>>Hello and welcome back to the Cube's coverage of AWS Reinvent 2022. I'm John Furrier, host of the Cube. We got a great conversation with Patrick Kauflin, vice president of Go to Market Strategy and specialization at Splunk. We're talking about the open cybersecurity scheme of framework, also known as the O C sf, a joint strategic collaboration between Splunk and aws. It's got a lot of traction momentum. Patrick, thanks for coming on the cube for reinvent coverage. >>John, great to be here. I'm excited for this. >>You know, I love this open source movement and open source and continues to add value, almost sets the standards. You know, we were talking at the CNCF Linux Foundation this past fall about how standards are coming outta open source. Not so much the the classic standards groups, but you start to see the developers voting with their code groups deciding what to adopt de facto standards and security is a real key part of that where data becomes key for resilience. And this has been the top conversation at reinvent and all around the industry, is how to make data a key part of building into cyber resilience. So I wanna get your thoughts about the problem that you see that's emerging that you guys are solving with this group kind of collaboration around the ocs f >>Yeah, well look, John, I I think, I think you, you've already, you've already hit the high notes there. Data is proliferating across the enterprise. The attack surface area is rapidly expanding. The threat landscape is ever changing. You know, we, we just had a, a lot of scares around open SSL before that we had vulnerabilities and, and Confluence and Atlassian, and you go back to log four J and SolarWinds before that and, and challenges with the supply chain. In this year in particular, we've had a, a huge acceleration in, in concerns and threat vectors around operational technology. In our customer base alone, we saw a huge uptake, you know, and double digit percentage of customers that we're concerned about the traditional vectors like, like ransomware, like business email compromise, phishing, but also from insider threat and others. So you've got this, this highly complex environment where data continues to proliferate and flow through new applications, new infrastructure, new services, driving different types of outcomes in the digitally transformed enterprise of today. >>And, and what happens there is, is our customers, particularly in security, are, are left with having to stitch all of this together. And they're trying to get visibility across multiple different services, infrastructure applications across a number of different point solutions that they've bought to help them protect, defend, detect, and respond better. And it's a massive challenge. And you know, when our, when our customers come to us, they are often looking for ways to drive more consolidation across a variety of different solutions. They're looking to drive better outcomes in terms of speed to detection. How do I detect faster? How do I bind the thing that when bang in the night faster? How do I then fix it quickly? And then how do I layer in some automation so hopefully I don't have to do it again? Now, the challenge there that really OCF Ocsf helps to, to solve is to do that effectively, to detect and to respond at the speed at which attackers are demanding. >>Today we have to have normalization of data across this entire landscape of tools, infrastructure, services. We have to have integration to have visibility, and these tools have to work together. But the biggest barrier to that is often data is stored in different structures and in different formats across different solution providers, across different tools that are, that are, that our customers are using. And that that lack of data, normalization, chokes the integration problem. And so, you know, several years ago, a number of very smart people, and this was, this was a initiative s started by Splunk and AWS came together and said, look, we as an industry have to solve this for our customers. We have to start to shoulder this burden for our customers. We can't, we can't make our customers have to be systems integrators. That's not their job. Our job is to help make this easier for them. And so OCS was born and over the last couple of years we've built out this, this collaboration to not just be AWS and Splunk, but over 50 different organizations, cloud service providers, solution providers in the cybersecurity space have come together and said, let's decide on a single unified schema for how we're gonna represent event data in this industry. And I'm very proud to be here today to say that we've launched it and, and I can't wait to see where we go next. >>Yeah, I mean, this is really compelling. I mean, it's so much packed in that, in that statement, I mean, data normalization, you mentioned chokes, this the, the solution and integration as you call it. But really also it's like data's not just stored in silos. It may not even be available, right? So if you don't have availability of data, that's an important point. Number two, you mentioned supply chain, there's physical supply chain that's coming up big time at reinvent this time as well as in open source, the software supply chain. So you now have the perimeter's been dead for multiple years. We've been talking with that for years, everybody knows that. But now combined with the supply chain problem, both physical and software, there's so much more to go on. And so, you know, the leaders in the industry, they're not sitting on their hands. They know this, but they're just overloaded. So, so how do leaders deal with this right now before we get into the ocs f I wanna just get your thoughts on what's the psychology of the, of the business leader who's facing this landscape? >>Yeah, well, I mean unfortunately too many leaders feel like they have to face these trade offs between, you know, how and where they are really focusing cyber resilience investments in the business. And, and often there is a siloed approach across security, IT developer operations or engineering rather than the ability to kind of drive visibility integration and, and connection of outcomes across those different functions. I mean, the truth is the telemetry that, that you get from an application for application performance monitoring or infrastructure monitoring is often incredibly valuable when there's a security incident and vice versa. Some of the security data that, that you may see in a security operation center can be incredibly valuable in trying to investigate a, a performance degradation in an application and understanding where that may come from. And so what we're seeing is this data layer is collapsing faster than the org charts are or the budget line items are in the enterprise. And so at Splunk here, you know, we believe security resilience is, is fundamentally a data problem. And one of the things that we do often is, is actually help connect the dots for our customers and bring our customers together across the silos they may have internally so that they can start to see a holistic picture of what resilience means for their enterprise and how they can drive faster detection outcomes and more automation coverage. >>You know, we recently had an event called Super Cloud, we're going into the next gen kind of a cloud, how data and security are all kind of part of this NextGen application. It's not just us. And we had a panel that was titled The Innovators Dilemma, kind of talk about you some of the challenges. And one of the panelists said, it's not the innovator's dilemma, it's the integrator's dilemma. And you mentioned that earlier, and I think this a key point right now into integration is so critical, not having the data and putting pieces together now open source is becoming a composability market. And I think having things snap together and work well, it's a platform system conversation, not a tool conversation. So I really wanna get into where the OCS f kind of intersects with this area people are working on. It's not just solution architects or cloud cloud native SREs, especially where DevSecOps is. So this that's right, this intersection is critical. How does Ocsf integrate into that integration of the data making that available to make machine learning and automation smarter and more relevant? >>Right, right. Well look, I mean, I I think that's a fantastic question because, you know, we talk about, we use Bud buzzwords like machine learning and, and AI all the time. And you know, I know they're all over the place here at Reinvent and, and the, there's so much promise and hope out there around these technologies and these innovations. However, machine learning AI is only as effective as the data is clean and normalized. And, and we will not realize the promise of these technologies for outcomes in resilience unless we have better ways to normalize data upstream and better ways to integrate that data to the downstream tools where detection and response is happening. And so Ocsf was really about the industry coming together and saying, this is no longer the job of our customers. We are going to create a unified schema that represents the, an event that we will all bite down on. >>Even some of us are competitors, you know, this is, this is that, that no longer matters because at the point, the point is how do we take this burden off of our customers and how do we make the industry safer together? And so 15 initial members came together along with AWS and Splunk to, to start to create that, that initial schema and standardize it. And if you've ever, you know, if you've ever worked with a bunch of technical grumpy security people, it's kind of hard to drive consensus about around just about anything. But, but I, I'm really happy to see how quickly this, this organization has come together, has open sourced the schema, and, and, and just as you said, like I think this, this unlocks the potential for real innovation that's gonna be required to keep up with the bad guys. But right now is getting stymied and held back by the lack of normalization and the lack of integration. >>I've always said Splunk was a, it eats data for breakfast, lunch, and dinner and turns it into insights. And I think you bring up the silo thing. What's interesting is the cross company sharing, I think this hits point on, so I see this as a valuable opportunity for the industry. What's the traction on that? Because, you know, to succeed it does take a village, it takes a community of security practitioners and, and, and architects and developers to kind of coalesce around this defacto movement has been, has been the uptake been good? How's traction? Can you share your thoughts on how this is translating across companies? >>Yeah, absolutely. I mean, look, I, I think cybersecurity has a, has a long track record of, of, of standards development. There's been some fantastic standards recently. Things like sticks and taxi for threat intelligence. There's been things like the, you know, the Mir attack framework coming outta mi mir and, and, and the adoption, the traction that we've seen with Attack in particular has been amazing to, to watch how that has kind of roared onto the scene in the last couple of years and has become table stakes for how you do security operations and incident response. And, you know, I think with ocs f we're gonna see something similar here, but, you know, we are in literally the first innings of, of this. So right now, you know, we're architecting this into our, into every part of our sort of backend systems here at Polan. I know our our collaborators at AWS and elsewhere are doing it too. >>And so I think it starts with bringing this standard now that the standard exists on a, you know, in schema format and there, there's, you know, confluence and Jira tickets around it, how do we then sort of build this into the code of, of the, the collaborators that have been leading the way on this? And you know, it's not gonna happen overnight, but I think in the coming quarters you'll start to see this schema be the standard across the leaders in this space. Companies like Splunk and AWS and others who are leading the way. And often that's what helps drive adoption of a standard is if you can get the, the big dogs, so to speak, to, to, to embrace it. And, and, you know, there's no bigger one than aws and I think there's no, no more important one than Splunk in the cybersecurity space. And so as we adopt this, we hope others will follow. And, and like I said, we've got over 50 organizations contributing to it today. And so I think we're off to a running >>Start. You know, it's interesting, choking innovation or having things kind of get, get slowed down has really been a problem. We've seen successes recently over the past few years. Like Kubernetes has really unlocked and accelerated the cloud native worlds of runtime with containers to, to kind of have the consensus of the community to say, Hey, if we just do this, it gets better. I think this is really compelling with the o the ocs F because if people can come together around this and get unified as well as all the other official standards, things can go highly accelerated. So I think, I think it looks really good and I think it's great initiative and I really appreciate your insight on that, on, on your relationship with Amazon. Okay. It's not just a partnership, it's a strategic collaboration. Could you share that relationship dynamic, how to start, how's it going, what's strategic about it? Share to the audience kind of the relationship between Splunk and a on this important OCS ocsf initiative. >>Look, I, I mean I think this, this year marks the, the 10th year anniversary that, that Splunk and AWS have been collaborating in a variety of different ways. I, I think our, our companies have a fantastic and, and long standing relationship and we've, we've partnered on a number of really important projects together that bring value obviously to our individual companies, but also to our shared customers. When I think about some of the most important customers at Splunk that I spend a significant amount of time with, I I I know how many of those are, are AWS customers as well, and I know how important AWS is to them. So I think it's, it's a, it's a collaboration that is rooted in, in a respect for each other's technologies and innovation, but also in a recognition that, that our shared customers want to see us work better together over time. And it's not, it's not two companies that have kind of decided in a back room that they should work together. It's actually our customers that are, that are pushing us. And I think we're, we're both very customer centric organizations and I think that has helped us actually be better collaborators and better partners together because we're, we're working back backwards from our customers >>As security becomes a physical and software approach. We've seen the trend where even Steven Schmidt at Amazon Web Services is, is the cso, he is not the CSO anymore. So, and I asked him why, he says, well, security's also physical stuff too. So, so he's that's right. Whole lens is now expanded. You mentioned supply chain, physical, digital, this is an important inflection point. Can you summarize in your mind why open cybersecurity schema for is important? I know the unification, but beyond that, what, why is this so important? Why should people pay attention to this? >>You know, I, if, if you'll let me be just a little abstract in meta for a second. I think what's, what's really meaningful at the highest level about the O C S F initiative, and that goes beyond, I think, the tactical value it will provide to, to organizations and to customers in terms of making them safer over the coming years and, and decades. I think what's more important than that is it's really the, one of the first times that you've seen the industry come together and say, we got a problem. We need to solve. That, you know, doesn't really have anything to do with, with our own economics. Our customers are, are hurt. And yeah, some of us may be competitors, you know, we got different cloud service providers that are participating in this along with aws. We got different cybersecurity solution providers participating in this along with Splunk. >>But, but folks who've come together and say, we can actually solve this problem if, if we're able to kind of put aside our competitive differences in the markets and approach this from the perspective of what's best for information security as a whole. And, and I think that's what I'm most proud of and, and what I hope we can do more of in other places in this industry, because I think that kind of collaboration from real market leaders can actually change markets. It can change the, the, the trend lines in terms of how we are keeping up with the bad guys. And, and I'd like to see a lot more of >>That. And we're seeing a lot more new kind of things emerging in the cloud next kind of this next generation architecture and outcomes are happening. I think it's interesting, you know, we always talk about sustainability, supply chain sustainability about making the earth a better place. But you're hitting on this, this meta point about businesses are under threat of going under. I mean, we want to keep businesses to businesses to be sustainable, not just, you know, the, the environment. So if a business goes outta business business, which they, their threats here are, can be catastrophic for companies. I mean, there is, there is a community responsibility to protect businesses so they can sustain and and stay Yeah. Stay producing. This is a real key point. >>Yeah. Yeah. I mean, look, I think, I think one of the things that, you know, we, we, we complain a lot of in, in cyber security about the lack of, of talent, the talent shortage in cyber security. And every year we kinda, we kind of whack ourselves over the head about how hard it is to bring people into this industry. And it's true. But one of the things that I think we forget, John, is, is how important mission is to so many people in what they do for a living and how they work. And I think one of the things that cybersecurity is strongest in information Security General and has been for decades is this sense of mission and people work in this industry be not because it's, it's, it's always the, the, the most lucrative, but because it, it really drives a sense of safety and security in the enterprises and the fabric of the economy that we use every day to go through our lives. And when I think about the spun customers and AWS customers, I think about the, the different products and tools that power my life and, and we need to secure them. And, and sometimes that means coming to work every day at that company and, and doing your job. And sometimes that means working with others better, faster, and stronger to help drive that level of, of, of maturity and security that this industry >>Needs. It's a human, is a human opportunity, human problem and, and challenge. That's a whole nother segment. The role of the talent and the human machines and with scale. Patrick, thanks so much for sharing the information and the insight on the Open cybersecurity schema frame and what it means and why it's important. Thanks for sharing on the Cube, really appreciate it. >>Thanks for having me, John. >>Okay, this is AWS Reinvent 2022 coverage here on the Cube. I'm John Furry, you're the host. Thanks for watching.

(gentle music) >> Hello, welcome to theCUBE's presentation of the AWS Showcase season one, episode two with the ISV Startups partners. I'm John Furrier, your host of theCUBE. We're joined by Morgan McLean, director of product management at Splunk, and Danielle Greshock, who is the director of ISVs solution architects at AWS. Welcome to the show. Thanks for coming on. >> Thanks for having us. >> And great. Thanks for having us. >> Great to see both of you, both theCUBE alumni, but the Splunk-AWS relationship has been going very, very well. You guys are doing great business enabling this app revolution. And cloud scale has been going extremely well. So let's get into it. You guys are involved in a lot of action around application revolution, around OpenTelemetry and open source. So let's get into it. What's the latest? >> Danielle, you go ahead. >> Well, I'll just jump in first. Obviously last year, not last year, but in 2020, we launched the AWS Distro for OpenTelemetry. The idea being essentially, we're able to bring in data from partners, from infrastructure running on AWS, from apps running on AWS, to really be able to increase observability across all cloud assets at your entire cloud platform. So, Morgan, if you want to chime in on how Splunk >> Morgan: Certainly. >> has worked out OpenTelemetry. >> Yeah. I mean, OpenTelemetry is super exciting. Obviously, there's a lot of partnership points between Amazon and Splunk, but OpenTelemetry is probably one of them that's the most visible to people who aren't already maybe using these two products together. And so, as Danielle mentioned, Amazon has their own distribution of OpenTelemetry, Splunk has their own, as well, and of course there's the main open source distribution that everybody knows and loves. Just for our viewers, just for clarity's sake, the separate distributions are fundamentally very similar to, almost identical to what's offered in the open source space, but they come preconfigured and they come with support guarantees from each company, meaning that you can actually get paid full support for an open source project, which is really fantastic for customers. And as Danielle mentioned, it's a great demonstration of the alliance between Splunk and Amazon Web Services. For example, the AWS Distro, when you use it, can export data to Amazon CloudWatch, various Amazon backed open source initiatives like Prometheus and others, and to Splunk Observability Cloud and to Splunk Enterprise. So it's a place that we've worked very closely together, and it's something that we're very excited about. >> So, Morgan, I want to get your take on the on the product management side and also how product are built these days. >> One of the big things we're seeing in cloud is that open source has been the big enabler for a lot of refactoring. And you got multiple distributions, but the innovations on top of that, can you talk about how you see the productization of new innovations with open source as you guys go into this market, because this is the new dynamic with cloud. We're seeing examples all over the place. Obviously, Amazon's going next level with what they're doing, and that open source, it's not a one game for all of it. You can have mix and match. Take us through the product angle. >> And in many ways, this is just another wave of the same thing, right? Like, if you think back in time, we all used and still use in many cases, virtual machines, most of those are based on Linux, right? Another large open source project. And so, open source software has been accelerating innovation in the cloud space and in the computing space generally for a very long time, which is fantastic. Our excitement with something like OpenTelemetry comes from both the project's capabilities but also what we can do with it. So for those who aren't already familiar with OpenTelemetry, OpenTelemetry allows you to extract really critical system telemetry, application signals and everything else you need from your own applications, from new services, from your infrastructure, from everything that you're running in a cloud environment. You can then send that data to another location for processing. And so John, you ask like, how does this accelerate innovation? What does it unlock? Well, the insight you can gain from this data means you can become so much more efficient as a development organization. You can make your applications so much more effective because when you send that data to something like Splunk Observability Cloud, to something like Amazon CloudWatch, to various other solutions on the market, they can give you deep, deep insight into your application's performance, to its structure, they can help you reduce outages. And so, it's very, very powerful because it allows organizations to use tools like Splunk, like Amazon, like other things to innovate so much more effectively. >> Danielle, can you comment >> If I could... >> on the AWS side because this is again on the big point. You guys are going next level, and you're starting to see patterns in the ISV world, certainly on the architecture side of partners doing things differently now on top of what they've already done. Could you share how AWS is helping customers accelerate? >> Well, just as Morgan was talking about what OpenTelemetry provides, you can see how from a partnership perspective, this is so valuable, right? What the partner team here at AWS is in the business of doing, is really enabling customer choice, right? And having that ability to plug in and pull data from different sources, post it to different sources, make it available for visibility across all of your resources is very powerful and it's something from the partner community that we really value because we want customers to be able to select best of breed solutions, what works for their business, which businesses are different and they may have different needs, and that also fosters that true innovation. A small company is going to develop and release software a lot differently than a large enterprise. And so, being able to support something like OpenTelemetry just enables that for all different kinds of customers. >> Morgan, add to that because the velocity of releases, certainly operational, stability, is key every predominant security, uptime, these are top concerns. And, you mention data too, >> And you mention challenges. >> You got the data in here. So you got a lot of data moving around, a lot of value. What's your take? >> Yeah. So, I'll speak with some specifics. So a challenge that developers have had for years when you're developing large services, which you can now do with platforms like AWS. So, it's very easy to go develop huge deployments. But a challenge they have is you go and build a mess, right? And like, I've worked earlier in my career in Web Services. And I remember in one of the first orgs I was in, I was one of the five people who really understood our ecommerce stack. Right? And so like, I would get dragged into all these meetings and I'd have to go draw like the 50 services we had, and how they interacted, and the changes that were made in the last week. And without observability tools like Splunk Observability Cloud, like the ones offered by Amazon, like the ones that are backed by the data that comes with OpenTelemetry, organizations basically rely on people like this, to go draw out their deployments so they understand what it is they've built. Well, as you can imagine, this crimps your development velocity, because most of your engineers, most of your tech leads, most of everyone else don't actually understand what it is they've built what it is they're running, because they need that global context. You get something like OpenTelemetry and the solutions that consume the data from it, and suddenly now, all your developers have that context, all of them when they're adding functionality to a service or they're updating their infrastructure, can actually understand how it interacts with the rest of the broader application. This lets you speed up your time to development, this lets you ship more safely, more securely. And finally, when things do go wrong, which will be less frequent, but when they do go wrong, you can fix them super rapidly. >> If I'm a customer, let me ask a question. I'm a customer and I say, "Okay, I love AWS, I love Splunk, I love OpenTelemetry. I got to have open sources, technology innovation is happening." What's the integration? What are some of the standards? Can you take us through how that's working together with you guys as a shared platform? >> Yeah. So let's take the Amazon distribution for OpenTelemetry or even the Splunk one. One of the first things they do is they include all of the receivers, all of the sort of data capture components that you need, out of box for platforms like AWS, right? And so, right away, you get that power and flexibility where you're getting access to all of these data sources, right? And so, that's part of that partnership. And additionally, once the data comes into OpenTelemetry, you can now send that to various different data sources, including, as Danielle mentioned, to multiple at the same time. So you can use whatever tools you want. And so when you talk about like what the partnership is actually providing to you as a customer and still, this is just within the context of OpenTelemetry, obviously there's a much broader partnership between these two companies than just that. But within the context of OpenTelemetry means you can download one of these distributions. It's fully supported. It works with both solutions and everything is just great, right? You don't need to go fiddle with that out of the box. To be clear, OpenTelemetry is a batteries included project, right? This means that even the standard distributions of OpenTelemetry include the components you need. You have to go directly, reference them and ensure that they're packaged in there, but they exist, right. But the nice thing about these distributions is that it's done, it's out of the box, you don't even have to worry about is something missing or do I need to include new exporters or new receivers? It's all there. It's preconfigured. It just works. And if something goes wrong and you have a support contact, you pick up the phone, you talk to someone to get it fixed. >> Danielle, what's the Amazon side 'cause agility and scale is one of the highlights you guys are seeing. How does this tie into that and how are you guys working backwards from the customers to support the partners? >> Well, I think just to add on essentially to what Morgan said, I think that AWS is a cloud platform, has always really had a focus on developers. And, we talk a lot about how AWS and Amazon as a whole really embraces this continuous integration and continuous deployment methods inside of our organization. And we talk about services, and observability is a huge part of that. The only way that you're actually able to release hundreds, thousands of times a day like Amazon does, is by having an observability platform, to be able to measure metrics, see changes in the environment, to be able to roll back if you need to, and to be able to quickly mitigate any challenges or anything that goes wrong at any part of the process. And so, when we preach that to our customers, I think it's something that we do that because we live it and breathe it. And so, things such as OpenTelemetry and such as the products that Splunk builds, those are also ways in which we believe our customers can achieve that. >> Yeah. And we can... I mean, as I mentioned before, this partnership goes well beyond OpenTelemetry, right? And so, if you go use like Splunk Enterprise, Enterprise Cloud, Splunk Observability Cloud, and you're running on AWS, you have excellent support and excellent visibility into your Amazon infrastructure, into the services and applications you've deployed on top of that infrastructure. We try and give you, and I think we do succeed in this. We give you the best possible experience, the deepest possible visibility, into what it is you've deployed on AWS, so that you can be even more successful as a business, and so that you can be even more successful on AWS as a platform. >> Yeah. This is a great conversation, Morgan. You mentioned the early days of Web Services. AWS stands for Amazon Web Services built on web services. So interesting throwback there, but made me think about the days of the early days of web services. And if you look at data, what's going on now, the top partners in AWS, you're seeing a lot of people thinking about data differently, they're refactoring, a lot of machine learning, a lot of AI going on at scale. So then, you got cloud native, things like Kubernetes and these new services being stood up and teared down with automation. A whole new operating model's coming. And so when you think about observability, the importance of it, I mean, can you share your perspective on this whole 'nother level? I mean, I always say that whole another level sounds cliche, but it is next level. I mean, this is completely different. What's your reaction? >> Yeah. There there's a ton of factors here, right? So as you point out, companies are totally shifting how they use their cloud infrastructure. And part of this you see during their cloud migrations, a part of it you see after, and they're shifting from their sort of stateful VMs that they may have had in the past to infrastructure that they tear down and put up regularly. And there's a lot more automation. With this, comes as I mentioned before, complexity, right? And also, with this comes more and more businesses becoming even more reliant on their digital infrastructure. And so, not having observability into your applications, into your services, into your infrastructure, to me, is akin to running a business, say running a large warehousing or distribution company, but not having any idea where you're shipping products or where things are, or not having any accounting or CFO, right? Like, business has become so digital. Business is so reliant on technology, and that's unlocked a ton of new things. It's great. But not having visibility into how that technology works or what it is that's deployed or how to fix it is akin to having no visibility to anything else in your business. It's nuts. And so, observability is super, super critical, particularly for customers who are adopting this new wave of cloud technologies on platforms like AWS. >> Danielle, on your side too, you're enabling this new capability so that businesses can do it, the partners do it, we're calling it super cloud. We've been calling it super cloud kind of dynamic where new things are happening with the data. And you guys are evolving with that. Can you share what you're seeing on your side as your partners start to go to the next level? What are you guys doing? How does it all come together? >> Well, we always talk about what has happened with data in the last couple of years, which the cloud has really enabled around, you know, variety and velocity and there's one other "V" that's escaping me right now, but essentially, all of this data is coming in and providing the ability for us to make better decisions, to build better products, to provide better experiences for customers. And so, I just think, the OpenTelemetry project, as well as what Splunk is doing is just another example of how we're taking this massive amount of data and being able to provide better experiences and outcomes for customers. >> And you guys have been working along together for long time, Splunk, and, it's been a great partners, if we're going back with that been covering it on theCUBE and SiliconANGLE. So, we know that, the change is key observability. Can you imagine a company without a CFO, Morgan? That's just boggles your mind, but that's what it's like right now. So... >> It is, yeah. >> And the people who take advantage of that are winning, right? So it's like, that's the key. >> Yeah, I know. I mean, even in my own career, right, I've moved between different companies. And I remember, when I joined Google in particular, which is where I worked at previously, I was very impressed with their internal observability tools. And I'm certain, I haven't worked at Amazon. I'm certainly, I just assume inside of Amazon they're excellent as well, so a lot of the large cloud firms these days. But it was so refreshing going from an organization where if we had some outage or something went wrong, there were like a very small set of people who could actually understand what was going on. And then you would just have to manually dive through logs and correlate requests manually between services. It's very challenging. And so, when things went wrong, they went wrong for a long, long time. And so, the companies that understood this even in the past are already very successful as a result. I think now, the rest of the industry is really in the midst of adopting these observability practices and the tools that are required to implement them, because you're right. Otherwise your development velocity slows down. Now you're getting out competed by your competition. And then, when you have a problem, it blows up for ages. And once again, your competition can take advantage of it. >> And, can you just summarize the observability piece relative to the OpenTelemetry? Where is that going to go? Where do you see that evolving? >> Sure. >> I see open source is growing like crazy, we all know that. >> Of course. >> But OpenTelemetry in particular and open source, 'cause this is a big hot area. >> Yes. So to set the stage for people, OpenTelemetry, unlocks observability in many ways. As I mentioned earlier, OpenTelemetry is how you capture data out of your application. It doesn't process it. It's not a replacement for something like Amazon CloudWatch or any Splunk's products, but it's how we get the data out of your system, which is a remarkably difficult problem. I won't dive into it today, but, those who work in this space are very aware. That's why this project exists and it's so big, that actually extracting information, metrics, logs, distributed traces, profiles, everything else, from your applications and from your infrastructure is very, very difficult. So for OpenTelemetry, where it's going is just continually getting better at extracting more types of data from more sources, and doing that more effectively for people in a more standardized way. That will unlock firms like Splunk, firms, like Amazon and others to better process this data. In terms of where that's going, the sky's the limit, right? Like, everyone's familiar with APM, people are familiar with infrastructure monitoring, but there's a lot more capabilities coming there for security analytics, for network performance monitoring, for getting down all the way to single lines of coding your application, how they impact everything. There's just so much power that's coming to the industry right now. I'm really excited to see where things go in the next few years. >> And Danielle, you're in the middle of all the action as a solution architect, really set the stage for their companies and the ISVs, and this is a big, hot area. What are the patterns you're seeing and what are some of the best practices that you're doing will help companies? >> Right. So I think, summarizing our entire conversation, the big things that we're seeing in the market is essentially more and more companies are looking to move to a continuous deployment and a continuous integration environment. And they're looking to innovate faster and spend less time hot patching or hot fixing their environments and they want to spend more time innovating. And so, that you know, the patterns that we're seeing is... What I see and what I actually experience firsthand at re:Invent when I talk to probably over 40 or 50 ISVs, is customers want to know in their environment, where are their changes? Where are their security vulnerabilities? Where are their data changes, and what are customers really experiencing, whether it's latency, poor experience throughout their products, those types of things? So security, data, and observability are just key to all of that experience and that's what we're definitely seeing as patterns, what we're seeing with our customers and also what value our ISVs are providing in that space. >> That's awesome. And the other thing I would observe is that there's more of an integration story going on around joint projects, whether it's open source. >> Absolutely. >> Because this is where we want to get that services connected. And it's mutual beneficial. I mean, this is really >> Exactly. >> whole 'nother, new kind of interoperable cloud scale. >> Yeah, if I could say one thing else there, I think that, a lot of the customers who are trying to move into the cloud now are, maybe not technology forward companies and they really need that solution. And that's very important. I think COVID has pushed a lot of companies into the cloud maybe very quickly. And, that has been something else we've observed in the market. So, solutions and full solutions between ISVs and ISVs, or ISVs and AWS is just becoming more and more common thing that we see. >> And, you mentioned John, in the open source space as well. Like, we're certainly from Amazon to Splunk. So we're talking a lot about those, but there's a lot of other firms involved in projects like OpenTelemetry. And I think it's very endearing, very heartening to see how well they cooperate in this community and how, when their interests are aligned, how effective they can be. And it's been very exciting to work in the space and very pleasant, honestly, to see everything come together with this huge set of customers and partners. >> Yeah. The pleasant surprise of the pandemic has been that people come into the cloud and they like it and they, "Hey, this works," and they double down on it. Then they realize, there's more there and they refactor. So, you're seeing real examples of that. So, this is a great discussion, great success story. Congratulations Morgan, Danielle. >> Thank you. >> Great partnership between Splunk and AWS. We've been following for a long time. And again, this highlights this whole another level of integrating super cloud kind of experience where people are getting more capabilities and doing more together, so great stuff. >> And this is just one facet of that, right? Like, there's all the other connections of Splunk Enterprise, Splunk security analytics products, and others. It's a deep, deep partnership between these firms. >> Yeah. And the companies that innovate and get that new capability are going to have an advantage. And you're seeing... >> Yes. >> Right? >> Agreed. >> And this is awesome, and great stuff, thank you for coming on and sharing that insight. >> Thank you. >> Congratulations Morgan over there at Splunk, great stuff. And Danielle, thanks for coming on and sharing the AWS perspective. >> Thanks for having me. >> And you guys are going to the next level. You moving up to stack as they say, all good stuff for customers. Thanks. >> Thank you. >> Okay. >> Thank you. >> This is season one, episode two of the AWS Partner Showcase. I'm John Furrier with theCUBE. Thanks for watching. (gentle music)

