>> Now we're recording. >> All right. >> Appreciate that, Hannah. >> Yeah, so I mean, I think in general we continue to do very, very well as a company. I think like everybody, there's economic headwinds today that are unavoidable, but I think we have a couple things going for us. One, we're in the cyberspace, which I think is, for the most part, recession proof as an industry. I think the impact of a recession will impact some vendors and some categories, but in general, I think the industry is pretty resilient. It's like the power industry, no? Recession or not, you still need electricity to your house. Cybersecurity is almost becoming a utility like that as far as the needs of companies go. I think for us, we also have the ability to do the security, the security operations, for a lot of companies, and if you look at the value proposition, the ROI for the cost of less than one to maybe two or three, depending on how big you are as a customer, what you'd have to pay for half to three security operations people, we can give you a full security operations. And so the ROI is is almost kind of brain dead simple, and so that keeps us going pretty well. And I think the other areas, we remove all that complexity for people. So in a world where you got other problems to worry about, handling all the security complexity is something that adds to that ROI. So for us, I think what we're seeing is mostly is some of the larger deals are taking a little bit longer than they have, some of the large enterprise deals, 'cause I think they are being a little more cautious about how they spend it, but in general, business is still kind of cranking along. >> Anything you can share with me that you guys have talked about publicly in terms of any metrics, or what can you tell me other than cranking? >> Yeah, I mean, I would just say we're still very, very high growth, so I think our financial profile would kind of still put us clearly in the cyber unicorn position, but I think other than that, we don't really share business metrics as a private- >> Okay, so how about headcount? >> Still growing. So we're not growing as fast as we've been growing, but I don't think we were anyway. I think we kind of, we're getting to the point of critical mass. We'll start to grow in a more kind of normal course and speed. I don't think we overhired like a lot of companies did in the past, even though we added, almost doubled the size of the company in the last 18 months. So we're still hiring, but very kind of targeted to certain roles going forward 'cause I do think we're kind of at critical mass in some of the other functions. >> You disclose headcount or no? >> We do not. >> You don't, okay. And never have? >> Not that I'm aware of, no. >> Okay, on the macro, I don't know if security's recession proof, but it's less susceptible, let's say. I've had Nikesh Arora on recently, we're at Palo Alto's Ignite, and he was saying, "Look," it's just like you were saying, "Larger deal's a little harder." A lot of times customers, he was saying customers are breaking larger deals into smaller deals, more POCs, more approvals, more people to get through the approval, not whole, blah, blah, blah. Now they're a different animal, I understand, but are you seeing similar trends, and how are you dealing with that? >> Yeah, I think the exact same trends, and I think it's just in a world where spending a dollar matters, I think a lot more oversight comes into play, a lot more reviewers, and can you shave it down here? Can you reduce the scope of the project to save money there? And I think it just caused a lot of those things. I think, in the large enterprise, I think most of those deals for companies like us and Palo and CrowdStrike and kind of the upper tier companies, they'll still go through. I think they'll just going to take a lot longer, and, yeah, maybe they're 80% of what they would've been otherwise, but there's still a lot of business to be had out there. >> So how are you dealing with that? I mean, you're talking about you double the size of the company. Is it kind of more focused on go-to-market, more sort of, maybe not overlay, but sort of SE types that are going to be doing more handholding. How have you dealt with that? Or have you just sort of said, "Hey, it is what it is, and we're not going to, we're not going to tactically respond to. We got long-term direction"? >> Yeah, I think it's more the latter. I think for us, it's we've gone through all these things before. It just takes longer now. So a lot of the steps we're taking are the same steps. We're still involved in a lot of POCs, we're involved in a lot of demos, and I don't think that changed. It's just the time between your POC and when someone sends you the PO, there's five more people now got to review things and go through a budget committee and all sorts of stuff like that. I think where we're probably focused more now is adding more and more capabilities just so we continue to be on the front foot of innovation and being relevant to the market, and trying to create more differentiators for us and the competitors. That's something that's just built into our culture, and we don't want to slow that down. And so even though the business is still doing extremely, extremely well, we want to keep investing in kind of technology. >> So the deal size, is it fair to say the initial deal size for new accounts, while it may be smaller, you're adding more capabilities, and so over time, your average contract values will go up? Are you seeing that trend? Or am I- >> Well, I would say I don't even necessarily see our average deal size has gotten smaller. I think in total, it's probably gotten a little bigger. I think what happens is when something like this happens, the old cream rises to the top thing, I think, comes into play, and you'll see some organizations instead of doing a deal with three or four vendors, they may want to pick one or two and really kind of put a lot of energy behind that. For them, they're maybe spending a little less money, but for those vendors who are amongst those getting chosen, I think they're doing pretty good. So our average deal size is pretty stable. For us, it's just a temporal thing. It's just the larger deals take a little bit longer. I don't think we're seeing much of a deal velocity difference in our mid-market commercial spaces, but in the large enterprise it's a little bit slower. But for us, we have ambitious plans in our strategy or on how we want to execute and what we want to build, and so I think we want to just continue to make sure we go down that path technically. >> So I have some questions on sort of the target markets and the cohorts you're going after, and I have some product questions. I know we're somewhat limited on time, but the historical focus has been on SMB, and I know you guys have gone in into enterprise. I'm curious as to how that's going. Any guidance you can give me on mix? Or when I talk to the big guys, right, you know who they are, the big managed service providers, MSSPs, and they're like, "Poo poo on Arctic Wolf," like, "Oh, they're (groans)." I said, "Yeah, that's what they used to say about the PC. It's just a toy. Or Microsoft SQL Server." But so I kind of love that narrative for you guys, but I'm curious from your words as to, what is that enterprise? How's the historical business doing, and how's the entrance into the enterprise going? What kind of hurdles are you having, blockers are you having to remove? Any color you can give me there would be super helpful. >> Yeah, so I think our commercial S&B business continues to do really good. Our mid-market is a very strong market for us. And I think while a lot of companies like to focus purely on large enterprise, there's a lot more mid-market companies, and a much larger piece of the IT puzzle collectively is in mid-market than it is large enterprise. That being said, we started to get pulled into the large enterprise not because we're a toy but because we're quite a comprehensive service. And so I think what we're trying to do from a roadmap perspective is catch up with some of the kind of capabilities that a large enterprise would want from us that a potential mid-market customer wouldn't. In some case, it's not doing more. It's just doing it different. Like, so we have a very kind of hands-on engagement with some of our smaller customers, something we call our concierge. Some of the large enterprises want more of a hybrid where they do some stuff and you do some stuff. And so kind of building that capability into the platform is something that's really important for us. Just how we engage with them as far as giving 'em access to their data, the certain APIs they want, things of that nature, what we're building out for large enterprise, but the demand by large enterprise on our business is enormous. And so it's really just us kind of catching up with some of the kind of the features that they want that we lack today, but many of 'em are still signing up with us, obviously, and in lieu of that, knowing that it's coming soon. And so I think if you look at the growth of our large enterprise, it's one of our fastest growing segments, and I think it shows anything but we're a toy. I would be shocked, frankly, if there's an MSSP, and, of course, we don't see ourself as an MSSP, but I'd be shocked if any of them operate a platform at the scale that ours operates. >> Okay, so wow. A lot I want to unpack there. So just to follow up on that last question, you don't see yourself as an MSSP because why, you see yourselves as a technology platform? >> Yes, I mean, the vast, vast, vast majority of what we deliver is our own technology. So we integrate with third-party solutions mostly to bring in that telemetry. So we've built our own platform from the ground up. We have our own threat intelligence, our own detection logic. We do have our own agents and network sensors. MSSP is typically cobbling together other tools, third party off-the-shelf tools to run their SOC. Ours is all homegrown technology. So I have a whole group called Arctic Wolf Labs, is building, just cranking out ML-based detections, building out infrastructure to take feeds in from a variety of different sources. We have a full integration kind of effort where we integrate into other third parties. So when we go into a customer, we can leverage whatever they have, but at the same time, we produce some tech that if they're lacking in a certain area, we can provide that tech, particularly around things like endpoint agents and network sensors and the like. >> What about like identity, doing your own identity? >> So we don't do our own identity, but we take feeds in from things like Okta and Active Directory and the like, and we have detection logic built on top of that. So part of our value add is we were XDR before XDR was the cool thing to talk about, meaning we can look across multiple attack surfaces and come to a security conclusion where most EDR vendors started with looking just at the endpoint, right? And then they called themselves XDR because now they took in a network feed, but they still looked at it as a separate network detection. We actually look at the things across multiple attack surfaces and stitch 'em together to look at that from a security perspective. In some cases we have automatic detections that will fire. In other cases, we can surface some to a security professional who can go start pulling on that thread. >> So you don't need to purchase CrowdStrike software and integrate it. You have your own equivalent essentially. >> Well, we'll take a feed from the CrowdStrike endpoint into our platform. We don't have to rely on their detections and their alerts, and things of that nature. Now obviously anything they discover we pull in as well, it's just additional context, but we have all our own tech behind it. So we operate kind of at an MSSP scale. We have a similar value proposition in the sense that we'll use whatever the customer has, but once that data kind of comes into our pipeline, it's all our own homegrown tech from there. >> But I mean, what I like about the MSSP piece of your business is it's very high touch. It's very intimate. What I like about what you're saying is that it's software-like economics, so software, software-like part of it. >> That's what makes us the unicorn, right? Is we do have, our concierges is very hands-on. We continue to drive automation that makes our concierge security professionals more efficient, but we always want that customer to have that concierge person as, is almost an extension to their security team, or in some cases, for companies that don't even have a security team, as their security team. As we go down the path, as I mentioned, one of the things we want to be able to do is start to have a more flexible model where we can have that high touch if you want it. We can have the high touch on certain occasions, and you can do stuff. We can have low touch, like we can span the spectrum, but we never want to lose our kind of unique value proposition around the concierge, but we also want to make sure that we're providing an interface that any customer would want to use. >> So given that sort of software-like economics, I mean, services companies need this too, but especially in software, things like net revenue retention and churn are super important. How are those metrics looking? What can you share with me there? >> Yeah, I mean, again, we don't share those metrics publicly, but all's I can continue to repeat is, if you looked at all of our financial metrics, I think you would clearly put us in the unicorn category. I think very few companies