. >>Yeah, it was definitely. It was very much focused on just kind of focusing in, and in some ways it actually allowed People who don't normally get to come to a native of this event or focus on security really got deeper into security. Security of us is our top priority, and we want to make sure that our customers really understanding and being able to execute on that and be able to feel confident in what they're doing on running on AWS >>and spunk has become a very successful on. Some people call him the one in the number 1/3 party vendor in security for workload. APS. Elsie Long files it What single FX for Tracing Micro Service's around the corner. A lot of good things there. But as the cloud equation starts to come in, where the operation's need to have security and on premises edge clouds, roll of Amazon and your partner's air super important, you talk about that relationship and how that's evolving. >>Yeah, I don't think you talk about our partners. It's definitely very important, you know, we have, you know, it says lots of different service is on its platform that we allow customers to use. But those partners come in and help fill out the gaps where customers need somebody to be able to provide Maura or Extra, especially look at security so that that shared responsibility model we have, where the top half is the customers responsibility and a lot of flexibility and what they could do. And that means that they can bring in the partners they want, help them to be able to accomplish the things that they wanted to >>tell. What the security hub. Amazon's best security, huh? What's that about? >>Sure, Security Hub is a service that we actually launched out. Reinforce it. Generally available. Then it's focused on really giving customers visibility into high severity security alerts and their compliance status while they're running across. All the eight of US accounts allows them thio, aggregate, prioritize and sort all of this data coming from from multiple data sources, and we talk about those multiple data source. It really is a couple of different areas. Amazon Guard duty and was on inspector names on Macy. Also third party products. If customers using third party security products that can feed into security up to kind of give them that visibility. And then it's also running continuous compliance checks against the customers. AWS account's gonna let them know where they stand when it comes to compliance, where they need to go and correct things with a counter, the resource level. So really, you know, labeling customers to kind of get a lot more visibility and what's going on with US >>environment. We've been covering this and reporting on the story, but Amazon on cloud providers of general Amazon Azure, Google Cloud Platform customers relying more and more on you guys for security. But you have a relationship with slung, say 1/3 party. How did they fit in that a Splunk fit into that security hub model? How's that going? Is just clarified that relationship six. Plunk and Security >>Yes. So when you talk about Splunk in security, if there's actually a couple different angles there, one is Splunk enterprise product. It is a consumer of all the data that is in a customer security have environment so you can feed all that data into the enterprise product. Be able to kind of go ask the questions and take all the data that security provided, as well as all the other data that's unspoken, really be able to get some deep insights and what's going on in your environment. And then on top of that is the Splunk Phantom integration, which I'm really, really excited about. Because spunk is with Fantomas, Long customers actually take action on their security data, so customers have often told us like it's great you're making all this data available to me on I can see it, But what do I actually do with it? What? How am I gonna do something with it? So way advocate a lot for customers to be able to automate what they're doing when it comes to their security findings and get the humans out of the way as much as possible so they can really be adding a lot of value. So security feeds us to phantom and Phantom can run play books that will do as much or as little on that security. Finding data to kind of integrate that finding into the customers operational work flows and collect the right information are hopefully ultimately remediated that security findings so that customers can get some sleep and they can focus on other things that are more important. >>Talk about fancy for a minute, just to kind of change. Usually you mentioned that, obviously, I thought Oliver interview and reinforce. And here recently, he's one of the team's bunked with company. What is wise, faith and so >>popular? I think Phantom is popular because a couple things one. It is allowing customers, too, to resolve, intermediate and address an issue with what works for them and work full that works for them. It's not making them thio clearly fall into a particular box. They can add or remove pieces. The fact that it's it's very python based. It's usually in the security community so that they can probably find Resource is that can actually orchestrate build these playbooks and then then, once the bill playbooks that could reuse those pieces to address other issues or things that are coming up. So I get A allows them to really kind of scale, be able to kind of be able to accomplish these things when it comes to automation and addressing with security alerts as they continue to grow, you know, >>it makes things go faster, frees up people's time for productivity. >>I totally feel that that's That's one of the main reasons that people are looking at this. >>So someone's using Splunk for its own sake. I'm a Splunk customer. Okay, Security hub. Why should I use both? What's sure just clarify that peace >>is a couple of reasons where I would say that somebody would want to use both. One is security. Obvious is the continuous compliance check. So today, security have offers checks based on the Center for Internet Security. Eight of US bench work. So we are continuously running those cheques. There's about 43 rules that we are running. Each of those checks against your AWS accounts or resource is in those accounts until you where you are not in compliance. Get overall score. You could dig into what, what, where you needed to do further there. Security. Look at it's a central integration spot to get stuff into Splunk as well, so you can have guard duty, Macy inspector and third party stuff coming into security help and then you that one stop shop to get all that data into spunk, enterprise or phantom, and then The third thing is the fact that security it gives you that security view across multiple eight of US accounts. You can designate a master account, invite all your other organization accounts to share those findings, and your security team could go into security up and have one view of your overall security landscape. Be able to look at one single piece of glass, but across all of your organizations like those, those are some key value points. I would say that in addition to spunk in a customer might use security. >>Well, Scott's been great insight on thanks for clarifying the Splunk 80 relationship. Let's pretend I'm a customer for a minute. I'm like, Hey, Scott, you're switching Architect. Thanks for the free consulting with you Live on Cube. So I'm a Splunk customer. Log files. I see they got some tracing stuff going cloud native going to the cloud. We're employing Amazon. I'm a buyer customer Splunk And they got a lot of new stuff and seems awesome. Sore identified. 6.0 is out. How do I What do I do? How do I architect my swan give me more headroom? Grow my swung capabilities with same time. Take advantage. All the radios. Goodness. Would you lay that out? >>I would say I would say, You know, I like your spunk. You kind of You know what? You bought spunk for a particular reason. It's there to answer questions. Is there take data and is lying to kind of move forward? I would definitely architectures long to be able to consume as much data as possible. He did. We have lots of different integrations. Consume that. You shouldn't move away from that. So I would definitely use that. I would use security hub for kind of getting that centralization spot for everything related to your eight of us environments that can then be your central spot into a Splunk. You have people that it's really not necessary for them to be in the Splunk. They don't know Splunk security. It might be a good spot for them to actually do some investigations and learn things as well so that they could do their job. And then you really kind of used with deep technology and quarry capability is slowing to kind of do those deeper dives really understanding what's going on in your environment, something you know as a buyer. I think you could use both. And I think there's a there's room for you to kind of take advantage of both and get the best of both worlds. >>It's really exciting with security going on. It's kind of crazy the same time because you have clouds scale. You guys have been led. The market there continue to be leaders in Cloud Cloud scale, Dev ops. Everything else on the roll volume of data is increased so much. You guys just had your inaugural conference reinforced, and I want to get your thoughts on. This is a solution. Architect of someone in the field difference between traditional security chasing the bad guys defending intrusion, detection. All that good stuff. Cloud security because you have all the security shows out. There are s a black hat. Def Con Cloud Security introduces a new element around howto architect solutions. What should people know about the impact of clouds security as they start thinking ballistically around their enterprise, >>right? I think the important thing I think is you know, the things you mentioned. The vulnerability scanning the intrusion detection is all still important in the cloud. I think the key thing that the cloud offers is the fact that you have the ability to now automate and integrate your security teams more tightly with the things that you're doing and you can. Actually, we always talk about the move fast and stay secure. Customers choose eight of us for self service, the elasticity of the price, and you can take advantage of those unless your security can actually keep up with you. So the fact that everything is based on an FBI you could define infrastructure is code. You can actually enforce standards now where they be before you write a line of code in your dad's office Pipeline were actually being able to detect and react to those things all through code and in a consistent way really allows you to be able to look in your security in a different way and take the kind of philosophy and minds that you've always had around security but actually able to do something with it and be able to maybe do the things you've always wanted to do. But I've never had a chance to do so. I think I think security can actually keep up with you and actually help you different. You're different to your business. Even more than maybe it didn't. >>New capabilities are available now with new options. Exactly. Great stuff. Conversations here at dot com for in Vegas Splunk conference. I'll see they're using You guys have reinvent coming up people be their first week of December. You got a music festival to intersect, which is gonna be fun, But I'm not 10 that. Yeah, don't fall over and die from all these. What are you talking about here? What are the key conversations you're having here? Sure. Here at swan dot com, on your booth to customers. What is it? What's the mean? Sure, >>I think the main talking point is and I'm actually presenting it in the breakout theater this afternoon. We're talking about that taking action portion of like, Data's insecurity or data's in eight of us. How do you do something with what are we enable? And how does a partner like Splunk come in? And what is that? Taking action actually looked like to allow you to be able to do things that scale and be able to leverage on take advantage of your precious resource is and use them in the best way possible something. But that's a lot of the conversation that we're having and things that were focused. >>And what do you hope to walk away packs tonight? It's gonna be for people leaving that session. >>I think I think people should should walk away and understand that it is within their reach to be able to actually be able to to kind of have this nirvana of being able to sit to react to security events and not have to have a human engaged in every single thing. It is a crawl, walk, run type approach you're gonna need to figure out. How do I know when I see this one of the things I want to do? How do I automate that? Validate that that's actually true and then implement it and then go back and do the next thing that really like customers to walk away to know that that is possible on that, with a little bit of investment, they can make it happen and that at a certain point it will really have benefits. >>Well, eight of us have been following you guys for eight years of Cuba's will be our ninth year, I think for reinvent been fun to watch Amazon growing. I'm sure they'll be. Thousands of new announcements every year is always away with volume of new stuff. Give a plug for a second on the Amazon partner. Never was your part of your arm and scope of relationships with third party partners how important it is. And what are some of the cool things going on? Sure. So I >>mean the elves on Partner Network we're focused on partnering with, You know, it's really that cell with motion where we're going out and AWS is selling the partners selling. We work with technology providers and solution systems integrators, and we're really focused on just working with them to make sure that the best solution possible is being created four customers so that they could take advantage of the partner solution and the eight of us cloud, and that they're getting some sort of a unique value that they're going to get by using the cloud and that partner solution together to help them be security or or any other sort of area that they feel more confident. That could be more successful in the crowd through a combination of both of us and >>there's a whole team. It's not like a few guys organization, hole or committed. Thio Amazon partners. >>Yes, yes, yes. I mean, you know, I'm one of many solution architects on the part of team way have partner managers. We have market. We have the whole gamut of people that are working globally with our partners to help them really kind of have a great success. And in a great story to tell about >>people throw on foot out there. Amazon doesn't work with partners. Not true. >>We have tens of thousands of partners, and that's my job. I'm working with partners on a daily basis. I would events like this. Someone phone calls I'm providing guidance is very much a core thing that we're focusing on. >>Harder Network has got marketplace. Amazons are really putting. Their resource is behind with mission of helping customs with partners. >>Yes, definitely. And and we do that a lot of our ways way have partners and go through tears way have confidence sees that we actually allow partners to get into, so customers can really go find who's who's the best or who should I be looking at first when I have this particular problem to solve their we've got a security confidence. He may have confidence season really working to help our customers understand. Who are these partners and how can they help that with >>We've been following Terry. Wisest career is an amazing job. No, he's handed the reins over to new new management is gonna chill for awhile. Congratulations on all your success with Amazon and appreciate it. Thanks for Thanks for having me, Scott War Pretty Solutions for AWS Amazon Webster's here inside the Cube at Splunk dot com 10th year of their conference, Our seventh year covering with Cuba, John Kerry will be back with more after this short break.