>>Welcome to the Cubes Coverage of Splunk.com 2021. My name is Dave Atlanta and the Cube has been covering.com events since 2012 and I've personally hosted many of them. And since that time we've seen the evolution of Splunk as a company and also the maturation in the way customers analyzed, protect and secure their organizations, data and applications. But the forced march to digital over the past 19 months has brought more rapid changes to sec UP teams than we've ever seen before. The adversary is capable. They're motivated and they're deploying very sophisticated techniques that have pressured security pros like never before. And with me to talk about these challenges and how Splunk is helping customers respond as jane wang is the vice president of security products that Splunk jane. Great to have you on the cube. Thanks for coming on. >>Very nice to meet you. Thank you for having me. >>You're very welcome. So how d how can you think about or how do you think about the fact that the imperative to accelerate digital transformation has impacted security teams? How has it impacted sec ops teams in your view? >>Yeah. Well, just going back to our customers and what I've learned from all the customer conversations I have every every week many of our customers are under a massive digital transformation. They're moving to the cloud and the cloud opens up more attack surface, more attack work surface, there's more threats that come over cloud, new workspaces to attack services, new api is to manage secure and protect and our customers are really struggling to gain the visibility they need to really manage and secure across all that infrastructure. >>Yeah. And we've also seen the whole, obviously the work from home trend, the hybrid work movement, you know, people aren't set up for that. I mean, you remember people were ripping out literally ripping out desktops and bringing them home and you know, the home network had to be upgraded. So lots of changes there. And we've we've talked a lot in the cube jane about the fragmentation of tooling and the lack of qualified talent when we talked to see. So as you ask him, the number one problem, I can't get, I can't hire enough talent in the field of of cybersecurity. So I wonder if you can address how this has made it more difficult for security teams to maintain end to end visibility across their environments. What's the fundamental challenge there? >>Yeah, well you're really you're really nailing this. The fundamental challenges that many security products are not built to integrate seamlessly with one another. When I'm talking to customers, their frontline security operations teams often have 30 different consoles open on their monitor at one time and there really manual disjointed processes, the copying and pasting hash names and iP addresses from one consults the other. It slows them down. It really slows them down in protecting those threats. So because those products aren't assigned to integrate together and all that data from each of those security tools isn't brought into one place. It just exacerbates the challenge for security operations seems makes their job really, really hard to do. Which takes time. It takes time. It makes it harder to detect and respond to threats quickly and today more than ever we need to be able to detect and respond to threats quickly. >>Yeah, I do a weekly program called Breaking Analysis and once a quarter I look at the cyberspace and I use a chart to emphasize this complexity. It's it's a from a company called operative, I don't know if you've ever seen it but it's this eye chart, it's this taxonomy of the security landscape and it's mind blowing how much complexity there is. So how to Splunk help organization organizations address these challenges. >>Yeah, so I think bringing, we have one security operations platform cloud native cloud delivered. There are many parts of being able to streamline workflows for when you're first detect a threat or a potential threat right through to when teams close and immediate that threatened the changes in their environment to ensure they're protected. So the whole thing is helping security teams detects faster, investigate faster and respond faster to threat. There are four parts to that in our security operations, platform Splunk security cloud. The first one is advanced security analytics. So the nature of threats is evolving. They're becoming more sophisticated. We have very smart, well funded Attackers whose day job who spend all their time trying to break into organizations. So you need really advanced security analytics to detect those threats, then we need to automate security operations so that it's not so manual, so you don't have poor folks sitting in front of multiple consoles doing manual tasks to respond to those threats and make sure their organizations are protected. One key thing is that this year Splunk acquired true Star so that we can bring in d do rationalize multiple sources of threat intelligence and apply that threat intelligence both to our analytics and our operations so that you have broader insights from the security community outside Splunk and that intelligence can really help and speed both detection and response. And the last thing that's been true about Splunk since spunk became Splunk many many years ago is that we are committed to partners and we deeply integrate with many other security tools uh in a very seamless way. So whatever investments customers have made within their security operations center, we will integrate and bring together those tools in one workspace. So there's the big advantages I think you get when, when you run your security operations said transplant security cloud, >>that's a nice little description. And having followed Splint for so many years, it's sort of, it tracks the progression of your ascendancy. You know, you started you you we we used to have log analytics that were just impossible. You sort of made that much easier took that to advanced kind of use big data techniques even though Splunk really never used that term. But but you were like the leader and big data um in terms of being able to analyze um uh data to help remediate issues. The automation key is p pieces key the acquisitions. You've made a very interesting um you mentioned around de doop threat intelligence but also you've done some cool stuff in the cloud and we always used to say jane watch for the ecosystem. We early too early, you know, last decade we saw you as a really hot company. We said one of the keys to your growth is going to be the ecosystem. And you've you've clearly made some progress there. I wonder if you could tell us more About the announcements that you're making here at.com. >>Yeah. Well we're going back everything that we do on the security team, every line of code every engineer writes is all around helping detect, investigate and respond faster to really secure organizations. So if I look at those intern I start with faster time to detect what have we done. So bringing in the threat intelligence that I mentioned again, that's really gonna help to take new threats and to take them really, really quickly. You don't have to spend time going and looking manually at external sources of threat intelligence. It will be brought right in to enterprise security at your fingertips. So that that's pretty huge. We're bringing other more advanced content right into our stem enterprise security. So that will help detect threats that our research team sees as emerging again. This is going to just bring bring that intelligence right to customers where they work every day, um faster time to investigate. So this is this is really exciting uh back in november we reduced and we are really something called risk based alerting. That is an amazing new capability that we've iterated on ever since. And we have more iterations that we're announcing um tomorrow actually. And so risk based alerting pulls together what may have been single atomic alerts that can often be overwhelming to a sock brings those together into one overarching alert that helps you see the whole pattern of an attack, the whole series of things that happened over time. That might be an attack on your organization. One customer told us that that reduced the time it took for them to do an investigation from eight hours down to 10 minutes to really helping faster time to investigate. And then the next one is faster time to respond. So we have a new visual playbook editor for our sore security orchestration and response to which is in the cloud but also available on prayer. But that new visual playbook editor really reduces the need for custom code. Makes playbooks more modular, so it can help anyone in the security operations team respond to threats really, really quickly. So faster time to detect, investigate and respond those are, those are really cool for us. And then there's some exciting partnerships that I want to talk about just to really focus on reducing the burden of all those disparate tools on consoles and bringing them down and and integrating them together. So we'll have some announcements. There are new integrations that we're releasing with Mandiant Aziz scalar and detects. I'm personally very excited about a fireside chat that Kevin Mandia, the Ceo and president of Mandiant, we'll be having tomorrow with our Ceo Doug merit. So those are some of the things we're announcing. It's a big year for security. Very excited >>to tell you that's, that's key. I want to just kind of go through and follow up on some of the faster time to detect with the threat intelligence. That's so important because we read about how long it takes sometimes for for organizations to even find out that somebody has infiltrated their environment. This risk based learning, it sounds like and you're so right, it's like paper cuts having a bottoms up analysis. It's almost overwhelming. You don't have a sense as to really where the focus should be. So if you can have more of a top down, hey start here and sort of bucket ties things. It's gonna, it's gonna accelerate and then the faster response time. The thing that strikes me jane with your visual playbook editor is as you well know, the the way in which bad guys get in now they're very stealthy, you almost have to be stealthy in your response. So if you have to write custom code that's going to alert the bad guys that they're they're seeing now seeing code that they've never seen before, they must have detected us and then they escalate, you know, they get you in a harder, tighter headlock. Uh and I love the partnerships, you know, we, we followed the trend toward remote security. Cloud security, where's the scale is a big player, Amanda you mentioned. So that's that's great too. I mean it feels like the puzzle pieces are coming together. It's it's almost like a game of constant, you know, you're never there but you've got to stay vigilant. >>I really think so today. I mean it's been a great 12 months that's blank. We have done so much over the past year leading up to this.com. I'm very excited to talk to folks about it. I think one thing I didn't really mention that I kind of touched on earlier in the talk that we're having was around cloud security monitoring. So holistic cloud security monitoring. We've got some updates there as well with deeper integrations into G C P A W S Azure, one dr SharePoint box net G drive. Like customers are using many, many cloud services today and they don't have a holistic view across all those services I speak to see so every week that tell me they just really need one view. Not to go into each of those cloud service providers or cloud services, one at a time to look at the security posture, they need that all in a central location. So we normalize, we ingest and normalize data from each of those cloud services so you can see threats consistently across each of them. I think that's really, really something different that Splunk is doing um that other security offerings are not doing. >>I think that's a super important point and I do hear that a lot from CsoS where they say look we have so many different environments, so many different tools and they each have their own little framework so we have to go in and and investigate and then come back out and then our teams have to go into a new sort of view and come back out and and they just run out of time and they just don't again, lack of lack of skills to actually do this, can't hire half fast enough, can't train fast enough. So so that higher level view but still the ability to drill down and understand what those root causes. That's it's a it's a it's a top down bottoms up type of approach and and so as opposed to just throwing grains of sand at the second teams and then hoping, you know, they find the pearl, so jane, I'll give you the last word, Maybe some final thoughts. >>No, I just wanted to thank everyone for listening. I want to thank everyone for joining dot com 21. We're very excited to hear from you and speak with you. So thank you very much. >>Excellent. Great having you in the cube, keep it right there, everybody for more coverage of the cube. Splunk dot com 21. We'll be right back, >>Yeah.

(Upbeat music) >> Hi everyone and welcome back to the Cube's coverage of Splunk.conf 2021, virtual. We are here, live in the Splunk studios here in Silicon valley. I'm John Furrier, host of the Cube. Spiros Xanthos VP of product management of observability with Splunk is here inside the cube, Spiros, thanks for coming on. Great to see you. [Spiros Xanthos]- John, thanks for having me glad to be here. >> We love observability. Of course we love Kubernetes, but that was before observability became popular. We've been covering cube-con since it was invented even before, during the OpenStack days, a lot of open source momentum with you guys with observability and also in the customer base. So I want to thank you for coming on. Give us the update. What is the observability story its clearly in the headlines of all the stories SiliconANGLE's headline is multi-cloud observability security Splunk doubling down on all three. >> Correct. >> Big part of the story is observability. >> Correct. And you mentioned CubeCon. I was there last week as well. It seems that those observability and security are the two most common buzzwords you hear these days different from how it was when we started it. But yeah, Splank actually has made the huge investment in observability, starting with the acquisition of Victor ops three years ago, and then with Omnition and Signalfx. And last year with Plumbr synthetics company called Rigor and Flowmill and a network monitoring company. And plus a lot of organic investment we've made over the last two years to essentially build an end-to-end observability platform that brings together metrics, traces, and logs, or otherwise infrastructure monitoring, log analytics, application monitoring. Visual experience monitoring all in one platform to monitor let's say traditional legacy and modern cloud native apps. >> For the folks that know SiliconANGLE, the Cube know we've been really following this from the beginning for signal effects, remember when they started they never changed their course. they've had the right They have the right history and from spot by spot, you guys, same way open source and cloud was poo-pooed upon, people went like, oh, it's not secure, they never were. Now it's the center of all the action. [Spiros Xanthos]- Yes >> And so that's really cool. And thanks for doing that. The other thing I want to get your point on is what does end-to-end observability mean? Because there's a lot of observability companies out there right now saying, Hey, we're the solution We're the utility, we're the tool, but I haven't seen a platform. So what's your answer to that? >> Yes. So observability, in my opinion, in the context of what you're describing means two things. One is that when, when we say internal durability, it means that instead of having, let's say multiple monitoring tools that are silent, let's say one for monitoring network, one for monitoring infrastructure, a separate one for monitoring APM that do not work with each other. We bring all of these telemetry in one place we connect it and exactly because actually applications and infrastructure themselves are becoming one. You have a way to monitor all of it from one place. So that's observability. But the other thing that observability also is because these environments tend to be a lot more complex. It's not just about connecting them, right? It's also about having enough data and enough analytics to be able to make sense out of those environments and solve problems faster than you could do in the past with traditional monitoring. >> That's a great definition. I've got to then ask you one of the things coming up that came out of CoopCon was clear, is that the personnel to hire, to run this stuff, it's not everyone can get the skills gap problem. At the same time, automation is at an all time high people are automating and doing AI ops, get outs. What do you want to call this a buzz word for that basically automating the data observability into the CICB pipeline, huge trend right now. And the speed of developers is fast now. They're coding fast. They don't want to wait. >> I agree. So, and that's exactly what's happening, right? We want essentially from traditional IT where developers would develop something a little bit deployed months later by some IT professional, of course, all of this coming together, But we're not stopping that as you say, right, that the shifting left is going earlier into the pipeline. Everyone expect, essentially let's say monitoring to happen at the speed of deployment. And I guess observability again, is this not, as a requirement. Observability is this idea. Let's say that I should be able to monitor my applications in real time and, you know, get information as soon as something happens. >> With the evolution of the shift left trend. I would say for the people don't know what shift left is you put security the beginning, not bolted on at the end and developers can do it with automation, all that good stuff that they have. But how, how real is that right now in terms of it happening? Can you, can you share some vision and ideas and anecdotal data on how, how fast shift left is, or is there still bottlenecks and security groups and IT groups? >> So there are bottlenecks for sure. In my opinion, we are aware with, let's say the shift left or the dev sec ops trend, whether IT and devs maybe a few years ago. And this is both a cultural evolution that has to happen. So security teams and developers have to come closer together, understand like, say the consensus of the requirements of each other so they can work better together the way it happened with DevOps and all sorts of tooling problem, right? Like still observability or monitoring solutions are not working very well with security yet. We at Splunk of course, make this a priority. And we have the platform to integrate all the data in one place. But I don't think is generally something that we'll have achieved as well as an industry yet. And including the cultural aspects of it. >> Is that why you think end to end is important to hit that piece there so that people feel like it's all working together >> I think end to end is important for two reasons. actually one is that essentially, as you say, you hit all the pieces from the point of deployment, let's say all the way to production, but it's also because I think applications and infrastructure, FMLA infrastructure with Kubernetes, microservices are in traditional so much more complexity that you need to step function improvement in the tooling as well. Right? So that you need keep up with the complexity. So bringing everything together and applying analytics on top is the way essentially to have this step function improvement in how your monitoring solution works so that it can keep up with the complexity of the underlying infrastructure and application. >> That is a huge, huge points Spiros. I got to double down on that with you and say, let's expand that because that's the number one problem, taming the complexity without slowing down. Right? So what is the best practice for that? What do people do? Cause, I mean, I know it's evolving, it's going faster than that, but it's still getting better, but not always there, but what can people do to go faster? >> So, and I will add that it's even more complex than just what the cloud, let's say, native applications introduced because especially large enterprises have to maintain their routine, that on-prem footprint legacy applications that are still in production and then still expand. So it's additive to what they have today, right? If somebody was to start from a clean slate, let's say started with Kubernetes today, maybe yes, we have the cloud native tooling to monitor that, but that's not the reality of most, most enterprises out there. Right? So I think our goal at Splunk at least is to be able to essentially work with our customers through their digital, digital transformation and cloud journey. So to be able to support all their existing applications, but also help them bring those to the cloud and develop new applications in a cloud native fashion, let's say, and we have the tooling, I think, to support all of that, right between let's say our original data platform and our metrics and traces platform that we develop further. >> That's awesome. And then one quick question on the customer side, if I'm a customer, I want observability, I want this, I want everything you just said. How do I tell the difference between a pretender and a player, the good solution and a bad solution? What are the signals that this is the real deal, that's a fake product >> Agreed. So, I mean, everyone obviously believes that original (laughing) I'm not sure if I will. >> You don't want to name names? Here's my, my perspective on what truly is a requirement for absorb-ability right? First of all, I think we have moved past the time where let's say proprietary instrumentation and data collection was a differentiator. In fact, it actually is a problem today, if you are deploying that because it creates silos, right? If I have a proprietary instrumentation approach for my application, that data cannot be connected to my infrastructure or my logs, let's say, right. So that's why we believe open telemetry is the future. And we start there in terms of data collection. Once we standardize, let's say data collection, then the problem moves to analytics. And that's, I think where the future is, right? So observability is not just about collecting a bunch of data and that bring it back to the user. It's about making sense out of this data, right? So the name of the game is analytics and machine learning on top of the data. And of course the more data you can collect, the better it is from that perspective. And of course, then when we're talking about enterprises, scale controls, compliance all of these matter. And I think real time matters a lot as well, right? We cannot be alerting people after minutes of a problem that has happened, but within a few seconds, if we wanted to really be pro-active. >> I think one thing I like to throw out there, maybe get your reaction to it, I think maybe one other thing might be enabling the customer to code on top of it, because I think trying to own the vertical stack as well as is also risky as a vendor to sell to a company, having the ability to add programming ability on top of it. >> I completely agree actually, You do? In general giving more control to the users and how, what do they do with their data, let's say, right? And even allowing them to use open source, whatever is appropriate for them, right? In combination, maybe with a vendor solution when they don't want to invest themselves. >> Build their own apps, build your own experience. That's the way the world works. That's software. >> I agree. And again, Splunk from the beginning was about that, right? Like we'll have thousands of apps built ontop of our platform >> Awesome. Well, I want to talk about open source and the work you're doing with open telemetry. I think that's super important. Again, go back even five, 10 years ago. Oh my God. The cloud's not secure. Oh my God, open source has got security holes. It turns out it's actually the opposite now. So, you know finally through the people woke up. No, but it's gotten better. So take us through the open telemetry and what you guys are doing with that. >> Yes. So first of all, my belief, my personal belief is that if there is no future where infrastructure is anything about open source, right? Because people do not trust actually close our solutions in terms of security. They prefer open source at this point. So I think that's the future. And in that sense, a few years ago, I guess our belief was that all data collection instrumentations with standards based first of all, so that the users have control and second should be open source. That's why we, at Omnition the company I co-founded that was acquired by Splunk. We we're one of the main tenders of open sensors and that we brought together open sensors and OpenTracing in creating open telemetry. And now , Open telemetry is pretty much the de facto. Every vendor supports it, its the second most active project in CNCF. And I think it's the future, right? Both because it frees up the data and breaks up the silos, but also because, has support from all the vendors. It's impossible for any single vendor to keep up with all this complexity and compete with the entire industry when we all come together. So I think it's a great success it's I guess, kudos to everybody, kudos to CNCF as well, that was able to actually create and some others. >> And props to CNCF. Yeah. CNC has done an amazing job and been going to all those events all the years and all the innovations has been phenomenal. I got to ask what the silos, since you brought it up, come multiple times. And again, I think this is important just to kind of put an exclamation point on, machine learning is based upon data. Okay. If you have silos, you have the high risk of having bad machine learning. >> Yes. >> Okay. That's you agree with that? >> Completely. >> So customers, they kind of understand this, right. If you have silos that equals bad future >> Correct >> because machine learning is baked into everything now. >> And I will add to that. So silos is the one problem, and then not being able to have all the data is another problem, right? When it comes to being able to make sense out of it. So we're big believers in what we call full fidelity. So being able to connect every byte of data and do it in a way that makes sense, obviously economically for the customer, but also have, let's say high signal to noise ratio, right? By structuring the data at the source. Overt telemetry is another contributor to that. And by collecting all the data and by having an ability, let's say to connect the data together, metrics, traces, logs, events, incidents, then we can actually build a little more effective tooling on top to provide answers back to the user with high confidence. So then users can start trusting the answers as opposed to they themselves, always having to figure out what the problem is. And I think that's the future. And we're just starting. >> Spiros I want to ask you now, my final question is about culture And you know, when you have scale with the cloud and data, goodness, where you have people actually know the value of data and they incorporate into their application, you have advantages. You have competitive advantages in some cases, but developers were just coding love dev ops because it's infrastructure as code. They don't have to get into the weeds and do the under the hood, datas have that same phenomenon right now where people want access to data. But there's certain departments like security departments and IT groups holding back and slowing down the developers who are waiting days and weeks when they want it in minutes and seconds for have these kinds of things. So the trend is, well there's, first of all, there's the culture of people aren't getting along and they're hating each other or they're not liking each other. >> Yes >> There's a little conflict, always kind of been there, but now more than ever, because why wait? >> I agree. >> How can companies shorten that cycle? Make it more cohesive, still decouple the groups because you've got, you got compliance. How do you maximize the best of a good security group, a good IT group and enables as fast as possible developers. >> I agree with you, by the way, this is primarily cultural. And then of course there is a tooling gap as well. Right. But I think we have to understand, let's say as a security group, instead of developers, what are the needs of each other, right. Why we're doing the things we're doing because everybody has the right intentions to some extent, right? But the truth is there is pain. We are me and myself. Like as we develop our own solutions in a cloud native fashion, we see that right. We want to move as fast as possible, but at the same time, want to be compliant and secure, right. And we cannot compromise actually on security or compliance. I mean, that's really the wrong solution here. So I think we need to come together, understand what each other is trying to do and provide. And actually we need to build better tooling that doesn't get into the way. Today, oftentimes it's painful to have, let's say a compliance solution or a secure solution because it slows down development. I think we need to actually, again, maybe a step function improvement in the type of tooling we'll have in this space. So it doesn't get into the way Right? It does the work it provides. Let's say the security, the security team requires, it provides the guarantees there, but doesn't get in the way of developers. And today it doesn't happen like this most of the time. So we have some ways to go. >> And Garth has mentioning how you guys got some machine learning around different products is one policy kind of give some, you know, open, you know, guardrails for the developers to bounce around and do things until they, until they have to put a new policy in place. Is that an answer automated with automation? >> Big time. Automation is a big part of the answer, right? I think we need to have tooling that first of all works quickly and provides the answers we need. And we'll have to have a way to verify that the answer are in place without slowing down developers.Splunk is, I mean, out of a utility of DevSecOps in particular is around that, right? That we need to do it in a way that doesn't get in the way of, of let's say the developer and the velocity at which they're trying to move, but also at the same time, collect all the data and make sure, you know, we know what's going on in the environment. >> Is AI ops and dev sec ops and GET ops all the same thing in your mind, or is it all just labels >> It's not necessarily the same thing because I think AI ops, in my opinion applies, let's say to even more traditional environments, what are you going to automate? Let's say IT workflows in like legacy applications and infrastructure. Getops in my mind is maybe the equivalent when you're talking about like cloud native solutions, but as a concept, potentially they are very close I guess. >> Well, great stuff. Great insight. Thanks for coming on the Cube. Final point is what's your take this year of the live we're in person, but it's virtual, we're streaming out. It's kind of a hybrid media environment. Splunk's now in the media business with the studios, everything great announcements. What's your takeaway from the keynote this week? What's your, you got to share to the audience, this week's summary. >> First of all, I really hope next year, we're all going to be in one place, but still given the limitations we had I think it was a great production and thanks to everybody who was involved. So my key takeaway is that we truly actually have moved to the data age and data is at the heart of everything we do. Right? And I think Splunk has always been that as a company, but I think we ourselves really embraced that and everything we do is everything. Most of the problems we solve are data problems, whether it's security, observability, DevSecOps, et cetera. So. >> Yeah, and I would say, I would add to that by saying that my observations during the pandemic now we're coming, hopefully to the end of it, you guys have been continuing to ship code and with real, not vaporware real product, the demos were real. And then the success on the open source. Congratulations. >> Thank you. >> All right. Thanks for coming on and we appreciate it >> Thanks alot _Cube coverage here at dot com Splunk annual conference. Virtual is the Cube. We're here live at the studios here at Splunk studios for their event. I'm John Farrow with the Cube. Thanks for watching. (joyful tune)

