>>Live from Las Vegas, you covering splunk.com 19 brought to you by Splunk.. >>Okay. Welcome back everyone. That's the cubes live coverage in Las Vegas for Splunk's dot com user conference 10 years is their anniversary. It's cubes seventh year. I'm John Farah, your host with a great guest here. Joe Partlow, CTO of rely AQuESTT recently on the heels of vying thread care and Marcus, Carrie and team. Congratulations. They'd come on. Yeah. Yeah. It's been a been a fun month. So obviously security. We love it. Let's take a minute to talk about what you guys do. Talk about what your company does that I've got some questions for you. Yeah. So you know, obviously with the increasing cyber threats, uh, you know, uh, security companies had a lot or customers had a lot of tools. Uh, it's easy to get overwhelmed, um, really causes a lot of confusion. So really what we're trying to do is we have a platform called gray matter that is really kind of how we deliver security model management, which what that means is that's bringing together people, process technology in a way that's easy to kind of make sense of all the noise. >>Um, yeah, there's, there a, a lot of features in there that would help monitor the health, uh, the incident response, the hunt, um, any kind of features that you would need from a security. So you guys are a managed service, you said four? >> Yeah. Yeah, a different, a little different than a traditional MSSP. We um, you'll work very close with, uh, the customers. Uh, we work in their environment, we're working side by side with them, uh, in their tools and we're really maturing and getting better visibility in their environment to get that MSSP for newer. >> Right. That's where you guys are. M S S VP >> on steroids. A little bit different. >> Alright. Well you guys got some things going on. You got a partnership with Splunk for the dotcom sock. Oh yeah. Talk about that with set up out here. And what's it showing? Yeah, that's been a great experience. >>Uh, we, we work very close with the Splunk, uh, team. Uh, we monitored Splunk corporate, uh, from a work with skirt team monitoring them. Uh, so when.call came around, it was kind of a natural progression of Hey, uh, you know, Joel and team on their side said, Hey, how do we kind of build up the team and do a little bit extra and I'll see any way that we can help secure.com. Uh, it was really cool. I give credit to the team, both teams, uh, standing up a, uh, new Splunk install, getting everything stood up really in the last few weeks, uh, making sure that every, uh, everybody at the pavilion and the conference in general is protected and we're watching for any kind of threat. >> So it's, it's been great working with the Splunk team. So is that normal procedure that the bad guys want to target? >>The security congresses? This is gonna make a state visit more of graffiti kind of mentality. It's an act kind of lift, fun, malicious endpoints that they want to get out of here. Oh yeah. There's, there's a little bit of a, you know, let's do it for fun and mess with the conference a little bit. So we'll want to make sure that, that that's what happened. So is my end point protected here? My end points, my phone and my laptop. Uh, not the user specific but any of the conference provided demo stations. Okay. So or structure for the equipment, not me personally. You are not monitoring your personal okay. I give up my privacy years ago. Yes. This is a interesting thing to talk about working with spunk because you know, I hear all the time and again we're looking at this from an industry wide perspective. >>I hear we've got a sock, they got a slot. So these socks are popping up yesterday. Operation centers. What is, what is the state of the art for that now? Is it best practice to have a mega Monster's sock or is it distributed, is it decentralized? What's the current thinking around how to deploy Sox surgery operations center or centers? Yeah, we certainly grow with a decentralized model. We need to follow the sun. So we've got operations centers here in Vegas, Tampa and Dublin. Uh, really making sure that we've got the full coverage. Uh, but it is working very close with the Splunk socks. So they've got a phenomenal team and we work with them side by side. Uh, obviously we are providing a lot of the, uh, the tier one, tier two heavy lift, and then we escalate to Splunk team. They're obviously gonna know Splunk corporate better than we will. >>So, uh, we work very close hand in hand. So you guys acquired threat care and Marcus carries now in the office of CTO, which you're running. Yes. How is that going to shape rely a quest and the Europe business? >> Yeah, the acquisition has been extremely, uh, you know, uh, exciting for us. Uh, you know, after meeting Marcus, uh, I've known of Marcus, he's a very positive influence in the community, uh, but having worked with him, the vision for threat care and the vision for Lioncrest really closely aligned. So where we want to take, uh, the future of security testing, testing controls, making sure upstream controls are working, uh, where threats they're wanting to go for. That was very much with what we aligned more so it made sense to partner up. So, uh, very excited about that and I think we will roll that into our gray matter platform has another capability. >>Uh, gray matter, love the name by the way. I mean, first of all, the security companies have the best names or mission control gray matter, you know, red Canary, Canary in the coal mine. All good stuff. All fun. But you know, you guys work hard so I know the