are going to have the level of growth that we have on the amount of ARR that we have with the net revenue retention and the churn and upsell. All those aspects continue to be very, very strong for us. >> I want to go back to the sort of enterprise conversation. So large enterprises would engage with you as a complement to their existing SOC, correct? Is that a fair statement or not necessarily? >> It's in some cases. In some cases, they're looking to not have a SOC. So we run into a lot of cases where they want to replace their SIEM, and they want a solution like Arctic Wolf to do that. And so there's a poll, I can't remember, I think it was Forrester, IDC, one of them did it a couple years ago, and they found out that 70% of large enterprises do not want to build the SOC, and it's not 'cause they don't need one, it's 'cause they can't afford it, they can't staff it, they don't have the expertise. And you think about if you're a tech company or a bank, or something like that, of course you can do it, but if you're an international plumbing distributor, you're not going to (chuckles), someone's not going to graduate from Stanford with a cybersecurity degree and go, "Cool, I want to go work for a plumbing distributor in their SOC," right? So they're going to have trouble kind of bringing in the right talent, and as a result, it's difficult to go make a multimillion-dollar investment into a SOC if you're not going to get the quality people to operate it, so they turn to companies like us. >> Got it, so, okay, so you're talking earlier about capabilities that large enterprises require that there might be some gaps, you might lack some features. A couple questions there. One is, when you do some of those, I inferred some of that is integrations. Are those integrations sort of one-off snowflakes or are you finding that you're able to scale those across the large enterprises? That's my first question. >> Yeah, so most of the integrations are pretty straightforward. I think where we run into things that are kind of enterprise-centric, they definitely want open APIs, they want access to our platform, which we don't do today, which we are going to be doing, but we don't do that yet today. They want to do more of a SIEM replacement. So we're really kind of what we call an open XDR platform, so there's things that we would need to build to kind of do raw log ingestion. I mean, we do this today. We have raw log ingestion, we have log storage, we have log searching, but there's like some of the compliance scenarios that they need out of their SIEM. We don't do those today. And so that's kind of holding them back from getting off their SIEM and going fully onto a solution like ours. Then the other one is kind of the level of customization, so the ability to create a whole bunch of custom rules, and that ties back to, "I want to get off my SIEM. I've built all these custom rules in my SIEM, and it's great that you guys do all this automatic AI stuff in the background, but I need these very specific things to be executed on." And so trying to build an interface for them to be able to do that and then also simulate it, again, because, no matter how big they are running their SIEM and their SOC... Like, we talked to one of the largest financial institutions in the world. As far as we were told, they have the largest individual company SOC in the world, and we operate almost 15 times their size. So we always have to be careful because this is a cloud-based native platform, but someone creates some rule that then just craters the performance of the whole platform, so we have to build kind of those guardrails around it. So those are the things primarily that the large enterprises are asking for. Most of those issues are not holding them back from coming. They want to know they're coming, and we're working on all of those. >> Cool, and see, just aside, I was talking to CISO the other day, said, "If it weren't for my compliance and audit group, I would chuck my SIEM." I mean, everybody wants to get rid of their SIEM. >> I've never met anyone who likes their SIEM. >> Do you feel like you've achieved product market fit in the larger enterprise or is that still something that you're sorting out? >> So I think we know, like, we're on a path to do that. We're on a provable path to do that, so I don't think there's any surprises left. I think everything that we know we need to do for that is someone's writing code for it today. It's just a matter of getting it through the system and getting into production. So I feel pretty good about it. I think that's why we are seeing such a high growth rate in our large enterprise business, 'cause we share that feedback with some of those key customers. We have a Customer Advisory Board that we share a lot of this information with. So yeah, I mean, I feel pretty good about what we need to do. We're certainly operate at large enterprise scales, so taking in the amount of the volume of data they're going to have and the types of integrations they need. We're comfortable with that. It's just more or less the interfaces that a large enterprise would want that some of the smaller companies don't ask for. >> Do you have enough tenure in the market to get a sense as to stickiness or even indicators that will lead toward retention? Have you been at it long enough in the enterprise or you still, again, figuring that out? >> Yeah, no, I think we've been at it long enough, and our retention rates are extremely high. If anything, kind of our net retention rates, well over 100% 'cause we have opportunities to upsell into new modules and expanding the coverage of what they have today. I think the areas that if you cornered enterprise that use us and things they would complain about are things I just told you about, right? There's still some things I want to do in my Splunk, and I need an API to pull my data out and put it in my Splunk and stuff like that, and those are the things we want to enable. >> Yeah, so I can't wait till you guys go public because you got Snowflake up here, and you got Veritas down here, and I'm very curious as to where you guys go. When's the IPO? You want to tell me that? (chuckling) >> Unfortunately, it's not up to us right now. You got to get the markets- >> Yeah, I hear you. Right, if the market were better. Well, if the market were better, you think you'd be out? >> Yeah, I mean, we'd certainly be a viable candidate to go. >> Yeah, there you go. I have a question for you because I don't have a SOC. I run a small business with my co-CEO. We're like 30, 40 people W-2s, we got another 50 or so contractors, and I'm always like have one eye, sleep with one eye open 'cause of security. What is your ideal SMB customer? Think S. >> Yeah. >> Would I fit? >> Yeah, I mean you're you're right in the sweet spot. I think where the company started and where we still have a lot of value proposition, which is companies like, like you said it, you sleep with one eye open, but you don't have necessarily the technical acumen to be able to do that security for yourself, and that's where we fit in. We bring kind of this whole security, we call it Security Operations Cloud, to bear, and we have some of the best professionals in the world who can basically be your SOC for less than it would cost you to hire somebody right out of college to do IT stuff. And so the value proposition's there. You're going to get the best of the best, providing you a kind of a security service that you couldn't possibly build on your own, and that way you can go to bed at night and close both eyes. >> So (chuckling) I'm sure something else would keep me up. But so in thinking about that, our Amazon bill keeps growing and growing and growing. What would it, and I presume I can engage with you on a monthly basis, right? As a consumption model, or how's the pricing work? >> Yeah, so there's two models that we have. So typically the kind of the monthly billing type of models would be through one of our MSP partners, where they have monthly billing capabilities. Usually direct with us is more of a longer term deal, could be one, two, or three, or it's up to the customer. And so we have both of those engagement models. Were doing more and more and more through MSPs today because of that model you just described, and they do kind of target the very S in the SMB as well. >> I mean, rough numbers, even ranges. If I wanted to go with the MSP monthly, I mean, what would a small company like mine be looking at a month? >> Honestly, I do not even know the answer to that. >> We're not talking hundreds of thousands of dollars a month? >> No. God, no. God, no. No, no, no. >> I mean, order of magnitude, we're talking thousands, tens of thousands? >> Thousands, on a monthly basis. Yeah. >> Yeah, yeah. Thousands per month. So if I were to budget between 20 and $50,000 a year, I'm definitely within the envelope. Is that fair? I mean, I'm giving a wide range >> That's fair. just to try to make- >> No, that's fair. >> And if I wanted to go direct with you, I would be signing up for a longer term agreement, correct, like I do with Salesforce? >> Yeah, yeah, a year. A year would, I think, be the minimum for that, and, yeah, I think the budget you set aside is kind of right in the sweet spot there. >> Yeah, I'm interested, I'm going to... Have a sales guy call me (chuckles) somehow. >> All right, will do. >> No, I'm serious. I want to start >> I will. >> investigating these things because we sell to very large organizations. I mean, name a tech company. That's our client base, except for Arctic Wolf. We should talk about that. And increasingly they're paranoid about data protection agreements, how you're protecting your data, our data. We write a lot of software and deliver it as part of our services, so it's something that's increasingly important. It's certainly a board level discussion and beyond, and most large organizations and small companies oftentimes don't think about it or try not to. They just put their head in the sand and, "We don't want to be doing that," so. >> Yeah, I will definitely have someone get in touch with you. >> Cool. Let's see. Anything else you can tell me on the product side? Are there things that you're doing that we talked about, the gaps at the high end that you're, some of the features that you're building in, which was super helpful. Anything in the SMB space that you want to share? >> Yeah, I think the biggest thing that we're doing technically now is really trying to drive more and more automation and efficiency through our operations, and that comes through really kind of a generous use of AI. So building models around more efficient detections based upon signal, but also automating the actions of our operators so we can start to learn through the interface. When they do A and B, they always do C. Well, let's just do C for them, stuff like that. Then also building more automation as far as the response back to third-party solutions as well so we can remediate more directly on third-party products without having to get into the consoles or having our customers do it. So that's really just trying to drive efficiency in the system, and that helps provide better security outcomes but also has a big impact on our margins as well. >> I know you got to go, but I want to show you something real quick. I have data. I do a weekly program called "Breaking Analysis," and I have a partner called ETR, Enterprise Technology Research, and they have a platform. I don't know if you can see this. They have a survey platform, and each quarter, they do a survey of about 1,500 IT decision makers. They also have a survey on, they call ETS, Emerging Technology Survey. So it's private companies. And I don't want to go into it too much, but this is a sentiment graph. This is net sentiment. >> Just so you know, all I see is a white- >> Yeah, just a white bar. >> Oh, that's weird. Oh, whiteboard. Oh, here we go. How about that? >> There you go. >> Yeah, so this is a sentiment graph. So this is net sentiment and this is mindshare. And if I go to Arctic Wolf... So it's typical security, right? The 8,000 companies. And when I go here, what impresses me about this is you got a decent mindshare, that's this axis, but you've also got an N in the survey. It's about 1,500 in the survey, It's 479 Arctic Wolf customers responded to this. 57% don't know you. Oh, sorry, they're aware of you, but no plan to evaluate; 19% plan to evaluate, 7% are evaluating; 11%, no plan to utilize even though they've evaluated you; and 1% say they've evaluated you and plan to utilize. It's a small percentage, but actually it's not bad in the random sample of the world about that. And so obviously you want to get that number up, but this is a really impressive position right here that I wanted to just share with you. I do a lot of analysis weekly, and this is a really, it's completely independent survey, and you're sort of separating from the pack, as you can see. So kind of- >> Well, it's good to see that. And I think that just is a further indicator of what I was telling you. We continue to have a strong financial performance. >> Yeah, in a good market. Okay, well, thanks you guys. And hey, if I can get this recording, Hannah, I may even figure out how to write it up. (chuckles) That would be super helpful. >> Yes. We'll get that up. >> And David or Hannah, if you can send me David's contact info so I can get a salesperson in touch with him. (Hannah chuckling) >> Yeah, great. >> Yeah, we'll work on that as well. Thanks so much for both your time. >> Thanks a lot. It was great talking with you. >> Thanks, you guys. Great to meet you. >> Thank you. >> Bye. >> Bye.