>>live from Las Vegas. It's the Cube covering Splunk dot com. 19. Brought to You by spunk >>Hey, welcome back. Everyone's two cubes coverage here in Las Vegas for spunk dot com. 19 dot com 19. This is slugs. 10th year doing dot Com Cube seventh year of coverage. We've watched the progression have security data market log files. Getting the data data exhaust turned into gold nuggets now is the centerpiece of data security, data protection and a variety of other great things and important things going on. And we're here to great guests from slug i n songs. Vice president and general manager of security markets and Friedrichs, a VP of security automation. Guys, great to see you again. We just saw you and there's reinforce. Thanks for coming back. >>Thank you for having us. >>So you guys announced security operation Sweet last year. Okay, now it's being discussed here. What's the update? What our customers doing? How are they embracing the security piece of it? >>Wow. Well, it's being a very busy year for us. Way really updated the entire suite. More innovation going in. Yes, six. Tato got announce and phantom and you be a every product is getting some major enhancement for concealing scale. For example, years now way have customers running in the cloud like 15 terabytes, and that's like three X and from It's like 50 terrifies 50 with Search has classes. So that's one example and fend him throughout the years is just lots of capabilities. We're adding a case. Management was a major theme, and that's actually the release before the current one. So we'll be, really, you know, 80 and focusing on that just to summarize sort of sweet right. You be a continue to be machine learning driven, and there's a lot of maturity that's that's going into the product, and there's a lot of more scale and backup. Restore was like one of the major features, because become more mission critical. But what's really, really, really exciting? It's how we're using a new product called Mission Control to bring everything all together. >>I want to get into the Mission control because I love that announcement. Just love The name was behind it, but staying on the sweet when they're talking about it's a portfolio. One of the things that's been consistent every year at dot com of our coverage and reporting has been wth e evolution of a platform on enabling platform. So has that evolves? What does the guiding principles remain? The same. How you guys sing because now you're shipping it. It's available. It's not just a point. Product is a portfolio and an ecosystem falling behind it. You know the APP, showcase, developer, Security and Compliance Foundation and platforms on Just I T ops and A I ops are having. So you have a variety of things coming out of for what's the guiding principle these days is continuing to push the security. You share the vision >>guiding principle and division. It's really way believe the world. As we digitize more as everything's happening, machines speed as people really need to go to analytics to bring insides into things and bring data into doing that's that's really turning that into doing so. It's the security nerve center vision that continue guide what we do, and we believe Security nerve center needs really data analytics and operations to come together and again, I'm gonna tell you, Mission Control is one of the first examples that we bring all of the entire stack together and you talk about ecosystem. It takes a village is a team sport. And I'm so excited to see everybody here. And we've done a lot of integrations as part of sweets to continue to mature more than 1900 AP I integrations more than 300 APS. Justice Phantom alone. That's a lot of automated actions. People can take >>the response from the people in the hallways and also the interviews have been very positive. I gotta get to Mission Control. Phantom was a huge success. You're a big part of building taking that into the world now. Part was flung. Mission Control. Love the name Mission Control. This is the headline, by the way, Splunk Mission Control takes off super sharp itching security operations. So I think Mission Control, I think NASA launching rockets Space X Really new innovation. Really big story behind his unification. You share where this came from, what it is what's in the announcement? >>Yeah. So this is all about optimizing how sock analysts actually work. So if you think about it, a sock typically is made up of literally a dozen different products and technologies that are all different consuls, different vendors, different tabs in your Web browser, so it for an analyst to do their job literally pivoting between all of these consoles. We call it swivel chair syndrome, like you're literally are frantically moving between different products. Mission Control ties those together, and we started by tying slugs products together. So we allow you to take our sin, which is enterprise security, or you be a product's monkey. Be a and phantom, which is our automation and orchestration platformer sore platform and manage them and integrate them into one single presentation layer to be able to provide that unified sock experience for the analyst So it it's an industry first, but it also boosts productivity. Leading analysts do their job more effectively to reduce the time it takes. So now you're able to both automate, investigate and detect in one unified presentation, layer or work surface. >>You know, the name evokes, you know, dashboards, NASA. But what that really was wasn't an accumulation, an extraction of data into service air, where people who were analysts do their job and managed launching rockets. But I want to ask you a question. Because of this, all is based on the underpinnings of massive amounts of volume of data and the old expression Rising tide floats all boats also is rising tide floats, Maur adversaries ransomware attacks is data attacks are everywhere. But also there's value in that data. So as the data volume grows, this is a big deal. How does mission Control help me manage to take advantage of that all you How do you guys see that playing out? >>Yes, Emission control really optimizes the time it takes to resolving incident. Ultimately, because you're able to now orient all of your investigation around a single notable event eso It provides a kn optimal work surface where an analyst can see the event interrogated, investigated triage, they can collaborate with others. So if I want to pull you into my investigation, we can use a chat ops that capability, whether it's directly in mission control or slack integration waken manage a case like you would with a normal case management toe be ableto drive your incident to closure, leveraging a case template. So if I want to pull in crisis communications team my legal team, my external forensics team, and help them work together as well. Case management lets me do that in triage that event. It also does something really powerful. High end mentioned. The operations layer the analytics in the data layer. Mission Control ties together the operational layer where you and I are doing work to the data layer underneath. So we're able to now run worries directly from our operational layer into the data layer like SPL quarries, which spunk is built on from the cloud where Mission Control is delivered from two on premise Face Plunk installations So you could have Michigan still running in the Cloud Splunk running on premise, and you could have multiple Splunk on premise installs. You could have won in one city, another one in another city or even another country. You could have a Splunk instance in the Cloud, and Mission Control will connect all of those tying them together for investigative purposes. So it's very powerful. >>That's a first huge, powerful when this comes back to the the new branding data to everywhere, and I see the themes everywhere, the new colors, new brake congratulations. But it's about things. What do ours doing stuff, thinking and making things happen. Connecting these layers not easy, okay? And diverse data is hard. Thio get access to, but diverse data creates great machine learning. Ay, ay, ay, ay, ay creates great business value. So way see a flywheel development and you guys got going on here. Can you elaborate on that? Dated everywhere And why this connective tissue that you're talking about is so important? Is it access to the war data? Is that flywheel happening? How do you see that playing out? >>I'll start with that because they were so excited where data to everything company or new tagline is turning data into doing. And this wouldn't be possible without technologies like Phantom coming in right way have traditionally been doing really great with enterprise was data platforms. And