>>Mhm. Hey there. Welcome to the cubes coverage of Splunk dot com. 21. I'm lisa martin. I've got a new guest joining me on the cube for the first time please welcome 20 pierce the senior manager of cybersecurity at the Y 20. Welcome to the program. >>Hi, glad to be here. >>So your linked in profile. I wanted to ask you about this. It states that you are delivering an evidence based approach to cybersecurity. What does that mean? An evidence based approach? And how are you and spunk helping to deliver this approach? >>Yeah. And I'd like to call it like the out case outcome based the price basically you start with what you're trying to accomplish and work with backwards. A lot of people say I've got a problem and then they go try to buy a tool or whatever to go fix the problem. I go in and I'm like all right, I got a problem. Let me figure out what's realistically I can use in the environment. So it's just basically working back so you have, you know, a breach. What if I what are all the different things that I knew to leverage to meet the controls for that breach. Right? And so um think of mitre in a way as a layered way of looking things um and the full defense and depth. So that's kind of my approach, I go when I figure out what the problem is and I answer the question and I used to do that because funk is able to give me a big data to everything. Got a guy so I like to be able to pull in all the different data types that I need to answer our questions, um, to do that. Right. And so whether it's a vulnerability management, patching your networking a good, a good example of this, like most common hacks in the world go after known vulnerabilities, right? And we get kind of caught up in all that. Um, one of the things we like to do here do, why is like we like to combine what's happening in the network. So the threat landscape in which is the network guys, the vulnerability guys who are scanning the data and then actually the patching, who is, who is actually, you know, mitigating the problem putting all those into one screen has really helped people with their risk rating. >>Talk to me a little bit about some of the changes, we've seen massive changes in the threat landscape in cybersecurity in the last year and a half during the pandemic. We've seen massive increase in ransomware. DDoS attacks, ransomware becoming a household word, the executive order that just came down a few months ago. What are some of the things that you've seen? Have you seen the acceleration of organizations coming to help? We know that it's not a matter of if we get attacked. It's when how are you, how are you seeing the last 18 months influence what you're doing. >>Oh man, it's been quite a crazy, right? And so um, by trade, I'm a instant responder, you know, uh high level investigator and possible solutions architect. So I, I get called in a lot for those kind of things. It has been kind of nuts. But you know, one of the things I always tell them when it started understanding what your threat landscaping is, um, and identify your key cyber terrain. Unfortunately most, you know, most companies as they grow, they get really big, they don't really do that. So they don't, they miss the consolidation point, right? I always say, hey, you know, if you're, if you're going to do this, if you say you have a ransomware attack, the first thing you can do is, you know, there's so many different controls that you can do to stop that you really need to know where it is and ejecting and then you can isolate if you need to um, what we're seeing in the companies. They, because they don't all have full coverage, right? And they expect their endpoint protections to actually do its job, you know, and sometimes that's, you know, don't get me wrong, there are some amazing endpoint protections out there, but you really need to be able to log it, you need to know what it looks like and you need to know where it is. So if you need a in case of a ransomware attack as it spreads through the network, you're able to isolate it and rewrite it to like, I like to call it a black hole the land and just reroute it so I can isolate it and then I can go after it. Um instead of trying to try to do every endpoint at a time because you'll get you'll get whacked >>definitely. So talk to me about working and partnering with Splunk and it's full security stuff. How does that, how is that a differentiator for you and your rule? >>Okay. So one of the things that we do here any why is we can find simmons sores one combined offering. Right? So we we try to bring the data in, we operationalize it and then we try to do something with it, right? We we find that. And then if you really think about that in a situation where the spunk products, it's the spunk or funky s and then phantom, right? And so that's the automation play. So we try to combine all those into one combined offering. So that when when bad things happen where we make a decision, we say all right, So, hey, um what we're seeing in the industry is like a lot of times people spend so much time hunting the known to to forget about the unknown. Think about the target. Hack a couple of years ago. Um the oil and gas attack just recently, you know, they miss those core things. So we try to say all right, well let's automate a lot of that known stuff so that the incident responders can