(upbeat music) >> Welcome to theCUBE Conversation. I'm John Furrier, host of theCUBE here in Palo Alto, California, in our studios. We've got a great conversation around open data link analytics on AWS, two great companies, Ahana and Securonix. Dipti Borkar, Co-founder and Chief Product Officer at Ahana's here. Great to see you, and Derrick Harcey, Chief Architect at Securonix. Thanks for coming on, really appreciate you guys spending the time. >> Yeah, thanks so much, John. Thank you for having us and Derrick, hello again. (laughing) >> Hello, Dipti. >> We had a great conversation around our startup showcase, which you guys were featured last month this year, 2021. The conversation continues and a lot of people are interested in this idea of open systems, open source. Obviously open data lakes is really driving a lot of value, especially with machine learning and whatnot. So this is a key, key point. So can you guys just take a step back before we get under the hood and set the table on Securonix and Ahana? What's the big play here? What is the value proposition? >> Why sure, I'll give a quick update. Securonix has been in the security business. First, a user and entity, behavioral analytics, and then the next generation SIEM platform for 10 years now. And we really need to take advantage of some cutting edge technologies in the open source community and drive adoption and momentum that we can not only bring in data from our customers, that they can find security threats, but also store in a way that they can use for other purposes within their organization. That's where the open data lake is very critical. >> Yeah and to add on to that, John, what we've seen, you know, traditionally we've had data warehouses, right? We've had operational systems move all of their data into the warehouse and those, you know, while these systems are really good, built for good use cases, the amount of data is exploding, the types of data is exploding, different types, semi-structured, structured and so when, as companies like Securonix in the security space, as well as other verticals, look for getting more insights out of their data, there's a new approach that's emerging where you have a data lake, which AWS has revolutionized with S3 and commoditized and there's analytics that's built on top of it. And so we're seeing a lot of good advantages that come out of this new approach. >> Well, it's interesting EC2 and S3 are having their 15th birthday, as they say in Amazon's interesting teenage years, but while I got you guys here, I want to just ask you, can you define the SIEM thing because the SIEM market is exploding, it just changed a little bit. Obviously it's data, event management, but again, as data becomes more proliferating, and it's not stopping anytime soon, as cloud native applications emerge, why is this important? What is this SIEM category? What's it about? >> Yeah, thanks. I'll take that. So obviously SIEM traditionally has been around for about a couple of decades and it really started with first log collection and management and rule-based threat detection. Now what we call next generation SIEM is really the modernization of a security platform that includes streaming threat detection and behavioral analysis and data analytics. We literally look for thousands of different threat detection techniques, and we chained together sequences of events and we stream everything in real time and it's very important to find threats as quickly as possible. But the momentum that we see in the industry as we see massive sizes of customers, we have made a transition from on-premise to the cloud and we literally are processing tens of petabytes of data for our customers. And it's critical that we can adjust data quickly, find threats quickly and allow customers to have the tools to respond to those security incidents quickly and really get the handle on their security posture. >> Derrick, if I ask you what's different about this next gen SIEM, what would you say and what's the big a-ha? What's the moment there? What's the key thing? >> The real key is taking the off the boundaries of scale. We want to be able to ingest massive quantities of data. We want to be able to do instant threat detection, and we want to be able to search on the entire forensic data set across all of the history of our customer base. In the past, we had to make sacrifices, either on the amount of data we ingest or the amount of time that we stored that data. And the really the next generation SIEM platform is offering advanced capabilities on top of that data set because those boundaries are no longer barriers for us. >> Dipti, any comment before I jump into the question for you? >> Yeah, you know, absolutely. It is about scale and like I mentioned earlier, the amount of data is only increasing and it's also the types of information. So the systems that were built to process this information in the past are, you know, support maybe terabytes of data, right? And that's where new technologies open source engines like Presto come in, which were built to handle internet scale. Presto was kind of created at Facebook to handle these petabytes that Derrick is talking about that every industry is now seeing where we're are moving from gigs to terabytes to petabytes. And that's where the analytic stack is moving. >> That's a great segue. I want to ask you while I got you here 'cause this is again, the definitions, 'cause people love to hear the experts weigh in. What is open data lake analytics? How would you define that? And then talk about where Presto fits in. >> Yeah, that's a great question. So the way I define open data lake analytics is you have a data lake on the core, which is, let's say S3, it's the most popular one, but on top of it, there are open aspects, it is open format. Open formats play a very important role because you can have different types of processing. It could be SQL processing, it could be machine learning, it could be other types of workloads, all work on these open formats versus a proprietary format where it's locked and it's open interfaces. Open interfaces that are like SQL, JDBC, ODBC is widely accessible to a range of tools. And so it's everywhere. Open source is a very important part of it. As companies like Securonix pick these technologies for their mission critical systems, they want to know that this is going to be available and open for them for a long period of time. And that's why open source becomes important. And then finally, I would say open cloud because at the end of the day, you know, while AWS is where a lot of the innovations happening, a lot of the market is, there are other clouds and open cloud is something that these engines were built for, right? So that's how I define open data lake analytics. It's analytics with query engines built on top of these open formats, open source, open interfaces and open cloud. Now Presto comes in where you want to find the needle in the haystack, right? And so when you have these deep questions about where did the threat come from or who was it, right? You have to ask these questions of your data. And Presto is an open source distributed SQL engine that allows data platform teams to run queries on their data lakes in a high-performance ways, in memory and on these petabytes of data. So that's where Presto fits in. It's one of the defacto query engines for SQL analysis on the data lake. So hopefully that answers the question, gives more context. >> Yeah, I mean, the joke about data lakes has been you don't want to be a data swamp, right? That's what people don't want. >> That's right. >> But at the same time, the needle in the haystack, it's like big data is like a needle in a haystack of needles. So there's a constant struggle to getting that data, the right data at the right time. And what I learned in the last presentation, you guys both presented, your teams presented at the conference was the managed service approach. Could you guys talk about why that approach works well together with you guys? Because I think when people get to the cloud, they replatform, then they start refactoring and data becomes a real big part of that. Why is the managed service the best approach to solving these problems? >> Yeah and interestingly, both Securonix and Ahana have a managed service approach so maybe Derrick can go first and I can go after. >> Yeah, yeah. I'll be happy to go first. You know, we really have found making the transition over the last decade from off premise to the cloud for the majority of our customers that running a large open data lake requires a lot of different skillsets and there's hundreds of technologies in the open source community to choose from and to be able to choose the right blend of skillsets and technologies to produce a comprehensive service is something that customers can do, many customers did do, and it takes a lot of resources and effort. So what we really want to be able to do is take and package up our security service, our next generation SIEM platform to our customers where they don't need to become experts in every aspect of it. Now, an underlying component of that for us is how we store data in an open standards way and how we access that data in an open standards way. So just like we want our customers to get immediate value from the security services that we provide, we also want to be able take advantage of a search service that is offered to us and supported by a vendor like Ahana where we can very quickly take advantage of that value within our core underlying platform. So we really want to be able to make a frictionless effort to allow our customers achieve value as quick as possible. >> That's great stuff. And on the Ahana side, open data lakes, really the ease of use there, it sounds easy to me, but we know it's not easy just to put data in a data lake. At the end of the day, a lot of customers want simplicity 'cause they don't have the staffing. This comes up a lot. How do you leverage their open source participation and/or getting stood up quickly so they can get some value? Because that seems to be the number one thing people want right now. Dipti, how does that work? How do people get value quickly? >> Yeah, absolutely. When you talk about these open source press engines like Presto and others, right? They came out of these large internet companies that have a lot of distributed systems, engineers, PhDs, very kind of advanced level teams. And they can manage these distributed systems building onto them, add features at large scale, but not every company can and these engines are extremely powerful. So when you combine the power of Presto with the cloud and a managed service, that's where value for everyone comes in. And that's what I did with Ahana is looked at Presto, which is a great engine, but converted it into a great user experience so that whether it's a three person platform team or a five person platform team, they still get the same benefit of Presto that a Facebook gets, but at much, much a less operational complexity cost, as well as the ability to depend on a vendor who can then drive the innovation and make it even better. And so that's where managed services really com in. There's thousands of credit parameters that need to be tuned. With Ahana, you get it out of the box. So you have the best practices that are followed at these larger companies. Our team comes from Facebook, HuBERT and others, and you get that out of the box, with a few clicks you can get up and running. And so you see value immediately, in 30 minutes you're up and running and you can create your data lake versus with Hadoop and these prior systems, it would take months to receive real value from some of these systems. >> Yeah, we saw the Hadoop scar tissue is all great and all good now, but it takes too much resource, standing up clusters, managing it, you can't hire enough people. I got to ask you while you're on that topic, do you guys ship templates? How do you solve the problem of out of the box? You mentioned some out of the box capability. Do you guys think of as recipes, templates? What's your thoughts around what you're providing customers to get up and running? >> Yeah so in the case of Securonix, right, let's say they want to create a Presto cluster. They go into our SAS console. You essentially put in the number of nodes that you want. Number of workers you want. There's a lot of additional value that we built in like caching capabilities if you want more performance, built in cataloging that's again, another single click. And there isn't really as much of a template. Everybody gets the best tuned Presto for their workloads. Now there are certain workloads where you might have interactive in some cases, or you might have transformation batch ETL, and what we're doing next is actually giving you the knobs so that it comes pre tuned for the type of workload that you want to run versus you figuring it out. And so that's what I mean by out of the box, where you don't have to worry about these configuration parameters. You get the performance. And maybe Derrick can you talk a little bit about the benefits of the managed service and the usage as well. >> Yeah, absolutely. So, I'll answer the same question and then I'll tie back to what Dipti asked. Really, you know, our customers, we want it to be very easy for them to ingest security event logs. And there's really hundreds of types of a security event logs that we support natively out of the box, but the key for us is a standard that we call the open event format. And that is a normalized schema. We take any data source in it's normalized format, be a collector device a customer uses on-premise, they send the data up to our cloud, we do streaming analysis and data analytics to determine where the threats are. And once we do that, then we send the data off to a long-term storage format in a standards-based Parquet file. And that Parquet file is natively read by the Ahana service. So we simply deploy an Ahana cluster that uses the Presto engine that natively supports our open standard file format. And we have a normalized schema that our application can immediately start to see value from. So we handle the collection and streaming ingest, and we simply leverage the engine in Ahana to give us the appropriate scale. We can size up and down and control the cost to give the users the experience that they're paying for. >> I really love this topic because one, not only is it cutting edge, but it's very relevant for modern applications. You mentioned next gen SIEMs, SIEM, security information event management, not SIM as memory card, which I think of all the time because I always want to add more, but this brings up the idea of streaming data real-time, but as more services go to the cloud, Derrick, if you don't mind sharing more on this. Share the journey that you guys gone through, because I think a lot of people are looking at the cloud and saying, and I've been in a lot of these conversations about repatriation versus cloud. People aren't going that way. They're going more innovation with his net new revenue models emerging from the value that they're getting out of understanding events that are happening within the network and the apps, even when they're being stood up and torn down. So there's a lot of cloud native action going on where just controlling and understanding is way beyond the, just put stuff into an event log. It's a whole nother animal. >> Well, there's a couple of paradigm shifts that we've seen major patterns for in the last five or six years. Like I said, we started with the safe streaming ingest platform on premise. We use some different open source technologies. What we've done when we moved to the cloud is we've adopted cloud native services as part of our underlying platform to modernize and make our service cloud native. But what we're seeing as many customers either want to focus on on-premise deployments and especially financial institutions and government institute things, because they are very risk averse. Now we're seeing even those customers are realizing that it's very difficult to maintain the hundreds or thousands of servers that it requires on premise and have the large skilled staff required to keep it running. So what we're seeing now is a lot of those customers deployed some packaged products like our own, and even our own customers are doing a mass migration to the cloud because everything is handled for them as a service. And we have a team of experts that we maintain to support all of our global customers, rather than every one of our global customers having their own teams that we then support on the back end. So it's a much more efficient model. And then the other major approach that many of our customers also went down the path of is, is building their own security data lake. And many customers were somewhat successful in building their own security data lake but in order to keep up with the innovation, if you look at the analyst groups, the Gartner Magic Quadrant on the SIEM space, the feature set that is provided by a packaged product is a very large feature set. And even if somebody was put together all of the open source technologies to meet 20% of those features, just maintaining that over time