with an Alex now was phantom. We can turn that into doing now with some of the new solutions around data stream processing. Now we're able to do a lot of things in real time. On you mentioned about the scale, right scales changes everything. So for us, I think we're uniquely positioned in this new age of data, and it's exploding. But we have the technology to help your payment, and it's representing your business way. Have the analytics to help you understand the insights, and it's really the ones gonna impact day today enabling your business. And we have two engine to help you take actions. That's the exciting part. >>Is that what this flywheel, because diverse data is sounds great, makes sense more data way, see better? The machines can respond, and hopefully there's no blind spots that creates good eye. That kind of knows that if they're in data, but customers may not have the ability to do that. I think that's where the connecting these platforms together is important, because if you guys could bring on the data, it could be ugly data on his Chuck's data data, data, data. But it's not always in the form you need. Things has always been a challenge in the industry. How do you see that Flywheel? Yeah, developing. >>Yeah, I think one of the challenges is the normalization of the data. How do you normalize it across vendors or devices, you know. So if I have firewalls from Cisco, Palo Alto Checkpoint Jennifer alive, that day is not the same. But a lot of it is firewall blocked data, for example, that I want to feed into my SIM or my data platform and analyze similarly across endpoint vendors. You know you have semantic McAfee crowdstrike in all of these >>vendors, so normalization >>is really key and normalizing that data effectively so that you can look me in at the entire environment as a single from a single pane of glass. Essentially, that's response does really well is both our scheme on reed ability to be able to quarry that data without having a scheme in place. But then also, the normalization of that data eyes really key. And then it comes down to writing the correlation searches our analytics stories to find the attacks in that data. Next, right. And that's where we provide E s content updates, for example, that provide out of the box examples on how to look for threats in that data. >>So I'm gonna get you guys reaction to some observations that we've made on the Q. In the spirit of our cube observe ability we talked to people are CEOs is si sos about how they cloud security from collecting laws and workloads, tracking cloud APS and on premise infrastructure. And we ask them who's protecting this? Who is your go to security vendors? It was interesting because Cloud was in their cloud is number one if it's cloud are not number one, but they used to clear rely on tools in the cloud. But then, when asked on premise, Who's the number one? Splunk clearly comes up and pretty much every conversation. Xanatos. Not a scientific survey, it's more of it handpicks. But that means it's funk is essentially the number one provider with customers in terms of managing those workloads logs across ABS. But the cloud is now a new equation because now you've got Amazon, Azur and Google all upping their game on cloud security. You guys partner with it? So how do you guys see that? How do you talk cutters? Because with an enabling platform and you guys are offering you're enabling applications. Clouds have Apple case. So how do you guys tell that story with customers? Is your number one right now? How do you thread that needle into this explosive data in the cloud data on premise. What's the story? >>So I wish you were part of our security super session. We actually spent a lot of energy talking about how the cloud is shifting the paradigm paradigm of how software gets billed, deployed and consumed. How security needs to really sort of rethink where we start, right? We need to shift left. We need to make sure that I think you use the word observe ability, right? T you got to start from there. That's why as a company we bought, you know, signal effects and all the others. So the story for us is start from our ability to work with all the partners. You know, they're all like great partners of ours AWS and G, C, P and Microsoft. In many ways, because ecosystem for cloud it's important. We're taking cloud data. We're building cloud security models. Actually, a research team just released that today. Check that out and we'll be working with customers and building more and more use cases. Way also spend a lot of time with her. See, So customer advisory council just happened yesterday talking about how they would like us to help them, and part of that they were super super excited. The other part is what we didn't understand how complicated this is. So I think the story have to start in the cloudy world. You've gotto do security by design. You gotta think about automation because automation is everywhere. How deployment happens. I think we're really sit in a very interesting intersection off that we bring the cloud and on prime together >>the mission, See says, I want to get cameras in that room. I'm sure they don't want any cameras in the sea. So room Oliver taking that to the next level. It's a complexity is not necessarily a bad thing, because software contract away complexity is from the history of the computer industry that that's where innovation could happen, taking away complexity. How do you see that? Because Cloud is a benefit, it shouldn't be a hindrance. So you guys were right in the middle of this big wave. What? You're taking all this? >>Yeah. Look, I think Cloud is inevitable. I would say all of our customers in some form or another, are moving to the cloud, so our goal is to be not only deliver solutions from the cloud, but to protect them when they're in the cloud. So being able to work with cloud data source types, whether it's a jury, w s, G, C P and so on, is essential across our entire portfolio, whether it's enterprise security but also phantom. You know, one exciting announcement that we made today is we're open sourcing 300 phantom maps and making making him available with the Apache to get a license on get hubs so you'll be able to take integrations for Cloud Service is, like many eight of US service is, for example, extend them, share them in the community, and it allows our customers to leverage that ecosystem to be able to benefit from each other. So cloud is something that we work with not only from detection getting data in, but then also taking action on the cloud to be. Will it protect yourself? Whether it's you, I want to suspend an Amazon on your instance right to be able to stop it when it's when it's infected. For example, right those air it's finishing that whole Oodle Ooh and the investigate monitor, analyze act cycle for the cloud as we do with on from it. >>I think you guys in a really good position again citizen 2013. But I think my adjustment today would be talking to Andy Jackson, CEO of AWS. He and I always talk all the time around question he gets every year. Is Amazon going to kill the ecosystem? Runs afraid Amazon, he says. John. No, we rely on third party. Our ecosystem is super important. And I think as on premises and hybrid cloud becomes so critical. And certainly the Io ti equations with industrial really makes you guys really in a good position. So I think Amazon would agree. Having third party if you wanna call it that. I mean, a supplier is a critical linchpin today that needs to be scalable, >>and we need equal system for security way. You know, you one of the things I shared is really an asymmetric warfare. Where's the anniversary? You talk about a I and machine learning data at the end of the day is the oxygen for really powering that arm race. And for us, if we don't collaborate as ecosystem, we're not gonna have a apprehend because the other site has always say there's no regulations. There's no lawyers they can share. They can do whatever. So I think as a call to action for our industry way, gotta work together. Way got to really sort of share and events or industry together. >>Congratulations on all the new shipping General availability of E s six point. Oh, Phantoms continue to be a great success. You guys on the open source got an APB out there? You got Mission Control. Guys, keep on evolving Splunk platform. You got ABS showcase here. Good stuff. >>Beginning of the new date. Excited. >>We're riding the waves together with Splunk. Been there from day one, actually 30 year in but their 10th year dot com our seventh year covering Splunk. I'm John Ferrier. Thanks for watching. We'll be back with more live coverage. Three days of cube coverage here in Las Vegas. We'll be right back.