focus on the unknown. And so when you combine all three of those products, you get a pretty good security staff >>when you say automating The known, is that at all in any way like helping companies get back to basics. I've been hearing a lot in the last 18 months that some from a data protection perspective and from a ransomware attack perspective. So it's it's when not if but are you saying that companies are are sort of skipping past the basics where security is concerned? Yeah, >>Well, it's I don't say it's skipping past the basics. Right? I think that sometimes people get caught up in the definitions of what it is. Right? So there's there's so many, there's so many fair more shop there. Right? So like I'm a big fan of your trust. Um a lot of instant responded to using minor, I use minor for that as as it retains the instant response. Some people like to use high trust and I think a lot of what happens is they get lost in the confusion of all these different frameworks. Right? I like to go back to basics. I've been doing cyber for Oh, oh my oh my gosh, about 20 plus years. Right. Um I'm an active hacker. I like this is what I do. I like to call a defense in depth. Right? So when you're when you're doing that, if you follow the defense and depth Satur, it doesn't matter what framework you have, you can actually go back and you can Fix that problem. Right? So going back in the automation of unknown to an unknown, we know, and IOC is 100% now, you can say IOC it's like a hash, right? So when a bad thing happens like an exploit, first thing we try to do is we try to grab that hash and then we try to build a roll around it to stop that hash from spreading and going anywhere else. That's a We know 100% of it's bad. Now can exploits change their hash. Absolute. And it happens all the time, but for that Moment in time that hash is 100%. And so we try to say, hey look, you know, we got an endpoint protection but also why don't we use automation to block it at the boundary or why don't we keep it from doing lateral movement? Why don't we why don't we activate it from a defense and depth. So you have your network. Um I like to say, hey look you have your egress ingress and your lateral movement. So if you understand all those three fact factors, you can automate the control so that it doesn't spread, you know, you had mentioned ransomware, it's been really huge, right? And everybody goes, oh well, you know, if we do zero try zero trust, talks about, you know, segmentation a whole lot and then a segmentation is usually important. It won't stop everything but it will do a good job being able to you'll ever swung we actually pull that in and we say hey you know from and why are we take all that network? And we try to put it in a single pane of glass so that we can see everything. And then once we're able to see it, once we get a good robust data set and understand that operations were able to go in and automate it and so if I can go in and say hey look all these hashes are bad. Yeah I'm not going to rely on my end point, I'm going to put another control in place. So at the end point misses it, I have another control that will actually layer it and prevent it from spreading. >>Which is absolutely critical. Talk to me about some of the outcomes that Ey and Splunk are delivering to the end user customers. Everyone's always talking about it's all about outcomes. What are some of those? >>Yeah so we have um we really embraced like the data to everything right? So I I kind of have this opinion of like uh you know everything's data so everything needs to be secured right? Uh the people who missed that tend to get whacked pretty quickly. Um So what I like to do is I'm like all right so you know like IOT is huge out there right now O. T. Is doing it. So some of the things that we've done is like from a health care perspective um We've done we've combined I. O. T. And I. T. Into a commonality solution leveraging like network simple things like pulling in from the wind, pulling in um understanding what those Mac addresses are so that you can actually do like a workplace analytics around um say R. F. I. D. Tagging right? So you know where your people are at? Um Here we also do like a call a sock in a box where we put that put everything together that every like a from a tiered perspective like a tier one tier two analysts. You know what is that they need to do to mitigate mitigate observe something, What is the investigator need? Right? So we try to simplify those conversations so that you know exactly around like a threat hunting as well like threat hunter an investigator, they're totally different roles, right? So they need to be separated. We also like tie in like the um what is it? I really hate uh like power point. I'm not a big power point guy right? So I really like to be able to give the says oh he needs to understand what risk is, right? So we try to automated so we can get to that too. He can pull up his phone and pull up his punk app and he knows at any given time what his risk rating of his company, right? So we try to combine all those in. Like again, you know there is um we do stuff around Blockchain supply chain. You know, it doesn't really matter if it's a data analytics tool. You know a lot of people look at Funk as a sim. I don't just like look at it that way. I look at as