is very expensive and very difficult. So we want to provide a service that has all of the best in class features, but also leverages the ability to innovate on the backend without the customer knowing. So we can do a technology shift to Ahana and Presto from our previous technology set. The customer doesn't know the difference, but they see the value add within the service that we're offering. >> So if I get this right, Derrick, Presto's enabling you guys to do threat detection at a level that you're super happy with as well as giving you the option for give self-service. Is that right for the, is that a kind of a- >> Well, let me clarify our definition. So we do streaming threat detection. So we do a machine learning based behavioral analysis and threat detection on rule-based correlation as well. So we do threat detection during the streaming process, but as part of the process of managing cybersecurity, the customer has a team of security analysts that do threat hunting. And the threat hunting is where Ahana comes in. So a human gets involved and starts searches for the forensic logs to determine what happened over time that might be suspicious and they start to investigate through a series of queries to give them the information that's relevant. And once they find information that's relevant, then they package it up into an algorithm that will do a analysis on an ongoing basis as part of the stream processing. So it's really part of the life cycle of hunting a real time threat detection. >> It's kind of like old adage hunters and farmers, you're farming through the streaming and hunting with the detection. I got to ask you, what would it be the alternative if you go back, I mean, I know cloud's so great because you have cutting edge applications and technologies. Without Presto, where would you be? I mean, what would be life like without these capabilities? What would have to happen? >> Well, the issue is not that we had the same feature set before we moved to Presto, but the challenge was on scale. The cost profile to continue to grow from 100 terabytes to one petabyte, to tens of petabytes, not only was it expensive, but it just, the scaling factors were not linear. So not only did we have a problem with the costs, but we also had a problem with the performance tailing off and keeping the service running. A large Hadoop cluster, for example, our first incarnation of this use, the hive service, in order to query data in a MapReduce cluster. So it's a completely different technology that uses a distributed Hadoop compute cluster to do the query. It does work, but then we start to see resource contention with that, and all the other things in the Hadoop platform. The Presto engine has the beauty of it, not only was it designed for scale, but it's feature built just for a query engine and that's the providing the right tool for the job, as opposed to a general purpose tool. >> Derrick, you've got a very busy job as chief architect. What are you excited about going forward when you look at the cloud technologies? What are you looking at? What are you watching? What are you getting excited about or what worries you? >> Well, that's a good question. What we're really doing, I'm leading up a group called the Securonix Innovation Labs, and we're looking at next generation technologies. We go through and analyze both open source technologies, technologies that are proprietary as well as building own technologies. And that's where we came across Ahana as part of a comprehensive analysis of different search engines, because we wanted to go through another round of search engine modernization, and we worked together in a partnership, and we're going to market together as part of our modernization efforts that we're continuously going through. So I'm looking forward to iterative continuous improvement over time. And this next journey, what we're seeing because of the growth in cybersecurity, really requires new and innovative technologies to work together holistically. >> Dipti, you got a great company that you co-founded. I got to ask you as the co-founder and chief product officer, you both the lead entrepreneur also, got the keys to the kingdom with the products. You got to balance that 20 miles stare out in the future while driving product excellence. You've got open source as a tailwind. What's on your mind as you go forward with your venture? >> Yeah. Great question. It's been super exciting to have found the Ahana in this space, cloud data and open source. That's where the action is happening these days, but there's two parts to it. One is making our customers successful and continuously delivering capabilities, features, continuing on our ease of use theme and a foundation to get customers like Securonix and others to get most value out of their data and as fast as possible, right? So that's a continuum. In terms of the longer term innovation, the way I see the space, there is a lot more innovation to be done and Presto itself can be made even better and there's a next gen Presto that we're working on. And given that Presto is a part of the foundation, the Linux Foundation, a lot of this innovation is happening together collaboratively with Facebook, with Uber who are members of the foundation with us. Securonix, we look forward to making a part of that foundation. And that innovation together can then benefit the entire community as well as the customer base. This includes better performance with more capabilities built in, caching and many other different types of database innovations, as well as scaling, auto scaling and keeping up with this ease of use theme that we're building on. So very exciting to work together with all these companies, as well as Securonix who's been a fantastic partner. We work together, build features together, and I look at delivering those features and functionalities to be used by these analysts, data scientists and threat hunters as Derrick called them. >> Great success, great partnership. And I love the open innovation, open co-creation you guys are doing together and open data lakes, great concept, open data analytics as well. This is the future. Insights coming from the open and sharing and actually having some standards. I love this topic, so Dipti, thank you very much, and Derrick, thanks for coming on and sharing on this Cube Conversation. Thanks for coming on. >> Thank you so much, John. >> Thanks for having us. >> Thanks. Take care. Bye-bye. >> Okay, it's theCube Conversation here in Palo Alto, California. I'm John furrier, your host of theCube. Thanks for watching. (upbeat music)

>> Voiceover: From theCUBE's Studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is theCUBE Conversation. >> Welcome back to theCUBE's coverage of the AWS Startup Showcase. Next Big Thing in AI, Security and Life Sciences featuring Ahana for the AI Trek. I'm your host, John Furrier. Today, we're joined by two great guests, Steven Mih, Ahana CEO, and Sachin Nayyar, Securonix CEO. Gentlemen, thanks for coming on theCUBE. We're talking about the Next-Gen technologies on AI, Open Data Lakes, et cetera. Thanks for coming on. >> Thanks for having us, John. >> Thanks, John. >> What a great line up here. >> Sachin: Thanks, Steven. >> Great, great stuff. Sachin, let's get in and talk about your company, Securonix. What do you guys do? Take us through, I know you've got a slide to help us through this, I want to introduce your stuff first then jump in with Steven. >> Absolutely. Thanks again, Steven. Ahana team for having us on the show. So Securonix, we started the company in 2010. We are the leader in security analytics and response capability for the cybermarket. So basically, this is a category of solutions called SIEM, Security Incident and Event Management. We are the quadrant leaders in Gartner, we now have about 500 customers today and have been plugging away since 2010. Started the company just really focused on analytics using machine learning and an advanced analytics to really find the needle in the haystack, then moved from there to needle in the needle stack using more algorithms, analysis of analysis. And then kind of, I evolved the company to run on cloud and become sort of the biggest security data lake on cloud and provide all the analytics to help companies with their insider threat, cyber threat, cloud solutions, application threats, emerging internally and externally, and then response and have a great partnership with Ahana as well as with AWS. So looking forward to this session, thank you. >> Awesome. I can't wait to hear the news on that Next-Gen SIEM leadership. Steven, Ahana, talk about what's going on with you guys, give us the update, a lot of stuff happening. >> Yeah. Great to be here and thanks for that such, and we appreciate the partnership as well with both Securonix and AWS. Ahana is the open source company based on PrestoDB, which is a project that came out of Facebook and is widely used, one of the fastest growing projects in data analytics today. And we make a managed service for Presto easily on AWS, all cloud native. And we'll be talking about that more during the show. Really excited to be here. We believe in open source. We believe in all the challenges of having data in the cloud and making it easy to use. So thanks for having us again. >> And looking forward to digging into that managed service and why that's been so successful. Looking forward to that. Let's get into the Securonix Next-Gen SIEM leadership first. Let's share the journey towards what you guys are doing here. As the Open Data Lakes on AWS has been a hot topic, the success of data in the cloud, no doubt is on everyone's mind especially with the edge coming. It's just, I mean, just incredible growth. Take us through Sachin, what do you guys got going on? >> Absolutely. Thanks, John. We are hearing about cyber threats every day. No question about it. So in the past, what was happening is companies, what we have done as enterprise is put all of our eggs in the basket of solutions that were evaluating the network data. With cloud, obviously there is no more network data. Now we have moved into focusing on EDR, right thing to do on endpoint detection. But with that, we also need security analytics across on-premise and cloud. And your other solutions like your OT, IOT, your mobile, bringing it all together into a security data lake and then running purpose built analytics on top of that, and then having a response so we can prevent some of these things from happening or detect them in real time versus innovating for hours or weeks and months, which is is obviously too late. So with some of the recent events happening around colonial and others, we all know cybersecurity is on top of everybody's mind. First and foremost, I also want to. >> Steven: (indistinct) slide one and that's all based off on top of the data lake, right? >> Sachin: Yes, absolutely. Absolutely. So before we go into on Securonix, I also want to congratulate everything going on with the new cyber initiatives with our government and just really excited to see some of the things that the government is also doing in this space to bring, to have stronger regulation and bring together the government and the private sector. From a Securonix perspective, today, we have one third of the fortune 500 companies using our technology. In addition, there are hundreds of small and medium sized companies that rely on Securonix for their cyber protection. So what we do is, again, we are running the solution on cloud, and that is very important. It is not just important for hosting, but in the space of cybersecurity, you need to have a solution, which is not, so where we can update the threat models and we can use the intelligence or the Intel that we gather from our customers, partners, and industry experts and roll it out to our customers within seconds and minutes, because the game is real time in cybersecurity. And that you can only do in cloud where you have the complete telemetry and access to these environments. When we go on-premise traditionally, what you will see is customers are even thinking about pushing the threat models through their standard Dev test life cycle management, and which is just completely defeating the purpose. So in any event, Securonix on the cloud brings together all the data, then runs purpose-built analytics on it. Helps you find very few, we are today pulling in several million events per second from our customers, and we provide just a very small handful of events and reduce the false positives so that people can focus on them. Their security command center can focus on that and then configure response actions on top of that. So we can take action for known issues and have intelligence in all the layers. So that's kind of what the Securonix is focused on. >> Steven, he just brought up, probably the most important story in technology right now. That's ransomware more than, first of all, cybersecurity in general, but ransomware, he mentioned some of the government efforts. Some are saying that the ransomware marketplace is bigger than some governments, nation state governments. There's a business model behind it. It's highly active. It's dominating the scene and it's a real threat. This is the new world we're living in, cloud creates the refactoring capabilities. We're hearing that story here with Securonix. How does Presto and Securonix work together? Because I'm connecting the dots here in real time. I think you're going to go there. So take us through because this is like the most important topic happening. >> Yeah. So as Sachin said, there's all this data that needs to go into the cloud and it's all moving to the cloud. And there's a massive amounts of data and hundreds of terabytes, petabytes of data that's moving into the data lakes and that's the S3-based data lakes, which are the easiest, cheapest, commodified place to put all this data. But in order to deliver the results that Sachin's company is driving, which is intelligence on when there's a ransomware or possibility, you need to have analytics on them. And so Presto is the open source project that is a open source SQL query engine for data lakes and other data sources. It was created by Facebook as part of the Linux foundation, something called Presto foundation. And it was built to replace the complicated Hadoop stack in order to then drive analytics at very lightning fast queries on large, large sets of data. And so Presto fits in with this Open Data Lake analytics movement, which has made Presto one of the fastest growing projects out there. >> What is an Open Data Lake? Real quick for the audience who wants to learn on what it means. Does is it means it's open source in the Linux foundation or open meaning it's open to multiple applications? What does that even mean? >> Yeah. Open Data Lake analytics means that you're, first of all, your data lake has open formats. So it is made up of say something called the ORC or Parquet. And these are formats that any engine can be used against. That's really great, instead of having locked in data types. Data lakes can have all different types of data. It can have unstructured, semi-structured data. It's not just the structured data, which is typically in your data warehouses. There's a lot more data going into the Open Data Lake. And then you can, based on what workload you're looking to get benefit from, the insights come from that, and actually slide two covers this pictorially. If you look on the left here on slide two, the Open Data Lake is where all the data is pulling. And Presto is the layer in between that and the insights which are driven by the visualization, reporting, dashboarding, BI tools or applications like in Securonix case. And so analytics are now being driven by every company for not just industries of security, but it's also for every industry out there, retail, e-commerce, you name it. There's a healthcare, financials, all are looking at driving more analytics for their SaaSified applications as well as for their own internal analysts, data scientists, and folks that are trying to be more data-driven. >> All right. Let's talk about the relationship now with where Presto fits in with Securonix because I get the open data layer. I see value in that. I get also what we're talking about the cloud and being faster with the datasets. So how does, Sachin' Securonix and Ahana fit in together? >> Yeah. Great question. So I'll tell you, we have two customers. I'll give you an example. We have two fortune 10 customers. One has moved most of their operations to the cloud and another customer which is in the process, early stage. The data, the amount of data that we are getting from the customer who's moved fully to the cloud is 20 times, 20 times more than the customer who's in the early stages of moving to the cloud. That is because the ability to add this level of telemetry in the cloud, in this case, it happens to be AWS, Office 365, Salesforce and several other rescalers across several other cloud technologies. But the level of logging that we are able to get the telemetry is unbelievable. So what it does is it allows us to analyze more, protect the customers better, protect them in real time, but there is a cost and scale factor to