(upbeat music) >> Hello everyone, welcome back to theCUBE's coverage of splunk.com 2021 virtual. We're here live in the Splunk studios. We're all here gettin all the action, all the stories. Garth Fort, senior vice president, Chief Product Officer at Splunk is here with me. CUBE alumni. Great to see you. Last time I saw you, we were at AWS now here at Splunk. Congratulations on the new role. >> Thank you. Great to see you again. >> Great keynote and great team. Congratulations. >> Thank you. Thank you. It's a lot of fun. >> So let's get into the keynote a little bit on the product. You're the Chief Product Officer. We interviewed Shawn Bice, who's also working with you as well. He's your boss. Talk about the, the next level, cause you're seeing some new enhancements. Let's get to the news first. Talk about the new enhancements. >> Yeah, this was actually a really fun keynote for me. So I think there was a lot of great stuff that came out of the rest of it. But I had the honor to actually showcase a lot of the product innovation, you know, since we did .conf last year, we've actually closed four different acquisitions. We shipped 43 major releases and we've done hundreds of small enhancements, like we're shipping code in the cloud every six weeks and we're shipping new versions twice a year for our Splunk Enterprise customers. And so this was kind of like if you've seen that movie Sophie's Choice, you know, where you have to pick one of your children, like this was a really hard, hard thing to pick. Cause we only had about 25 minutes, but we did like four demos that I think landed really well. The first was what we call ingest actions and you know, there's customers that are using, they start small with gigabytes and they go to terabytes and up to petabytes of data per day. And so they wanted tools that allow them to kind of modify filter and then route data to different sort of parts of their infrastructure. So that was the first demo. We did another demo on our, our visual playbook editor for SOAR, which has improved quite a bit. You know, a lot of the analysts that are in the, in the, in the SOC trying to figure out how to automate responses and reduce sort of time to resolution, like they're not Python experts. And so having a visual playbook editor that lets them drag and drop and sort of with a few simple gestures create complex playbooks was pretty cool. We showed some new capabilities in our APM tool. Last year, we announced we acquired a company called Plumbr, which has expertise in basically like code level analysis and, and we're calling it "Always On" profiling. So we, we did that demo and gosh, we did one more, four, but four total demos. I think, you know, people were really happy to see, you know, the thing that we really tried to do was ground all of our sort of like tech talk and stuff that was like real and today, like this is not some futuristic vision. I mean, Shawn did lay out some, some great visions, visionary kind of pillars. But, what we showed in the keynote was I it's all shipping code. >> I mean, there's plenty of head room in this market when it comes to data as value and data in motion, all these things. But we were talking before you came on camera earlier in the morning about actually how good Splunk product and broad and deep the product portfolio as well. >> Garth: Yeah. >> I mean, it's, I mean, it's not a utility and a tooling, it's a platform with tools and utilities. >> Garth: Yeah >> It's a fully blown out platform. >> Yeah. Yeah. It is a platform and, and, you know, it's, it's one that's quite interesting. I've had the pleasure to meet a couple of big customers and it's kind of amazing, like what they do with Splunk. Like I was meeting with a large telco on the east coast and you know, they actually, for their set top boxes, they actually have to figure out in real time, which ads to display and the only tool they could find to process 15 million events in real time, to decide what ad to display, was Splunk. So that was, that was like really cool to hear. Like we never set out to be like an ad tech kind of platform and yet we're the only tool that operates at that level of scale and that kind of data. >> You know, it's funny, Doug Merritt mentioned this in my interview with him earlier today about, you know, and he wasn't shy about it, which was great. He was like, we're an enabling platform. We don't have to be experts in all these vertical industries >> Garth: Yep >> because AI takes care of that. That's where the machine learning >> Garth: Yeah >> and the applications get built. So others are trying to build fully vertically integrated stacks into these verticals when in reality they don't have to, if they don't want it. >> Yeah, and Splunk's kind of, it's quite interesting when you look across our top 100 customers, you know, Doug talks about like the, you know, 92 of the fortune 100 are kind of using Splunk today, but the diversity across industries and, you know, we have government agencies, we have, you know, you name the retail or the vertical, you know, we've got really big customers, they're using Splunk. And the other thing that I kind of, I was excited about, we announced the last demo I forgot was TruSTAR integration with Enterprise Security. That's pretty cool. We're calling that Splunk Threat Intelligence. And so That was really fun and we only acquired, we closed the acquisition to TruSTAR in May, but the good news is they've been a partner with us like for 18 months before we actually bought em. And so they'd already done a lot of the work to integrate. And so they had a running start in that regard, But other, one other one that was kind of a, it was a small thing. I didn't get to demo it, but we talked about the, the content pack for application performance monitoring. And so, you know, in some ways we compete in the APM level, but in many ways there's a ton of great APM vendors out there that customers are using. But what they wanted us to do was like, hey, if I'm using APM for that one app, I still want to get data out of that and into Splunk because Splunk ends up being like the core repository for observability, security, IT ops, Dev Sec Ops, et cetera. It's kind of like where the truth, the operational truth of how your systems works, lives in Splunk. >> It's so funny. The Splunk business model has actually been replicated. They call it data lake, whatever you want to call it. People are bringing up all these different metaphors. But at the end of the day, if you guys can create a value proposition where you can have data just be, you know, stored and dumped and dumped into whatever they call it stored in a way >> Garth: We call it ingest >> Ingested, ingested. >> Garth: Not dumped. >> Data dump. >> Garth: It's ingested. >> Well, I mean, well you given me a plan, but you don't have to do a lot of work to store just, okay, we can only get to it later, >> Garth: Yep. >> But let the machines take over >> Garth: Yep. >> With the machine learning. I totally get that. Now, as a pro, as a product leader, I have to ask you your, your mindset around optimization. What do you optimize for? Because a lot of times these use cases are emerging. They just pop out of nowhere. It's a net new use case that you want to operationalize. So balancing the headroom >> Yep. >> Or not to foreclose those new opportunities for customers. How are customers deciding what's important to them? How do you, because you're trying to read the tea leaves for the future >> Garth: A little bit, yeah. >> and then go, okay, what do our customers need, but you don't want to foreclose anything. How do you think about product strategy around that? >> There's a ton of opportunity to interact with customers. We have this thing called the Customer Advisory Board. We run, I think, four of them and we run a monthly. And so we got an opportunity to kind of get that anecdotal data and the direct contact. We also have a portal called ideas.splunk.com where customers can come tell us what they want us to build next. And we look at that every month, you know, and there's no way that we could ever build everything that they're asking us to, but we look at that monthly and we use it in sort of our sprint planning to decide where we're going to prioritize engineering resources. And it's just, it's kind of like customers say the darndest things, right? Sometimes they ask us for stuff and we never imagined building it in a million years, >> John: Yeah. >> Like that use case around ads on the set top box, but it's, it's kind of a fun place to be like, we, we just, before this event, we kind of laid out internally what, you know, Shawn and I kind of put together this doc, actually Shawn wrote the bulk of it, but it was about sort of what do we think? Where, where can we take Splunk to the next three to five years? And we talked about these, we referred to them as waves of innovation. Cause you know, like when you think about waves, there's multiple waves that are heading towards the beach >> John: Yeah. >> in parallel, right? It's not like a series of phases that are going to be serialized. It's about making a set of investments. that'll kind of land over time. And, and the first wave is really about, you know, what I would say is sort of, you know, really delivering on the promise of Splunk and some of that's around integration, single sign-on things about like making all of the Splunk Splunk products work together more easily. We've talked a lot in the Q and a about like edge and hybrid. And that's really where our customers are. If you watch the Koby Avital's sort of customer keynote, you know, Walmart by necessity, given their geographic breadth and the customers they serve has to have their own infrastructure. They use Google, they use Azure and they have this abstraction layer that Koby's team has built on top. And they use Splunk to manage kind of, operate basically all of their infrastructure across those three clouds. So that's the hybrid edge scenario. We were thinking a lot about, you mentioned data lakes. You know, if you go back to 2002, when Splunk was founded, you know, the thing we were trying to do is help people make sense of log files. But now if you talk to customers that are moving to cloud, everybody's building a data lake and there's like billions of objects flowing into millions of these S3 buckets all over the place. And we're kind of trying to think about, hey, is there an opportunity for us to point our indexing and analytics capability against structured and unstructured data and those data lakes. So that that'll be something we're going to >> Yeah. >> at least start prototyping pretty soon. And then lastly, machine learning, you know, I'd say, you know, to use a baseball metaphor, like in terms of like how we apply machine learning, we're like in the bottom of the second inning, >> Yeah. >> you know, we've been doing it for a number of years, but there's so much more. >> There's so, I mean, machine learning is only as good as the data you put into the machine learning. >> Exactly, exactly. >> And so if you have, if you have gap in the data, the machine learning is going to have gaps in it. >> Yeah. And we have, we announced a feature today called auto detect. And I won't go into the gory details, but effectively what it does is it runs a real-time analytics job over whatever metrics you want to look at and you can do what I would consider more statistics versus machine learning. You can say, hey, if in a 10 minute period, like, you know, we see more errors than we see on average over the last week, throw an alert so I can go investigate and take a look. Imagine if you didn't have to figure out what the right thresholds were, if we could just watch those metrics for you and automatically understand the seasonality, the timing, is it a weekly thing? Is it a monthly thing? And then like tell you like use machine learning to do the anomaly detection, but do it in a way that's more intelligent than just the static threshold. >> Yeah. >> And so I think you'll see things like auto detect, which we announced this week will evolve to take advantage of machine learning kind of under the covers, if you will. >> Yeah. It was interesting with cloud scale and the data velocity, automations become super important. >> Oh yeah. >> You don't have a lot of new disciplines emerge, like explainable AI is hot right now. So you got, the puck is coming. You can see where the puck is going. >> Yeah >> And that is automation at the app edge or the application layer where the data has got to be free-flowing or addressable. >> Garth: Yeah. >> This is something that is being talked about. And we talked about data divide with, with Chris earlier about the policy side of things. And now data is part of everything. It's part of the apps. >> Garth: Yeah. >> It's not just stored stuff. So it's always in flight. It should be addressable. This is what people want. What do you think about all of that? >> No, I think it's great. I actually just can I, I'll quote from Steve Schmidt in, in sort of the keynote, he said, look like security at the end of the day is a human problem, but it kind of manifests itself through data. And so being able to understand what's happening in the data will tell you, like, is there a bad actor, like wreaking havoc inside of my systems? And like, you can use that, the data trail if you will, of the bad actor to chase them down and sort of isolate em. >> The digital footprints, if you will, looking at a trail. >> Yeah. >> All right, what's the coolest thing that you like right now, when you look at the treasure trove of, of a value, as you look at it, and this is a range of value, Splunk, Splunk has had customers come in with, with the early product, but they keep the customers and they always do new things and they operationalize it >> Garth: Yep. >> and another new thing comes, they operationalize it. What's the next new thing that's coming, that's the next big thing. >> Dude that is like asking me which one of my daughters do I love the most, like that is so unfair. (laughing) I'm not going to answer that one. Next question please. >> Okay. All right. Okay. What's your goals for the next year or two? >> Yeah, so I just kind of finished roughly my first 100 days and it's been great to, you know, I had a whole plan, 30, 60, 90, and I had a bunch of stuff I wanted to do. Like I'm really hoping, sort of, we get past this current kind of COVID scare and we get to back to normal. Cause I'm really looking forward to getting back on the road and sort of meeting with customers, you know, you can meet over Zoom and that's great, but what I've learned over time, you know, I used to go, I'd fly to Wichita, Kansas and actually go sit down with the operators like at their desk and watch how they use my tools. And that actually teaches you. Like you, you come up with things when you see, you know, your product in the hands of your customer, that you don't get from like a CAB meeting or from a Zoom call, you know? >> John: Yeah, yeah. >> And so being able to visit customers where they live, where they work and kind of like understand what we can do to make their lives better. Like that's going to, I'm actually really excited to gettin back to travel. >> If you could give advice to CTO, CISO, or CIO or a practitioner out there who are, who is who's sitting at their virtual desk or their physical desk thinking, okay, the pandemic, were coming through the pandemic. I want to come out with a growth strategy, with a plan that's going to be expansive, not restrictive. The pandemic has shown what's what works, what doesn't work. >> Garth: Sure. >> So it's going to be some projects that might not get renewed, but there's doubling down on, certainly with cloud scale. What would advice would you give that person when they start thinking about, okay, I got to get my architecture right. >> Yeah. >> I got to get my playbooks in place. I got to get my people aligned. >> Yeah >> What's what do you see as a best practice for kind of the mindset to actual implementation of data, managing the data? >> Yeah, and again, I'm, I'm, this is not an original Garth thought. It actually came from one of our customers. You know, the, I think we all, like you think back to March and April of 2020 as this thing was really getting real. Everybody moved as fast as they could to either scale up or scale scaled on operations. If you were in travel and hospitality, you know, that was, you know, you had to figure how to scale down quickly and like what you could shut down safely. If you were like in the food delivery business, you had to figure out how you could scale up, like Chipotle hit two, what is it? $2 billion run rate on delivery last year. And so people scrambled as fast as they could to sort of adapt to this new world. And I think we're all coming to the realization that as we sort of exit and get back to some sense of new normal, there's a lot of what we're doing today that's going to persist. Like, I think we're going to have like flexible rules. I don't think everybody's going to want to come back into the office. And so I think, I think the thing to do is you think about returning to whatever this new normal looks like is like, what did we learn that was good. And like the pandemic had a silver lining for folks in many ways. And it sucked for a lot. I'm not saying it was a good thing, but you know, there were things that we did to adapt that I think actually made like the workplace, like stronger and better. And, and sort of. >> It showed that data's important, internet is important. Didn't break, the internet didn't break. >> Garth: Correct. >> Zoom was amazing. And the teleconferencing with other tools. >> But that's kind of, just to sort of like, what did you learn over the last 18 months that you're going to take for it into the next 18 years? You know what I mean? Cause there was a lot of good and I think people were creative and they figured out like how to adapt super quickly and take the best of the pandemic and turn it into like a better place to work. >> Hybrid, hybrid events, hybrid workforce, hybrid workflows. What's what's your vision on Splunk as a tier one enterprise? Because a lot of the news that I'm seeing that's, that's the tell sign to me in terms of this next growth wave is big SI deals, Accenture and others are yours working with and you still got the other Partnerverse going. You have the ecosystems emerging. >> Garth: Yep. >> That's a good, that means your product's enabling people to make money. >> Garth: Yeah. Yeah, yeah, yeah. >> And that's a good thing. >> Yeah, BlueVoyant was a great example in the keynote yesterday and they, you know, they've really, they've kind of figured out how, you know, most of their customers, they serve customers in heavily regulated industries kind of, and you know, those customers actually want their data in a Splunk tenant that they own and control and they want to have that secure boundary around that. But BlueVoyant's figured out how they can come in and say, hey, I'm going to take care of the heavy lifting of the day-to-day operations, the monitoring of that environment with the security. So, so BlueVoyant has done a great job sort of pivoting and figuring out how they can add value to customers and do, you know, because they they're managing not just one Splunk instance, but they're managing 100s of Splunk cloud instances. And so they've got best practices and automation that they can play across their entire client base. And I think you're going to see a lot more of that. And, and Teresa's just, Teresa is just, she loves Partners, absolutely loves Partners. And that was just obvious. You could, you could hear it in her voice. You could see it in her body language, you know, when she talked about Partnerverse. So I think you'll see us start to really get a lot more serious. Cause as big as Splunk is like our pro serve and support teams are not going to scale for the next 10,000, 100,000 Splunk customers. And we really need to like really think about how we use Partners. >> There's a real growth wave. And I, and I love the multiples wave in parallel because I think that's what everyone's consensus on. So I have to ask you as a final question, what's your takeaway? Obviously, there's been a virtual studio here where all the Splunk executives and, and, and customers and partners are here. TheCUBE's here doing all the presentations, live by the way. It was awesome. What would you say the takeaway is for this .conf, for the people watching and consuming all the content online? A lot of asynchronous consumption would be happening. >> Sure. >> What's your takeaway from this year's Splunk .conf? >> You know, I, it's hard cause you know, you get so close to it and we've rehearsed this thing so many times, you know, the feedback that I got and if you look at Twitter and you look at my Slack and everything else, like this felt like a conf that was like kind of like a really genuine, almost like a Splunk two dot O. But it's sort of true to the roots of what Splunk was true to the product reality. I mean, you know, I was really careful with my team and to avoid any whiff of vaporware, like what were, what we wanted to show was like, look, this is Splunk, we're acquiring companies, you know, 43 major releases, you know, 100s of small ones. Like we're continuing to innovate on your behalf as fast as we can. And hopefully this is the last virtual conf. But even when we go back, like there was so much good about the way we did this this week, that, you know, when we, when we broke yesterday on the keynote and we were sitting around with the crew and it kind of looking at that stage and everything, we were like, wow, there is a lot of this that we want to bring to an in-person event as well. Cause so for those that want to travel and come sit in the room with us, we're super excited to do that as soon as we can. But, but then, you know, there may be 25, 50, 100,000 that don't want to travel, but can access us via this virtual event. >> It's like a time. It's a moment in time that becomes a timeless moment. That could be, >> Wow, did you make that up right now? >> that could be an NFT. >> Yeah >> We can make a global cryptocurrency. Garth, great to see you. Of course I made it up right then. So, great to see you. >> Air bump, air bump? Okay, good. >> Okay. Garth Fort, senior vice president, Chief Product Officer. In theCUBE here, we're live on site at Splunk Studio for the .conf virtual event. I'm John Furrier. Thanks for watching. >> All right. Thank you guys. (upbeat music)