a data analytics tool that does sim. It's just one of the functions this does. If you start understanding data and all the different things that data can do, then you need to go in and you can use Funk to basically answer those questions so that you can start putting in a control set. >>What what's the differentiated value that Ey and Splunk bring together to customers. What really sets this partnership and what it delivers apart. >>Well I'm I'm I'm biased on that right? Because I run the North America 17 for you like for consulting. So I would say that those two things is innovation and time to value. Right? So for let's start with innovation for a minute because Funk is so customizable right? Because it pretty much can integrate with just two. Anything we're able to go very fast, take data in and do something with it and operationalize. It doesn't matter who the customer is is they're going to give us a question. We'll break it all the way down and we'll understand what you're going to answer A good example that is like we were doing stuff around P. C. I. Compliance. The checklist. You know the financial sector, they get a huge amount of audits, right? Especially around PC. I. So we took all the Pc. I checklist and we said harry, what can we, what can we answer those questions? And so we built a dashboard that actually sends out a report to internal audit and we call it compliance over time, right? It's looking at data in a different perspective to answer a question. Now the other thing is that we like, we try to do here is, you know, with the, as we do is Funk and funk helps us with this, right? We have a great relationship with them is um, basically, oh I have a, I lost my train of thought there for me. So uh, innovations time to value, right? So from time to value what we do is we used to say, hey look, we have a lot of stuff in our lab. But one of the things I don't like to do is I don't like to um, go to clients and say, hey look, we were going to build this for the first time. I like to say, hey look, here's these questions in the industry. Get ahead of the question and go build in our labs so that when we when we actually get on site, our time to value is not in months. You know, we can begin weeks because we already have a huge repository of um use cases now those every use case is actually tied into an automation play. And so when we say that we say hey look here's everything is flowing, let's do this, let's go answer that question and let's go automate it and you let's make a decision where where we want to automate and where do we want a human interaction. Mhm. >>Talk to me about what's next for the partnership in terms of the future, what what can you tell us where E Y. And Splunk are going together? >>So we've been partying around um I think our next things that we're really looking at is A I um we're really getting kind of into that as well as A R. And D. R. Technology. Right? So um especially around like I'm looking at like the energy companies in the financial banking and one of the things I would love to do is like um go into you know a bank A. T. M. Right? And right now it takes somebody actually has to plug into that and to do a diagnostic on it. I would love to be able to get to a point where you can just take your camera scan the QR code on the on the device and then pull up an A. R. And it runs all the diagnostics on the device as its there. Another one is like the infrastructure um instead of actually going out, plugging into like say a solar panel going out pulling out of the tablet just scanning the solar panels and it tells you if it's good or bad and that's kind of the next step that we're trying to do. We're trying to really take that uh and dated everything and just kind of turn it on its end um like and you've got to remember everything is data nowadays, right? It's not the old days where you know, things are moving around and everything is in the file folders, it's gone right? Everything is data. So everything is security, right? And we know the first thing is we need to know what our threat landscape is. We need to know what that is and we need to apply that. All right. So if we can simplify answering questions, that's so much better. And one of the things I like about flunked is it scales really well, right? And I've looked at some of these fetters and don't get me wrong, I mean everybody has their place. The one thing I like about spunk is it doesn't mean it literally scales really well. So the more data you can get into it, it actually does better. Right? Um and how you do it now, that's just our approach. That's the next steps that we're really looking at from a technology standpoint, >>exciting stuff, Tony thank you for joining me sharing what ey and Splunk are doing together. Some of the unique use cases that you're helping to solve for customers and some of the things that you're excited about. We appreciate your time on your information. >>No, this is fun. You know, like I said, I'm a big fan. I even wore my spunk shirt just for this meeting. >>Fantastic. You're on brand well, Tony. Thank you. Again. We appreciate your time. >>All right. Thank you. You have a wonderful day. >>Thanks you as well for Tony Pierce. I'm Lisa Martin. You're watching the cubes coverage of splunk.com 21. Thanks for watching, >>enjoy. Bye bye mm. Mm hmm.