that. So like I said, when you are trying to pull in billions of events per day from a customer billions of events per day, what the customers are looking for is all of that data goes in, all of data gets enriched so that it makes sense to a normal analyst and all of that data is available for search, sometimes 90 days, sometimes 12 months. And then all of that data is available to be brought back into a searchable format for up to seven years. So think about the amount of data we are dealing with here and we have to provide a solution for this problem at a price that is affordable to the customer and that a medium-sized company as well as a large organization can afford. So after a lot of our analysis on this and again, Securonix is focused on cyber, bringing in the data, analyzing it, so after a lot of our analysis, we zeroed in on S3 as the core bucket where this data needs to be stored because the price point, the reliability, and all the other functions available on top of that. And with that, with S3, we've created a great partnership with AWS as well as with Snowflake that is providing this, from a data lake perspective, a bigger data lake, enterprise data lake perspective. So now for us to be able to provide customers the ability to search that data. So data comes in, we are enriching it. We are putting it in S3 in real time. Now, this is where Presto comes in. In our research, Presto came out as the best search engine to sit on top of S3. The engine is supported by companies like Facebook and Uber, and it is open source. So open source, like you asked the question. So for companies like us, we cannot depend on a very small technology company to offer mission critical capabilities because what if that company gets acquired, et cetera. In the case of open source, we are able to adopt it. We know there is a community behind it and it will be kind of available for us to use and we will be able to contribute in it for the longterm. Number two, from an open source perspective, we have a strong belief that customers own their own data. Traditionally, like Steven used the word locked in, it's a key term, customers have been locked in into proprietary formats in the past and those days are over. You should be, you own the data and you should be able to use it with us and with other systems of choice. So now you get into a data search engine like Presto, which scales independently of the storage. And then when we start looking at Presto, we came across Ahana. So for every open source system, you definitely need a sort of a for-profit company that invests in the community and then that takes the community forward. Because without a company like this, the community will die. So we are very excited about the partnership with Presto and Ahana. And Ahana provides us the ability to take Presto and cloudify it, or make the cloud operations work plus be our conduit to the Ahana community. Help us speed up certain items on the roadmap, help our team contribute to the community as well. And then you have to take a solution like Presto, you have to put it in the cloud, you have to make it scale, you have to put it on Kubernetes. Standard thing that you need to do in today's world to offer it as sort of a micro service into our architecture. So in all of those areas, that's where our partnership is with Ahana and Presto and S3 and we think, this is the search solution for the future. And with something like this, very soon, we will be able to offer our customers 12 months of data, searchable at extremely fast speeds at very reasonable price points and you will own your own data. So it has very significant business benefits for our customers with the technology partnership that we have set up here. So very excited about this. >> Sachin, it's very inspiring, a couple things there. One, decentralize on your own data, having a democratized, that piece is killer. Open source, great point. >> Absolutely. >> Company goes out of business, you don't want to lose the source code or get acquired or whatever. That's a key enabler. And then three, a fast managed service that has a commercial backing behind it. So, a great, and by the way, Snowflake wasn't around a couple of years ago. So like, so this is what we're talking about. This is the cloud scale. Steven, take us home with this point because this is what innovation looks like. Could you share why it's working? What's some of the things that people could walk away with and learn from as the new architecture for the new NextGen cloud is here, so this is a big part of and share how this works? >> That's right. As you heard from Sachin, every company is becoming data-driven and analytics are central to their business. There's more data and it needs to be analyzed at lower cost without the locked in and people want that flexibility. And so a slide three talks about what Ahana cloud for Presto does. It's the best Presto out of the box. It gives you very easy to use for your operations team. So it can be one or two people just managing this and they can get up to speed very quickly in 30 minutes, be up and running. And that jump starts their movement into an Open Data Lake analytics architecture. That architecture is going to be, it is the one that is at Facebook, Uber, Twitter, other large web scale, internet scale companies. And with the amount of data that's occurring, that's now becoming the standard architecture for everyone else in the future. And so just to wrap, we're really excited about making that easy, giving an open source solution because the open source data stack based off of data lake analytics is really happening. >> I got to ask you, you've seen many waves on the industry. Certainly, you've been through the big data waves, Steven. Sachin, you're on the cutting edge and just the cutting edge billions of signals from one client alone is pretty amazing scale and refactoring that value proposition is super important. What's different from 10 years ago when the Hadoop, you mentioned Hadoop earlier, which is RIP, obviously the cloud killed it. We all know that. Everyone kind of knows that. But like, what's different now? I mean, skeptics might say, I don't believe you, but it's just crazy. There's no way it works. S3 costs way too much. Why is this now so much more of an attractive proposition? What do you say the naysayers out there? With Steve, we'll start with you and then Sachin, I want you to like weigh in too. >> Yeah. Well, if you think about the Hadoop era and if you look at slide three, it was a very complicated system that was done mainly on-prem. And you'd have to go and set up a big data team and a rack and stack a bunch of servers and then try to put all this stuff together and candidly, the results and the outcomes of that were very hard to get unless you had the best possible teams and invested a lot of money in this. What you saw in this slide was that, that right hand side which shows the stack. Now you have a separate compute, which is based off of Intel based instances in the cloud. We run the best in that and they're part of the Presto foundation. And that's now data lakes. Now the distributed compute engines are the ones that have become very much easier. So the big difference in what I see is no longer called big data. It's just called data analytics because it's now become commodified as being easy and the bar is much, much lower, so everyone can get the benefit of this across industries, across organizations. I mean, that's good for the world, reduces the security threats, the ransomware, in the case of Securonix and Sachin here. But every company can benefit from this. >> Sachin, this is really as an example in my mind and you can comment too on if you'd believe or not, but replatform with the cloud, that's a no brainer. People do that. They did it. But the value is refactoring in the cloud. It's thinking differently with the assets you have and making sure you're using the right pieces. I mean, there's no brainer, you know it's good. If it costs more money to stand up something than to like get value out of something that's operating at scale, much easier equation. What's your thoughts on this? Go back 10 years and where we are now, what's different? I mean, replatforming, refactoring, all kinds of happening. What's your take on all this? >> Agreed, John. So we have been in business now for about 10 to 11 years. And when we started my hair was all black. Okay. >> John: You're so silly. >> Okay. So this, everything has happened here is the transition from Hadoop to cloud. Okay. This is what the result has been. So people can see it for themselves. So when we started off with deep partnerships with the Hadoop providers and again, Hadoop is the foundation, which has now become EMR and everything else that AWS and other companies have picked up. But when you start with some basic premise, first, the racking and stacking of hardware, companies having to project their entire data volume upfront, bringing the servers and have 50, 100, 500 servers sitting in their data centers. And then when there are spikes in data, or like I said, as you move to the cloud, your data volume will increase between five to 20x and projecting for that. And then think about the agility that it will take you three to six months to bring in new servers and then bring them into the architecture. So big issue. Number two big issue is that the backend of that was built for HDFS. So Hadoop in my mind was built to ingest large amounts of data in batches and then perform some spark jobs on it, some analytics. But we are talking in security about real time, high velocity, high variety data, which has to be available in real time. It wasn't built for that, to be honest. So what was happening is, again, even if you look at the Hadoop companies today as they have kind of figured, kind of define their next generation, they have moved from HDFS to now kind of a cloud based platform capability and have discarded the traditional HDFS architecture because it just wasn't scaling, wasn't searching fast enough, wasn't searching fast enough for hundreds of analysts at the same time. And then obviously, the servers, et cetera wasn't working. Then when we worked with the Hadoop companies, they were always two to three versions behind for the individual services that they had brought together. And again, when you're talking about this kind of a volume, you need to be on the cutting edge always of the technologies underneath that. So even while we were working with them, we had to support our own versions of Kafka, Solr, Zookeeper, et cetera to really bring it together and provide our customers this capability. So now when we have moved to the cloud with solutions like EMR behind us, AWS has invested in in solutions like EMR to make them scalable, to have scale and then scale out, which traditional Hadoop did not provide because they missed the cloud wave. And then on top of that, again, rather than throwing data in that traditional older HDFS format, we are now taking the same format, the parquet format that it supports, putting it in S3 and now making it available and using all the capabilities like you said, the refactoring of that is critical. That rather than on-prem having servers and redundancies with S3, we get built in redundancy. We get built in life cycle management, high degree of confidence data reliability. And then we get all this innovation from companies like, from groups like Presto, companies like Ahana sitting on double that S3. And the last item I would say is in the cloud we are now able to offer multiple, have multiple resilient options on our side. So for example, with us, we still have some premium searching going on with solutions like Solr and Elasticsearch, then you have Presto and Ahana providing majority of our searching, but we still have Athena as a backup in case something goes down in the architecture. Our queries will spin back up to Athena, AWS service on Presto and customers will still get served. So all of these options, but what it doesn't cost us anything, Athena, if we don't use it, but all of these options are not available on-prem. So in my mind, I mean, it's a whole new world we are living in. It is a world where now we have made it possible for companies to even enterprises to even think about having true security data lakes, which are useful and having real-time analytics. From my perspective, I don't even sign up today for a large enterprise that wants to build a data lake on-prem because I know that is not, that is going to be a very difficult project to make it successful. So we've come a long way and there are several details around this that we've kind of endured through the process, but very excited where we are today. >> Well, we certainly follow up with theCUBE on all your your endeavors. Quickly on Ahana, why them, why their solution? In your words, what would be the advice you'd give me if I'm like, okay, I'm looking at this, why do I want to use it, and what's your experience? >> Right. So the standard SQL query engine for data lake analytics, more and more people have more data, want to have something that's based on open source, based on open formats, gives you that flexibility, pay as you go. You only pay for what you use. And so it proved to be the best option for Securonix to create a self-service system that has all the speed and performance and scalability that they need, which is based off of the innovation from the large companies like Facebook, Uber, Twitter. They've all invested heavily. We contribute to the open source project. It's a vibrant community. We encourage people to join the community and even Securonix, we'll be having engineers that are contributing to the project as well. I think, is that right Sachin? Maybe you could share a little bit about your thoughts on being part of the community. >> Yeah. So also why we chose Ahana, like John said. The first reason is you see Steven is always smiling. Okay. >> That's for sure. >> That is very important. I mean, jokes apart, you need a great partner. You need a great partner. You need a partner with a great attitude because this is not a sprint, this is a marathon. So the Ahana founders, Steven, the whole team, they're world-class, they're world-class. The depth that the CTO has, his experience, the depth that Dipti has, who's running the cloud solution. These guys are world-class. They are very involved in the community. We evaluated them from a community perspective. They are very involved. They have the depth of really commercializing an open source solution without making it too commercial. The right balance, where the founding companies like Facebook and Uber, and hopefully Securonix in the future as we contribute more and more will have our say and they act like the right stewards in this journey and then contribute as well. So and then they have chosen the right niche rather than taking portions of the product and making it proprietary. They have put in the effort towards the cloud infrastructure of making that product available easily on the cloud. So I think it's sort of a no-brainer from our side. Once we chose Presto, Ahana was the no-brainer and just the partnership so far has been very exciting and I'm looking forward to great things together. >> Likewise Sachin, thanks so much for that. And we've only found your team, you're world-class as well, and working together and we look forward to working in the community also in the Presto foundation. So thanks for that. >> Guys, great partnership. Great insight and really, this is a great example of cloud scale, cloud value proposition as it unlocks new benefits. Open source, managed services, refactoring the opportunities to create more value. Stephen, Sachin, thank you so much for sharing your story here on open data lakes. Can open always wins in my mind. This is theCUBE we're always open and we're showcasing all the hot startups coming out of the AWS ecosystem for the AWS Startup Showcase. I'm John Furrier, your host. Thanks for watching. (bright music)