okay welcome back to thecube's coverage at splunk.com 2021 virtual i'm john furrier with thecube we're here live in the studios of splunk's event here we're all together broadcasting out all over the world here with chris dieglemeyer chief social impact officer for splunk great to see you thanks for coming on great thanks for having me today i love the title chief social impact officer because we're bringing in data unlocks value well you know that and yes it's the theme of the show society has really been impacted by misinformation what context we've seen examples of how data has been good and been bad yes so there's a divide there so you're this is a big part of your talk yes it it's a big part of me and it's going to be even a bigger part of splunk going forward so as many people know they've heard of the digital divide right and that was about access to information communication technologies and it was coined 20 years ago 2001 and we've made progress on that digital divide but now we have all that infrastructure or a lot of it and so on top of that we have the data divide and that's the increasing and expanding use of data and the gap between using that to solve commercial and provide commercial value in contrast to solving our social and environmental challenges and so the the important thing about it is we're early enough that with urgent action we can try to close that gap um and really make a difference in the world so let's get started let's define the data divide and give some specific examples where you see it in action on the pro side and where there's some work needed yeah so all so the definition is again that that gap between using we we have all this data being used for commercial value and a relatively weak use of data being used to solve our social and environmental challenges and we've got four kind of key barriers that we've identified that need to be addressed which will get to you know the questions and how we solve it one is access so think about it think of the data that google has and where that is in access compared to probably the department of education in any country around the world so access is big second is capacity we need both financial resources investing in solving our social and environmental problems and we need data scientists data stewards great data people working to solve our social and environmental problems just as we are in the corporate sector and then the third one is investment choices and this one is a little bit of a be in my bonnet and this happens mostly in the private sector so we all know you know every year it's like what what hits the return on investment criteria and solving social and environmental challenges often does not uh doesn't have that quite time frame return on investment and think about if we'd identified this data divide 20 years ago for climate because companies are doing phenomenal work now about climate what if we had been doing that work 20 years ago around sustainability around efficiency and then the last piece is actionable solutions that we can replicate so those are kind of the four barriers um and again i think we've got a lot of potential and examples there isn't one issue i can think of where more data isn't going to help us you know this is so important i feel very strongly about this because i've seen examples where i've seen really strong people start ngos or non-profits or just building an app and they abandon it because they can't get there fast enough so the idea that cloud and data accessibility can be there you get to see some success and you can double down on that's the cloud way yes so i think this is something that people want to know the playbook so you know where where are people being successful what can people do yeah to take advantage of it yeah so i think that's a really good important point um is transitioning to the cloud so think of the nonprofit sector it's barely there yet so all of us who are investors philanthropists we need to be supporting the nonprofit sector be cloud enabled and cloud forward similarly with government i i you know there's example after example where you know whether it's health whether it's child and human services their data is in file cabinets think about that think of prime so we need to digitize those then we need to data enable that so that we can see those insights that are coming out around those solutions you know it's always the you know it's always a discussion in the industry inside the ropes and now on mainstream but getting data to the right place at the right time yeah is a really important thing it's a technical latency all these things but practically it has societal impact where would you rank the progress bar in terms of where we are on the digital divide because i can see healthcare for instance having access to the right information or it could be something on the government side where it could be related to climate change or hey get this involved where are we on this so i i would say on the digital divide which is the infrastructure piece um for most definitely high-income countries mid-income countries we've actually made progress and so they have that they're all you know network they're cloud but now they have all this data they don't know what to do with right and so what we need to kind of now build on that infrastructure to solve for that data and i'll just you know a splunk example one of our customers the netherlands um in their court system right with using splunk they were able to enable real-time data to inform court decisions so historically the judge would ask you know this happened in covid where are we on bankruptcy cases right and historically somebody would call somebody they'd call somebody they go dig the files and they get the information three months real time this is what's happening with bankruptcy in real time with covid is going to change those decisions that impact people's lives so you add that on top i mean we have environmental examples working with net zero schools we have it and we worked with the healthcare coalition with mitre to enable real-time data with a number of other companies so um where so i would say we're further along on the digital divide we're at step one on the data divide yeah doug merritt was talking earlier today about how you know this data plan that splunk has evolved into this catch basin for all the data and then it becomes useful and really taking us through the journal now security and it's this control plane that's enabling yeah i think to me that's a real key thing here so i have to ask do you see envision a future where we have a data commons where um citizens and could tap into the data and in the gov 2.0 is kind of on that vision yeah what do you where do you see this what do you say well i i think and i i know doug has talked about this before too from a values standpoint of especially with government moving to open data and then what we have to do is we have to protect privacy which actually splunk is really good at doing uh so you've got to take that individual data out of there but then once you get these big data pools into these big data lakes you'll be able to see insights that you couldn't see before you know it's interesting that i remember when the internet came around and how the u.s government's very active it seems now that that tech policy has always been kind of like oh yeah we're kind of involved in dc but now tech is so important and with all the backlash on the facebooks of the world of you know how democracy was broken there's an opportunity yeah and the lawmakers and the people who make the laws are kind of lawyers they're not really techies so so like policy's got to change how do we do that yeah oh gosh if i could solve that one on policy change but but i want to make a comment because i think it's really important because you reference and the situation facebook is in is common knowledge i give a lot of credit to splunk as you know a data platform company saying we see this data divide coming and we're going to step to the table now and do something about it because there's a lot of other companies that knew these challenges if they looked out three five years and they made personal or company choices not to do something about it so transparency is super important getting that out there and and being again in data and just saying it's not all roses right and and so take being a purpose-driven company is about making those decisions as a company to have an impact so then to answer your question on policy um i would say i think it's really complicated and tricky because data moves at the speed of sound and policy moves kind of like a turtle and so i think what we need to have happen is companies going to sometimes have to lead the way and hold themselves accountable and then work in partnership with policy to make you know policy changes that impact everybody so again we're strong advocates of open data you know we we can't make the government do it but we can be a voice for it in service of bridging the state this data divide is a great conversation i wish we had more time for the last minute just give a quick plug for what splunk's doing specifically and how people could get involved and participate yeah so i'll kind of i'd say three things one is at this early stage we're kind of raising the flag to governments out there to philanthropy to nonprofits like we all need to be paying attention to this we're going to be investing in more research on it because it is at such an early stage we've identified these barriers but we've got to go much deeper and build collaborations around the solution so we're going to be mobilizing our partners and our customers we have a 100 million dollar pledge where we donate our product nonprofits we and the equally important thing as i talked about it's our talent right it's getting the talent to help these organizations it's our strategic giving so we're mobilizing you know all of our assets around this pledge we have a 50 million dollar impact fund which is around four purpose data enabled companies so we're trying to do it across a multitude of platforms is that investment fund deploying now or has it been making investments in companies already yeah we've made um three investments refrain ai is one about using machine learning and ai around the jobs of the future and retraining so it's still or it was launched just a couple years ago so we're still early in the 50 million dollar fund so we'll be doing more of that sounds like a great opportunity for people out there watching enable enable the people to change the world yeah that's what splunk's all about right now exactly chris thanks for coming on appreciate great thank you okay the data divide we're bringing you all the data here from the cube live here in the splunk studios i'm john furrier with thecube thanks for watching thank you

>>Welcome back to the cubes cover dot com. Splunk annual conference >>Virtual this year. I'm john for >>your host of the cube as always we're being the best stories. The best guest to you and the best guest today is the ceo Doug merit of course, Top Dog. It's great to see you. Thanks for coming on to be seen. >>So nice. I can't believe it. We had a whole year without seeing each other. >>I love this conference because it's kind of like a studio taking over a full virtual studio multiple sets, cubes here. You have the main stage, you've got rooms upstairs, tons of virtual interactions. Great numbers. Congratulations. >>Thank you. Thank you. We were, we wanted this to be primarily live where we are live, primarily on site. Um, and we pivoted some private marketing team. How quickly they pivoted and I love the environment they've created as I know next year we will be always have virtual now we've all learned but will be on site, which is great. >>It's good to see kind of you guys telling the story a lot, a lot more stories happening and You know, we've been covering splint since 2012 on the Cube. I think longer than aws there was 2013 our first cube seeing Splunk emerge is the trend has been, it's new, it's got value and you operationalize it for customers. Something new happens. You operationalized for customers and it just keeps on the Splunk way, the culture of innovation. It just seems now more than ever. You guys were involved in security early 2015 I think that was the year we started kind of talking about it your first year and now it just feels like something bigger is right here in front of us. It's and people are trying to figure out multi cloud observe ability. We see that what that's a big growth wave coming. What's the wave that's happening? >>So uh the beauty of Splunk and the kind of culture and how we were born was we have this non structured backbone um what I would call the investigative lake where you just dump garbage into it and then get value out of it through the question asking which means you can traverse anywhere because you're not taking a point of view on the data it's usable all over the place. And that's how we went up in security. As we had the I. T. Systems administrators pinging that thing with with questions. And at that point in time the separate teams were almost always part of the I. T. Teams like hey can we ask questions that thing. It's like yeah go ahead. And also they got value. And then the product managers and the app dev guys started asking questions. And so a lot of our proliferation has been because of the underlying back bonus blank the ability for new people to come to the data and find value in the data. Um as you know and as our users know we have tried to stay very focused on the go to market basis on serving the technical triumphant the cyber teams, the infrastructure management, 90 ops teams and the abdomen devoPS teams and on the go to market basis and the solutions we package that is, we're trying to stay super pure to that. That's $90 billion of total addressable market. We're super excited will be well over three billion an error this year, which is amazing is 300 million when I started seven years ago so that 10 x and seven years is great. But three billion and 90 billion like we're all just getting going right now with those Corbyn centers. The were on top of what sean bison as we tell you about, hey, we've got to continue to focus on multi cloud and edge is really important. Machine learning is important. That the lever that we've been focused on for a long time that we'll continue to gain better traction on is making sure that we've got the right data plane and application platform layer so that the rest of the world can participate in building high quality reusable and recyclable applications so that operate operationalization that we have done officially around cyber it and devops and unofficially on a one off basis for marketing and supply chain and logistics and manufacturing that those other use cases can be packaged repeated, sold and supported by the people that really know those domains because we're not manufacturing experts. It's we're honored that portion BMW are using us to get operational insight into the manufacturing floor. But they lead that we just were there is the technical Splunk people to help bring that to life. But there are lots of firms out there, no manufacturing cold process versus the screed and they can create with these packages. They're appropriate for automotive, automotive versus paint versus wineries versus having that. I think the big Accelerant over the next 10 years response, we gotta keep penetrating our core use cases but it would be allowing our ecosystem and so happy Teresa Karlsson's here is just pounding the table and partners to take the other probably 90% of the market that is not covered by by our core market. >>Yeah, I think that's awesome. And the first time we get to the partner 1st and 2nd the rebranding of the ecosystem as it's growing. But you mentioned you didn't know manufacturing as an example where the value is being created. That's interesting because you guys are enabling that value, their adding that because they know their apps then they're experts. That's where the ecosystem is really gonna shine because if you can provide that enablement this control plane as you mentioned, that's going to feed the ecosystem. So the question I have for you is as you guys have become essentially the de facto control playing for most companies because they were using spring for a lot of other great reasons now you have set them up that way is the pattern to just keep building machine learning apps on top of it or more querying what's the what's the customer next level trends that you're seeing. >>So the two core focus areas that we will stay on top of is enriching that data platform and ensure that we continue to provide better at peace and better interfaces so that when people want to build a really interesting automotive parts, supply chain optimization app that they're able to do that, we've got the right A. P. S. We've got the right services, we've got the right separation between the application of platforms so they can get that done, we'll continue to advance that platform so that there's modernization capabilities and there's advertising capabilities and other pieces that they can make their business. The other piece that will stay very focused on is within the cyber realm within I. T. Ops within devops, ensuring that we're leveraging that platform, but baking ml and baking all the advanced edge and other capabilities into those solutions because the cyber teams as where you started with a You know, we really started reporting on cyber 2015, those guys have got such a hard job and while there's lots of people pretending like they're going to come in and serve them, it's the difficulty is there are hundreds of tools and technologies that the average C so deals with and the rate of innovation is not slowing down and those vendors that have a vested interest and I want to maintain my footprint and firewalls, I want to maintain an implant, I want to maintain. It's really hard for them to say, you know what? There are 25 other categories of tools and there's 500 vendors. You gotta play nicely with your competitors and know all those folks if you really want to provide the ml the detection, the remediation, The investigation capabilities. And that's where I'm really excited about the competition. The fake competition in many cases because like, yeah, bring it on. Like I've got 2000 engineers, all they do all day long is focused on the data layer and making sure that we're effective there and I'm not diverting my engineers with any other tasks that I've got a it's hard enough to do what we do in the day layers. Well, >>it's interesting. I just had some notes here, I had one data driven innovation you've been talking about since you've been here. We've been talking about data driven innovation, cybersecurity mentioned for many years, it's almost like the balance of you gotta have tools, but you gotta have the platform. If you have too many tools and no platform, then there's a mix match here and you get hung up with tools and these blind spots. You can't have blind spots, you can't have silos. This is what kind of everyone's pretty much agreeing on right now. It's not a debate. It's more like, okay, I got silos and I got blind spots. Well how do I solve >>the difficulty? And I touched a little bit of the sun my keynote of There are well over 60 and I was using 16 because DB engines categorizes 16 different database tools. But there's actually more if you go deeper. So there's different 16 different categories of database tools. Think relational database, data warehouse, ledger databases, graph database, et cetera over 16 categories those 350 vendors. That's not because we're all stupid in tech like a graph DB is different than a relational database, which is different than what we do with our stimulus index. So there's those categories that many vendors because they're trying to solve different problems within the swim lane that you are in which for us is this non structured, high volume difficult data to manage Now. The problem is how do you create that non broken that end to end view. So you can handle your use cases effectively. Um and then the customer is still going to do with the fact that we're not a relational database engine company. We're not a data warehousing company where we were beginning to use graph DB capabilities within our our solution sets. We're gonna lean on open source other vendors use the tool for the job >>you need. But I think that what you're thinking hitting on my like is this control plane idea. I want to get back to that because if you think about what the modern application developers want is they want devops and deVOps kind of one infrastructures codes there. But if I'm a modern developer, I just want to code, >>I don't want to configure >>the data or the infrastructure. So the data value now is so much more important for the developer, whether that's policy based innovation, get options, some people call it A I ops, these are big trends. This is fairly new in the sense of being mainstream. It's been around for a couple of years, but this time, how do you see the data being much more of a developer input. >>People talk about deVOps is a new thing when I was running on the HR products at Peoplesoft in 2000 and four, we had a deVOPS teams. So that is, you know, there's always been a group of people whether Disney or not that are kind of managing the manufacturing floor for your developers, making sure they got the right tools and databases and what's new is because the ephemeral nature of cloud, that app dev work and devops and everyone that surrounds those or is now 100% data driven because you have ephemeral services, they're popping up and popping down. And if you're not able to trap the data that are each one of those services are admitting and do it on a real time basis and a thorough, complete basis, you can't sample then you are flying blind and that's not gonna work when you've got a critical code push for a feature your customers demanding and if you don't get it out, your competitors are, you need to have assurance that you've done the right things and that the quality and and the actual deployment actually works And that's where what lettuce tubes or ability Three years ago as we roughly started doing our string of acquisitions is we saw that transition from a state full world where it was all transaction engine driven. I've got to insert transaction and engines in a code. Very different engineering problem to I've got to grab data and it's convoluted data. It's chaotic data. It's changing all the time. Well, jeez that sounds and latency >>issues to they're gonna be doing fast. >>I've got to do it. You literally millisecond by millisecond. You've got are are bigger customers were honored because of how we operate. Splunk to serve some of the biggest web properties in the in the globe and they're dealing with hundreds of terabytes to petabytes of data per day that are traversing these pipes and you've got to be able to extract metrics that entire multi petabyte or traces that entire multi pedal extreme and you can't hope you're guessing right by only extracting from portions of it because again, if you missed that data you've missed it forever. So for us that was a data problem, which is why we stepped in and >>other things That data problem these days, it's almost it's the most fun to talk about if you love the problem statement that we're trying to solve. I want to get your reaction something if you don't mind. I was talking to a C. So in the C. I. O. We have a conversation kind of off camera at an event recently and I said what's the biggest challenge that you have? Just curious? I asked him, it's actually it's personnel people are mad at each other. Developers want to go faster because there are ci cd pipeline is devops their coding. They're having to wait for the security groups in some cases weeks and days when they could do it in minutes they want to do it on the in the pipelines, shifting left as some call it and it's kind of getting in the way. So it's kind of like it's not they're not getting along very well uh meaning they're slowing things down. I can say something what they really said, but they weren't getting along. What's your reaction? Because that seems to be a speed scale problem. That's developer centric, not organizational, you've got organizational challenges and being slowed down. >>So uh while we all talk about this converted landscape and how exciting is going to be. You do have diametrically opposed metrics and you're never going to have, it's very difficult to get a single person to have the same allegiance to those diametrically a virgin metrics as you want. So you've got checks and balances and the reality of what the cyber teams need to be doing to ensure that you aren't just coding effective functions with the right delivery timeframe. But that's also secure is I think going to make the security team is important forever and the same thing. You can't just write sloppy code that consumes, that blows your AWS budget or G. C. P budget within the first week of deploying it because you've still got to run a responsible business. So there are different dimensions that we all have to deal with quality time and feature functionality that different groups represent. So we, I believe a converged landscape is important. It's not that we're gonna blow it up and one person is going to do it all if you've got to get those groups talking better and you've got to reduce cycle times now we believe it's plunk is with a common data plane, which is the backbone and then solutions built from that common data plane to serve those groups. You're lessening the lack of understanding and you're reducing the cycle time. So now I can look when I'm publishing the code. If it's done properly, is it also secure And the cyber teams can kind of be flying in saying, hey, wait, wait, wait, we just saw something in the data says we're not quite ready. I'm sorry. I know you want to push, you can't push now, but there'll be a data driven conversation and not this, you shouldn't be waiting a week or two weeks, like we can't operate that scale and you've got to address people with facts and data and logic and that's what we're trying to get done. And you >>guys have a good policy engine, you can put up that up into the pipeline. So awesome. That's great, great insight there. Thanks for sharing. Final question. Um looking back in your time since you've been Ceo the culture kind of hasn't changed at Splunk, it's still they have fun, hard charging laid back a little bit and public company now, he's still got to meet the numbers, but your growing business is good, but there's a lot more coming as a big wave coming talk about the Splunk culture. >>So the core elements of culture that I love that. I think all of us agree you don't want to change one where curiosity driven culture, our tool is an investigative tool, so I never want to lose. I think that threat of grit, determination, tenacity and curiosity is paramount in life and I think literally what we push out represents that and I want our people represent that and I think the fun element is really the quirkiness of the fund, like that is one of the things I love about Splunk but we are a serious company, we are in the data plane of tens of thousands of organizations globally and what we do literally makes a difference on whether they're successful or not. As organizations, we're talking about walmart is example And how one second latency can have a, have a 10% drop off in fulfillment of transaction for wal mart that's like a billion dollars a week if you cannot get their system to perform at the level it needs to so what we do matters and the change that we've been driving that I think is a great enhancement to the culture is as we are now tip into the 50% cloud company, you have the opportunity to measure millisecond by millisecond, second by second, minute by minute, hour by hour and that's a different level of help that you get. You can literally see patterns happening over the course of minutes within customers and that's not something we were born with. We were an on premise solution, we had beautiful tools and it was the C E O. S problem, the CSS problem um and their opportunity to get that feedback. Now we get that feedback so we're trying to measure that crunchiness, the fun, the cool part about Splunk with. We also have got to be very operationally disciplined because we carry a heavy responsibility set from our customers and we're in the middle of that as well as the world knows, we're halfway through our transition to be a cloud first company but I'm excited with the results I'm seeing, so I think curiosity and tenacity go with that operational rigor. Like we should all be growth mindset oriented and very excited about, Hey, can I improve? I guess there's some information that I need that I'm not getting that will make me serve my customers better and that is the tone and tenor. I want to cross all the Splunk of whether in HR legal or engineering or sales or we serve customers and we've got to be so excited every day about getting better feedback and how to serve them better. >>Doug. Thanks for coming on the Cuban, sharing that inside. I know you had to cancel your physical event, pulled off an exceptionally strong virtual event here in person. Thanks for having the Cuban. Thanks for coming on. >>Thank you for being here and I can't wait to do this in person. Next >>to mary the ceo of Splunk here inside the cube cube coverage continues stay with us for more. We've got more interviews all the rest of the day, Stay with us. I'm john for your host. Thanks for watching. Mm >>mm mhm >>mhm >>Yeah