price gotta be good. I gotta ask you around the product vision around the customers and how they're looking at security because you know, it's all fun games. They'll, someone's hacking their business trash or this ransomware going on. Data protection has become a big part of it. What are customers telling you right now in terms of their, their fears and aspirations? What do they need? What's on the agenda? Guests for customers right now? Yeah. I think kind of the two biggest fears, um, and then the problems that we're trying to address is one, just a lack of visibility. >>Uh, customers have so many things on their network, a lot of mergers and acquisitions. So, uh, unfortunately with a lot of times the security team is the last one to know when something pops up. Uh, so anything that we can do to increase visibility and that and that, a lot of times we work very closely with Splunk or send that they have out to make sure that it happens. And then the other thing I think is, you know, most people want to get more proactive. Uh, you know, salmon logging by nature is very reactive. So when he tried to get out in front of those threats a little bit more, so anything that we can do to try to get more proactive, uh, may certainly going to be on their, their top of mind. Well, the machine learning toolkits, getting a lot of buzz here at the show, that's a really big deal. >>I think the other thing that I'm seeing I to get your reaction to is this concept of diverse data. That's my word, not Splunk's, but the idea of bringing in more data sets actually helps machine learning that's pretty much known by data geeks, but in making data addressable because data seems to be the one thing that is all doing a lot of the automation that's takes that headway heavy lift and also provides heavy lifting capabilities to set data up to look at stuff. So data is pretty critical. Data addressability data diversity, you got to have the data and it's gotta be addressable in real time and through tools like fabric search and other things. What's your reaction to that and thoughts around that? No, I agree 100%. Uh, you know, obviously most enterprise customers have a diverse set of data. So trying to search across those data sets, normalize that data, it's, it's a huge task. >>Um, but to get the visibility that we need, we really need to be able to search these multiple data sets and bring those into make sense. Whether you're doing threat hunting or responding to alerts. Um, or you need it from a compliance standpoint, being able to deal with those diverse data sets, uh, is is a key key issue. You know, the other thing I wanna get your thoughts on this one that we've been kind of commenting, I've kind of said a ticket position on this gonna from an opinion standpoint, but it's kind of obvious but it's not necessarily true. But my point is with the data volume going up so massive, that puts the tips, the scales and the advantage for the adversaries. Ransomware's a great example of it and you know, as little ransomware now is towns and cities, these ransomware attacks just one little vector, but with the data volume data is the surface area, not just devices. >>Oh yeah. So how is the data piece of it and the adversarial advantage, you think that that makes them stronger, more surface area? Yeah, definitely. And that's something that where we're leaning on machine learning for a lot is if you really kind of make sense of that data, a lot of times you want to baseline that environment and just find it what's normal in the environment, what's not normal. And once you to find that out, then we can start saying, all right, is this malicious or not? Uh, you know, some things that uh, yeah, maybe PowerShell or something and one environment is a huge red flag that Hey, we've been compromised in another one. Hey, that's just a good administrator automating his job. So making sense of that. Um, and then also just the sheer volume of data that we, that we see customers dealing with. >>Very easy to hide in if you're doing an attack, uh, from an adversary standpoint. So being able to see across that and make sure that you can at scale SyFy that data and find actionable event. You guys, I was just talking with a friend that I've known from the cloud, world, cloud native world. We're talking about dev ops versus the security operations and those worlds are coming together. There are more operational things than developer things, but yet CSOs that we talked to are fully investing in developer teams. So it's not so much dev ops dogma, if you will. But we gotta do dev ops, right? You know, see the CIC D pipeline. Okay, I get that. But developers play a critical role in this feature security architecture, but at the end of the day, it's still operations. So this is the new dev ops or sec ops or whatever it's called these days. >>What's your, how, how do customers solve this problem? Because it is operational, whether it's industrial IOT or IOT or cloud native microservices to on premise security practices with end points. I mean, I, the thing we see that, that kind of gets those teams the most success is making sure they're working with those teams. So having security siloed off by itself. Um, I think we've kind of proven in the past that doesn't work right? So get them involved with their development teams, get them involved with their net ops or, or, you know, sec ops teams, making sure they're working together so that security teams can be an enabler. Uh, they don't want to be the, uh, the team that says no to everything. Um, but at the end of the day, you