>> Narrator: Live from Washington D.C. It's The Cube covering .Conf 2017. Brought to you by Splunk. >> Welcome back to Washington D.C., the Cube continue our coverage here of .Conf2017. It's the Splunk get together here in Washington D.C. We're at the Washington convention center where they have a record crowd, 7,000+ everyone having a splunking good time you might say. Dave Alante, John Walls here and we're joined by a couple of gentlemen who work with TransAlta. Kent Farries on the far left, who's a senior analyist working the security intelligence analytics as well at TransAlta Kent good morning to you sir. I guess good afternoon, we've crossed that threshold haven't we? And Ikenna Nwafor who's a senior information security specialist at TransAlta as well. So good morning to you. >> Thank you good morning to you. >> Kent maybe you could just tee us up a little bit about TransAlta. Tell us a little bit about what core function, what you all are up to and then how the two of you are helping that mission along it's way. >> Sure, TransAlta is a well-respected power generator and wholesale marketer of electricity. It's been in business for over 100 years. We're based out of Calgary, Canada and we have operations in the United States as well as Australia. Myself and Ikenna are part of the security team based out of Calgary and then we also have off shored or outsourced some of the security operations and our function. >> Which I imagine is vast. Right, I mean you've got you know, you're primary mission obviously security, I would assume of the grid, distribution of power. >> Kent: You are correct. >> That's your number one focus. Right, so talk about the complexities of that in general for our audience who may not be familiar with your particular business but you obviously can imagine the nuances and the sensitivities that you have to deal with. >> Kent: So do you want to? >> Ikenna why don't you take that. >> I think they found out that we are in the prior generation business, makes us a critical infrastructure. And that means working and having ties to the grid makes it very critical that we protect our critical information systems from the threat landscape currently in security so it's a vast responsibility for the team, and we have regulatory requirements we need to abide by, things around (inaudible) and compliance requirements so that's really a very daunting task for us to mate with from a security standpoint. >> Right so it's critical infrastructure, that is distributed in it's nature, so it's high value, you're a target. You got to wake up every day knowing that. >> Yeah sure. >> Okay, so maybe take us through sort of your Splunk journey and what role it played kind of the before and after and how has it affected your business? >> I'll take that. So in the mid-2000s, we did security and everything but it wasn't really a key focus of senior manaagement or anything, it wasn't a lot of real breeches, most of the stuff that was going on was a nuisance, right? Out of the marketplace. >> Dave: Kind of hacktivists. >> Yeah, and we dealt with it, a lot of it still wasn't really coming through the internet, it was still coming through other means. So it wasn't at the forefront, even though we tried in say 2006 to make sure that security was at the forefront management wasn't quite ready at that time. Wasn't big breaches or anything. Around 2009 is our first introduction to what we call the SIEM, Security Information Event Management Solution, basically log management. We implemented that in 2009, and then we had that running for about five years until about 2014, but we started to lose some confidence in that tool, it just didn't give us the information that we wanted or needed to properly detect, respond to today's threats. So we stumbled upon Splunk, it took a little while to actually buy it. One of the system engineers tried to sell it to us we said nah, come back later. Nah, no, I don't even know what it is. And then finally I actually spun it up a proof of concept and I go this thing's amazing. Everything I ever thought of doing, I can actually do with this tool. This is wow. So took the POC, sold it to management, come January 2015 we implemented it, we hired the company out of Ontario to help stand it up, and bring all the data in. It was amazing and we had everything we ever wanted. It blew away our previous security information management system. >> So the SIEM fell short, you said because it didn't really give you the information you needed. Was it also a case of it was just too much information? >> It was difficult to use, so we actually went on training when we implemented the original one in 2009. So two weeks of training, down in the U.S., come back, architect still had a consultant help us stand it all up. But we couldn't build the use cases that we really needed. We were happy at the time, just to get log data, but there's no data enrichment or good correlation capabilities or it was super super difficult to implement. You couldn't search something like Splunk Answers, which you can today. I need to Google anything and the answer's out there around Splunk which is just the community's phenomenal. >> So at the time you didn't know what you didn't know and then once you saw Splunk, it sort of changed your vision of what was possible but so you said it was amazing but why is it amazing, what is it about Splunk that the SIEM tools don't do? >> I think to Kent's point, part of the challenge we had with the previous SIEM tool was the fact that it required a whole lot of work to even get a single simple use case in place for our security. Where as when we had Splunk in place, one is onboarding data logs from various sources was really really dead simple. The initial set up was within a day or half a day to basically replicate what we had from our previous SIEM, which was really fast. And then the other thing is Splunk provided a whole lot of flexibility where you really didn't need to go for some two weeks training to actually get going initially. And through the period we've had Splunk, we've seen that there's been a lot of things we've been able to achieve that we couldn't accomplish when we had our previous SIEM. >> Like for example, I mean what's it letting you do now that day to day that you couldn't do before? >> So if you buy a SIEM, typically it's in a vertical. It's serving one purpose. When you implement that it's usually the security team that gets to use it, and you got to bring in all this log data. Your other teams, say in operations or whatever, they want their log data too but they're in a totally different system, with Splunk it's a platform for us. So we bring all the data in, it's consumed by the IT security, it's consumed by dev ops and operations. So the same amount of data that you bring in say from an endpoint, we'll use it for detection forensics type capabilities, but the desktop team can use it as well to see is there application problems, desktop problems. Do I have drivers or something on a desktop that needs to be updated. We can be more proactive and help out the user so for us it's like a fabric. The foundation so once we've got that laid, yep? >> So all these use cases that you're laying out, previously you would have to essentially customize for each use case, is that right? >> Previously we couldn't even do some of them and then the other thing is we would most likely need to engage a third party contractor to assist us with that. Somebody who is a specialist in that field, whereas with Splunk some of the key things that helped us with Splunk is that maybe in the process of responding to a security event. We could think up ideas of we need this information, how do we get it? And on the fly we can easily build up a use case within minutes to get the information we need from Splunk we don't need to consult anyone, we don't need to read up manuals and for instances here we really need information to help us with building up the use cases going to like Kent mentioned earlier, going to Splunk Answers, you most likely get, so there's a broader community with Splunk that really helps with giving you the information you need to help you in your Splunk journey. >> Okay, so it's more intuitive I'm hearing and it's got the data that you need. >> Exactly. >> And so but even if you had an equivalent of Splunk Answers for your previous SIEM tool, you're saying you wouldn't have been able to because it's not flexible enough to architect what you needed? >> Ikenna: Exactly. >> And I'd like to just put a comment in there. I've been in IT for a long time. And I've always wanted to say, build my own database to bring stuff in and do different things, so I'm pretty good at scripting, but I don't want to be designing a full application or whatever. When I saw Splunk and how easy it was to onboard data, I go wow, this is amazing. So when I brought the consultant in and we stood up our original infrastructure, not only did we stand up ES within two weeks, enterprise security, we also onboarded all my custom stuff, like PowerShell scripts, everything else so we brought in acting directory data into Splunk and made it a PVR for us. So we go back in time and look at any one who their manager was and everything that's happened to that account at that exact time and we can correlate that with IP information everything else. As well we have all of our floors are mapped out. We know where you are in any given building or facility. So we were able to do that at a point in time, 'cause there's a PVR. We don't lose that information. And that's data enrichment, and we couldn't do that in the old system. >> So you had a time machine for your machine data. >> Kent: Yeah, it is, absolutely. >> Okay, cool. Now back to your business a little bit, so there's a physical security aspect of what you guys have to worry about as well. And I'm wondering if you could talk about that and how just the sort of attitude you touched on this before, Kent but how the attitudes towards security have changed and evolved over the last decade. Obviously greater awareness. Has that trickled into the lines of business? Or is it still mostly an IT and a security pro problem? >> I'll let Ikenna answer this. >> So really, for us it's been a journey for the last little while around security. And a couple of things we've had over the past few years is spreading the awareness around security across the business and that's really gained traction where it's no longer just the IT security folks talking to the business about what they need to do for security. But also the business getting back to IT security and trying ones they want to implement, setting up solutions trying to figure out okay, what do we do for security? Can you help assist us with something around risk assessment and really over time that has really helped spread that awareness and also we do a whole lot of things around trying to build a security program through performance assesments, that would be useful to identify gaps. And being able to communicate with the stats to senior management, around getting the necessary buy-in to proceed with whatever initiatives we want to run along with from a security standpoint. You want to add to that? >> I think that's good. >> Yeah, I'm sensing that prior to Splunk it was an uphill battle to get management to invest. Because they probably said, alright we're going to throw money at it, what's the result that we're going to get. As you can present metrics to management, it's easier to justify the investments because they're going to be able to see the outcomes, is that fair? >> Yes, definitely. I think prior to Splunk really we had certain sets of metrics but what Splunk has really helped us do is really consolidate all the log sources we have, get the right information and be able to actually provide a holistic view of our security program to senior management and show them across the different business units where we can get value for investment pointing to security. >> And have you evaluated alternatives, I know those competitors, they've bumped up in the past couple of years, have you evaluated those? Or did you at the time? >> Yeah so in 2009, we looked at a few different vendors and we picked a market leader at the time. There's a couple that we liked more than the market leader but they just didn't scale to our size. Back in those days certain vendors would call it events per second or whatever, we did some analysis and go, they just can't scale. That one back in 2009 is now a market leader. It's pretty good, it looks really interesting and everything as well there's about two or three players out there that I think look great from a SIEM perspective, but if you think of us, where we are at a SIEM is a component, but we actually have a platform. And management's bought into the platform, not only a SIEM, they didn't even know what a SIEM really was, before say 2013. And now they just know that we can provide information when they ask for it. If we don't know, we can get the answer within minutes or maybe hours sometimes depending on the complexity of the query, but we have all the information, we have all the PVR, time machine as you mentioned. It's all sitting there. We brought in most of our data, we got a couple little pieces we're still working on, there's different cloud information we're bringing in or other data enrichment. We can tell for example, an ISP anywhere in the world. We can tell our user visited that ISP. Or that attacker came from that ISP. Let's lock that whole ISP out. We have a lot of interesting capabilities where we don't know if we can do that in those other tools. >> So what's your headache of the future? It sounds like Splunk has done a lot to get you up to speed and get you to a very high comfort level now, looking down the road here, what's the next? >> Quickly start and then I think Ikenna wants to speak to this as well, one of the things that we need to do is we're getting better at detecting and responding. We've really focused a lot on prevention to make sure we can prevent what we can. But it's impossible to basically prevent everything, everybody knows that. You see it in the news. So we're trying to get better at detection and response. One of the shortcomings that we've noticed is that we can't always respond as humans fast enough. So we're trying to automate that, get richer information which Splunk allows us to do, so we call them like high fidelity alerts or high confidence alerts. So if we see that, that should never happen in our environment we'll shut that workstation down, disable that account, or cut off that subnet or something like that so it will all be automated. And then us as a team, will come back after the fact and look at it and go oh, yeah that was good. Or oops we made a mistake, sorry about that. And we'll bring the machine back online. >> Yeah, apologize after. >> After, because they move so quickly, or at least what we're seeing, adversaries move fast. >> How about, you want to add to that? >> I think they key, the way we look at our security program is just being on a journey, because the threat landscape changes like by minutes or days really. There's never a point where we'll say we are done. We are fully okay from a security standpoint, so we constantly look at where we need to evolve. A lot of our techs now are looking at cloud services so we are trying to see how we can show cloud services that we use, pool their log information where we can. And I try to actually enhance what we are currently doing. There's really no silver bullet to solving the issue of security so it's really constantly looking at where we can derive efficiencies to help our program. >> I wanted to ask you about pricing. Are you a Splunk cloud customer? You pay a subscription, you have a perpetual license? >> We did the subscription to term. We're evaluating potentially moving to the cloud. It would be near the end of 2018. We're not sure how we're going to go, maybe we'll just put it in say one of the like AWS or Azure instead of maybe going to the cloud offered because personally we like tweaking and doing a couple things under the hood, so there's a little more change control in cloud. At least at the moment, maybe that will change over time. But we like to be able to quickly onboard data, do all this as fast as we can when we need to. >> And you priced, Splunk charged you by the amount of data? >> You pay by the amount of data. >> Okay, so my follow up is, as the amount of data exponentially, as that data curve growth curve kind of grows, reshapes if you will, are you concerned about just the whole pricing model? Does it have to? >> I'll take that one. So the interesting thing about Splunk it's actually disruptive or disruptor or, it can displace technologies within your environment. So we really try to consolidate things down and take out things that aren't needed. So in certain scenarios, we do a lot of vulnerability scanning and all that, we don't necessarily go buy the top top end product and spend a lot of money on that, we might buy something else or even use open source in the future, who knows. Get the information into Splunk and then use Splunk to do all the analysis. So we're paying like one or two percent of what a typical cost would be and that license itself would pay for Splunk. >> So you're getting asset leverage there. >> Yeah. >> It pays for the data growth. >> As well, we're finding other benefits in the environment using predictive analysis for example, we Splunked all of our storage, and I gave that to my boss and I go here ya go, what do ya think? And you can predict it out a quarter, half a year or a year and he was just ready to buy basically a million dollars of hardware and said geez, I don't need to do that. That's pretty cool. >> So you're using Splunk as a capacity planning tool. >> As well, yeah. We use it for many purposes. >> Very interesting. >> That sounds like a good year end bonus to me there, Kent. (laughter) Gentlemen you both came down from Canada, is that right? >> Yes, we did. >> So my apologies for the unseasonably warm weather here, but we have the lights on which is something you're very familiar with, right at TransAlta. Thanks for the time, interesting conversation glad you both could be here with us today. >> Thanks for having us. >> Alright continuing more our coverage here on The Cube for .conf2017, we'll be live here in Washington D.C. Take a little break, back at 1:30 Eastern time, see you then.