>>Hello, and welcome back to the cubes coverage of.com. Splunk's annual conference is virtual this year. I'm John furrier, host of the cube and a very special guest Sean vice president of product and technology cube, alumni, Sean, great to see you. Thanks for coming on the cube and chatting with us. Thanks. It's great to be here. It's been a while since we chatted, you were at AWS. Now it's Splunk heading up the entire products and technology group here, um, which we've been covering sponsors 2012. So we kinda know a lot about what's going on and, and followed your career. Um, your keynote, we kind of went into this cloud vision is hitting Splunk with the data because the cloud scale, which you know a lot about and data is now taking Splunk to a whole nother level. And that's the big theme you observability multi-cloud and security excuse has been for one there for a while. What's your, what's your assessment. >>Yeah, I mean, you know, uh, you and I have talked a number of times before, and what I found is that, you know, there's a lot of companies through this pandemic that, you know, some are thriving and some are not. And the ones that are really thriving, they have this strong data foundation. Like when you, when you talk to them, they're not stuck. Like they're there. When they talk about scaling or adding capacity or building new co uh, uh, customer experiences, they can, uh, their data platform allows that to happen. But the ones that are are stuck, you know, they just can't, they can't, they can't get to the data. They can't ask those questions that they otherwise, you know, love too. So that's, you know, I think Splunk is right in the middle of that. And that's the fun part of it. >>Yeah. You told me you have the strong foundation when thinking about Splunk is every inflection point in the industry. Over the past decade, you see Splunk do something new operationalized data, do something new, operationalize it. We saw security, I think around 2015, come on the radar at.com. And then since then a whole nother level of data, you've got edge. You have now cybersecurity, even, even more advanced than ever before. And then enterprise is just trying to develop modern applications. So you have this whole rapid scale of CICB pipeline, modern applications and the role of data. Isn't just storing it and managing it. It's like making it addressable. This is like, uh, the, the new current phenomenon of cloud. >>I mean, I liked the way you just put it, it, it really, you know, making data addressable, we put it in terms of like turn data into doing so, you know, if you have data that you're storing it, oh, that's one thing. If you don't, you don't want to leave data behind because you don't know what question you may want to ask. And when, but to your point making it addressable is if you and I decided, Hey, we want to build a new customer experience where we're thinking about doing this thing, and we're going to have a million questions to ask that data is going to help you be, uh, to know whether what you're trying to do for your customers is right or wrong. So it is a, it's remarkable to see how many customers are in pursuit of really turning data into >>Doing so. We've got to you, we had the formula one team on here, McLaren, um, Zach brown. I got a little selfie with, uh, the drivers that kind of cool. My son loved it, but that's an IOT application in my mind, first, the coolest of the sports. Awesome. But like the car going in real time, you know, driving that, driving an advantage with data. So it's an IOT IOT. Then you got just the blocking and tackling >>Data warehouse in the cloud. And then you got companies who are trying to transform a data. So I have to ask you as customers out there, look at Splunk and look at the next level of their architecture with multicloud coming around the corner. How should they be thinking about data? Get the foundation with Splunk. What's the next chapter in your mind? I mean, you know, a lot of customers that I meet they're in multiple clouds. They're not just in one. It means they've got data in Amazon or Google or Azure. A lot of them still have data on prem, you know, but when I talk to customers, they don't say things to me like, Hey, I'm in different clouds, I'm on prem. Can you make sure I have different observability and security experiences for each one? Like they don't, they really, at the end of the day, they're like, look, I need a consistent observability experience, consistent security, regardless of where my data is. >>So what that means to Splunk is, you know, wherever your data is, we're going to be Splunk will just work that that's kinda, as you know, it's how we think about it. And speaking that I had dinner with Lando the other night and it was, I hadn't met Lando before, but man, what an awesome, awesome person. We were just kind of hanging out, talking about data and I ask, this is the kind of stuff you wouldn't normally get. I asked him like, Hey, if you could, if technology could do anything to help you win formula one races, what would it be? A totally open-ended question. And I wasn't sure how he was going to answer it, but he didn't pause this guy. Like you talk about, you think of these scenarios. He's very quickly. He's like, oh man, if we had data, could help me do this and this and this and this because in his business, a millisecond can be the difference between winning or losing a race. And for some of you like, oh, that can't be, but for him, that's how his mind works. So it's crazy to see how excited he was to use tech, to get to data, ask questions that can ultimately help them. >>What was the number one thing pitting the right time or tires? What was he, what did he come up there? He is. >>You know, I can't, unfortunately >>I don't want to put you on the spot. I will be. >>This is like, you know, I, I wouldn't, uh, that would put him in a bad spot, but I will tell you though, I mean, this guy is, and that whole team is really about using data to win. >>Well, you know, I was joking. Um, but these guys can, they came on. Cause you know, I'm a big fan, obviously with the Netflix special driving two survives the name of the title. They become hugely popular to a new fan base, especially techies. Um, I said, Hey, you're driving the advantage with data kind of my little, little comeback to that, but that's really kind of a real encapsulates a real world scenario. I mean, well, there are 10,000 people working on McLaren. You have the driver in the car, you have the car itself with all this instrumentation that kind of encapsulates the enterprise experience right now. They don't have the right app doing the right thing with customers. It could be the difference between having a successful digital transformation or not. So it's kind of like parallel. I mean, I know that's kind of the tie in with the, with the sponsorship, but that's the real world now. >>Yeah, it is. And I mean, if you think about it, there's two drivers per car, 10 teams. There's so many races, there's a tremendous amount of money that they're all spending. But you know, when, when your season is really composed of a certain number of races and you got millions of people tuning in you're right. There's hundreds of people working behind the seat. Could you imagine if they didn't use data and you're trying to, you're, you're trying to race and formula one against the best drivers and the best engineers in the world. I just, you know, it goes to show you're right. It is, it's a perfect example of them transforming as any other enterprise, basically using data to get an advantage. >>And just before we move on to the next topic, the e-sports thing is fascinating as well, because now they're taking this memento verse kind of vibe where they're moving people on the e-sports, where they're having the shadow competition. It's a very interesting kind of bringing the fan base in, but there's probably gonna be a lot of data involved in that as well. Maybe identify the next driver who knows, hopefully, you know, good stuff. So Sean, you're in charge of process technology. I have to ask you, um, as customers look at all the different solutions out there, I'll say multicloud check, you guys have a good vision on that. Like that observability. I mean, that's the fashion right now. Let's talk about observability that there's so many companies out there doing quote observability. How should customers think about what that means in context to the decision of they make everyone's coming into the, the CSO or the CIO saying, um, your observability solution? >>Yeah, I mean first, um, you know, what is observability? I always like to just sort of map it back to things we might understand. So back in the day, monitoring really was connect to a machine. It has a monolith app, you know this and you just try to debug this one thing. That's not the world we live in today. Today when you're building apps in the cloud, you're you, you have hundreds of these services behind the scenes. Like no one person can actually comprehend all of it. So now all of a sudden tools become, they really matter. And what I would say is from a Splunk perspective, when we talk to customers, it's not like one person there, one team is quote, you know, working and making the whole system work. Oftentimes you have different teams like network teams, app teams, security teams, and they all kind of need to work together in one way shape or another. But this is why, you know, when rebuild our systems, it's off of shared data so that, you know, if I'm an operator, you're an app developer. And if I need to work with you, at least I can share something with you in context. So we, we, while there are individual tools to do certain things, our mental model is that they all do work together. That's super, super important for any observability thing you're looking at. You just want to make sure that you can see things end to end. Otherwise you get in trouble >>Quick. You know, I'd love to get your perspective being new to Splunk as you come in and new, the industry obviously has experienced that in the cloud has been well documented, certainly in the cube. What's it like there because as you come in, it's not a utility anymore. It's not a tool anymore. It's a platform and it's getting bigger and growing. So you have probably a lot of things going on. So you walk in and you, you say, okay, let me see the price of technology. Were you blown away? What was your reaction? What can you share some, uh, color around what's uh, what was it like when you open up the doors of the kingdom of the product? >>Yeah. Well, I mean, these t-shirts are real men and there's like ponies running around this. The Splunkers love to have fun. And you know, before I came to Splunk, the one thing I noticed, anytime I asked my thoughts long, they were fired up. Like they were really, really excited about the tech, but when I got into it, the truth is, you know, you don't know what you don't know until you see it, but I was just done to, to then sort of connect the dots like wow. Splunk is in the core data plane of tens of thousands of enterprises all over the world, like the data plane for all of their architecture and applications. So with that becomes a great responsibility, as you could imagine, but it is not just a tool. It is something that customers like. I dunno, the university of Illinois, you know, with COVID, they'll they'll track, uh, they'll track 3.2 million saliva tests just for contract tracing and behind the scenes, they're using Splunk for a real thing. Or we've talked about F1 or you think of slack, like we're all kind of using slack. These days, slack is using, um, uh, Splunk to make sure that their environment of slackers and everything's building it's all secure. So th it's those stories that go on and on are just incredible. When you learn that, >>I started at Teresa Carlson yesterday, and we were talking about the growth opportunity and I spent speculating that, you know, my opinion, my opinion, that's looking, hang on the cube is that Splunk's that this new inflection point that another elbow, another kickoff, the growth, the way it's positioned. If you look at kind of where it's been, kind of where it's going with security now as a platform with the enterprises, how do you describe that growth in your mind? Because obviously this market's changing an edge real time. All these things are happening. What's, what's the, where's the growth going to be? >>Yeah, I think it's in the cloud. I mean, if you think of Splunk, I think the company is about 18, 19 years old. So its history is an almost 20 years of on-premise software. In some sense, you might go, Hey, is that a liability? But Rio, the reality is it's a strength because we're already part of these enterprise infrastructures and application stacks. And then when you now move that group to the cloud, and then you got all others coming to the cloud, that's where they're, I mean, it is just the tip of what is happening. So, you know, if I'm a customer and I moved to the cloud in the cloud, it's like, I don't have to really scale or size anything. Like it just works. And it, to me, it's just an end point and I load data. So in that context, the number of new use cases that customers are able to get after is actually pretty awesome. But really at the end of the day it's cloud. >>Well, great to have you on, I know you've got to go. Thanks for coming on the queue. One final question. What's your vision for the next year or two, what's your to do items. What's the message to the marketplace. >>You know, I'm, I'm thrilled to be here, but at the end of the day, you know, my message to the marketplaces, we're all excited to work with our customers to really help them have that strong foundation so they can turn data into doing and actually pull off these digital transformation. >>One final final question for the companies that get the cloud scale combined with putting data into action for the, for the value what's the result going to be is they can put more competitive advantage. Is it more agility? What do you see happening when you combine the cloud scale with a great data plane? >>Yeah, I think at the end of the day, these companies would tell you that they can move faster than ever before. They're more competitive there. They have confidence that their environments secure, they can build new customer experiences. And when you put all of that together, honestly, that is what these digital transformations are all >>Great to be in the product and technology business these days. Isn't it a lot of fun, a lot of action. Thanks for coming on the cube. Really appreciate it. Yeah, you bet. Good to be here. It's the cube coverage here, here at the live studio for Splunk studios, for their virtual events, the cube bring you all the action. I'm John for a, your host. Thanks for watching.

>>Mhm. Hey there. Welcome to the cubes coverage of Splunk dot com. 21. I'm lisa martin. I've got a new guest joining me on the cube for the first time please welcome 20 pierce the senior manager of cybersecurity at the Y 20. Welcome to the program. >>Hi, glad to be here. >>So your linked in profile. I wanted to ask you about this. It states that you are delivering an evidence based approach to cybersecurity. What does that mean? An evidence based approach? And how are you and spunk helping to deliver this approach? >>Yeah. And I'd like to call it like the out case outcome based the price basically you start with what you're trying to accomplish and work with backwards. A lot of people say I've got a problem and then they go try to buy a tool or whatever to go fix the problem. I go in and I'm like all right, I got a problem. Let me figure out what's realistically I can use in the environment. So it's just basically working back so you have, you know, a breach. What if I what are all the different things that I knew to leverage to meet the controls for that breach. Right? And so um think of mitre in a way as a layered way of looking things um and the full defense and depth. So that's kind of my approach, I go when I figure out what the problem is and I answer the question and I used to do that because funk is able to give me a big data to everything. Got a guy so I like to be able to pull in all the different data types that I need to answer our questions, um, to do that. Right. And so whether it's a vulnerability management, patching your networking a good, a good example of this, like most common hacks in the world go after known vulnerabilities, right? And we get kind of caught up in all that. Um, one of the things we like to do here do, why is like we like to combine what's happening in the network. So the threat landscape in which is the network guys, the vulnerability guys who are scanning the data and then actually the patching, who is, who is actually, you know, mitigating the problem putting all those into one screen has really helped people with their risk rating. >>Talk to me a little bit about some of the changes, we've seen massive changes in the threat landscape in cybersecurity in the last year and a half during the pandemic. We've seen massive increase in ransomware. DDoS attacks, ransomware becoming a household word, the executive order that just came down a few months ago. What are some of the things that you've seen? Have you seen the acceleration of organizations coming to help? We know that it's not a matter of if we get attacked. It's when how are you, how are you seeing the last 18 months influence what you're doing. >>Oh man, it's been quite a crazy, right? And so um, by trade, I'm a instant responder, you know, uh high level investigator and possible solutions architect. So I, I get called in a lot for those kind of things. It has been kind of nuts. But you know, one of the things I always tell them when it started understanding what your threat landscaping is, um, and identify your key cyber terrain. Unfortunately most, you know, most companies as they grow, they get really big, they don't really do that. So they don't, they miss the consolidation point, right? I always say, hey, you know, if you're, if you're going to do this, if you say you have a ransomware attack, the first thing you can do is, you know, there's so many different controls that you can do to stop that you really need to know where it is and ejecting and then you can isolate if you need to um, what we're seeing in the companies. They, because they don't all have full coverage, right? And they expect their endpoint protections to actually do its job, you know, and sometimes that's, you know, don't get me wrong, there are some amazing endpoint protections out there, but you really need to be able to log it, you need to know what it looks like and you need to know where it is. So if you need a in case of a ransomware attack as it spreads through the network, you're able to isolate it and rewrite it to like, I like to call it a black hole the land and just reroute it so I can isolate it and then I can go after it. Um instead of trying to try to do every endpoint at a time because you'll get you'll get whacked >>definitely. So talk to me about working and partnering with Splunk and it's full security stuff. How does that, how is that a differentiator for you and your rule? >>Okay. So one of the things that we do here any why is we can find simmons sores one combined offering. Right? So we we try to bring the data in, we operationalize it and then we try to do something with it, right? We we find that. And then if you really think about that in a situation where the spunk products, it's the spunk or funky s and then phantom, right? And so that's the automation play. So we try to combine all those into one combined offering. So that when when bad things happen where we make a decision, we say all right, So, hey, um what we're seeing in the industry is like a lot of times people spend so much time hunting the known to to forget about the unknown. Think about the target. Hack a couple of years ago. Um the oil and gas attack just recently, you know, they miss those core things. So we try to say all right, well let's automate a lot of that known stuff so that the incident responders can focus on the unknown. And so when you combine all three of those products, you get a pretty good security staff >>when you say automating The known, is that at all in any way like helping companies get back to basics. I've been hearing a lot in the last 18 months that some from a data protection perspective and from a ransomware attack perspective. So it's it's when not if but are you saying that companies are are sort of skipping past the basics where security is concerned? Yeah, >>Well, it's I don't say it's skipping past the basics. Right? I think that sometimes people get caught up in the definitions of what it is. Right? So there's there's so many, there's so many fair more shop there. Right? So like I'm a big fan of your trust. Um a lot of instant responded to using minor, I use minor for that as as it retains the instant response. Some people like to use high trust and I think a lot of what happens is they get lost in the confusion of all these different frameworks. Right? I like to go back to basics. I've been doing cyber for Oh, oh my oh my gosh, about 20 plus years. Right. Um I'm an active hacker. I like this is what I do. I like to call a defense in depth. Right? So when you're when you're doing that, if you follow the defense and depth Satur, it doesn't matter what framework you have, you can actually go back and you can Fix that problem. Right? So going back in the automation of unknown to an unknown, we know, and IOC is 100% now, you can say IOC it's like a hash, right? So when a bad thing happens like an exploit, first thing we try to do is we try to grab that hash and then we try to build a roll around it to stop that hash from spreading and going anywhere else. That's a We know 100% of it's bad. Now can exploits change their hash. Absolute. And it happens all the time, but for that Moment in time that hash is 100%. And so we try to say, hey look, you know, we got an endpoint protection but also why don't we use automation to block it at the boundary or why don't we keep it from doing lateral movement? Why don't we why don't we activate it from a defense and depth. So you have your network. Um I like to say, hey look you have your egress ingress and your lateral movement. So if you understand all those three fact factors, you can automate the control so that it doesn't spread, you know, you had mentioned ransomware, it's been really huge, right? And everybody goes, oh well, you know, if we do zero try zero trust, talks about, you know, segmentation a whole lot and then a segmentation is usually important. It won't stop everything but it will do a good job being able to you'll ever swung we actually pull that in and we say hey you know from and why are we take all that network? And we try to put it in a single pane of glass so that we can see everything. And then once we're able to see it, once we get a good robust data set and understand that operations were able to go in and automate it and so if I can go in and say hey look all these hashes are bad. Yeah I'm not going to rely on my end point, I'm going to put another control in place. So at the end point misses it, I have another control that will actually layer it and prevent it from spreading. >>Which is absolutely critical. Talk to me about some of the outcomes that Ey and Splunk are delivering to the end user customers. Everyone's always talking about it's all about outcomes. What are some of those? >>Yeah so we have um we really embraced like the data to everything right? So I I kind of have this opinion of like uh you know everything's data so everything needs to be secured right? Uh the people who missed that tend to get whacked pretty quickly. Um So what I like to do is I'm like all right so you know like IOT is huge out there right now O. T. Is doing it. So some of the things that we've done is like from a health care perspective um We've done we've combined I. O. T. And I. T. Into a commonality solution leveraging like network simple things like pulling in from the wind, pulling in um understanding what those Mac addresses are so that you can actually do like a workplace analytics around um say R. F. I. D. Tagging right? So you know where your people are at? Um Here we also do like a call a sock in a box where we put that put everything together that every like a from a tiered perspective like a tier one tier two analysts. You know what is that they need to do to mitigate mitigate observe something, What is the investigator need? Right? So we try to simplify those conversations so that you know exactly around like a threat hunting as well like threat hunter an investigator, they're totally different roles, right? So they need to be separated. We also like tie in like the um what is it? I really hate uh like power point. I'm not a big power point guy right? So I really like to be able to give the says oh he needs to understand what risk is, right? So we try to automated so we can get to that too. He can pull up his phone and pull up his punk app and he knows at any given time what his risk rating of his company, right? So we try to combine all those in. Like again, you know there is um we do stuff around Blockchain supply chain. You know, it doesn't really matter if it's a data analytics tool. You know a lot of people look at Funk as a sim. I don't just like look at it that way. I look at as a data analytics tool that does sim. It's just one of the functions this does. If you start understanding data and all the different things that data can do, then you need to go in and you can use Funk to basically answer those questions so that you can start putting in a control set. >>What what's the differentiated value that Ey and Splunk bring together to customers. What really sets this partnership and what it delivers apart. >>Well I'm I'm I'm biased on that right? Because I run the North America 17 for you like for consulting. So I would say that those two things is innovation and time to value. Right? So for let's start with innovation for a minute because Funk is so customizable right? Because it pretty much can integrate with just two. Anything we're able to go very fast, take data in and do something with it and operationalize. It doesn't matter who the customer is is they're going to give us a question. We'll break it all the way down and we'll understand what you're going to answer A good example that is like we were doing stuff around P. C. I. Compliance. The checklist. You know the financial sector, they get a huge amount of audits, right? Especially around PC. I. So we took all the Pc. I checklist and we said harry, what can we, what can we answer those questions? And so we built a dashboard that actually sends out a report to internal audit and we call it compliance over time, right? It's looking at data in a different perspective to answer a question. Now the other thing is that we like, we try to do here is, you know, with the, as we do is Funk and funk helps us with this, right? We have a great relationship with them is um, basically, oh I have a, I lost my train of thought there for me. So uh, innovations time to value, right? So from time to value what we do is we used to say, hey look, we have a lot of stuff in our lab. But one of the things I don't like to do is I don't like to um, go to clients and say, hey look, we were going to build this for the first time. I like to say, hey look, here's these questions in the industry. Get ahead of the question and go build in our labs so that when we when we actually get on site, our time to value is not in months. You know, we can begin weeks because we already have a huge repository of um use cases now those every use case is actually tied into an automation play. And so when we say that we say hey look here's everything is flowing, let's do this, let's go answer that question and let's go automate it and you let's make a decision where where we want to automate and where do we want a human interaction. Mhm. >>Talk to me about what's next for the partnership in terms of the future, what what can you tell us where E Y. And Splunk are going together? >>So we've been partying around um I think our next things that we're really looking at is A I um we're really getting kind of into that as well as A R. And D. R. Technology. Right? So um especially around like I'm looking at like the energy companies in the financial banking and one of the things I would love to do is like um go into you know a bank A. T. M. Right? And right now it takes somebody actually has to plug into that and to do a diagnostic on it. I would love to be able to get to a point where you can just take your camera scan the QR code on the on the device and then pull up an A. R. And it runs all the diagnostics on the device as its there. Another one is like the infrastructure um instead of actually going out, plugging into like say a solar panel going out pulling out of the tablet just scanning the solar panels and it tells you if it's good or bad and that's kind of the next step that we're trying to do. We're trying to really take that uh and dated everything and just kind of turn it on its end um like and you've got to remember everything is data nowadays, right? It's not the old days where you know, things are moving around and everything is in the file folders, it's gone right? Everything is data. So everything is security, right? And we know the first thing is we need to know what our threat landscape is. We need to know what that is and we need to apply that. All right. So if we can simplify answering questions, that's so much better. And one of the things I like about flunked is it scales really well, right? And I've looked at some of these fetters and don't get me wrong, I mean everybody has their place. The one thing I like about spunk is it doesn't mean it literally scales really well. So the more data you can get into it, it actually does better. Right? Um and how you do it now, that's just our approach. That's the next steps that we're really looking at from a technology standpoint, >>exciting stuff, Tony thank you for joining me sharing what ey and Splunk are doing together. Some of the unique use cases that you're helping to solve for customers and some of the things that you're excited about. We appreciate your time on your information. >>No, this is fun. You know, like I said, I'm a big fan. I even wore my spunk shirt just for this meeting. >>Fantastic. You're on brand well, Tony. Thank you. Again. We appreciate your time. >>All right. Thank you. You have a wonderful day. >>Thanks you as well for Tony Pierce. I'm Lisa Martin. You're watching the cubes coverage of splunk.com 21. Thanks for watching, >>enjoy. Bye bye mm. Mm hmm.