>>Live from Las Vegas. That's the Q covering splunk.com 19 brought to you by Splunk. >>You know, kind of leaning on that heavily. Automation, certainly very important. But what does enterprise and what does enterprise security 6.0 bring to the table. So can you take us through the evolution of where you guys are at with, with Splunk, if you want to handle that enterprise security? So yeah, generally enterprise security has traditionally had really, really good use cases for like the external threats that we're talking about. But like you said, it's very difficult to crack the insider threat part. And so we leveraging machine learning toolkit has started to build that into Splunk to make sure that you know, you can protect your data. And, uh, you know, Tyler and I specifically did this because we saw that there was immaturity in the cybersecurity market for insider threat. And so one of the things that we're actually doing in this top, in addition to talking about what we've done, we're actually giving examples of actionable use cases that people can take home and do themselves. >>Like we're giving them an exact sample code of how to find some outliers. They give me an example of what, so the use case that we go over in the talk is a user logs in at a weird time of day outside of their baseline and they exfiltrate a large amount of data in a low and slow fashion. Um, but they're doing this obviously outside of the scope of their normal behavior. So we give some good searches that you can take home and look at how could I make a baseline, how could I establish that there's deviations from that baseline from a statistical standpoint, and identify this in the future and find the needle in the haystack using the machine learning toolkit. And then if I have a sock that I want to send notables to or some sort of some notification to how do we make that happen, how do we make the transition from machine learning toolkit over to enterprise security or however your SOC operates? >>How do you do that? Do you guys write your own code for that? Or you guys use Splunk? So Splunk has a lot of internal tools and there's a couple of things that need to be pointed out of how to make this happen because we're aggregating large amounts of data. We go through a lot of those finer points in the talk, but sending those through to make sure that they're high confidence is the, is the channel you guys are codifying the cross connect from the machine, learning to the other systems. All right, so I've got to ask, this is basically pattern recognition. You want to look at baselining, how do people, can people hide in that baseline data? So like I'll give you, if I'm saying I'm an evil genius, I say, Hey, I knew these guys looking for Romans anomalies in my baseline, so I'm going to go low and slow in my baseline. >>Can you look for that too? Yeah, there are. There absolutely are ways of, fortunately, uh, there's a lot of different people who are doing research in that space on the defensive side. And so there's a ton of use cases to look at and if you aggregate over a long enough period of time, it becomes incredibly hard to hide. And so the baselines that we recommend building generally look at your 90 day or 120 day out. Um, I guess viewpoint. So you really want to be able to measure that. And most insider threat that happen occur within that 30 to 90 day window. And so the research seems to indicate that those timelines will actually work. Now if you were in there and you read all the code and you did all of the work to see how all of the things come through and you really understood the machine learning minded, I'm sure there's absolutely a way to get in if you're that sophisticated. >>But most of the times they just trying to steal stuff and get out or compromise a system. Um, so is there other patterns that you guys have seen in terms of the that are kind of low hanging fruit priorities that people aren't paying attention to and what's the levels of importance to I guess get ahold of or have some sort of mechanism for managing insider threats? I passwords I've seen one but I mean like there's been a lot of recent papers that have come out in lateral movement and privilege escalation. I think it's an area where a lot of people haven't spent enough time doing research. We've looked into models around PowerShell, um, so that we can identify when a user's maliciously executing PowerShell scripts. I think there's stuff that's getting attention now that when it really needs to, but it is a little bit too late. >>Uh, the community is a bit behind the curve on it and see sharks becoming more of a pattern to seeing a lot more C sharp power shells kind of in hunted down kind of crippled or like identified. You can't operate that way, what we're seeing but, but is that an insider and do that. And do insiders come in with the knowledge of doing C sharp? Those are gonna come from the outside. So I mean, what's the sophistic I guess my question is what's the sophistication levels of an insider threat? Depends on the level a, so the cert inside of dread Institute has aggregated about 15,000 different events. And it could be something as simple as a user who goes in with the intent to do something bad. It could be a person who converted from the inside at any level of the enterprise for some reason. >>Or it could be someone who gets, you know, really upset after a bad review. That might be the one person who has access and he's being socially engineered as well as all kinds of different vectors coming in there. And so, you know, in addition to somebody malicious like that, that you know, there's the accidental, you're phishing campaigns here, somebody's important clicks on an email that they think is from somebody else important or something like that. And you know, we're looking fair for that as well. And that's definitely spear fishing's been very successful. That's a hard one to crack. It is. They have that malware and they're looking at, you can say HR data's out of this guy, just got a bad review, good tennis cinema, a resume or a job opening for, and that's got the hidden code built in. We've seen that move many times. >>Yeah, and natural language processing and more importantly, natural language understanding can be used to get a lot of those cases out. If you're ingesting the text of the email data, well you guys are at a very professional high end from Sai C I mean the history of storied history goes way back and a lot of government contracts do. They do a lot of heavy lifting from anywhere from development to running full big time OSS networks. So there's a lot of history there. What does sustain of the yard? What do you guys look at as state of the art right now in security? Given the fact that you have some visibility into some of the bigger contracts relative to endpoint protection or general cyber, what's the current state of the art? What's, what should people be thinking about or what are you guys excited about? What are some of the areas that is state of the art relative to cyber, cyber security around data usage. >>So, I mean, one of the things, and I saw that there were some talks about it, but not natural language processing and sentiment analysis has gotten, has come a long way. It is much easier to understand, you know, or to have machines understand what, what people are trying to say or what they're doing. And especially, for example, if somebody's like web searching history, you know, and you might think of somebody might do a search for how do I hide downloading a file or something like that. And, and that's something that, well, we know immediately as people, but you know, we have, our customer for example, has 1000000001.2 billion events a day. So you know, if the billion, a billion seconds, that's 30 years. Yeah. So like that's, it's, it's a big number. You know, we, we, we hear those numbers thrown around a lot, but it's a big number to put it in perspective. >>So we're getting that a day and so how do we pick out, it's hard to step of that problem. The eight staff, you can't put stamp on that. Most cutting edge papers that have come out recently have been trying to understand the logs. They're having them machine learning to understand the actual logs that are coming in to identify those anomalies. But that's a massive computation problem. It's a huge undertaking to kind of set that up. Uh, so I really have seen a lot of stuff actually at concierge, some of the innovations that they're doing to optimize that because finding the needle in the haystack is obviously difficult. That's the whole challenge. But there's a lot of work that's being done in Splunk to make that happen a lot faster. And there's some work that's being done at the edge. It's not a lot, but the cutting edge is actually logging and looking at every single log that comes in and understanding it and having a robot say, boom, check that one out. >>Yeah. And also the sentiment, it gets better with the data because we all crushed those billions of events. And you can get a, you know, smiley face or that'd be face depending upon what's happening. It could be, Oh this is bad. But this, this comes back down to the data points you mentioned logs is now beyond logs. I've got tracing other, other signals coming in across the networks. So that's not, that's a massive problem. You need automation, you've got to feed the beast by the machines and you got to do it within whatever computation capabilities you have. And I always say it's a moving train hard. The Target's moving all the time. You guys are standing on top of it. Um, what do you guys think of the event? What's the, what's the most important thing happening here@splunk.com this year? I'd love to have both of you guys take away in on that. >>There's a ton of innovation in the machine learning space. All of the pipelines really that I've, I've been working on in the last year are being augmented and improved by the staff. That's developing content in the machine learning and deep learning space that's belongs. So to me that's by far the most important thing. Your, your take on this, um, between the automation. I know in the last year or so, Splunk has just bought a lot of different companies that do a lot of things that now we can, instead of having to build it ourselves or having to go to three or four different people on top to build a complete solution for the federal government or for whoever your customer is, you can, you know, Splunk is becoming more of a one stop shop. And I think just upgrading all of these things to have all the capabilities working together so that, for example, Phantom, Phantom, you know, giving you that orchestration and automation after. >>For example, if we have an EMS notable events saying, Hey, possible insider threat, maybe they automate the first thing of checking, you know, pull immediately pulling those logs and emailing them or putting them in front of the SOC analyst immediately. So that in, in addition to, Hey, you need to check this person out, it's, you need to check this person out here is the first five pages of what you need to look at. Oh, talking about the impact of that because without that soar feature. Okay. The automation orchestration piece of it, security, orchestration and automation piece of it without where are you know, speed. What's the impact? What's the alternative? Yes. So when we're, right now, when we're giving information to our EES or analysts through yes, they look at it and then they have to click five, six, seven times to get up the tabs that they need to make it done. >>And if we can have those tabs pre populated or just have them, you know, either one click or just come up on their screen for once they open it up. I mean their time is important. Especially when we're talking about an insider threat whom might turn to, yeah, the alternative is five X increase in timespan by the SOC analyst and no one wants that. They want to be called vented with the data ready to go. Ready, alert on it. All right, so final few guys are awesome insights. Walking data upsets right here. Love the inside. Love the love the insights. So final question for the folks watching that are Splunk customers who are not as on the cutting edge, as you guys pioneering this field, what advice would you give them? Like if you had to, you know, shake your friend egg, you know, get off your button, do this, do that. What is the, what do people need to pay attention to that's super urgent that you would implore on them? What would you, what would your advice be once you start that one? >>One of the things that I would actually say is, you know, we can code really cool things. We can do really cool things, but one of the most important things that he and I do as part of our processes before we go to the machine and code, the really cool things. We sometimes just step back and talk for a half an hour talk for an hour of, Hey, what are you thinking about? Hey, what is a thing that you know or what are we reading? What and what are we? And you know, formulating a plan because instead of just jumping into it, if you formulate a plan, then you can come up with you know, better things and augmented and implemented versus a smash and grab on the other side of just, all right, here's the thing, let's let's dump it in there. So you're saying is just for you jump in the data pool and start swimming around, take a step back, collaborate with your peers or get some kind of a game thinking plan. >>We spent a lot of hours, white boarding, but I would to to add to that, it's augment that we spent a lot of time reading the scientific research that's being done by a lot of the teams that are out solving these types of problems. And sometimes they come back and say, Hey, we tried this solution and it didn't work. But you can learn from those failures just like you can learn from the successes. So I recommend getting out and reading. There's a ton of literature in that space around cyber. So always be moving. Always be learning. Always be collaborating. Yeah, it's moving training guys, thanks for the insights Epic session here. Thanks for coming on and sharing your knowledge on the cube, the cube. We're already one big data source here for you. All the knowledge here at.com our seventh year, their 10th year is the cubes coverage. I'm John furry with back after this short break.