know, most companies are not in the business of security. They're in the business of making widgets or selling widgets or whatever it is. >>So making sure that the security, yeah, yeah, that's an app issue. Exactly. Making sure that they're kind of involved in that life cycle so that, not that they can, you know, define what that needs to be, but at least be aware of, Hey, this is something we need to watch out for or get visibility into and, and keep the process moving. All right. Let's talk about Splunk. Let's set up their role in the enterprise. I'll see enterprise suite 6.0 is a shipping general availability. How are you guys deploying and optimizing Splunk for customers? What are some of the killer use cases that's there and new ones emerging? Yeah, we've, we provide, you know, really kind of three core areas. First one customers, you're one is obviously making sure that the platform is healthy. So a lot of times we'll go into a, a customer that, uh, you know, maybe they, they, there's one team has turned over or they rapidly expanded and, and in a quickly, you kind of overwhelming the system that's there. >>So making sure that the, the architecture is correct, maintained, patched, upgraded, and they're, they're really taking advantage of the power of Splunk. Uh, from an engineering standpoint. Uh, also another key area is building content. So as we were discussing earlier, making sure that we've got the visibility and all that data coming in, we've got to make sure that, okay, are we pursuing that data correctly? Are we creating the appropriate alerts and dashboards and reports and we can see what's going on. Um, and then the last piece is actually taking, you know, see you taking action on that. So, uh, from an incident response standpoint, watching those alerts and watching that content flyer and making sure that we're escalating and working with the customer security team, they'd love to get your thoughts. Final question on the, um, first of all, great, great insight. They'll, I love that. >>As customers who have personal Splunk, we buy our data is number one third party app for blogs work an app, work app workloads, and in cloud as well as more clients than you have rely more on cloud. AWS for instance, they have security hub, they're deploying some of this to lean on cloud providers, hyperscale cloud providers for security, but that doesn't diminish the roles flung place. So there's a lot of people that are debating, well, the cloud is going to eat Splunk's lunch. And so I don't think that's the case. I want to get your thoughts of it because they're symbionic. Oh yeah. So what's your thoughts on the relationship to the cloud providers, to the Splunk customer who's also going to potentially moves to the cloud and have a hybrid cloud environment? Yeah, and now I would agree there's, you know, there are going to exist side by side for a long time. >>Uh, most environments that we see are hybrid environments. While most organizations do have a cloud first initiative, there's still a lot of on premise stuff. So Splunk is still going to be a, a key cornerstone of just getting that data. Where I do see is maybe a, you know, in those platforms, um, kind of stretching the reach of Splunk of, Hey, let's, let's filter and parse this stuff maybe closer to the source and make sure that we're getting the actionable things into our Splunk ES dashboards and things like that so that we can really make sure that we're getting the good stuff. And maybe, you know, the stuff that's not actionable, we're, we've up in our AWS environment. Um, and that's, that's a lot of the technology that Splunk's coming out with. It's able to search those other environments is going to be really key I think for that where you don't have to kind of use up all your licensing and bring that non-actionable data in, but you still able to search across. >>But that doesn't sound like core Splunk services more. That's more of an operational choice there. Less of a core thing. You mentioned that you think splints to sit side by side for the clouds. What, what gives you that insight? What's, what's, uh, what's telling you that that's gonna happen? What's the, yeah, you still need the core functionality of Splunk running with spark provides is a, you know, it's a great way to bring data and it parses it, uh, extremely well. Um, having those, uh, you know, correlate in correlation engines and searches. Um, that's, that's very nice to have that prepackaged doing that from scratch. Uh, you can certainly, there's other tools that can bring data in, but that's a heavy riff to try to recreate the wheel so to speak. We're here with Joe Parlo, CTO, really a quest, a pardon with Splunk setting up this dotcom SOC for the exhibits and all the infrastructure. >>Um, final question, what's the coolest thing going on at dotcom this year? What's, what should customers or geeks look at that's cool and relevant that you think should be top line? Top couple of things. Yeah, I, I, uh, one of the things I like the most out of the keynote was, uh, the whole, uh, Porsche use case with that. The AR augmentation on my pet bear was really, really cool. Um, and then obviously the new features are coming out with, with VFS and some of another pricing model. So definitely exciting time to be a partner of Splunk. Alright, Joe, thanks for them. John furrier here with the cube live in Las Vegas day two of three days of coverage.com. Their 10th year anniversary, our seventh year covering the Silicon angle, the cube. I'm Sean furrier. Thanks for watching. We'll be right back.