>> Live from the Walt Disney World Swan and Dolphin Resort in Orlando, Florida, it's theCUBE, covering Splunk .conf2016. Brought to you by Splunk. Now, here are your hosts John Furrier and John Walls. >> And welcome back here on theCUBE. The flagship broadcast of SiliconANGLE TV where we extract a signal from the noise. We're live at conf2016 here in Orlando, Florida on the show floor. A lot of activity, a lot of excitement, a lot of buzz and a really good segment coming up for you here. Along with John Furrier, I'm John Walls and we're joined by two gentlemen from the Herjavec Group, Robert Herjavec. Good to see you, sir. >> Greetings. Thank you for having us. >> The CEO, and Atif Ghauri is Senior VP at Herjavec. Good to see you, sir. >> Yes. >> First off, Robert, congratulations. Newly married, your defense was down for a change. Congratulations on that. (laughter) >> Oh thank you. It was wonderful. It was a great wedding, lots of fun but casual and just a big party. >> Yeah, it was. Looked like, pictures were great. (laughter) People obviously know you from Shark Tank. But the Herjavec Group has been, really, laser focused on cyber security for more than a decade now. Tell us a little bit about, if you would, maybe just paint the broad picture of the group, your focus, and why you drilled down on cyber. >> Yeah, I've been in the security business for about 30 years. I actually helped to bring a product called CheckPoint to Canada firewalls, URL filtering, and that kind of stuff. And we started this company 12 years ago, and our vision was to do managed services. That was our vision. No other customer's vision, but our vision. And we thought we'd do $5 million in sales in our first year and we did $400000. The market just wasn't there. SIEM technology, log aggregation isn't what it is today. I mean, I think at the time, it was enVision. What was it called? >> Yeah, enVision. >> enVision. And then RSA bought them. That was really the first go-to-market SIEM. Then you had ArcSight and Q1. So our initial business became around log aggregation, security, writing parsers. And then over time it grew. It took us five years to get to $6 million in sales, and we'll do about $170 million this year. We went from a Canadian company to really a global entity. We do a lot of business in the States, UK, Australia, everywhere. >> But you're certainly a celebrity. We love havin' you on theCUBE, our little Shark Tank in and of itself. But you're also an entrepreneur, right? And you know the business, you've been in software, you've been in the tech business, so you're a tech athlete, as we say. This world's changing right now. And I'm certain you get a lot of pitches as entertainment meets business. But the fact that the entrepreneurial activity, certainly in the bay area and San Francisco, the Silicon Valley, where I live, and all around the world, is really active. Whether you call the programmer or culture or just the fact that the cloud is allowing people to start companies, you're seeing a surge in entrepreneurship in the enterprise. (laughs) Which is like, was boring in the past, you know? You just mentioned CheckPoint in the old days, but now it's surging. Your thoughts on the entrepreneurial climate? >> I dunno if the enterprise entrepreneurship element is surging. By the way, I'm going to say intrepreneur, just the way I say it. Cuban always makes fun of me. (laughter) We don't say it like that in America! I'm like, screw off! (laughter) >> That's how you say it! >> I want to say it the way I want to say it. >> Well, internal entrepreneurs, right? Is that what you mean by intrepreneurship? >> Well, no. I'm just, it's just the way I say it. >> It's a Canadian thing. >> But business to business enterprise, we've always been in the enterprise business. So we're seeing a lot of growth in that area, a lot of VC money's going into that area, because it's more, you know, you can measure that level of return and you can go and get those customers. But on our show, we're a bubble. We don't do a lot of tech deals like we're talking because it's boring TV. Tech people love tech, consumers love the benefit of tech. You know, no consumer opens up their iPhone and says, oh my gosh, I love the technology behind my iPhone. They just love their iPhone. And our show is really a consumer platform that is-- >> It's on cable TV, so it's got a big audience. So you got to hit the wide swath-- >> We're one of the highest-rated shows on network television. Eight years, three Emmys. You know, it's a big show now. And what we've all learned is, because Mark Cuban and I are tech guys, we used to look for stuff we know. We don't invest in stuff we know any more. We invest in slippers, ugly Christmas sweaters, food products, because if you can tap into that consumer base, you're good to go. >> So bottom line, has it been fun for you? I mean, the show has been great. I mean, obviously the awards have been great. Has it been fun for you? What's it been like, what's the personal feeling on being on the Shark Tank. >> You know, filming is fun, and hanging out is fun, and it's fun to be a celebrity at first. Your head gets really big and you get really good tables at restaurants. There's no sporting venue-- >> People recognize you. >> Yeah. >> You get to be on theCUBE. (laughter) >> I get be on theCUBE. >> Doesn't happen every day. >> You get to go everywhere. But after a while it gets pretty dry. But it really helps our brand. We compete, typically, against IBM, Verizon, and you know, the CEO of IBM, you're not going to see him selling his security. >> Well I know they're doin' a lot, spending a lot of cash on Watson, trying to get that to work, but that's a whole 'nother story. But let's get down and dirty on Splunk. You're here because you're doin' a talk. Give a quick take on what you're talking about, why are you here at .conf for Splunk? >> Yeah, we're doing a talk on data transformation. The world today is about data. And the amount of data points and access points and the internet of things, it's just exponential growth. The stat I always love, and Atif's heard it 1000 times is, there's roughly three billion people on the internet today, and there's roughly six billion or seven billion IP addresses. By 2020, according to the IPV Committee, there'll five, six billion people connected. And hundreds of trillions of IP addresses. >> And the IoT is going to add more surface area to security attacks. I mean, it used to be, the old days, in CheckPoint, the moat, the firewall, backdoor, frontdoor. >> The idea of the perimeter is gone now. There is no such thing as a perimeter any more, because everything you can access. So a lot of work in that area. And all of that comes to data and log aggregation. And what we've seen for years is that the SIEM vendors wanted to provide more analytics. But if you really think about it, the ultimate analytics engine is Splunk. And Splunk now, with their ESM module, is moving more into the security world and really taking away market share. So we're very excited by, we have a great relationship with the Splunk guys, we see nothing but future growth. >> And you're using Splunk and working with it with your customers? >> We do, we've been using Splunk for a while. We have a private cloud. Tell us a little bit about that. >> Yeah, so we eat our own dog food. So not only do we sell Splunk, but we also use it in-house. We've been usin' it for over five years, and it powers our analytics platform, which is a fancy way to say, reduces the noise from all the different clutter from all the IoT, from all the different type of alerts that are comin' in. Companies need a way to filter through all that noise. We use Splunk to solve that problem for us internally, and then, of course, we sell it and we manage it for Global 2000 customers, Fortune 100 companies all over the world. >> Tell us what about the role of data, 'cause data transformation has been a big buzzword it's a holistic message around businesses digitizing and getting digital assets in front of their customers. We have a big research division that does all of this stuff. By the end of the day, you know, the digitization business means you're going to have to go digital all the way. And role of data is not the old data warehousing days, where it's fenced away, pull it in, now you need data moving around, you need organic sharing of data, data's driving policies and new pattern recognitions for security. How do you guys see that evolving? How do you talk to your customers, because in a way, the old stuff can work if you use the data differently. We're seeing a pattern, like, hey, that's an algorithm I used 10 years ago. But now, with new data, that might be workable. What are some of the things that you're seeing now that customers are doing that you talk to that are leveraging data, like Splunk, in a new way? >> Well, that's really where Splunk adds so much value, because a friend of mine is the dean of USC. And he has a great saying, more data is not necessarily more information. And so, the mistake that we see customers making a lot is they're collecting the data, but they're not doing the right things with it. And that's really where Splunk and that level of granularity can add tremendous value, not just from logging, but from analytics and going upstream with it. >> Yeah, and also, to that point, it's just automation. There's too much data >> That's a great point. >> And it's only going to get bigger, right, based on that stat Robert rattled off. Now, we need some machine learning analytics to move it further. And all points aside, machine learning isn't where it needs to be right now. Today in the market, it still has a long way to go. I would call it a work in progress. But however, it's the promise, because there's too much data, and to secure it, to automate behavior, is really what what we're looking for. >> The example I saw is the innovation strategy's comin' to take, and they're growin' with mobility, growin' with cloud, increase the surface area, IoT. But the supervised areas of the enterprise were the doors, right? Lock the doors. And perimeter is now dead. So now you have an unsupervised environment and the enterprise at risk. Once the hackers get in, they're havin' their way. >> The internet is, like, a kindergarten playground where there are no rules and the teacher went home at lunch. (laughter) That is the internet. And kids are throwin' crap. >> And high school. I think it would be high school. Kindergarten through high school! >> And you have different-aged kids in there. >> It's chaos, bedlam! >> Very well said. The internet is chaos, but by nature, that's what we want the internet to be. We don't want to control the chaos because we limit our ability to communicate, and that's really the promise of the internet. It's not the responsibility of the internet to police itself, it's the responsibility of each enterprise. >> So what new things are happening? We're seeing successes. Certainly, we're reporting on companies that are being successful are the ones that are doing reverse of what was once done, or said differently, new ways of doing things. Throwin' out kind of tryin' to do a hybrid legacy approach to security, and seeing the new ways, new things, new better cat and mouse games, better honeypots, intelligent fabrics. What do you guys recommend to your customers and what do you see, in your talk, this digital transformation's definitely a real trend, and security is the catastrophic time bomb that's ticking for all customers. So that's, it dwarfs compliance, risk management, current... >> Well, I dunno if that's necessarily true, that it's a time bomb. You know, the number one driver for security, still, is compliance. We sell stuff people don't really want to buy. Nobody wakes up and the morning and says, yeah, I want to go spend another $5 million on security. They do it, frankly, because they have to. If none of their competitors were spending money on security, I don't think most enterprises would. I mean, whenever you have to do something because it's good to do, you have a limited up cycle. When you do something because there's a compliance reason to do it, or bad things happen to you, you're really going to do it. >> So you think there's consumer pressure, then, to have to do this, otherwise-- >> Interesting stat, the Wall Street Journal did a study and asked 1000 people on a street corner in New York if, for a hamburger, they will give away their social insurance number, their home number, and their name. 72% of people gave out that information freely. >> Better be a good hamburger. (laughs) >> Back to your point, though, I want to get a-- >> So I think consumers have an expectation of security, and how they police that is they simply go to somebody else. So if you're my retailer and you get breached, you know what I'm going to do? I'm going to go next door. But I think that the average consumer's expectation is, security's your responsibility, not mine. >> Okay, so on the B to B side, let's get that. I wanted to push you on something I thought I kind of disagreed with. If compliance, I agree, compliance has been a big part of data governance and data management. >> Yeah, PCI has been the biggest driver in security in the last five years. >> No doubt. However, companies are now sharing data more with other companies. Financial institutions are sharing core data with other financial institutions, which kind of teases out the