>>Hey, welcome to the cubes coverage of splunk.com 21. I'm licensed Lisa Martin here. I've got some in Demis with me, a VP in APAC at Splunk Simon. Welcome to the program. >>So here we are, unfortunately at another virtual conference, but there has been a tremendous amount of there's an understatement, right? That we've seen in the last 18 months. We've seen this massive distribution of the workforce. We've seen huge increases in the threat landscape. We've seen things like solar winds, ransomware, increasing significantly acceleration and digital transformation. As companies tried to do whatever they could to enable digital workspaces. I wanted to unpack with you, uh, this 20, 21 state of security report that Splunk has. What are some of the key findings? And then we'll dig into some of the things that you're seeing in the APAC region. >>Yeah, look, we're excited about the report. It really highlighted, I think what a lot of organizations are going through. Um, one of the statistics that stood out for me was, um, 75% of infrastructure users are multi-cloud, but expecting to get that these expecting to increase to 87% of customers will be using multicloud environments. So the reason why that's important is the complexity that creates, uh, for cyber professionals in terms of trying to protect and defend, um, becomes exponentially harder with every new iteration or generation of infrastructure that companies consume. Um, most interesting. Um, we actually saw about a third of users or already using three cloud providers, but that is going to grow to 50% of, of customers will grow to being using three cloud providers or more within the next two years. So again, just that, that trend is going to continue. Uh, the leveraging of cloud infrastructures is a core way of businesses digitizing and modernizing. Um, and as cyber professionals, we have to think about how we're going to address that. >>Definitely. One of the things that I've been seeing and hearing in the last 18 months from a security perspective is that organizations say, you know, it's, it's really not a matter of if we get hit with ransomware, it's when, and I was really surprised to see the, that the state of security report found that 70% of security and it leaders worry they're going to be hit by a solar winds style attack. So the security landscape changing dramatically in the last 18 months. >>Yeah, absolutely. I think the, the, the research is feeding back what we were already hearing from the customers, um, around how this is a critical, uh, motion. And I think the one thing that we've seen as well as the board level agenda now, the risk and cyber has, and, uh, an organization's ability to react or recover. Um, when you have an, an event, um, is now becoming a high priority for organizations, we're seeing a lot of increased spending in cybersecurity as this becomes more and more, um, pretty for organizations for breasts. So yeah, the, the, on the ground experiences certainly matching what we're seeing in the research there. Um, and all of that is a data problem, right? Security is a data problem when something happens, how do I, how do I know? Where, how do I know when, how do I know what, and then how do I know what actions to take based upon the data that we need to get? >>So security being a data problem talked about the complexity of the multi-cloud environments, that percentages of organizations that are adopting that now what that trend is moving towards. Also complexity, I can imagine with data volumes only increasing, what are some of the key challenges that APAC organizations specifically are seeing as they are accelerating digital transformation and doing what they can to enable this distributed workforce? >>Yeah. So, so the hybrid multicloud environment you use, I guess, an indicator of increased complexity, I think we often overlook the fact that I think the hybrid world is here to stay as well. So nobody is a hundred percent cloud and nobody's a hundred percent on prem anymore. It's very much an environment now where I need to, um, I need to protect and defend across that entire surface area and increasingly with edge computing. Um, and as we're looking at, uh, organizations pushing, processing out to the edge of their, um, their operations and whether that's a distributed workforce or sensor-based environments, um, that becomes critical as well. We've got organizations like Intel, uh, that use us to basically monitor not only the cyber infrastructure, but the entire customer infrastructure that they're providing the fabric by census of course, environments, where you can imagine that the security becomes even more important. >>So I think that complexity and the data sources that are now being generated and the explosion of that is, is kind of critical. Um, for apex specifically, we saw some interesting trends we saw about 37% of organizations are using data to now support the compliance environments. Um, about 36% are bringing in non-security data. Um, and about 36%, it really started to use AI or machine learning tools to help them in that, that large scale data volume processing, um, that they weren't able to do before. And then lastly, security analytics really is starting to become, uh, a critical tool in the arsenal of cyber professionals with 34% of organizations saying they're already using some form of security analytics to help them address the threat actors. >>Is there a silver lining in terms of the it folks and the security folks becoming better collaborating better? Anything that you've seen in this report? >>Uh, well in the report, but also in the way that we're seeing SOC organizations use tools. Um, so, uh, the orchestration remediation and automation is a big industry trend, particularly when you look at things like implementing zero trust and how you would use that for, um, putting that additional layer of protection around an organization. Um, and that's where the ability to identify using machine learning or AI, uh, trends or events, understand the actions that need to be taken, understand the data sources that help address and remediate those and be able to automate that frees up the time and cyber security professionals. Um, and that's a critical step we're seeing because there's a shortage of skills and that's been an ongoing challenge, not only in Asia Pacific, but I think worldwide, >>Right. It has been a challenge worldwide. I was actually doing some cyber security work in the last month or so. And I read that this is the fifth consecutive year of that cybersecurity skills gap. So definitely a challenge there, but also if you flip the coin and opportunity. So in terms of some of those challenges that you mentioned, what are some of the key things that organizations and APAC can do to confront and combat those security challenges that are no doubt just only going to grow? >>Yeah, so I think, I think it's about, um, visibility, uh, and getting control, uh, and that's where again, data becomes key to that. So making sure you're capturing the right data, making sure that data is available, um, to your professionals, or if you're using a service provider, making sure that data is captured and available to the service providers, because that is increasingly what we see as the critical step to be able to, when something happens, how do you recover what your meantime to remediation, um, as, as the kind of critical motion. And so that's, again, what we could coming back to is security is a data problem. >>Security is a data problem. Got it. I do want to, uh, unpack a little bit some of the visibility challenges. That is one of the things that was identified. You mentioned that with so much complexity, multi-cloud being, uh, as, as hybrid work, something that's going to stay, what are some of the things that organizations can do and how can Splunk help to remove and mitigate those visibility challenges? >>So we've we just another interesting piece of research, um, it's called the state of data innovation report. Um, that really looked at the way organizations that categorize that data and organizations that actually build a data strategy, um, are actually much more prepared to react, uh, to engage and then to leverage that data for competitive differentiation in their markets. Um, and interestingly 33% of APAC organizations particularly rated their usage of data as better, uh, than, um, the industry average. Um, and 54% of APAC organizations already said they're using technologies like observability, which really helps them innovate around the data. Thinking about that next generation of service they're trying to provide. >>Did you see those are great numbers? It's about a third, um, are, are working on implementing technologies 54% were focused on that observability. Did you see any industries in particular that really leading edge there? Of course, every industry being affected by the pandemic, but I'm just curious if there were any, any ones that stood out >>So many great customer examples that we've got, uh, where we see organizations thinking differently about the way they engage their customers as a result of the digital transformation. Um, for me, one of the ones that stands out is Lenovo, um, you know, 50 billion plus multinational company servicing 180 markets around the world, um, when they looked at their observability approach and tried to understand how they were going to approach troubleshooting, um, when they had issues, if you think about the e-commerce experience for their consumers, um, they were able to reduce the, uh, reduce the downtime, um, and improve, um, the remediation time when there were incidents, uh, even though they had a 300% increase in traffic. And so for the ability for an organization to handle that kind of surge in digital, uh, interactions with their customers and do that to have clear visibility, using metrics, traces, and logs, to understanding exactly what's going on across complex, siloed multi, uh, services, uh, environments was, was critical to the Novo success. And, um, you know, not only from a cybersecurity point of view, but also having real time visibility into their infrastructure became critical as they service their customers. >>Right? One of the things I think we learned Simon during the pandemic, one of the many things is that access to real-time data real-time visibility real time, rather than visibility is no longer a nice to have it's. It was something that in the beginning was sort of organizations needing it to survive. Now organizations needing it to thrive it's that, that real-time visibility is really table stakes for organizations in any industry. >>W we, we kind of saw organizations go through three phases. There was the react phase. Then there was the adapt phase. So, you know, reacting was, first of all, kind of keep my people safe. The adapt phase was how am I going to work? And now we're seeing that next generation, which is really the evolve phase, right? Given the pandemic is still well COVID is still with us. Um, whether it's your, most of the countries, which are treating it more as an endemic or whether you're on the number of the countries still on that journey. And you're in Asia Pacific, we see different levels of, of vaccination status, different levels of, uh, companies starting to open up or countries starting to open up their borders and, um, life getting back to the, what is the new normal, um, all of that is still gonna evolve with a different way of working, moving forward, a different way of engaging our customers and our, our, uh, constituents, if you're a public sector, organization and data is underlying all of that. And for that, where we're kind of excited to be helping some of the largest organizations with that across, across the region, >>Did it is absolutely critical. You know, one of the things that we've also, I think observed in the last year and a half is the, the patients or the fuses of people getting smaller and smaller. So for organizations to have that visibility into data so that they can service their customers, whether it be healthcare or financial services or the tech sector for, for example, the access to that data is critical for brand reputation, reducing churn. And of course, ensuring that the customers are getting what they need to from that data. >>Yeah. A hundred percent. Um, gosh, so many examples across the region. One of the ones that jumps to mind is Flinders university, right? When, when they had to go remote, they had to go virtual, um, 25,000 students overnight, um, suddenly needing to be interacting by digital channels. How do you keep them secure? How do you keep them safe? How do you get insights, uh, in terms of the services that they need to, to protect that student population? >>So if you, if you kind of distill this down into data opportunities for organizations, we'll start with APAC, what do you think the top three data opportunities are of security as a data problem? What are the opportunities to combat that for an organization to be really successful? >>So I think, I think visibility is the first one. So making sure we're capturing the data, making sure we're capturing the right data. Um, and so the ability, uh, not only to capture the data, but to time sequence the data so I can actually understand what's happened. And when, um, the second then is, is, uh, control. Um, so ensuring that the right people have access to the right data, but we, we control that in a way that is specific to our organization. Um, and then lastly compliance. Um, and I think we're seeing a lot of new legislation starts coming around critical infrastructure, um, recognizing the importance of the digital infrastructure to the broader economy, um, and making sure that you're compliant with that critical infrastructure kind of requirements and environments as well as then the traditional regulated industries such as healthcare and financial services, um, become critical in that approach. So thinking about those three elements, and then thinking about how do I then use tools like automation and security analytics to really accelerate, um, the capabilities that we have as an organization. >>So observability control compliance, give me the 32nd pitch of how Splunk can help organizations achieve all three of those. >>So observability really is about getting insights into all of your environments. So, uh, it's all about metrics, traces and logs, which is about understanding exactly what's going on with every experience of every digital interaction I have with every customer and the ability to Splunk through that with zero, uh, zero sampling or full fidelity of that data is something we see our customers, particularly Navy, um, security, uh, look for me to it's all about orchestration and analytics. So how do I, how do I get that understanding that, that user behavior understanding the analytics around that, and then how machine learning becomes a critical part of that to help me scale my cyber infrastructure and defend. And then lastly resilience is really the core for all it systems in a digital world. Um, and being able to not only harden deliver resilient services like going over, I was able to do the 300% increase in their web traffic. Um, but also when something does go wrong and be able to remediate quickly become critical as well. >>Right? That quick remediation is because, like I was saying earlier, it's no longer a, if we get hit it's when organizations need to have that resilience baked in. Well, Simon, thank you for joining me, breaking down. Some of those reports what's going on in APAC, some of the trends and also some of the opportunities, security being a data problem, um, and organizations, what they can do to remediate that we appreciate your time. Thanks for having my pleasure for Simon Davies and Lisa Martin. You're watching the cubes coverage of splunk.com 21.

>>Well, hi everybody. I'm John Walls here and welcome back to the cubes, continuing coverage and splunk.com 21. And we've talked a lot about data, obviously, um, and a number of partnerships and the point of resources that it's going on in this space. And certainly a very valuable partnership that Splunk has right now is one with Intel. And with me to talk a little bit more about that is Rick Echavarria, who is the vice president of sales and the marketing group at Intel. Rick. Good to see it today. Thanks for joining us on the queue. It's >>Good to see you, John, and thanks for having us. >>You bet. No glad to have you as part of the.com coverage as well. Um, well, first off, let's just for folks at home, uh, who would like to learn more about this relationship, the Splunk Intel partnership, if you would give us that the 30,000 foot picture of it right now, in terms of, of how it began and how it's evolved to the point where it resides today. >>Yeah. Uh, sure. Glad to do that. You know, Splunk is had for many years, uh, position as, as one of the world's best, uh, security information and event management platform. So just like many customers in the cybersecurity space, they're probably trying to retire their technical debt. And, and what are the areas of important focuses to SIM space, right? The SIM segment within cybersecurity. And so the initial engagement between Intel and Splunk started with the information security group at Intel, looking to, again, retire the technical debt, bring next generation SIM technology. And that started, uh, the engagement with Splunk again, to go solve the cybersecurity challenges. One of the things that we quickly learned is that, uh, those flung offers a great platform, you know, from a SIM point of view, as you know, the cyber security segment, the surface area of attack, the number of attacks kids were increased. >>And we quickly realized that this needed to be a collaboration in order for us to be able to work together, to optimize our infrastructure. So it could scale, it could be performance, it could be reliable, uh, to protect Intel's business. And as we started to work with Splunk, we realized, Hey, this is a great opportunity. Intel is benefiting from it. Why don't we start working together and create a reference architecture so that our joint customers also benefit from the collaboration that we have in the cybersecurity space, as we were building the Intel cybersecurity infrastructure platform. So that re that was really the beginning of, uh, of the collaboration around described here and a little bit more, >>Right? So, so you had this, this good working relationship and said, Hey, why don't we get together? Let's get the band together and see what we can do for our car joint clients down the road. Right. So, so what about those benefits that, because you've now you've got this almost as force multiplier right. Of, of Intel's experience. And then what Splunk has been able to do in the data analytics world. Um, what kind of values are being derived, do you think with that partnership? >>Well, obviously we feel much better about our cyber security posture. Um, and, uh, and what's sort of interesting, John, is that we realized that we were what started out as a conversation on SIM. Uh, it really turned out to be an opportunity for us to look at Splunk as a data platform. And, you know, in the technology world, you sometimes hear people talk about the horizontal capabilities. Then the vertical usage is really the security. Uh, the SIM technology. It really became one of several, sorry about the noise in the background. One, uh, became a vertical application. And then we realized that we can apply this platform to some other usages. And in addition to that, you know, when you think about cybersecurity and what we use for SIM that tends to be part of your core systems in it, we started to explore what can we do with what could we do with other data types for other different types of applications. >>And so what we, what we decided to do is we would go explore usages of this data at the edge, uh, of, of the network, and really started to move into much more of that operational technology space. When we realized that Splunk could really, uh, that we could integrate that we can ingest other types of data. And that started a second collaboration around our open Vino technology and our AI capabilities at the edge with the ingestion and the machine learning capabilities of Splunk, so that we can take things like visual data and start creating dashboards for, for example, uh, managing the flow of people, you know, especially in COVID environment. So, uh, and understanding utilization of spaces. So it really started with SIM is moved to the edge. And now we realized that there's a continuum in this data platform that we can build other usages around. >>What was that learning curve like when you went out to the edge, because a lot of people are talking about it, right. And there was a lot of banter about this is where we have to be, but you guys put your money where your mouth was, right? Yeah. You went out, you, you explored that frontier. And, and so what was that like? And, and, and what I guess maybe kind of being early in, uh, what advantage do you think that has given you as that process has matured a little bit? >>Well, it's really interesting John, because what really accelerated our engagement with Splunk in that space was the pandemic. And we had, uh, in 2020 Intel announced the pandemic response technology initiative, where we decided we were going to invest $50 million in accelerating technologies and solutions and partnerships to go solve some of the biggest challenges that depend on them. It was presenting to the world at large. And one of those areas was around companies trying to figure out how to, how to manage spaces, how to manage, you know, the number of people that are in a particular space and social distancing and things of that nature. And, you know, we ended up engaging with Splunk and this collaboration, again, to start looking at visual data, right, integrating that with our open Vino platform and again, their machine learning and algorithms, and start then creating what you would call more operational technology types of application based on visual data. Now these will have other applications that could be used for security usages. It could be used for, again, social distancing, uh, the utilization of acids, but their pandemic and that program that ends the launch is really what became the catalyst for our collaboration with Splunk that allowed us to expand into space. >>Right. And you've done a tremendous amount of work in the healthcare space. I mean, especially in the last year and a half with Penn and the pandemic, um, can you give just a couple of examples of that maybe the variety of uses and the variety of, uh, processes that you've had an influence in, because I think it's pretty impressive. >>Yeah. We, um, there's quite a bit of breadth in the types of solutions we've deployed as part of the pandemic response. John, you can think of some of the, I wouldn't call these things basic things, but you think about telehealth and that improving the telehealth experience all the way to creating privacy aware or sorry, solutions for privacy sensitive usage is where you're doing things like getting multiple institutions to share their data with the right privacy, uh, which, you know, going back to secure and privacy with the right, uh, protections for that data, but being allowed, allowing organization a and organization B partner together use data, create algorithms that both organizations benefit from it. An example of that is, is work we've done around x-ray, uh, and using x-rays to detect COVID on certain populations. So we've gone from those, you know, data protection, algorithm, development, development type of solutions to, to work that we've done in tele-health. So, uh, and, and a lot of other solutions in between, obviously in the high-performance, uh, space we've invested in high-performance computing for, to help the researchers, uh, find cures, uh, for the current pandemic and then looking at future pandemic. So it's been quite a breadth of, uh, uh, of solutions and it's really a Testament also to the breadth of Intel's portfolio and partnerships to be able to, uh, enable so much in such a short amount of time. >>I totally agree, man. Just reading it a little bit about it, about that work, and you talk about the, the breadth of that, the breadth and the depth of that is certainly impressive. So just in general, we'll just put healthcare in this big lump of customers. So what, what do you think the value proposition of your partnership with Splunk is in terms of providing, you know, ultimate value to your customers, because you're dealing with so many different sectors. Um, but if you could just give a summary from your perspective, this is what we do. This is why this power. >>Yeah. Well, customers, uh, talk about transformation. You know, there's a lot of conversation around transformation, right before the pandemic and through and center, but there's a lot of talk about companies wanting to transform and, you know, in order to be able to transform what are the key elements of that is, uh, to be able to capture the right data and then take, turn that data into the right outcomes. And that is something that requires obviously the capabilities and the ability to capture, to ingest, to analyze the data and to do that on an infrastructure that is going to scale with your business, that is going to be reliable. And that is going to be, to give you the flexibility for the types of solutions that you're wanting to apply. And that's really what this blog, uh, collaboration with Intel is going to do. It's, it's just a great example, John, uh, of the strategy that our CEO, pat Gelsinger recently talked about the importance of software to our business. >>This plump collaboration is right in the center of that. They have capabilities in SIM in it observability, uh, in many other areas that his whole world is turning data into, you know, into outcomes into results. But that has to be done on an infrastructure that again, will scale with your business, just like what's the case with Intel and our cybersecurity platform, right? We need to collaborate to make sure that this was going to scale with the demand demands of our business, and that requires close integration of, of hardware and software. The other point that I will make is that the, what started out as a collaboration with between Intel and Splunk, it's also expanding to other partners in the ecosystem. So I like to talk to you a little bit on a work stream that we have ongoing between Intel Splunk, HPE and the Lloyd. >>And why is that important is because, uh, as customers are deploying solutions, they're going to be deploying applications and they're going to have data in multiple environments on premise across multiple clouds. And we have to give, uh, these customers the ability to go gather the data from multiple sources. And that's part of the effort that we're developing with HPE and the Lloyd's will allow people to gather data, perform their analytics, regardless, regardless of their where their data is and be able to deploy the Splunk platform across these multiple environments, whether it's going to be on prem or it's going to be in a pure cloud environment, or it's going to be in a hybrid with multiple clouds, and you're willing to give our customers the most flexibility that we can. And that's where that collaboration with Deloitte and HP is going to come into play. >>Right. And you understand Splunk, right? You will get the workload. I mean, it's, it's totally, there's great familiarity there, which is a great value for that customer base, because you could apply that. So, so, um, obviously you're giving us like multiple thumbs up about the partnership. What excites you the most about going forward? Because as you know, it's all about, you know, where are we going from here? Yes. Now where we've been. So in terms of where you're going together in that partnership, well, what excites you about that? >>Well, first of all, we're excited because it's just a great example of the value that we can deliver to customers when you really understand their pain points and then have the capability to integrate solutions that encompass software and hardware together. So I think that the fact that we've been able to do the work on, on that core SIM space, where we now have a reference architecture that shows how you could really scale and deliver that a Splunk solution for your cybersecurity needs in a, in a scale of one reliable and with high levels of security, of course. And the fact that we then also been able to co-develop fairly quickly solutions for the edge, allows customers now to have that data platform that can scale and can access a lot of different data types from the edge to the cloud. That is really unique. I think it provides a lot of flexibility and it is applicable to a lot of vertical industry segments and a lot of customers >>And be attractive to a lot of customers. That's for sure rec edge of area. We appreciate the time, always a good to see you. And we certainly appreciate your joining us here on the cube to talk about.com for 21. And your relationship with the folks at Splunk. >>Yeah. Thank you, John. >>You bet. Uh, talking about Intel spot, good partnership. Long time, uh, partnership that has great plans going forward, but we continue our coverage here of.com 21. You're watching the cube.

(soft music) >> Hi, everyone. Welcome back to the Cube's covers of Splunk's dot com virtual event, their annual summit. I'm John Ferry, host of the cube. We've been covering dot conf since twenty twelve. Usually a physical event in person. This year it's virtual. I'm here with Claire Hockin, the CMO of Splunk. She's been here three and a half years. Your first year as CMO, and you got to go virtual from physical. Welcome to the cube. Good to see you. >> Thank you very much, John. Great. >> I got to ask you, I mean, this has been the most impressive virtual venue, you've taken over the hotel here in Silicon valley. You're entire teams here. It feels like there's a dynamic of like the teamwork. You can kind of feel the vibe. It's almost like a little VIP Splunk event, but you're broadcasting it to the world. Tell us what's happening. >> Yeah, it's been, I think for everyone a year where we really hope to be back to having a hybrid event, so having a big virtual component, but running dot conf as we had before from Las Vegas, which wasn't possible. So what we thought in the last six weeks is that we would actually bring the Splunk studio to a physical location. So we've been live all of this week from California, where we're sitting today and really thought through bringing the best of that programming to our, you know, our amazing audience of twenty six thousand people. So we were sitting here in a studio, we have a whole live stage and we've activated the best of dot conf to bring as many Splunkers as we can. And as many external guests to make it feel as real and as vibrant as possible. So. >> I have to say I'm very impressed. Since twenty twelve we've been watching the culture evolve. Splunk has always been that next big thing. And then the next big thing again, it seems to be the theme as data becomes so bigger and more important even than ever. There's a new Splunk emerging, another kind of next big thing. And this kind of says the patterns like do something big, that's new, operationalize it and do something new again. This is a theme, big part of this culture here. Can you share more about how you see this evolving? >> Sure. And I think that's what makes Splunk such a great place to be. And I think it attracts people who like to continually challenge reinvent. And I think we've spent a lot of time this year building out our portfolio, going through this cloud transformation. It just gives you a whole new landscape of how you unlock that power of data and how customers use it. So we've had a lot of fun, always building on top of that building, you know, our partnerships, what customers do and really having fun with it. I think one of the best things about Splunk is we do have this incredibly fun and playful brand and as data just becomes something that is more and more powerful, it's really relatable. And we have fun with activating that and storytelling. So, yeah. >> And you have a new manager, Teresa Carlson came in from Amazon web services. You have a lot more messaging kind of building on previous messaging. How are you handling and looking at the aperture of, that's growing from a messaging standpoint, you have a partner verse, which has rebranded of your solution of your ecosystem, kind of a lot of action going on in your world. What's the update? >> Yeah. It keeps us busy. And I think at one end, you know, the number of people that are using Splunk inside any customer base is just growing. So you have different kinds of users. And this year we're really working hard on how to partner and position Splunk with developers, but at the top end of that, the value of data and the idea of having a data foundation is something that's incredibly compelling for CTOs. So working really hard about looking at Splunk and data from that perspective, as well as the individual uses across areas like security and observability. So. >> You know, one of the things I wanted to ask you is, I was thinking about this when I was driving in this morning, Splunk has a lot of customers and you keep your customers and you've have a lot of customers that organically came into the Splunk through the product leadership and just great product. And then as security became more important, Splunk kind of takes that territory now. Now mainstream enterprise with the platform are leaning into Splunk solutions, and now you've got an ecosystem. So it's just becoming bigger and bigger just seems that the scale of the Splunk is growing radically bigger than it was, Is that happening? And what's your take on that? >> I think that's definitely a thing, John. So I think that the power of the ecosystem is amazing. We have customers, partners, as you've seen and everything just joins up. So we're seeing more and more dot joining through data. And we're just seeing this incredible velocity in terms of what's possible and how we can co-build with our partners and do more and more with our customers. So Splunk moves incredibly quickly. And I think if anything, we're just, gaining velocity, which is fun and also really challenging. >> Cloud-scale. And certainly during the pandemic, you guys had a tailwind on the business side, talk about the journey that you've had with Splunk as in your career and also for the customers. How are they reacting and what can they expect as Splunk continues to evolve? >> I think we're working really hard to make sure that Splunk is easier to use. Everything gets every more integrated. And I think our goal and our vision is you just capture your data and you can apply it to any use case using Splunk. And to make it sort of easier see that data in action. And one of the things I love from today was the dashboard studio. They're just these beautiful visualizations that really are inspiring around how data is working in your organization. And for me, I've been a Splunker for three and a half years. And I just think there is just so much to do, and there's so much of our story ahead of us and so much potential. So just really enjoying working with customers on the next data frontier, really. >> You have the Jedi Knight from Star Wars speaking, you had the F1 car racing. Lando was here, kind of the young Jedi, the old Jedi. The generations are coming together. You're seeing that old IT world, which relied on Splunk. And now you have this new developer real-time shifting left with security DevOps now going mainstream, you kind of have the confluences of these cultures coming together. It's not really clashing. It's kind of jelling. How are you handling that? How do you see that? What's Splunk kind of doing? Because I can see the themes, am I right? >> No, no. One of the stories from this morning that really struck me is we have Cal Poly and we worked with Cal Poly on their security and they actually have their students using Splunk and they run their whole security environment. And at the very top end, you have Walmart, the Fortune one, just using Splunk at a massive, incredible scale. And I think that's the power of data. I mean, data is something that everyone should and can be able to use. And that's what we're really seeing is unlocking the ability to bring, you know, bring all of your data in service of what you're trying to do, which is fun. And it just keeps growing. >> We had Zach Brown, the CEO of F1 McLaren Racing Team, here on the queue earlier. And it was interesting cause I was like driving the advantage with data, you know, kind of cliche, but they're using data very specifically, highly competitive. It almost kind of feels like a cloud kind of scale model because we've got thousands of people working on the team. They're on the track, they're competing, they're using data, they got to be agile and they got to be fast real time. Kind of sounds like the current enterprise's these days. >> Absolutely. And I think what's interesting about McLaren that the thing I love is either they have hundreds of terabytes of data moving at just at incredible speed through Splunk Enterprise, but it all goes back to their mission control in the UK. And there are 32 people that look at all that data. And I think it's got a half second delay and they make all the decisions for the car on the track. And that I think is a great lesson to any enterprises you have to, you know, you have to bring all that data together and you have to look at it and take decisions centrally for the benefit of your whole team. And I think McLaren is a really good example of when you do that it pays dividends and the team has had a really, really great season. >> Well, I want to say congratulations for pulling off a great virtual event. I know you had your physical event was on track and literally canceled the last minute because of the pandemic with the Delta virus. But it was amazing, made for digital TV kind of event. >> Absolutely, >> This is the future of media. >> Absolutely. And it is a lot of fun. And I think I'm really proud. We have done all of this with our in-house team, the brand, the experiences that you see, which is really fantastic. And it's given us a lot of ideas for sort of, you know, digital media and how we story tell, and really connect to our twenty thousand customers or two hundred and thirty thousand community members and keep everyone connected through digital. So this has been a lot of fun and a really nice moment for us this week. >> You know it's interesting, I was saying to the team here on one of our breaks, is that when you have this kind of agility with media to tell your own story directly, you're almost telling more stories there before. And there's a lot to tell you have a lot of successful customers, the new partners. What's the coolest story that you've seen. What would you share that you think is your favorite? If you could pick one or a few of them, what are your top stories that you see happening? >> So I've talked about Cal Poly, which I love because it's students and you know, the scale of Walmart, but there are so many stories. And I think the ones that I love most are the data heroes. We talk about the data here is a lot of Splunk and the people that are able to harness that data and to take action on that data and make something amazing happen. And we just see that time and time again, across all kinds of organizations where data heroes are surfacing, those insights. Those red flags, if you like and helping organizations stay on step ahead. And Conf is really a celebration of that. I think that's why we do this every year. And we really celebrate those data heroes. So across the program, probably too many to mention, but in every industry and at every scale, people are, you know, making things happen with data and that's an incredibly exciting place to be. >> Well you have a lot of great customers to, to use as references. But I got to ask you that as you go forward this year in marketing, what are your plans to take on this new dynamic? You've got hybrid events, you've got the community is always popular and thriving with Splunk at large-scale enterprises, global system integrators, doing business deals with you guys, as you guys are continuing to grow and grow and grow, what's the strategy? How do you keep the Splunk coolness going? Cause that's, you know, you guys are growing so fast. That's your job, is to keep things on track. What's your strategy? >> I think I look at that and just, we put the customer at the heart of that. And we think, you know, who are the personas, who are the people that use Splunk? What's their experience? What are they trying to do? What are those challenges? And we design those moments to help them move forward faster. And so that I think is just a really good north star. It is really unifying and our partners and customers, and every Splunker gets really behind that. So stay focused on that. >> Thanks for coming on the Cube, really appreciate it. Congratulations for great event. And thanks for having the Cube. We love coming in and sharing our media partnership with you. Thank you for coming. >> Thank you so much. And next year is your tenth year John. So we look forward to celebrating that as well. Thank you very much. >> Thank you. Thanks for coming on. Okay it's the Cube coverage here live in the Splunk studios. We are a virtual event, but it's turning out to be a hybrid event. It's like a VIP event, a lot of great stories. Check them out online. They'll be recycling through so much digital content. This is truly a great digital event. Jeffery, hot of the Cube. Thanks for watching. (soft music)