(upbeat music) >> Narrator: Live from Las Vegas, it's theCUBE, covering Splunk .Conf19. Brought to you by Splunk. >> Welcome to theCUBE everybody, we're here in Las Vegas for Splunk's .Conf, I'm John Furrier, host of theCUBE, here with Lisa Martin for the next three days. Lisa will be here tomorrow and the next day. I'm going to be carrying it solo, this is our seventh year .Conf, Splunk's conference celebrating their 10th year. Our first guest is Melissa Zicopula, vice president of managed services of Herjavec Group. Robert's been on before, welcome to theCUBE. >> Thank you. >> I always get that, Herjavec? >> Herjavec Group. >> Herjavec Group. >> Happy to be here. >> Well known for the Shark Tank, but what's really interesting about Robert and your company is that we had multiple conversations and the Shark Tanks is what he's known for in the celebrity world. >> Melissa: Yes. >> But he's a nerd, he's a geek, he's one of us! (laughing) >> He's absolutely a cyber-security expert in the field, yes. >> So tell us what's going on this year at .Conf obviously security continues to be focus you guys have a booth here, what's the message you guys are sharing, what's the story from your standpoint? >> Yeah, so we do, Herjavec we're focusing on managed security services, where information security is all we do, focusing on 24/7 threat detection, security operations and also threat management. So, we want to be able to demo a lot of our capabilities, we're powered by Splunk, our HG analytics platform uses, heavily uses Splunk on the back end. So we want to be able to showcase for our customers, our clients, our prospects different types of use cases, different types of ways to detect malicious activity, while leveraging the tool itself. >> And data we're been covering since 2013, Splunk's .Conf, it's always been a data problem, but the data problem gets bigger and bigger, there's more volume than ever before which shifts the terms to the adversaries because ransomware is at an all time high. >> Melissa: Sure. >> Data is where the value is, but that's also where the attack vectors are coming from. This isn't going away. >> Absolutely, yeah, we want to focus on not just what type of data you're ingesting into your instance but to also understand what types of log sources you're feeding into your sim today. So we have experts actually focus on evaluating the type of log sources we're bringing in. Everything from IPS, to AV, to firewall you know, solutions into the sim so that way we can build use cases those, to be able to detect different types of activity. We leverage different types of methodologies, one of them is Mitre framework, CIS top 20. And being able to couple those two together it's able to give you a better detection mechanism in place. >> I want to some kind of, clarification questions because we talked to a lot of CSOs and CIOs and and CXOs in general. >> Melissa: Sure. >> The roles are changing, but the acronyms of the providers out in the market place are specializing, some have unique focuses, some have breadth, some have depth, you guys are an MSSPP. So, MSSPP, not to be confused with an MSP. Or ISV, there's different acronyms, what is the difference between an MSSPP versus an MSP? >> Melissa: Correct, so it's, we are a MSSP, which is a Managed Security Service Provider. And what we do is just, we're focused on we're very security-centric. So information, security is all we do everything from threat detection, we even have a consulting advisory role where we're actually doing penetration exams. We're PCI compliant, obviously SOC operations are the bread and butter of our service. Whereas, other MSPs, Managed Services Providers, they can do anything from architecture, network operations in that purview. So, we're focused on more of SIM solutions, endpoint, being able to manage any of your security technologies. And also, monitor them to take a fact into the SOC. >> So you guys are very focused? >> Melissa: Very focused on security. >> Then what's the key decision point for a customer to go with you guys, and what's the supplier relationship to the buyer because they're buying everything these days! >> Melissa: Sure. >> But they want to try and get it narrowed down so the right people are in the right place. >> Melissa: Yeah, so one of the great things about Herjavec Group is we are, you know, we're vendor agnostic, we have tons of experts in, you know, expertise resources that monitor, manage different types of technologies. Whether it's Splunk and other technologies out there, we have a team of people, that are very, very, you know, centric to actually monitor and manage them. >> How big is Splunk, in relative with your services? How involved are they with the scope? >> Melissa: Over 60% of our managed clients today, utilize Splunk, they're heavy Splunk users, they also utilize Splunk ES, Splunk Core, and from a management side, they're implementing them into their service. All of the CSOs and CROs or CIOs are leveraging and using it, not just for monitoring and security but they're also using it in development environments, as well as their network operations. >> So, one of the things I've been, I won't say preaching, because I do tend to preach a lot, but I've been saying and amplifying, is that tools that have come a long in the business and there's platforms and Splunk has always kind of been that, a platform provider, but also a good tool for folks. But, they've been enabling value, you guys have built an app on Splunk, the proprietary solutions. >> Absolutely. >> Could you tell me about that because this is really where the value starts to shift, where domain expertise focused practices and services, like you guys are doing, are building on someone else's platform with data, talk about your proprietary app. >> Absolutely, so we discovered, a few years ago, was that customers needed help getting to the data faster. So we were able to build in built-in queries, you know literally one click, say if you wanted to get to a statistical side of how many data sources are logging your SIM, is the data, you know, modeling complete, you know, is there anything missing in the environment or are there any gaps that we need to fill? You're able to do it by just clicking on a couple of different, you know, buttons within the tool itself. It gives you a holistic view of not just the alerts that are firing in your environment but all the data log sources that are coming into your SIM instance. It's a one stop shop. And also, what's great about it, is that it also powers Splunk ES, so Splunk ES also has similar tools and they are, literally, I mean that tool is so great you can go in, you can look at all the alerts, you can do an audit trail, you can actually do drill-down analysis, you can actually see the type of data like PCAP analysis, to get to the, you know, the type of activity you want to get to on a granular level. So, both tools do it really well. >> So you have hooks into ES, Splunk ES? >> Yes, we can actually see, depending on the instance that it's deployed on, 'cause our app is deployed on top of Splunk for every customer's instance. They're ale to leverage and correlate the two together. >> What are some of the trends in the marketplace that you're seeing with your customers? Obviously, again, volumes are increasing, the surface area of attacks is coming in it's more than log files now, it's, you got traces, you got other metrics >> Melissa: Sure. >> Other things to measure, it's almost It's almost too many alerts, what do you-- >> Yeah, a lot of KPI's. The most important thing that any company, any entity wants to measure is the MTTD, the Mean Time To Detection, and also mean time to resolve, right? You want to be able to ensure that your teams are have everything at their fingertips to get to the answer fast. And even if there's an attack or some type of breach in their environment, to at least detect it and understand where it is so they can quarantine it from spreading. >> What's the biggest surprise that you've seen in the past two years? I mean, 'cause I look back at our interviews with you guys in 2013, no 2015. I mean, the narrative really hasn't changed global security, I mean, all the core, top line stories are there, but it just seems to be bigger. What's the big surprise for you in terms of the marketplace? >> The big surprise for me is that companies are now focusing more on cyber-hygiene. Really ensuring that their infrastructure is you know, up to par, right? Because you can apply the best tools in-house but if you're not cleaning up you know, your backyard (laughing) it's going to get tough. So now we have a lot of entities really focusing and using tools like Splunk you know, to actually analyze what's happening in their environment, to clean up their back of house, I would say and to put those tools in place so they could be effective. >> You know, that's a classic story clean up your own house before you can go clean up others, right? >> Right. >> And what a trend we've been seeing in the marketplace on theCUBE and talking to a lot of practitioners is, and channel partners and suppliers is that, they tend to serve their customers, but they don't clean up their own house and data's moving around so now with the diversity of data, they've got the fabric search, they got all kind of new tools within Splunk's portfolio. >> It's a challenge, and it could be you know, lack of resources, it just means that we have you know, they don't have the right expertise in-house so they used managed security providers to help them get there. For example, if a network, if we identify the network being flat, we can identify you know, how to help them how to be able to kind of, look at the actual security landscape and what we need to do to have good visibility in their environment from places they didn't know existed. >> What's the one, one or two things that you see customers that need to do that, they aren't doing yet? You mentioned hygiene is a trend, what are some other things that that need to be addressed, that are almost, well that could be critical and bad, but are super important and valuable? >> I think now a lot of, actually to be quite honest a lot of our clients today or anyone who's building programs, security programs are getting you know, very mature. They're adopting methodologies, like Mitre Framework, CIS Top 20, and they're actually deploying and they're actually using specific use cases to identify the attacks happening in their environment. Not just from a security-centric standpoint but also from an operations side you know, you could identify misconfigurations in your environment, you can identify things that are you know, just cleaning up the environment as well. >> So, Splunk has this thing called SOAR, Security-- >> Automation. >> Orchestration Automation Recovery, resilience whatever R, I think R stands for that. How does that fit in to your market, your app and what you guys are doing? >> So it definitely fits in basically, being able to automate the redundant, mundane types of tasks that anyone can do, right? So if you think about it, if you have a security operations center with five or 10 analysts, it might take one analyst to do a task, it might take them two or three hours, where you can leverage a tool like Phantom, any type of SOAR platform to actually create a playbook to do that task within 30 seconds. So, not only are you minimizing the amount of you know, head count to do that, you're also you know, using your consistent tool to make that function make that function you know, more, I want to say enhanced. So you can build play books around it, you can basically use that on a daily basis whether it's for security monitoring or network operations, reporting, all that becomes more streamlined. >> And the impact to the organization is those mundane tasks can be demotivating. Or, there's a lot more problems to solve so for productivity, creativity, can you give some examples of where you've seen that shift into the