(upbeat music) >> Narrator: Live from Las Vegas, it's theCUBE, covering Splunk .Conf19. Brought to you by Splunk. >> Welcome to theCUBE everybody, we're here in Las Vegas for Splunk's .Conf, I'm John Furrier, host of theCUBE, here with Lisa Martin for the next three days. Lisa will be here tomorrow and the next day. I'm going to be carrying it solo, this is our seventh year .Conf, Splunk's conference celebrating their 10th year. Our first guest is Melissa Zicopula, vice president of managed services of Herjavec Group. Robert's been on before, welcome to theCUBE. >> Thank you. >> I always get that, Herjavec? >> Herjavec Group. >> Herjavec Group. >> Happy to be here. >> Well known for the Shark Tank, but what's really interesting about Robert and your company is that we had multiple conversations and the Shark Tanks is what he's known for in the celebrity world. >> Melissa: Yes. >> But he's a nerd, he's a geek, he's one of us! (laughing) >> He's absolutely a cyber-security expert in the field, yes. >> So tell us what's going on this year at .Conf obviously security continues to be focus you guys have a booth here, what's the message you guys are sharing, what's the story from your standpoint? >> Yeah, so we do, Herjavec we're focusing on managed security services, where information security is all we do, focusing on 24/7 threat detection, security operations and also threat management. So, we want to be able to demo a lot of our capabilities, we're powered by Splunk, our HG analytics platform uses, heavily uses Splunk on the back end. So we want to be able to showcase for our customers, our clients, our prospects different types of use cases, different types of ways to detect malicious activity, while leveraging the tool itself. >> And data we're been covering since 2013, Splunk's .Conf, it's always been a data problem, but the data problem gets bigger and bigger, there's more volume than ever before which shifts the terms to the adversaries because ransomware is at an all time high. >> Melissa: Sure. >> Data is where the value is, but that's also where the attack vectors are coming from. This isn't going away. >> Absolutely, yeah, we want to focus on not just what type of data you're ingesting into your instance but to also understand what types of log sources you're feeding into your sim today. So we have experts actually focus on evaluating the type of log sources we're bringing in. Everything from IPS, to AV, to firewall you know, solutions into the sim so that way we can build use cases those, to be able to detect different types of activity. We leverage different types of methodologies, one of them is Mitre framework, CIS top 20. And being able to couple those two together it's able to give you a better detection mechanism in place. >> I want to some kind of, clarification questions because we talked to a lot of CSOs and CIOs and and CXOs in general. >> Melissa: Sure. >> The roles are changing, but the acronyms of the providers out in the market place are specializing, some have unique focuses, some have breadth, some have depth, you guys are an MSSPP. So, MSSPP, not to be confused with an MSP. Or ISV, there's different acronyms, what is the difference between an MSSPP versus an MSP? >> Melissa: Correct, so it's, we are a MSSP, which is a Managed Security Service Provider. And what we do is just, we're focused on we're very security-centric. So information, security is all we do everything from threat detection, we even have a consulting advisory role where we're actually doing penetration exams. We're PCI compliant, obviously SOC operations are the bread and butter of our service. Whereas, other MSPs, Managed Services Providers, they can do anything from architecture, network operations in that purview. So, we're focused on more of SIM solutions, endpoint, being able to manage any of your security technologies. And also, monitor them to take a fact into the SOC. >> So you guys are very focused? >> Melissa: Very focused on security. >> Then what's the key decision point for a customer to go with you guys, and what's the supplier relationship to the buyer because they're buying everything these days! >> Melissa: Sure. >> But they want to try and get it narrowed down so the right people are in the right place. >> Melissa: Yeah, so one of the great things about Herjavec Group is we are, you know, we're vendor agnostic, we have tons of experts in, you know, expertise resources that monitor, manage different types of technologies. Whether it's Splunk and other technologies out there, we have a team of people, that are very, very, you know, centric to actually monitor and manage them. >> How big is Splunk, in relative with your services? How involved are they with the scope? >> Melissa: Over 60% of our managed clients today, utilize Splunk, they're heavy Splunk users, they also utilize Splunk ES, Splunk Core, and from a management side, they're implementing them into their service. All of the CSOs and CROs or CIOs are leveraging and using it, not just for monitoring and security but they're also using it in development