>>Hello and welcome back to the cubes coverage of Splunk dot com virtual. I'm john Kerry host of the cube we are here in the Splunk studios in Silicon Valley where all the execs are here, it's basically a spunk studio. It's everyone's here telling the stories. We also got some remote guests coming in, customers partners and other Splunk execs. We've got Katie bianchi senior vice president of customer success. Welcome back to the cube. Thank great to see you. >>Thanks john Great to be here. >>Yeah, I love the customer success stories because at the end of the day customers vote with their wallet and when basically like solutions, they'll this customer examples and customer testimonials. There's one thing I've learned covering Splunk over the past decade and done in many dot coms. It's you guys have very happy customers and over the years have continuing to have great customer success organically now have to high end on the enterprise now with cloud scale lots changing, lots growing the world that's going completely cloud. Um, and again, data is at the center of the value proposition as it always was more important than ever. So what's new with the customers? What are some of the successful is that you're seeing what's new in your world? >>Yeah, Thanks for thanks for asking, john I think, You know, we've been talking about how things have been changing over the past 18 months. And if I over simplify our customer obsession means that everything we do is designed to make sure we're helping customers get the most out of their investment was flunk every single day. So we do this across our global team and our partner ecosystem who are providing both the right adoption and technical services and were architected and deploying thousands of Splunk environments to help our customers get to ongoing value. But in the world that we're living with today, I talked to so many customers who are doing amazing things with Splunk but dealing with really tough challenges right? So through the pandemic, everyone is dealing with more complexity, more change in the velocity that we have never seen before. And on top of all this, shifting to a fully digital business model, there's whole new challenges to effectively monitoring infrastructure and applications and maintaining security posture with this to customers that I'm talking to are also having to figure out ways to do a lot more with less. I think we all know it's an incredibly competitive talent market out there. So our customers are relying on Splunk and customer success more and more to make it easier and faster to get to value, to investigate, to monitor, to detect and to remediate. So that pace and all that change of what's happening means that we have to continually check ourselves to be that right strategic partners that can move at the pace of our customers because customers are counting on us to provide right services at the right time for every stage of their journey with us. >>Great point, great insight there. I want to ask you because Splunk has always had this kind of in their D. N. A. Because when Splunk started was always something new and it wasn't a new thing. That new thing never seen before. Now as the world can you guys continue to do that? You bring something new to the market, you operationalize, you bring value to customers then it happens again and again and again. But now more than ever the data rolls of cloud and and customer applications is new for customers. So you have a diverse customer base. I know you're obsessed with customer service but how do you how do you have a customer success? How do you deal with the fact that sometimes things are so new and there may or may not be a benchmark there and you can't go with the proven former. Sometimes you can sometimes you can't how do you solve? It's new to me problem that customers want this new thing. >>Yeah, I think you know a lot of what we see today is that the power as long as a data platform to bring in complex data allows customers to do many different things. Whether it's infrastructure monitoring, whether it's security, use cases or whether its application performance monitoring and all of that is new for our customers. So oftentimes like you said we grew up having customers use us for single use case when we're bringing this much data into the platform and they see what can be unlocked through the value of Splunk, what we have to make sure that they can do is most seamlessly move from use case and value point. So that means from a C. S. Perspective we have to continually make sure that we're doing what customers are asking us to do which is having the right services that deliver the right outcomes that are as prescriptive as possible and that we're doing that across the domain of all of our empire portfolio. So we spend a lot of time making sure that our technical services are scaling to the needs of customers but also everything that we do around success planning and adoption and use case guidance and best practices as well as our education and enablement are as prescriptive as possible for customers whether they are new to Splunk or whether they are scaling Splunk across multiple use cases and multiple areas of their business. >>Certainly a lot of not of multi vendor, multi vendor activities. Modern application development, security is a big part of it. So I have to ask you given all that, what are the top things, top three things for instance that your customers are asking from you guys from C. S perspective customer success >>perspective great question. So I think over, I think what we hear the most frequently is give me a more seamless buying experience with services that are really easy to consume and speed my time to value second and I just mentioned this is I need services that aren't task, just task based to work. I need services that deliver the outcome that I need for the business problem or business opportunity that I am trying to solve for. So make sure that your portfolio lines up with our outcomes And I think 3rd is all about more prescriptive guidance. The world is hard, the world is complex, data is only getting more complex while the opportunity is big, our role is all about prescription and making it as easy as possible. >>So I have to ask you the question that I'm observing, many people are in the industry as well is that Splunk is changing as a company. Um everyone knows the vibe of Splunk is very cool, very chill, very organic, big community vibe, good customer success, everything's going great. You continue to knock it out of the park over the years, but now you're mature company now, Scale is coming in, your customers are getting bigger and bigger. You have existing customers getting new customers, you have new offerings. There's a whole another Splunk coming another level. >>Yeah. How do you, how >>do you view that from a custom respect and you can, you share your reaction to that? >>Yeah, I, you know, I think it's an honor to be part of a company that has such a strong culture and has such great partnership with our customers and it really is all because of who our customers are and I think who are people are internally. But I think growing and scaling and making sure that we are able to deliver the right services at scale is a critical component of what we have to do to help customers along this journey. So the role of you keep saying this, but the role of customer success is to make the complex easy and we do that by making sure that we as an organization have the right data, the right prescription, the right way to serve our customers and the right coverage model no matter where customers are on the journey or who they are and getting and getting the most prescription to them at the right time. And that's that's quite frankly how we scale. But also what our customers asked for. They're asking for more module arised content and they're asking us for more ways that they can drive best practices and use case guidance from right within the product. And those are things that we are working on to help continue to scale out what we're able to do. >>That's a great point. Taking the complexity, make it simple and enable them to be successful. I think data does that you guys are offering that platform which is a great business model by the way, if you can provide those kind of value that's always a winning formula, Make things easy, reduce the steps it takes to do things and make it fast and simple. Uh I have to ask because you mentioned earlier, the top of this interview about digital business, we're here Splunk canceled the conference now is virtual. Were coming in remotely here on site at the studio. They they have a virtual student there now in the media business, which is a data business. You know, you guys are now doing tv with CUBA's here. Um everyone is realizing the pandemic. That digital business now is standard. You're seeing the impact of the instrumentation you mentioned. So as the digital business transformation is accelerated here and this time, not for everybody, it's going to change how customers are behaving. What have you what have you observed at the pandemic? Because it's kind of panel has cleared the runway a little bit for people to to do this properly because you can see what's not working. So what's your thoughts on this whole digital business? Everyone's connected and data is at the center of it. What's your thoughts? >>Yeah, absolutely. I I look, I think, you know what we have seen over the last 12-18 months with this acceleration to a digital business model, is that things and the other dynamics going on or that things are only getting more complex. Right? So strong customers can come to Splunk cloud because we know it reduces complete with complexity in their moves because we are that data platform that allows them to search, investigate and monitor across cloud across multi cloud and across hybrid environments but that's complex. Over the last year we've seen customers get too much quicker value um, in in Splunk cloud right there going through large complex transformation. One of the easiest things you can do is shed the amount of time and money you're spending, managing, monitoring your infrastructure. So coming to Splunk cloud helps accelerate time to value for them in that way. But let's make no mistake, that is really complex. And so part of what we are doing is ramping up our level of focus on those modernization services for customers. So customers who are choosing to come to Splunk cloud for those benefits. We are there from planning and cut over and beyond with more prescriptive tools, more automation and how we move data, more resources and more experts to get customers to Splunk cloud more seamlessly. And that for us from a modernization perspective is one thing that we are hearing clearly customers asking asking for specific in the space so they can take more advantage and move more quickly. >>One of the trends that we're reporting on and I'll get to the headline in silicon angle in a minute, what's reporting on this event is there's more, more surface area, there's more data, there's more tools and tools are important for helping people automate but at the same time if you have more tools you have more blind spots or silos. So when you get into this world of architecture, customers are struggling that we talked to around trying to find the ideal equation of okay balancing architecture platform and tools that's equilibrium if you will by getting access to the data. What's your reaction to that? Because this becomes one of those decisions. I think Splunk shines where you can kind of have the best of a platform at the same time use tooling where relevant to accelerate whether it's automation or other other jobs versus buying tools for everything. >>Yeah and I and so I think part of the part of the thing that we continue to see is with the proliferation of data and data sources and a different degree of complexity in tooling the decisions around what's important and what's not important become much more much more complex for customers and much more difficult for customers to make. So we're changing a lot on the product and pricing side to sort of facilitate that piece. But I think when you're talking about how do I get the most value immediately, what we do across our go to market organization is make sure that we're partnering with customers to say what are the outcomes that you want from you want a need as a priority from a monument infrastructure monitoring for an application performance security perspective and then how do we make sure that we're prioritizing your maturity journey very prescriptively to say here the use cases that are most material here are the data sources that are most material and here's a success plan that helps you get deployed to your priorities so you can start the journey with us and build on that as we go. So again, it's really about how do we make the complex really easy through higher degrees of prescription but really making sure that we're doing our job and tying the prescription to what our customers need most when they need it. >>That's a great segment of my next question. In fact, my final question because because you know the headline on silicon angle dot com that we're reporting for this event is I'll read it to you. Splunk doubles downs on multi cloud data access, observe ability and security at its annual summit. Okay, so balancing the shiny new toy in the North Star Direction vision to practical prescriptive customer journeys is always a balance because you want to talk to customers about the future. Multi cloud, obviously observe ability super important. And honestly if security gonna be built in, okay, we all know that back to the mainstream customer, you're in the customer success. So you want to show them the North Star, show them the headroom, whatever metaphor you want to use at the same time they're dealing with problems and things that they're trying to solve right now. What's your what's your thoughts on on customer success knowing that there's a lot of cool new things coming. >>Yeah, I think our job like I excited, I'll start and in the same sort of started in the same way. Um our job at the end of the day is to help customers get the most out of their current investment was blank and that does and that is all about working on what that maturity journey looks like, prioritizing outcomes that our customers care about and starting and starting that journey. So there's foundational work that needs to be done aligned to priorities. That's where we start and then if we're doing what we need to be doing, creating those prescriptive plans and those success plans, then all of how we deliver to that value is prioritized through what customers need the most when they need it and that is our role and then we believe that by doing that and moving as quickly as we can with customers to get to that value, then we're enabling them to continue on that journey for all the new stuff that's out there that they can explore and get more value from. >>Its always good to have that North star and that china new toy, new technology. So, I have to ask your final final question because I have you here, what have you learned during the pandemic that you could share with other practitioners that are watching or maybe watching this as they look at the best practice because we've seen a lot of evidence where some people have fallen to the side or failed. Didn't weren't prepared. People who were in the cloud experimenting got that tailwind and survived and thrived somewhere re factoring new business were emerging. So you kind of see a pattern, is there anything that you've noticed on your end um that you can share with, you know how to lean into something new? So you don't be left out in the cold if uh the wave comes, a new trend comes that they need to take advantage of like date at the edge or cloud scale. What are some of the things you've you've observed and learned? >>Yeah, that's a great question. So I think, you know, I think for me, my personal learning through the pandemic has been like, we always need to be looking around corners and planning specifically to for our customers and thinking for them in terms of what problems that they will have and we have to anticipate that so that we can pivot and create the right services that help them leverage to do what they need. So very early on. Um even very early on in the pandemic, our professional services team flipped within a two week period doing fully remote and virtual deployments because we knew we couldn't stop time to value given the shift to remote work, our customers were relying on us to deploy so that they could monitor infrastructure um and monitor work from home usage. And I think along with that as we started to see in through the back half digital transformations really pick up and customers move to cloud. We've been working across across the last really 12 to 15 months to really start to plan around what does it take to create the right services and the right capability, not just within Splunk but within our partner ecosystem to effectively move customers to Splunk cloud and help them navigate uh hybrid, multi cloud world with much more speed. And so for me, those are the two things that we really leaned into hard because we were always looking around corners and saying what's next for our customers based on what we're seeing happened in the external environment. >>Great insight, Katie, thank you for coming on the cube. That's awesome. And I think, you know, customers are seeing success formulas and the new ones are emerging and you guys are going the next level is always fun to talk about the future and today at the same time so great to have you on. And certainly at the end of the day the customers, the ones who are deploying and create the innovation with software and data. So thanks for sharing. >>Yeah. Thanks john um really, really happy to spend the time. There's nothing I like to do more than talk about our customers and to all of our customers, huge thank you to you for your partnership and all you're doing to continue to power the world with data. >>It's always good to have a lot of customers to tell the story for you, but I appreciate you. Coming on, congratulations on your success. It's the cube we are here live in the studio of Splunk Studios for their virtual event uh with the remote interview. We're talking all the people in the, in the industry. We can, we're bringing it in. We're going, we're doing the interviews here in person as well as a hybrid event. I'm john for the cube. Thanks for watching. Mm >>mm. Mhm.

>>Well, hello everybody. I'm John Walls here with the cube, and we're very happy to continue our coverage here of a splunk.com 21. And today we're going to talk about cyber security. Uh, obviously everybody is well aware of a number of, uh, breaches that have happened around the globe, but you might say there's been a surge in trying to prevent those from happening down the road. And I'm going to let our guests explain that Ryan Covar, who is the security strategist at Splunk. Ryan. Good to see you with, uh, with us here on the cube. Glad you could join us today. >>Thank you very much. I've wished we could have been doing this in person, but such as the time of life we live. >>Yeah. We have learned to live on zoom that's for sure. And, uh, it's the next best thing to being there. So, uh, again, thanks for that. Um, well, let's talk about surge, if you will. Um, uh, I know obviously Splunk and data security go hand in hand that is a high priority with the, with the company, but now you have a new initiative that you're just now rolling out to take that to an even higher level. Tell us about that. >>Yeah, something I'm extremely excited to announce. Uh, it's the first time we're really talking about it is that.com 21, which is wonderful. And it's kind of the culmination of my seven years here at Splunk. Uh, before I came to Splunk, I did about 20 years of cyber security research and defense and nation state hunting and threat intelligence and policy and compliance, and just about everything, uh, public sector in the U S and the UK private sector, a couple of different places. So I've kind of been around the block. And one of the things I've found that I'm really passionate about is just being a network defender or a blue teamer. And a lot of my time here at Splunk has been around that. It's been speaking at conferences, doing research, um, coming up with ways to basically defend organizations, but the tools they have at hand and something that we say Alon is, uh, we, we work on the problems of today and tomorrow, not the distant future, right? >>The really practical things. And we had an, you know, there was a little bit of a thing called solar winds. You might've heard of it. Um, that happened earlier in December and we were able to stand up kind of on an ad hoc ragtag group of Splunkers around the world, uh, in a matter of hours. And we worked about 24 hours for panning over to Australia, into a Mia, and then back over to America and able to publish really helpful work to, for our customers to detect or defend or mitigate against what we knew at the time around solar winds, the attack. And then as time went on, we were continuing to write and create material, but we didn't have a group that was focused on it. We were all kind of chipping in after hours or, you know, deep deprecating, other bits of work. >>And I said, you know, we really need to focus on this. This is a big deal. And how can we actually surge up to meet these needs if you will, uh, the play on the punter. So we created an idea of a small team, a dedicated to current events and also doing security research around the problems that are facing around the world insecurity who use Splunk and maybe even those who don't. And that's where the idea of this team was formed. And we've been working all summer. We're releasing our first research project, excuse me, uh, at.com, which is around supply chain, compromise using jaw three Zeke and Splunk, uh, author by myself and primarily Marcus law era. And we have other research projects coming out every quarter, along with doing this work around, just helping people with any sort of immediate cybersecurity threat that we're able to assist with. >>So what are you hoping that security teams can get out of this work? Obviously you're investing a lot of resources and doing the research, I assume, diversifying, you know, the areas and to which you're, um, exploring, um, ultimately what would be the takeaway if I was on the other end, if I was on the client and what would you hope that I would be, uh, extracting from this work? >>Sure. We want to get you promoted. I mean, that's kind of the, the joke of it, but we, we talk a lot. I want to make everyone in the world who use a Splunk or cybersecurity, looked into their bosses and defend their company as fast and quickly as possible. So one of the big, mandates for my team is creating consumable, actionable work and research. So we, you know, we joke a lot that, you know, I have a pretty thick beard here. One might even call it a neck beard and a lot of people in our community, we create things for what I would call wizards, cybersecurity wizards, and we go to conferences and we talk from wizard to wizard, and we kind of sit on our ivory tower on stage and kind of proclaim out how to do things. And I've sat on the other side and sometimes those sound great, but they're not actually helping people with their job today. And so the takeaway for me, what I hope people are able to take away is we're here for you. We're here for the little guys, the network defenders, we're creating things that we're hoping you can immediately take home and implement and do and make better detections and really find the things that are immediate threats to your network and not necessarily having to, you know, create a whole new environment or apply magic. So >>Is there a difference then in terms of say enterprise threats, as opposed to, if I'm a small business or of a medium sized business, maybe I have four or 500 employees as opposed to four or 5,000 or 40,000. Um, what about, you know, finding that ground where you can address both of those levels of, of business and of concern, >>You know, 20 years ago or 10 years ago? I would've answered that question very differently and I fully acknowledge I have a bias in nation state threats. That's what I'm primarily trained in, however, in the last five years, uh, thanks or not. Thanks to ransomware. What we're seeing is the same threats that are affecting and impacting fortune 100 fortune 10 companies. The entire federal government of the United States are the exact same threats that are actually impacting and causing havoc on smaller organizations and businesses. So the reality is in today's threat landscape. I do believe actually the threat is the same to each, but it is not the same level of capabilities for a 100% or 500 person company to a company, the size of Splunk or a fortune 100 company. Um, and that's something that we are actually focusing on is how do we create things to help every size of that business, >>Giving me the tools, right, exactly. >>Which is giving you the power to fight that battle yourself as much as possible, because you may never be able to have the head count of a fortune 100 company, but thanks to the power of software and tools and things like the cloud, you might have some force multipliers that we're hoping to create for you in a much more package consumable method. >>Yeah. Let's go back to the research that you mentioned. Um, how did you pick the first topic? I mean, because this is your, your splash and, and I'm sure there was a lot of thought put into where do we want to dive in >>First? You know, I'd love to say there was a lot of thought put into it because it would make me sound smarter, but it was something we all just immediately knew was a gap. Um, you know, solar winds, which was a supply chain, compromise attack really revealed to many of us something that, um, you know, reporters had been talking about for years, but we never really saw come to fruition was a real actionable threat. And when we started looking at our library of offerings and what we could actually help customers with, I talked over 175 federal and private sector companies around the world in a month and a half after solar winds. And a lot of times the answer was, yeah, we can't really help you with this specific part of the problem. We can help you around all sorts of other places, but like, gosh, how do you actually detect this? >>And there's not a great answer. And that really bothered me. And to be perfectly honest, that was part of the reason that we founded the team. So it was a very obvious next step was, well, this is why we're creating the team. Then our first product should probably be around this problem. And then you say, okay, supply chain, that's really big. That's a huge chunk of work. So the first question is like, well, what can we actually affect change on without talking about things like quantum computing, right? Which are all things that are, you know, blockchain, quantum computing, these are all solutions that are actually possible to solve or mitigate supply chain compromise, but it's not happening today. And it sure as heck isn't even happening tomorrow. So how do we create something that's digestible today? And so what Marcus did, and one of his true skillsets is really refining the problem down, down, down, down. >>And where can we get to the point of, Hey, this is data that we think most organizations have a chance of collecting. These are methodologies that we think people can do and how can they actually implement them with success in their network. And then we test that and then we kind of keep doing a huge fan of the concept of OODA loop, orient, orient, observe, decide, and act. And we do that through our hypothesizing. We kind of keep looking at that and iterating over and over and over again, until we're able to come up with a solution that seems to be applicable for the personas that we're trying to help. And that's where we got out with this research of, Hey, collect network data, use a tool like Splunk and some of our built-in statistical analysis functions and come out the other side. And I'll be honest, we're not solving the problem. >>We're helping you with the problem. And I think that's a key differentiator of what we're saying is there is no silver bullet and frankly, anyone that tells you they can solve supply chain, uh, let me know, cause I want to join that hot new startup. Um, the reality is we can help you go from a field of haystacks to a single haystack and inside that single haystack, there's a needle, right? And there's actually a lot of value in that because before the PR problem was unapproachable, and now we've gotten it down to saying like, Hey, use your traditional tools, use your traditional analytic craft on a much smaller set of data where we've pretty much verified that there's something here, but look right here. And that's where we kind of focused. >>You talked about, you know, and we all know about the importance and really the emphasis that's put on data protection, right? Um, at the same time, can you use data to help you protect? I mean, is there information or insight that could be gleaned from, from data that whether it's behavior or whatever the case might be, that, that not only, uh, is something that you can operationalize and it's a good thing for your business, but you could also put it into practice in terms of your security practices to >>A hundred percent. The, the undervalued aspect of cybersecurity in my opinion, is elbow grease. Um, you can buy a lot of tools, uh, but the reality is to get value immediately. Usually the easiest place to start is just doing the hard detail oriented work. And so when you ask, is there data that can help you immediately data analytics? Actually, I go to, um, knowing what you have in your network, knowing what you have, that you're actually trying to protect asset and inventory, CMDB, things like this, which is not attractive. It's not something people want to talk about, but it's actually the basis of all good security. How do you possibly defend something if you don't know what you're defending and where it is. And something that we found in our research was in order to detect and find anomalous behavior of systems communicating outbound, um, it's too much. >>So what you have to do is limit the scope down to those critical assets that you're most concerned about and a perfect example of critical asset. And there's no, no shame or victim blaming here, put on solar winds. Uh, it's just that, that is an example of an appliance server that has massive impact on the organization as we saw in 2020. And how can you actually find that if you don't know where it is? So really that first step is taking the data that you already have and saying, let's find all the systems that we're trying to protect. And what's often known as a crown jewels approach, and then applying these advanced analytics on top of those crown jewel approaches to limit the data scope and really get it to just what you're trying to protect. And once you're positive that you have that fairly well defended, then you go out to the next tier and the next tier in next year. And that's a great approach, take things you're already doing today and applying them and getting better results tomorrow. >>No, before I let you go, um, I I'd like to just have you put a, uh, a bow on surge, if you will, on that package, why is this a big deal to you? It's been a long time in the making. I know you're very happy about the rollout of this week. Um, you know, what's the impact you want to have? Why is it important? >>We did a lot of literature review. I have a very analytical background. My time working at DARPA taught me a lot about doing research and development and on laying out the value of failure, um, and how much sometimes even failing as long as you talk about it and talk about your approach and methodology and share that is important. And the other part of this is I see a lot of work done by many other wonderful organizations, uh, but they're really solving for a problem further down the road or they're creating solutions that not everyone can implement. And so what I think is so important and what's different about our team is we're not only thinking differently, we're hiring differently. You know, we have people who have a threat intelligence background from the white house. We have another researcher who did 10 years at DARPA insecurity, research and development. >>Uh, we've recently hired a, a former journalist who she's made a career pivot into cybersecurity, and she's helping us really review the data and what people are facing and come up with a real connection to make sure we are tackling the right problems. And so to me, what I'm most excited about is we're not only trying to solve different problems. And I think what most of the world is looking at for cybersecurity research, we've staffed it to be different, think different and come up with things that are probably a little less, um, normal than everyone's seen before. And I'm excited about that. >>Well, and, and rightly so, uh, Ryan, thanks for the time, a pleasure to have you here on the cube and, uh, the information again, the initiative is Serge, check it out, uh, spunk very much active in the cyber security protection business. And so we have certainly appreciate that effort. Thank you, Ryan. >>Well, thank you very much, John. You bet Ryan, >>Covar joining us here on our cube coverage. We continue our coverage of.com for 21.