personnel, HR side the human resource side of it? >> Yeah, absolutely so you know, you want to be able to have something consistent in your environment, right? So you don't want others to get kind of, get bored or you know, when you're looking at a platform day in and day out and you're doing the same task everyday, you might miss something. Whereas, if you build an automation tool that takes care of the low hanging fruit, so to speak, you're able to use a human component to put your muscles somewhere else, to find some you know, the human element to actually look for any types of malicious anomalies in the environment. >> How much has teamwork become a big part of how successful companies manage a security threat landscape? >> Very, very important. I mean, you're talking about leveraging different teams on the engineering side, on the operations side, even you know, coupling that with business stakeholders. You absolutely need to get the business involved so they have an understanding of what's critical to their environment, what's critical to their business, and making sure that we're taking security, obviously seriously, which a lot of companies know already, but not impeding on the operation. So doing it safely without having to minimize impact. >> Well let's just, I got to ask you this question around kind of, doing the cutting edge but not getting bled out, bleeding edge, bleeding out and failing. Companies are trying to balance you know, being cutting edge and balancing hardcore security Signal FX is a company that Splunk bought, we've been following them from the beginning. Strong tracing, great in that cloud native environment. So cloud native with micro services is super hot in areas you know, people see with Kubernetes and so on happening, kind of cutting edge though! >> Melissa: Right. >> You don't want to be bleeding edge 'cause there's some risks there too so, how do you guys advise your clients to think about cloud native with Splunk and some of the things that they're there but as the expression goes "there's a pony in there somewhere" but it's risky still, but certainly it's got a lot of promise. >> Yeah, you know, it's all about you know, everyone's different, every environment's different. It's really about explaining those options to them what they have available, whether they go on the cloud, whether they stay on-prem, explaining them from a cost perspective, how they can implement that solution, and what the risks are involved if they had and how long that will take for them to implement it in their environment. >> Do you see a lot of clients kicking the tires in cloud native? >> A lot of customers are migrating to cloud. One, because they don't have to keep it in a data warehouse, they don't have to have somebody manage it, they don't have to worry about hardware or licenses, renewals, all that. So, it's really easy to spin up a you know, a cloud instance where they can just keep a copy of it somewhere and then configure it and manage it and monitor it. >> Melissa, great insight, and love to have you on theCUBE, I got to ask you one final question >> Melissa: Sure. >> As a, on a personal note well, personal being you're in the industry you know, I hear a lot of patterns out there, see a lot of conversations on theCUBE. One consistent theme is the word scale. Cloud brings scale to the table, data scaling, so data at scale, cloud at scale, is becoming a reality for customers, and they got to deal with it. And this also impacts the security piece of it. What are some of the things that you guys and customers are doing to kind of one, take advantage of that wave but not get buried into it? >> Absolutely, so you just want to incorporate into the management life cycle, you know you don't want to just configure then it's one and done, it's over. You want to be able to continually monitor what's happening quarter over quarter you know, making sure that you're doing some asset inventory, you're managing your log sources, you have a full team that's monitoring, keeping up with the processes and procedures, and making sure that you know, you're also partnering with a company that can can follow you you know, year over year and build that road map to actually see what you're building your program, you know. >> So here's the personal question now, so, you're on this wave, security wave. >> Melissa: Sure. >> It's pretty exciting, can be intoxicating but at the same time, it's pretty dynamic. What are you excited about these days in the industry? What's really cool that you're getting jazzed about? What's exciting you in the industry these days? >> Automation, absolutely. Automation, being able to build as many playbooks and coupling that with different types of technologies, and you know, like Splunk, right? You can ingest and you can actually, automate your tier one and maybe even a half of a tier two, right, a level two. And that to me is exciting because a lot of what we're seeing in the industry now is automating as much as possible. >> And compare that to like, five years ago in terms of-- >> Oh absolutely, you know, SOAR wasn't a big thing five years ago, right? So, you had to literally sit there and train individuals to do a certain task, their certain function. And then you had to rely on them to be consistent across the board where now, automation is just taken that to the next level. >> Yeah it's super exciting, I agree with you. I think automation, I think machine learning and AI data feeds, machine learning. >> Michelle: Right. >> Machine learning is AI, AI is business value. >> Being able to get to the data faster, right? >> Awesome, speed, productivity, creativity, scale. This is the new formula inside the security practice I'm John Furrier with theCUBE. More live coverage here for the 10th anniversary of Splunk .Conf, our seventh year covering Splunk from a start-up, to going public, to now. One of the leaders in the industry. I'm John Furrier, we'll be right back. (techno music)

>> from Austin, Texas. It's Theo Cube, covering pure storage. Accelerate 2019. Brought to you by pure storage. >> Welcome back to the Cube. Lisa Martin Day Volante is my co host were a pure accelerate 2019 in Austin, Texas. A couple of guests joining us. Next. Please welcome Barack elected director product management for slunk. Welcome back to the Cube. Thank you. And guess who's back. Von Stewart. V. P. A. Technology from pure Avon. Welcome back. >> Hey, thanks for having us guys really excited about this topic. >> We are too. All right, so But we'll start with you. Since you're so excited in your nice orange pocket square is peeking out of your jacket there. Talk about the Splunk, your relationship. Long relationship, new offerings, joint value. What's going on? >> Great set up. So Splunk impure have had a long relationship around accelerating customers analytics The speed at which they can get their questions answered the rate at which they could ingest data right to build just more sources. Look at more data, get faster time to take action. However, I shouldn't be leading this conversation because Split Split has released a new architecture, a significant evolution if you will from the traditional Splunk architectural was built off of Daz and a shared nothing architecture. Leveraging replicas, right? Very similar what you'd have with, like, say, in H D. F s Work it load or H c. I. For those who aren't in the analytic space, they've released the new architecture that's disaggregated based off of cashing and an object store construct called Smart Store, which Broth is the product manager for? >> All right, tell us about that. >> So we release a smart for the future as part of spunk Enterprise. $7 to about a near back back in September Timeframe. Really Genesis or Strong Smart Strong goes back to the key customer problem that we were looking to solve. So one of our customers, they're already ingesting a large volume of data, but the need to retain the data for twice, then one of Peter and in today's architecture, what it required was them to kind of lean nearly scale on the amount of hardware. What we realized it. Sooner or later, all customers are going to run into this issue. But if they want in just more data or reading the data for longer periods, of time, they're going to run into this cost ceiling sooner or later on. The challenge is that into this architecture, today's distributes killer dark picture that we have today, which of all, about 10 years back, with the evolution of the Duke in this particular architecture, the computer and story Jacqui located. And because computer storage acqua located, it allows us to process large volumes of data. But if you look at the demand today, we can see that the demand for storage or placing the demand for computer So these are, too to directly opposite trans that we're seeing in the market space. If you need to basically provide performance at scale, there needs to be a better model. They need a better solution than what we had right now. So that's the reason we basically brought Smart store on denounced availability last September. What's Marceau brings to the table is that a D couples computer and storage, So now you can scale storage independent of computers, so if you need more storage or if you need to read in for longer periods of time, you can just kill independent on the storage and with level age, remote object stores like Bill Flash bid to provide that data depository. But most of your active data said still decides locally on the indexers. So what we did was basically broke the paradigm off computer storage location, and we had a small twist. He said that now the computer stories can be the couple, but you bring comfort and stories closer together only on demand. So that means that when you were running a radio, you know, we're running a search, and whenever the data is being looked for that only when we bring the data together. The other key thing that we do is we have an active data set way ensure that the smart store has ah, very powerful cash manager that allows that ensures that the active data set is always very similar to the time when your laptop, the night when your laptop has active data sets always in the cash always on memory. So very similar to that smarts for cash allows you to have active data set always locally on the index. Start your search performance is not impact. >> Yes, this problem of scaling compute and storage independently. You mentioned H. D. F s you saw it early on there. The hyper converged guys have been trying to solve this problem. Um, some of the database guys like snowflakes have solved it in the cloud. But if I understand correctly, you're doing this on Prem. >> So we're doing this board an on Prem as well as in Cloud. So this smart so feature is already available on tramp were also already using a host all off our spun cloud deployments as well. It's available for customers who want obviously deploy spunk on AWS as well. >> Okay, where do you guys fit in? So we >> fit in with customers anywhere from on the hate say this way. But on the small side, at the hundreds of terabytes up into the tens and hundreds of petabytes side. And that's really just kind of shows the pervasiveness of Splunk both through mid market, all the way up through the through the enterprise, every industry and every vertical. So where we come in relative to smart store is we were a coat co developer, a launch partner. And because our object offering Flash Blade is a high performance object store, we are a little bit different than the rest of the Splunk s story partner ecosystem who have invested in slow more of an archive mode of s tree right, we have always been designed and kind of betting on the future would be based on high performance, large scale object. And so we believe smart store is is a ah, perfect example, if you will, of a modern analytics platform. When you look at the architecture with smart store as brush here with you, you want to suffice a majority of your queries out of cash