trend of, I'll give you some of my data to get, to fight the fraud detection market because it's a $1 trillion problem. So as you start to see points of growth where, okay, you start to see people go outside their comfort zone on compliance to share data. So we're tryin' to rationalize that. Your thoughts? I mean, is that an indicator? Do you see that as a trend, or, I mean, obviously locking down the data would be, you know. >> I think it's challenging. I mean, we were at the president's council on security last year at Stanford. And you know, President Obama got up there, made some passionate speech about sharing data. For the goodness of all of us, we need to share more data and be more secure. I got to tell you, you heard that speech and you're like, yeah baby, I'm going to share my data, we're all going to work together. Right after him, Tim Cook got up there (laughter) and said, I will never share my data with anybody in the government! And you heard him, and you're like, I am never sharing my data with anybody. >> Well there's the tension there, right? >> Well, this is a natural-- >> Natural tension between government and enterprise. >> Well, I think there's also a natural tension between enterprises. There's competitive issues, competitor pressures. >> Apple certainly is a great case. They hoard their data. Well, this is the dilemma, right? You want to have good policy, but innovation comes from experimentation. So it's a balancing act between what do you kind of do? How do you balance-- >> Yeah, it's a great time to be in our space. I mean, look at this floor. How many companies are here? Splunk is growing by 30%, the show itself, 30% per year. They're going to outgrow this venue next year and they're going to go, probably, Vegas or somebody. I think that's exciting. But these are all point products. The fastest-growing segment in the computer business is managed services, because the complexity in that world is overwhelming, and it's extremely fragmented. There's no interlinking. >> Talk about your business in there right now. What are you guys currently selling, how many employees do you have, what's the revenues like, what's the product mix? >> Yeah, so we are a global company. So we have 10 offices worldwide and close to 300 employees. We're one of the fastest-growing companies in North America. We sell, our focus is managed security services. We do consulting as well as incident response remediation, but the day-to-day, we want your logs, we want to do monitoring, we want to help with-- >> So you guys come in and do deployments and integration and then actually manage security for customers? >> We do the sexy of gettin' it in, and then we also do the unsexy of managing it day-to-day. >> Atif, nothing unsexy about our work. (laughter) >> It's all sexy, that's what theCUBE show's about. >> It's all sexy! >> That's why theCUBE's a household name. We have celebrities coming on now. Soon we'll be on cable. >> That's right! This will be a primetime show. (laughter) >> Before we know it! >> That's funny, I got approached by a network, I can't tell you who, big network with a big producer to do a cybersecurity show. And so, they approached me and they said, oh, we think it's going to be so hot. It's such a topical thing. So they spent a day with me and our team to watch what we do. There is no cybersecurity show! (laughter) They're like, do you guys do anything besides sit on the computer? >> You have a meeting and you look at the monitor. It's not much of a show. >> Does anybody have a gun?! (laughter) >> It's not great for network TV, I think. >> Build a wall. >> Someone has to die in the end. That has to be network TV. And yeah, but I mean, there's a problem. There's 1.4 million cyber jobs open right now. And that's not even including any data science statistics. So you know, so we're reporting that-- >> I'm sure it's the same thing in data science. >> Same problem. How do you take a high skill that there's not enough talent for, hopefully, computer science education, all that stuff happens, and automate it. So your point about automation. This is the number one problem. How do you guys advise clients what the hell do they do? >> You know, automation's tough. We just had this meeting before we got on here, because in our managed service, it's people-driven. We want to automate it. But there's only a certain amount of automation you can do. You still need that human element. I mean, if you can automate it, somebody can buy a product and they're secure. >> Machine learning isn't where it's supposed to be. Every vendor aside, machine learning's not where it needs to be, but we're getting there. Having succinct automation helps solve the cybersecurity labor shortage problem, because the skill level that you hire at can go lower. So you reduce the learning curve of who you need to hire, and what they do. >> That's a great point. I think the unsupervised machine learning algorithms are going to become so much smarter with the Splunk data, because they are, that's a tough nut to crack because you need to have some sort of knowledge around how to make that algorithm work. The data coming in from Splunk is so awesome, that turns that into an asset. So this is a moving train. This is the bigtime. Okay, go step back for a second, I want to change gears. Robert, I want to get your thoughts, because since you're here and you do a lot of, you know, picking the stocks, if you will, on Shark Tank, in the tech world, our boring tech world that we love, by the way. >> We love it too. >> How do you, as someone who's got a lot of experience in cycles of innovation, look at the changing digital transformation vendor landscape, Splunk, companies like Oracle tryin' to transform, Dell bought EMC, IBM's pivoting, Amazon is booming. How do you look at the new digital enterprise, and how do you look at that from, if you're a customer, an investor, where's the growth stocks, where's the growth companies, what's the growth parameters, what's your thoughts? >> One of the reasons a lot of our industry, why I got into tech was I had no money, my dad worked in a factory, my mom was a receptionist. And the old adage is, to make money, you need money. To get ahead, it's not what you know, it's who you know. I didn't know anybody. And the value of tech is tech transforms every three years. We follow these cycles where we eat our own young and we throw away stuff that doesn't add value. Tech is the great equalizer, 'cause if you don't add value, nobody cares. And you know, when I'm starting out as a guy with a small company, I love that! We're going to kick ass, we're going to add value. Now that we're a little bigger-- >> Well, when you're a young company you can eat someone's lunch, because if they're not paying attention, you can come in and-- >> For sure. It gets harder as you get bigger because now we're the big guys that somebody in their basement's tryin' to take out. But you know, we see tremendous innovation in security. If you look back three years, who were the leaders in the SIEM space? ArcSight, Q1, Nitro to a lesser degree, and enVision. Today, does RSA have a strategy around a SIEM? They have Netwitness, you know, security analytics, which is kind of a SIEM. Q1 is in the throes of the IBM machine, somewhere in their gut, nobody knows. ArcSight, who buys ArcSight anymore? It's so complicated. Who's the leader? Splunk! >> So back to the old classic team. Obviously, you have good people on the management team. Product matters now, in tech, doesn't it? More than ever. Obviously, balance sheet. Okay, let's get back to the data transformation. So you know, data is so critical now, and again, it's more from that data warehouse, which still is around, but to real-time data having value, moving it into different applications. Question is, how do you value data? I mean, you can't put it on the balance sheet. I mean, people value factories. GE said, we have all this investment in machines and assets. They worry about someone getting their data and doing a judo move on them. So data is truly an asset that's flying out of their network. How does companies value data? Can it ever be on the balance sheet? How do you look at that? >> I don't think data, in of itself, has any value. It's the effect of the data that has the value. And it's a very singular, it's what somebody does to it. Whatever the data is worth to you, from a business perspective, it's worth fundamentally more to an outside bad party because they can package that data and sell it to a competitor, a foreign government, all those kind of places. So it's the collection of raw data and applying it to something that has meaning to a third party. >> So it's like thermodynamics, really. Until it's in motion, it's really not worth anything. I mean, that's what you're saying. Data's data until it's put to work. >> Right, I don't think you're ever going to see it on a balance sheet as a hard, core value, because it has to have a transformative value. You have to do something with it. It's the something. >> So pretend you're in Shark Tank and you're a data guy, and you say, boss, I need more budget to do security, I need more budget to expand our presence. And the guy says sorry, I need to see some ROI on that data. Well, I just have a gut feeling that if we move the data around, it's going to be worth something. Oh, I pass. You can't justify the investment. So a lot of that, I mean, I'm oversimplifying it, but that's kind of like a dialogue that we hear in customers. How do you get that-- >> What I always tell CIOs and CCOs, it's challenging to get budget to do a good thing or the right thing. It's easier to get budget to do the necessary thing. And so, necessary is defined by the nature of your business. So if you make widgets and you want to get more budget to protect the widgets, no one cares. No one's sitting around, and like oh, are my widgets safe? They are, to certain degree, and they'll have limited budget for that. But if you go to them and say, you know what, we have a risk that if somebody can attack our widgets, we're going to be down for three days. And being down for three days or three hours has a dollar cost of $5 million. I need an extra $2.5 million to protect that from happening. As a business guy and a CEO, I understand that. >> That's great advice. >> And that's the biggest challenge, still, with security people is, we're technical people. We're not used to talking to business guys. >> It's like house insurance, in a way, or insurance. You invest this to recover that. >> It's a great analogy. You know, I used to race cars, and I had a life insurance premium for key man insurance. And my insurance agent comes along and says, you should buy a bigger policy. I'm like, I don't need a bigger policy. It's so much money, we're okay. And then he says to me, you know, if you die in a racecar, I'm not sure you're covered. (laughter) But if you pay me another $10000 a year in coverage, you're covered. Did I buy it? Absolutely. And it's the same analogy. >> That's very necessary. Personal question for you. So if you're, your dad had a factory, you mentioned. I saw that you mentioned that earlier. If he had a factory today in a modern era of IoT, and you were going to give him a digital transformation consulting project, how would you advise him? Because a lot of people are taking their analog business and kind of digitizing it. Some already have sensors in there. So you see it in manufacturing, and certainly, the industrial aspect of IoT has been a big deal. How would you advise your dad building a factory today? >> Yeah, so I think there's two aspects to it. One is just, you know, everything we've been talking about, data transformation, data analytics, making things better, none of those things are possible unless you're actually collecting the data. It's like, customers come to us and say, you know what, we don't want you to just manage our logs and tell us what's going on, we want higher-level value. And I'm like, no, I get that, but unless you're actually aggregating the logs, none of the upstream stuff matters. So first thing is, you have collect the data. Whether that's sensors, old devices, mechanical devices, and so on. The second part of it is, the minute you open up your factory and open up the mechanical devices and attach them to a PC or anything that's network-based, you're open for risk. And so, we're seeing that now in utilities, we're seeing that with gas companies, oil companies. You know, up until a few years ago, you couldn't physically change the flow of a pipeline, unless there was a physical connection, a mechanical on-off. It was very binary. Today, all those systems are connected to the internet. And it saves companies a lot of money 'cause they can test them and stuff. But they're also open to hackers. >> Bigtime. >> Well gentlemen, we appreciate the time. >> Thank you. >> And who says tech hasn't got a little pizazz, I mean-- (laughter) >> Come on, I was on Dancing with the Stars, that's a lot of pizazz! >> It's been great! >> You guys are exciting, but you are, no! >> Dancing with the Stars, of course! >> All right. >> Thank you very much. >> Well, thanks for bein' in theCUBE Tank, we appreciate that. >> Thank you. >> Don't call us, we'll call you. (laughter) Gentlemen, thank you very much. >> We're booked, maybe we can get you on next time. >> Okay, we're out. >> .conf2016, CUBE coverage continues live from Orlando. (electronic jingle)