>>Hi, welcome to the cubes coverage of splunk.com 21. I need some Martin Brian Berg joins me next director at Accenture leading the EMEA Splunk partnership. Brian, welcome to the program. Talk to me a little bit about the Splunk Accenture partnership. This goes back about five years, I believe. >>Yeah, let me provide a bit of, uh, of a history. Uh, we have been starting with Splunk very intensively more than five years ago. Uh, we have been working very closely together to create something like an incubator approach to really serve the markets as, as best as possible. It was really successful. So exponential growth far beyond the markets, uh, for the last five years. So I'm really proud to be part of that journey. And, uh, the partnership is kind of anchored around three core components. The first component is what we typically call matching up our deep Accentia industry expertise with cloud spend Splunk technology. So it really gives a unique differentiator in the market combining that unique industry understanding and the Splunk technology, which is really capable to have an end to end platform for our clients. I'll give you an example a couple of years ago with, and starting to work in Germany was Dr. >>Bank cargo, which is one of the leading European, uh, freights or companies that, where we really put the Splunk that Phonto to the stretch and are using even IOT data like vegan shots, sensors, or locomotive data to create very fancy, you know, the use cases. So that, that's just an example how the deep industry expertise of Accentia and the blank technology expertise can work together. So the second part, maybe just to mention that is that Accenture in the partnership is developing industrialized solutions and that is, uh, needing to Accentia IP, which very rapidly can serve our customers in creating value and to transforming our clients on their journey. A great example is our supply chain of ring. We have developed a supply chain control tower, which has these days, obviously with the pandemic situation and the supply chain issues, uh, impacting our economic, uh, return. Uh, recovery is a very specific and very strong case. You can really use Splunk as a real time supply chain tour, and that's kind of the industrialized vertical solutions, which we also, uh, did in our partnership at last. Let me comment on that one, the kind of service pillar is really around cloud. So we are focusing heavily on the cloud business. As we see Splunk also an enabler of the cloud journey for our clients >>And both Splunk and Accenture on their own, uh, digital transformation Splunk going to some subscription only back in 2019, Accenture beginning, it's a cloud transformation, 2015. Talk to me about the cloud first initiative. You launched this about a year ago. So during a very challenging time, talk to me about the objectives of the cloud first initiative, how you're working together with Splunk and what some of the value is in it for the customers. >>So Accenture really sings clouds. You see it that we did a very aggressive transformation. The shift we even changed our organization, organizational structure, how we serve our customers within our cloud service to approach. So we combine our expertise from our strategy and consulting experts with implementation and delivery expertise, to have the full end, to end perspective on what we need to transform and transition our clients into the cloud journey. Um, and we are heavily investing into the cloud markets. Uh, we are doing research, uh, in the market to understand also the client needs and the market developments. For example, we recently launched a European, uh, study called cloud continuum where we interviewed more than 4,000 executives around the globe on what are the key priorities along their cloud journey? What is it really that makes it unique and differentiated? Uh, and we see what are the driving factors in the cloud market in Europe, it's a bit special as compared to the us, uh, the key priority driver of our clients moving into the cloud is cost competitive toughness. So they are really moving into the cloud to save costs. The cost play only the second, uh, kind of the answer was like 38% of respondents has been elaborating around increasing customer value. And here you see already the difference between Europe and us, uh, it's, it's much, much lagging behind in terms of understanding the data in your cloud to create new business opportunities and new business value for your customers, which, uh, which is typically, uh, an opportunity, but also challenge >>One of the challenges that organizations often face regardless of where they are in the world is looking at cloud from a price point perspective rather than a transformational journey perspective. But it sounds like you've actually seen the opposite with this survey that you mentioned. >>Yeah. I mean, that's, that's a fair point. So as set, uh, in, in Europe, we are having many clients and customers focusing on the cost competitiveness, but that typically just one key challenge. Uh, another challenge, especially in Europe is around complexity of our data regulation of trust and compliance. So that very often leads to, again, silos in the cloud architecture. So typically something you would want to overcome with the cloud journey and again, in a kind of siloed infrastructure. So we are having, we have seen that more than 60% of our customers have stirred parts of that data and on-premise data stores. They have kind of hybrid cloud environments. We have more than 48% of our customers in kind of a cloud environment. So you will see that the cloud journey again is a very complex task complex journey, and you are ending up very often in a new silos and he explained comes into play because blank can enable you to have the end to end perspective across your full stack, including a multi and hybrid cloud environment. And that's why the reason why we are looking for a strong interlock of our Splunk business into our cloud first approach to really bring that value into our cloud journey of our customers. >>So the, the complexity is, has been increasing. You mentioned a very high percentage of customers in that hybrid multi-cloud environment. How do you Accenture in Splunk, how does this cloud first initiative help address the complexities that cloud that a multi-cloud environment brings and unlock the opportunities in all of this data? >>Yeah, I mean, there's different ways to see that in my perspective, the cloud transformation, the cloud journey always requires a smart data cloud strategy as a core tool. I call it the core to win because without the cloud data strategy, you are losing really the benefit of the cloud journey in terms of the full value potential of your data. Um, I do see like an evolutionary path of the cloud transformation. First of all, is bringing and transitioning our clients into the cloud. And Splunk would be at the first milestone, the end to end perspective of having the cloud transplant, the cloud ops of ability and club monitoring capability. So it's combining the end-to-end picture and mighty cloud hybrid cloud environment in a single pane of glass, which is really unique from a technology perspective. But in the second step, it could even go further and talking about machine learning technologies about AI and bringing that to the next level on that evolutionary path. >>That's what we typically call AI ops. And that again makes a difference in terms of automation, in terms of efficiencies, in terms of prediction capabilities, which is a huge advantage and value potential for our clients. And the third step is coming back a bit to your point in terms of leaving the data value, uh, in the cloud. So if you are getting more and more advanced, you have so much data in your cloud that you could even use it for new business models for new customer service use cases. Uh, and that's kind of the kind of evolutionary past what I call the data to everything cloud, which is very similar to where Splunk is positioning and using all that data and to end for really bringing value and additional value, add to your customers. There's a >>Tremendous amount of value in that data. If it can be analyzed the value unlocked and analyzed and acted on in real time so that organizations can make business decisions on products and services. And obviously from a competitive differentiation perspective, there's a tremendous amount, a tremendous amount of value. And unlocking that data. What are you seeing in the last, in the last year, since there's been so much acceleration where the customers are coming to you saying Accenture Splunk, help us figure out how to migrate to the cloud. We've got to go quickly, we've got these competitive pressures, we've got a very dynamic world market. What's that pathway like? >>Yeah, it's a very interesting time. So typically you see this cloud transformation journeys as a journey of several years. And in the pandemic situation, you have seen that a couple of months for some of our clients, because it's really important to survive in this very disruptive economic situations. So obviously you start first with, uh, getting the basics done with kind of getting the migration done, getting the migration to the cloud and uplifting our client's technology to the next. So the new kind of cloud paradigm, but, uh, assets that kind of next evolutionary path would be increased. Automation would be increased usage of all the cloud data for additional value add and additional business models. Our client use cases. So that's kind of the starting discussion always is how to bring it to the cloud and how to create that flexibility. That also that grows flexibility in terms of being more resilient, being more agile as a customer, but a Splunk can do much, much more. And that's the story we want to, and we want to explain to the market that the basic steps are the right ones and Splunk is getting you there, especially in multi hybrid thought environments. But the very next step is really untapping. The value. >>A lot of organizations have been challenged culturally in the last year and a half with suddenly this distribution of the workforce. And now here we are still in a distributed environment, maybe getting towards a hybrid model, but cultural change is challenging for organizations in any industry where is cultural change as a part of the pathway that Accenture and Splunk help customers to create >>Absolutely spot on sex dealer for the question. And going back to the research research I was talking earlier on, we have also seen that 46% of our clients are really challenged by the complexity of the transition it's complexity of their business, of their business processes, but also the complexity of the operational change. And that really is a major pitfall and th and the major challenge for us. It's not only a technological challenge, but also it's a change and kind of transition management where we also have specified specialized ones items for an hour at, you know, practice our terms and, and change our practice, which are supporting our clients along that transition journey from a cultural perspective, because I mean, you can change your, your it infrastructure. You can create a new architecture in the cloud, but it's really about getting the business into the next level of understanding these complex data situations and processes and leveraging the value of the cloud. So that's a huge business change as well. >>It is a huge business change, which is challenging for a lot of folks again, given the distributed nature with which in which we are still working. Talk to me about an example of a, of a successful customer that, uh, Accenture and Splunk have worked with in the last year. Who's really embraced the cloud first initiative and is transforming their organizations to not only survive these challenging times, but to thrive as well. >>Yeah, one of my favorite examples is a leading hotel chain. Obviously the hotel industry has been heavily impacted by COVID. Uh, so, uh, there was a need to change to a need to get more resilient, more agile and more flexible. You think the cloud transformation story also, again, as a cost transformation play, but also changing the way the business is working. So we started with a typical cloud transformation journey. Uh, we evolved it towards what we, what we call the AI ops scenario in terms of really using machine learning technologies and AI, to get more prediction, more automation, more efficiencies. So we could even reduce, uh, the operational cost by more than 5%, which is a huge baseline and leading a global companies, uh, which frees up a lot of money, which you can then reinvest for kind of new, smarter business use cases in addressing your clients and understanding your clients and ultimately generating new value for your clients. So that's a very nice example of how you could start with an it transformation journey, changing into the cloud architecture, using AI ops, to freeing up resources for new addresses for kind of new addressable cut customer use cases and business benefits. >>What's the go to market like working customers go to learn more and get started. Are they starting with Accenture? And they starting with Splunk? Can I do both? >>We have a very collaborative partnership with Splunk. We have a strong partnership team as we speak. We have more like more than 4,000 people working on Splunk projects globally. So it's a very strong capability. Um, you can reach out to Accentia and, uh, you can reach out to Splunk. It's kind of a collaborator strategic go-to-market approach nursing. That's also a bit the advantage of the Splunk Accenture partnership that we are very closely, very collaboratively going to the market. Yes, exemptions bringing IP and assets, empty industrialized delivery methodology. We are able to really scale up globally across the market and Splunk is bringing their technology and the expertise. I think it's a winning combination >>And winning complication and not collaboration is certainly critical to enable that. Brian last question would be, as we approach the end of calendar year 2021, what are some of the things on the horizon for the cloud first initiative that you're excited about as we enter 2022, >>I think it's really getting traction. Now. We have seen a lot of our clients going into the cloud, but asset, from my perspective, it's just the start of the journey. So once you get that kind of, uh, interesting milestone start, you can create the automation efficiencies. You can create the data value and use the data very for new CRM scenarios, new years use cases. And that's where it really gets interesting and fun and innovative in getting all these data across your company and understanding and being creative, how you can use that to benefit your customer and to bring that customer experience to the next level. And that's what I'm looking really forward to coming from the it transformation, the cloud transformation journey to the customer experience and to improving the customer perspective. >>Improving the customer perspective is key. As, as the customer experience, we're all customers in our daily lives and our personal lives and our business lives. And we have this expectation that any organization we're dealing with is going to be able to give us a stellar experience. Brian, thank you for joining me on the cube today, sharing the latest and greatest and the Splunk Accenture partnership, the value that you're delivering for customers and some of the things that you're excited about as we go forward. We appreciate your time. >>Thanks for >>Having me. My pleasure for Brian Berg. I'm Lisa Martin. You're watching the cubes coverage of splunk.com 21.

>>Hi, everyone. Welcome back to the cubes coverage of splunk.com, virtual 2021. I'm John Ford, your host of the cube. We're here with Teresa Carlson, special guests cube alumni. Who's now the president and chief growth officer of Splunk. Teresa, welcome back to the queue. >>So glad you're here with us >>As the president of Splunk. Great to see you. Great to see you. So we've had many conversations in the queue. When you were the chief of public sector of Amazon web services, you grew that business significantly over the years. We've documented on the cube and we've talked about I've written about it. Um, now Splunk, it feels a lot like AWS was back in LA a couple of years ago, where you have this amazing product everyone's using. They don't lose customers. They're getting customers they're in the middle of the security thing, which you know a lot about, and they have this large enterprise base growing. It's just a minute. Grazer leaning in Splunk is, seems to be going to the next level. >>Totally. Well, you nailed it. I would say we're definitely in a scale mode at this point at Splunk. And also to your point, our customers are so loyal to us and we're seeing actually customers with more than a million dollars doubling their spend almost with us. Uh, it's pretty cool. And now we have this cloud portfolio, which is one of my jobs, as you know, I love, I've got my cloud shirt on. I've been believer in cloud. I'm a real believer. You know, I saw the transformational effects of cloud in real time, over 11 years and bringing that here even more to utilize that in our security and observability spaces is quite phenomenal. And then you see again in a much more, uh, set of segmented workloads, how customers take advantage of this. And of course today, like no other John security is just top of mind. It's always been you and I talked earlier about how security kind of evolved over the years and public sector led some of that over time. And then commercial industry say, you know, wow, that today it's, I mean, it's more than top of mind for not just every enterprise organization and government entity, but it's also every board out there. It's something that we think about internal threat, external threat. How do we manage it? How do we get the data around it to understand it? And then how do we take action on it? >>I seen you up on stage as a senior leader here at Splunk, um, at the virtual venue at a great keynote was a lot of news. And we'll get into that in a second, but I want to ask you, knowing you personally and covering you over the years of Amazon web services, you've been a fierce competitor. Okay. But you also have been a great people, person, people loved working for you, Splunk, is it the same? We've been covering them just as long as we cover an ADFS. The culture seemed to fit because Splunk is kind of competitive, but they're kind of quiet, competitive culture. Yeah. Interesting. Tell us about, tell us about your experience. >>Well, and I think we can, yeah, we can do it in our own Spanky way. I'm learning new it's six minutes today that I've been as blind quiches and believable that I've been here this long already, but, uh, Splunk has a very quirky culture, which I led. They have a lot of fan. They have a big following and I'm so sorry that everyone couldn't attend in person, but the virtual social media feeds are off the charts. I mean, I'm just, I'm having so much fencing high already. They come together. It's a real community, but, uh, yeah, on the competition front, here's what reminds me so much about my old world is that I always love that when somebody wakes up and realizes that it's a huge industry and they want to participate. And that's kind of what happened when I was at AWS and now it's blank. >>I'm like, Hey, all these companies are waking up and saying, data's this real thing. It's like a $90 billion plus industry and growing, and then data with security. Hello, are you kidding me? So I feel like really that's kind of what's happened. And Splunk has such a unique set of tools and solutions that just work, they work. And that's what customers, I have heard that statement from customers and partners so much that it just works. And the other thing that's pretty unique about us, I would say John is our ability to navigate between an on-prem world and a cloud world in a unique set of areas like IOT, edge computing. So wherever customer's data is multiple clouds, we're able to take advantage of that for the customer. So they make the choice of where that data comes from and they use the splint tooling then to be able to get those insights and information >>Well, great to have you on the Cuban grid, that's swung to have you, and they're going to be lucky to have you going to do a lot stuff, knowing you and knowing the Splunk community and the team here. A great team. Now talking about the announcements, look at what's going on. Obviously security is still in everything. Yep. A couple of things, rebranding of the partner versus sends a huge message of the ecosystem. You know, that movie you've seen that movie before, um, digital journey for customer success. Again, they have tons of customers that have been with them from beginning and new customers, but they've got to go government action going on here. Whereas you know, a lot about the government logging in monetization program. >>Yeah. Well, as you know, the government, uh, you got 11, but they do continually come up with N fended mandates. And my government customers always have said, oh my gosh, I've got another unfunded mandate. So we're really helping them at that because yes, while it's infested in this budget this year, as it states, they know how important it is. And I do think this initiative is something that is going to have a waterfall effect into the commercial industries. Also just like a lot of these things do and around security, uh, but it's important that we help our government customer made as best as they can. So we've come up with, I think, a very unique offering that they can take advantage of for Splunk and we're going to be out there helping them every way. And, and hopefully John L also helped them learn more about cross governmental, what they're doing and how they can understand from their logs and metrics even more about how to protect. Yes. >>One of the things that we've talked about before in the past, but how cloud-scale, and as creates ecosystems, Amazon VMware, you seeing all these ecosystems that have been thriving for, for decades, Splunk has an ecosystem developing very, very fast. Their partners are, are loyal and they're making money with them. And they're being delivered solutions as data becomes the new enablement. How do you see the role of the partners that growing? How do you see them evolving over time? >>Well, let me just tell you, I'm, I'm a real believer in the partner community. I mean, firsthand over the years, my time at Microsoft at AWS, I saw it as an unbelievable force multiplier to your business. And I mean that, and they do things that you don't even think of. I, you know, I'm always amazed at partners. I'm like, oh, you're using the tool for that. Wow. So while we are broadly good, we're, we're very good at what we do, but we cannot understand every horizontal or vertical industry out there. And the reason it's important to have partners, they can take you to places that you never dreamed. And for us, if you look at the categories, we need our CSP or cloud service providers to be able to really help us make sure that we take advantage of the cloud platforms that are out there and our primary, we AWS, and then Google cloud. >>Uh, and then after that we work, we work with both those a migration. You saw Steve Schmidt today. Good friend of mine love Steve. And the work we're doing. And you saw, we were one of the first migration partners with AWS. You'll see us continue that program. We'll work together to continue to look for security services jointly that we can offer. And we're a customer of theirs. They're a customer of ours. It makes a good partnership. And then additionally, you have, uh, you have your MSPs, right? Your managed service providers. And today we talked about blue buoyant who had multiples, and these are partners out there that have a unique offering for me, generally managed security or observability in the marketplace. They take the Splunk toolkit, they add to it and they have it off, offered out to their customers. Um, and then you have your largest size like Accenture. I'm so excited about that. First of all, led Julie Sweet. She's an amazing CEO and leader. Uh, and w in what they're doing with this, they've been a long-standing partner of ours, but now they've actually made us part of their, one of their 11 business groups. So it's Accenture plus Splunk, and now they'll take us into all of their industries together. So it's huge. And, you know, >>Does that mean cause, cause this is a business deal. This isn't just like a, you know, some sort of deal where you guys saying we're going together. This is a specific division. >>That's right. That's right. So they have a leaven partners that they work with. AWS is one of them. SAP's one of them. Uh, IBM's one of them, Salesforce, I believe is one of them. And they have, they have experts at Accenture that can go into customers to implement tools and services for customers at the enterprise level. And so they have selected. Splunk is one of those business partners that you heard Paul today talk about. We already have 400 customers together and growing, we will expand that, but it's a joint effort of both go-to-market selling and technical resources that will deliver. But for Splunk, again, it's back to that horizontal and vertical slicing where they can take us into security practice that they have chosen. Splunk is one of their security offerings and it's important that we really support them. But also in the splint, a partner verse, we're going to do some new things. >>John, if I just first take and talk about it, we've had a great partner program, but now we're going to Korea's credits, uh, technology, architecture, tooling support, uh, getting in, you know, to certify themselves, to be pro serve ready for those migrations and modernizations. But also really what we heard from a lot of them is they need more training and education remaster to understand our new cloud offerings. And that makes sense. So it's more digital and more cloud oriented with these partners. And then guess what they would love for us to talk about how great they are and we should. So when we get them out there that helps our customers really understand the offerings they have in the marketplace >>At Brooke honeymoon was saying she didn't do a lot more listening and they're working on this next level partner verse. I found that really interesting, all sorts of Katie beyond key. I talked with she's the SVP of customer success, something you're I know you're obsessed about. You always work backwards from the customers as the AWS way. How do you view customer stuff? Because you have a lot of different customers, you have diverse customers. What's important. What are you going to keep Katie's on top of this, but what's your view. >>We ha we do have a lot of different customers. However, we have a concentration of the largest, most important and influential customers in the world. So our customer base is very large enterprise oriented, multiple departments within that enterprise take advantage of Splunk. We work with 90 to the 100 fortune 100 companies, and we've worked with them for a long time. And like I said, we're continuing to see them use more of splice, not less as blank. And the way that that happens is, and I hear from him, I sit and talk to him and they're like, now we're using Splunk in these multiple departments and we need to bring it all together at the enterprise level for the C-suite to look at it. Now, I know it sounds a little strange John, but that's changed a bit over the years. And that is because, you know, if you look at big spenders at an enterprise, he spends a lot of money because they need to at dev, you know, uh, security, right. Security infrastructure, and they need to monitor all that. They need to understand it, but guess what they want, understand it now at the corporate level. And they need it at the CIO, they need at the Cisco level for threat analysis. And then now boards want more and more that information they want to roll up of what's happening. So we're seeing a trend where the C-suite, the senior executives really are much more interested in Splunk. It used to be very departmental. >>I'll throw another wrench in the equation. There is one developers want shifting left. They want real time data security policy in the development, CDC at pipelining. So another problem. Yeah. >>Yeah. And developers lever tools. And again, they're, they're another unique group I should totally talk about. That takes your tools to another level and really fears that ways within their customer set to take advantage of the tooling. >>He's a great to see you. Congratulations on a new opportunity here. And the leadership at Splunk, um, really perfectly poised to take the growth of the cloud. That's. So I have to ask you, what's your mission? What's your mission for the next year as you come on? You're six months in what's the, >>Well, for us, here's blankets, continuing to scale, really listening to our customers and partners. It sounds, I don't want it to sound like a cliche. We really are spending time listening and working back, Sean and I are working. He's their president of technology products and technology. He and I are working very closely to look at features and functionality that we need to be talking about. Uh, it is about taking advantage of the partner community in a way to support them, to help again, get us into new areas of the business. And then lastly, continue to make sure that we have the training and education for customers directly because our tools and technologies are evolving. And if I've learned anything over the last 11 years is cloud is a step change for a lot of customers and they're still hybrid. So it's important that we meet them where they are, but help them get over that bridge so that they have that full digital journey. So that's what you're going to see me focused on. I'm super excited. >>I was talking with Claire, the CMO just before you leave, I want to get your reaction. This event went virtual the last minute. It became a studio here in Silicon valley. You're a media company now Splunk. Yeah. >>It's like it. I mean, it is amazing what we accomplished today. Uh, I, you know, I don't want to pre give numbers, but we had way, way over 20,000 today, online and, uh, growing. So the numbers we're still looking at, but it was unbelievable. And we had, I think we had had like 22,000 registered and we even got more. So people joined in, they stay, they watched the keynote, there were out narrow specialty sessions. And I all agree, like it was pretty cool. It was a step change because we were thinking about doing it in person. We took a pulse and we said, you know, we think we can actually do a better job this year because of COVID steel. If we do it all virtually and it turned out and we have you, so look at this, you're like, we have you here. And I love your cool backdrop here, John. Yeah. >>Well, you guys do a great job. You guys are a media company. Now you're telling your own stories direct. There's a lot of stories to tell. Thank you for coming on the cube. Great to see you >>Again. John's great to see you because the >>Cubes coverage here at.com 2021 virtual I'm John for your host of the cube. Thanks for watching.