because the performance difference between reading out a cash that let's say, that's NAND based or envy. Emmy based or obtain, if you will. When you fall, you have to go read a data data out of the Objects store, right. You could have a significant performance. Trade off wean mix significantly minimized that performance drop because you're going to a very high bandwith flash blade. We've done comparison test with other other smart store search results have been published in other vendors, white papers and we show Flash blade. When we run the same benchmark is 80 times faster and so what you can now have without architecture is confidence that should you find yourself in a compliance or regulatory issue, something like Maybe GDP are where you've got 72 hours to notify everyone who's been impacted by a breach. Maybe you've got a cybersecurity case where the average time to find that you've been penetrated occurs 206 days after the event. And now you gotta go dig through your old data illegal discovery, you know, questions around, you know, customer purchases, purchases or credit card payments. Any time where you've got to go back in the history, we're gonna deliver those results and order of magnitude faster than any other object store in the market today. That translates from ours. Today's days, two weeks, and we think that falls into our advantage. Almost two >> orders of magnitude. >> Can this be Flash Player >> at 80%? Sorry, Katie. Time 80 x. Yes, that's what I heard. >> Do you display? Consider what flashlight is doing here. An accelerant of spunk, workloads and customer environment. >> Definitely, because the forward with the smart, strong cash way allow high performance at scale for data that's recites locally in the cash. But now, by using a high performance object store like your flash played. Customers can expect the same high performing board when data is in the cash as well as invented sin. Remorseful >> sparks it. Interesting animal. Um, yeah, you have a point before we >> subjects. Well, I don't want to cut you off. It's OK. So I would say commenting on the performance is just part of the equation when you look at that, UM, common operational activities that a splitting, not a storage team. But a Splunk team has to incur right patch management, whether it's at the Splunk software, maybe the operating system, like linen store windows, that spunk is running on, or any of the other components on side on that platform. Patch Management data Re balancing cause it's unequal. Equally distributed, um, hardware refreshes expansion of the cluster. Maybe you need more computer storage. Those operations in terms of time, whether on smart store versus the classic model, are anywhere from 100 to 1000 times faster with smart store so you could have a deployment that, for example, it takes you two weeks to upgrade all the notes, and it gets done in four hours when it's on Smart store. That is material in terms of your operational costs. >> So I was gonna say, Splunk, we've been watching Splunk for a long time. There's our 10th year of doing the Cube, not our 10th anniversary of our 10th year. I think it will be our ninth year of doing dot com. And so we've seen Splunk emerged very cool company like like pure hip hip vibe to it. And back in the day, we talked about big data. Splunk never used that term, really not widely in its marketing. But then when we started to talk about who's gonna own the big data, that space was a cloud era was gonna be mad. We came back. We said, It's gonna be spunk and that's what's happened. Spunk has become a workload, a variety of workloads that has now permeated the organization, started with log files and security kind of kind of cumbersome. But now it's like everywhere. So I wonder if you could talk to the sort of explosion of Splunk in the workloads and what kind of opportunity this provides for you guys. >> So a very good question here, Right? So what we have seen is that spunk has become the de facto platform for all of one structure data as customers start to realize the value of putting their trying to Splunk on the watch. Your spunk is that this is like a huge differentiate of us. Monk is the read only skim on reed which allows you to basically put all of the data without any structure and ask questions on the flight that allows you to kind of do investigations in real time, be more reactive. What's being proactive? We be more proactive. Was being reactive scaleable platform the skills of large data volumes, highly available platform. All of that are the reason why you're seeing an increase that option. We see the same thing with all other customers as well. They start off with one data source with one use case and then very soon they realize the power of Splunk and they start to add additional use cases in just more and more data sources. >> But this no >> scheme on writer you call scheme on Reed has been so problematic for so many big data practitioners because it just became the state of swamp. >> That didn't >> happen with Splunk. Was that because you had very defined use cases obviously security being one or was it with their architectural considerations as well? >> They just architecture, consideration for security and 90 with the initial use cases, with the fact that the scheme on Reid basically gives open subject possibilities for you. Because there's no structure to the data, you can ask questions on the fly on. You can use that to investigate, to troubleshoot and allies and take remedial actions on what's happening. And now, with our new acquisitions, we have added additional capabilities where we can talk, orchestrate the whole Anto and flow with Phantom, right? So a lot of these acquisitions also helping unable the market. >> So we've been talking about TAM expansion all week. We definitely hit it with Charlie pretty hard. I have. You know, I think it's a really important topic. One of things we haven't hit on is tam expansion through partnerships and that flywheel effect. So how do you see the partners ship with Splunk Just in terms of supporting that tam expansion the next 10 years? >> So, uh, analytics, particularly log and Alex have really taken off for us in the last year. As we put more focus on it, we want to double down on our investments as we go through the end of this year and in the next year with with a focus on Splunk um, a zealous other alliances. We think we are in a unique position because the rollout of smart store right customers are always on a different scale in terms of when they want to adopt a new architecture right. It is a significant decision that they have to make. And so we believe between the combination of flash array for the hot tear and flash played for the cold is a nice way for customers with classic Splunk architecture to modernize their platform. Leverage the benefits of data reduction to drive down some of the cost leverage. The benefits of Flash to increase the rate at which they can ask questions and get answers is a nice stepping stone. And when customers are ready because Flash Blade is one of the few storage platforms in the market at this scale out band with optimized for both NFS and object, they can go through a rolling nondestructive upgrade to smart store, have you no investment protection, and if they can't repurpose that flash rate, they can use peers of service to have the flesh raise the hot today and drop it back off just when they're done within tomorrow. >> And what about C for, you know, big workloads, like like big data workloads. I mean, is that a good fit here? You really need to be more performance oriented. >> So flash Blade is is high bandwith optimization, which really is designed for workload. Like Splunk. Where when you have to do a sparse search, right, we'll find that needle in the haystack question, right? Were you breached? Where were you? Briefed. How were you breached? Go read as much data as possible. You've gotta in just all that data, back to the service as fast as you can. And with beast Cloud blocked, Teresi is really optimized it a tear to form of NAND for that secondary. Maybe transactional data base or virtual machines. >> All right, I want more, and then I'm gonna shut up sick. The signal FX acquisition was very interesting to me for a lot of reasons. One was the cloud. The SAS portion of Splunk was late to that game, but now you're sort of making that transition. You saw Tableau you saw Adobe like rip the band Aid Off and it was somewhat painful. But spunk is it. So I wonder. Any advice that you spend Splunk would have toe von as pure as they make that transition to that sass model. >> So I think definitely, I think it's going to be a challenging one, but I think it's a much needed one in there in the environment that we are in. The key thing is to always because two more focus and I'm sure that you're already our customer focus. But the key is key thing is to make sure that any service is up all the time on make sure that you can provide that up time, which is going to be crucial for beating your customers. Elise. >> That's good. That's good guidance. >> You >> just wanted to cover that for you favor of keeping you date. >> So you gave us some of those really impressive stats In terms of performance. >> They're almost too good to be true. >> Well, what's customer feedback? Let's talk about the real world when you're talking to customers about those numbers. What's the reaction? >> So I don't wanna speak for Broth, so I will say in our engagements within their customer base, while we here, particularly from customers of scale. So the larger the environment, the more aggressive they are to say they will adopt smart store right and on a more aggressive scale than the smaller environments. And it's because the benefits of operating and maintaining the indexer cluster are are so great that they'll actually turn to the stores team and say, This is the new architecture I want. This is a new storage platform and again. So when we're talking about patch management, cluster expansion Harbor Refresh. I mean, you're talking for a large sum. Large installs weeks, not two or 3 10 weeks, 12 weeks on end so it can be. You can reduce that down to a couple of days. It changes your your operational paradigm, your staffing. And so it has got high impact. >> So one of the message that we're hearing from customers is that it's far so they get a significant reduction in the infrastructure spent it almost dropped by 2/3. That's really significant file off our large customers for spending a ton of money on infrastructure, so just dropping that by 2/3 is a significant driver to kind of move too smart. Store this in addition to all the other benefits that get smart store with operational simplicity and the ability that it provides. You >> also have customers because of smart store. They can now actually bursts on demand. And so >> you can think of this and kind of two paradigms, right. Instead of >> having to try to avoid some of the operational pain, right, pre purchase and pre provisional large infrastructure and hope you fill it up. They could do it more of a right sides and kind of grow in increments on demand, whether it's storage or compute. That's something that's net new with smart store um, they can also, if they have ah, significant event occur. They can fire up additional indexer notes and search clusters that can either be bare metal v ems or containers. Right Try to, you know, push the flash, too. It's Max. Once they found the answers that they need gotten through. Whatever the urgent issues, they just deep provisionals assets on demand and return back down to a steady state. So it's very flexible, you know, kind of cloud native, agile platform >> on several guys. I wish we had more time. But thank you so much fun. And Deron, for joining David me on the Cube today and sharing all of the innovation that continues to come from this partnership. >> Great to see you appreciate it >> for Dave Volante. I'm Lisa Martin, and you're watching the Cube?

>> live from Boston, Massachusetts. It's the Cube covering A W s reinforce 2019 brought to you by Amazon Web service is and its ecosystem partners. >> Okay, welcome back. Everyone keeps live coverage here in Boston. Messages of AWS reinforce That's Amazon. Webster's his first inaugural commerce around cloud security on John Kerry with David Lantz. One of the top stories here, the announced being announced here reinforced is the VPC traffic nearing and we wanted to bring in alumni and friend Mike Banner was the VP of marketing at a Vectra who specializes in networking. Welcome to the Q. We go way back. HP networking got a hot start up here so wanted to really bring you in to help unpack this VPC traffic mirroring product is probably medias announcement of everything on stage. That other stuff was general availability of security have which is great great product, Absolutely. And guard guard duty. Well, all this other stuff have it. But the VPC traffic nearing is a killer feature for a lot of reasons, absolutely. But it brings some challenges and some opportunities that might be downstream. I don't get the thoughts on what is your take on the BBC traffic nearing >> a tte. The highest level brings a lot of value because it allows you get visibility and something that's really opaque, which is the traffic within the cloud. And in the past, the way people were solving this was they had to put an agent on the workload, and nobody wants that one. It's hard to manage. You don't want dozens to hundreds or thousands of agents, and also it's going to slow things down. On third, it could be subverted. You get the advanced attacker in there. He knows how to get below that level and operated on in a way where he can hide his communication and and his behavior isn't seen. With traffic nearing that, we're getting a copy of the packet from below. The hyper visor cannot be subverted, and so we're seeing everything, and we're also not slowing down the traffic in the virtual private cloud. So it allows us to extract just the right data for a security application, which is our case, metadata and enrich it with information that's necessary for detecting threats and also of performing an investigation. >> Yeah, it was definitely the announcement that everybody has been talking about has the buzz. So from a from a partner perspective, how do you guys tie into that? What do you do? Was the value that you bring to the customer, >> So the value that we're bringing really stems from what you can do with our platform. There's two things everybody is looking to do with him at the highest level, which is detect threats and respond to threats. On the detection side, we could take the metadata that we've extracted and we've enriched. We're running through machine learning algorithms, and from there we not only get a detection, but we can correlated to the workers we're seeing it on. And so we could present much more of an incident report rather than just a security alert, saying, Hey, something bad happened over there. It's not just something bad happened, but these four bad things happen and they happen in this time sequence over this period of time, and it involved these other work looks. We can give you a sense of what the attack campaign looks like. So you get a sense of like with cancer, such as you have bad cells in your liver, but they've metastasized to these other places. Way also will keep that metadata in something we call cognito recall, which is in AWS. And it has pre built analytics and save searches so that once you get that early warning signal from cognito detect, you know exactly where to start looking for. You can peel back all the unrelated metadata, and you can look specifically at what's happened during the time of that incident. In order, perform your threat investigation and respond rapidly to that threat. >> So you guys do have a lot of machine intelligence. OK, ay, ay chops. How close are we to be able to use that guy to really identify? Detect, but begin to automate responses? We there yet eyes. It's something that people want don't want. >> We're getting close to being there. It's answer your first question, and people are sure that they want it yet. And here's some of the rationale behind it. You know, like we generally say that Aria is pretty smart, but security operations people are still the brains of the operation. There's so much human intelligence, so much contextual knowledge that a security operations person can apply to the threats that we detect. They can look at something and say, Oh, yeah, I see the user account. The service is being turned on from, you know, this particular workload. I know exactly what's happening with that. They add so much value. So we look at what we're doing is augmenting the security operations team. We're reducing their workload by taking all the mundane work and automating that and putting the right details at their fingertips so they could take action. Now there's some things that are highly repeatable that they do like to use playbooks for So we partner with companies like Phantom, which got bought by spunk, and to Mr which Palazzo Networks acquired. They've built some really good playbooks for some of those well defying situations. And there was a couple presentations on the floor that talked about those use >> cases. Fan of fan was pretty good. Solid product was built in the security hub. Suit helps nice product, but I'll get back to the VPC traffic, not smearing. It makes so much sense. It's about time. Yes, Finally they got it done. This make any sense? It wasn't done before, but I gotta ask first with the analytics, you and you said on the Q. Before network doesn't lie, >> the network is no line >> they were doesn't lie with subversion pieces of key piece. It's better be the lowest level possible. That's a great spot for the data. So totally agree. Where do you guys create Valley? Because now that everyone's got available BBC traffic mirroring How do you guys take advantage of that? What's next for you guys is that Where's the differentiation come from? Where's the value go next? >> Yeah, there's really three things that I tend to focus on. One is we enrich the metadata that we're extracting with a lot of important data that makes it. It really accelerates the threat investigation. So things like directionality, things like building a notion of what's the identity of the workload or when you're running us on prem. The device, because I P addresses changed. There's dynamic things in there, so having a sense of of consistency over a period of time is extremely valuable for performing a threat investigation so that information gets put in tow. Recall for the metadata store. If people have a data leak that they wanna have ascended to, whether it's elastic or spawn, Kafka then that is included in what we send to them and Zeke formatting use. Others eat tooling so they're not wasting any money there. And in the second piece is around the way that we build analytics. There's always, ah, a pairing of somebody from security research with the data scientist. This is the security researcher explains the tools, the tactics, the techniques of the attacker. So that way, the data scientist isn't being completely random about what features do they want to find in the network traffic. They're being really specific to what features are gonna actually pair to that tool, tactic and technique. So that way, the efficacy of the algorithm is better. We've been doing this for five plus years, and history speaks for something because some of the learning we've had is all right. In the beginning, there were maybe a couple different supervised techniques to apply. Well, now we're applying those supervised techniques with some deep learning techniques. So that way, the performance of the algorithm is actually 90% more effective than it was five years ago. >> Appreciating with software. Get the data extract the data, which the metadata, Yes, you're doing. Anyway. Now, It's more efficient, correct, low speed, No, no problems with informants in the agents you mentioned earlier. Now it's better data impact the customers. What's the What's the revelation here For the end of the day, your customer and Amazons customers through you? What do they get out of it? What's the benefit to them? >> So it's all about reducing the time to detect in the time to respond. Way had one of our fortune to 50 customers present last week at the Gardener Security Summit. Still on stage. Gentlemen from Parker Hannifin talked about how they had an incident that they got an urgent alert from from Cognito. It told him about an attack campaign. He was immediately alerted the 45 different machines that were sending data to the cloud. He automatically knew about what were the patterns of data, the volume of data. They immediately know exactly what the service is that were being used with in the cloud. They were able to respond to this and get it all under control. Listen 24 hours, but it's because they had the right data at their fingertips to make rapid decisions before there was any risk. You know what they ended up finding was it was actually a new application, but somebody had actually not followed the procedures of the organization that keeps them compliant with so many of their end users. In the end, it's saved tremendous time and money, and if that was a real breach, it would have actually prevented them from losing proprietary information. >> Well, historically, it would take 250 days to even find out that there was a breach, right? And then by then who knows what What's been exfiltrate ID? >> Yeah, we had a couple. We had a couple of firms that run Red team exercises for a living come by and they said, I said to them, Do you know who we are? And they said, Of course we know where you are. There's one tool out there, then finds us. It's victory. That's >> a That's a kind of historical on Prem. So what do you do for on Pramuk? This is all running any ws. Is it cloud only? >> It's actually both, so we know that there's a lot of companies that come here that have never owned a server, and everything's been in AWS from day one and for I t. Exactly. And for them waken run everything. We have the sensor attached to the VPC traffic nearing in AWS. We could have the brain of the cognitive platform in eight of us, you know. So for them they don't need anything on prime. There's a lot of people that are in the lift and shift mode. It can be on Prem and in eight of us, eh? So they can choose where they want the brain. And they could have sensors in both places. And we have people that are coming to this event that their hybrid cloud, they've got I t infrastructure in Azure. But they have production in eight of us and they have stuff that's on Prem. And we could meet that need to because we work with the V Top from Azure and so that we're not religious about that. It's all about giving the right data right place, reducing the time to detective respond, >> Mike, Thanks for coming and sharing the insights on the VP. Your perspective on the vpc traffic mirror appreciated. Give a quick plug for the company. What you guys working on? What's the key focus? You hiring. Just got some big funding news. Take a minute to get the plug in for electric. >> Yeah, So we've gone through several years of consecutive more than doubling in. Not in a recurring revenue. I've been really fortunate to have to be earning a lot of customer business from the largest enterprises in the world. Recently had funding $100,000,000 led by T C V out of Menlo Park. Total capitalization is over to 22 right now on the path to continue that doubling. But, you know, we've been really focusing on moving where the you know already being where the puck is going to by working with Amazon. Advance on the traffic nearing. And, you know, we know that today people are using containers in the V M environment. We know that you know where they want to go. Is more serverless on, you know, leveraging containers more. You know, we're already going in that direction. So >> great to see congratulates we've known each other for many, many years is our 10th anniversary of the Q. You were on year one. Great to know you. And congratulations. Successive victor and great announcement. Amazon gives you a tailwind. >> Thanks a lot. It's great to see your growth as well. Congratulations. >> Thanks, Mike. Mike Banning unpacking the relevance of the VPC traffic mirroring feature. >> This is kind >> of conversation we're having here. Deep conversation around stuff that matters around security and cloud security. Of course, the cubes bring any coverage from the inaugural event it reinforced for me. Ws will be right back after this short break.