environments, as well as their network operations. >> So, one of the things I've been, I won't say preaching, because I do tend to preach a lot, but I've been saying and amplifying, is that tools that have come a long in the business and there's platforms and Splunk has always kind of been that, a platform provider, but also a good tool for folks. But, they've been enabling value, you guys have built an app on Splunk, the proprietary solutions. >> Absolutely. >> Could you tell me about that because this is really where the value starts to shift, where domain expertise focused practices and services, like you guys are doing, are building on someone else's platform with data, talk about your proprietary app. >> Absolutely, so we discovered, a few years ago, was that customers needed help getting to the data faster. So we were able to build in built-in queries, you know literally one click, say if you wanted to get to a statistical side of how many data sources are logging your SIM, is the data, you know, modeling complete, you know, is there anything missing in the environment or are there any gaps that we need to fill? You're able to do it by just clicking on a couple of different, you know, buttons within the tool itself. It gives you a holistic view of not just the alerts that are firing in your environment but all the data log sources that are coming into your SIM instance. It's a one stop shop. And also, what's great about it, is that it also powers Splunk ES, so Splunk ES also has similar tools and they are, literally, I mean that tool is so great you can go in, you can look at all the alerts, you can do an audit trail, you can actually do drill-down analysis, you can actually see the type of data like PCAP analysis, to get to the, you know, the type of activity you want to get to on a granular level. So, both tools do it really well. >> So you have hooks into ES, Splunk ES? >> Yes, we can actually see, depending on the instance that it's deployed on, 'cause our app is deployed on top of Splunk for every customer's instance. They're ale to leverage and correlate the two together. >> What are some of the trends in the marketplace that you're seeing with your customers? Obviously, again, volumes are increasing, the surface area of attacks is coming in it's more than log files now, it's, you got traces, you got other metrics >> Melissa: Sure. >> Other things to measure, it's almost It's almost too many alerts, what do you-- >> Yeah, a lot of KPI's. The most important thing that any company, any entity wants to measure is the MTTD, the Mean Time To Detection, and also mean time to resolve, right? You want to be able to ensure that your teams are have everything at their fingertips to get to the answer fast. And even if there's an attack or some type of breach in their environment, to at least detect it and understand where it is so they can quarantine it from spreading. >> What's the biggest surprise that you've seen in the past two years? I mean, 'cause I look back at our interviews with you guys in 2013, no 2015. I mean, the narrative really hasn't changed global security, I mean, all the core, top line stories are there, but it just seems to be bigger. What's the big surprise for you in terms of the marketplace? >> The big surprise for me is that companies are now focusing more on cyber-hygiene. Really ensuring that their infrastructure is you know, up to par, right? Because you can apply the best tools in-house but if you're not cleaning up you know, your backyard (laughing) it's going to get tough. So now we have a lot of entities really focusing and using tools like Splunk you know, to actually analyze what's happening in their environment, to clean up their back of house, I would say and to put those tools in place so they could be effective. >> You know, that's a classic story clean up your own house before you can go clean up others, right? >> Right. >> And what a trend we've been seeing in the marketplace on theCUBE and talking to a lot of practitioners is, and channel partners and suppliers is that, they tend to serve their customers, but they don't clean up their own house and data's moving around so now with the diversity of data, they've got the fabric search, they got all kind of new tools within Splunk's portfolio. >> It's a challenge, and it could be you know, lack of resources, it just means that we have you know, they don't have the right expertise in-house so they used managed security providers to help them get there. For example, if a network, if we identify the network being flat, we can identify you know, how to help them how to be able to kind of, look at the actual security landscape and what we need to do to have good visibility in their environment from places they didn't know existed. >> What's the one, one or two things that you see customers that need to do that, they aren't doing yet? You mentioned hygiene is a trend, what are some other things that that need to be addressed, that are almost, well that could be critical and bad, but are super important and valuable? >> I think now a lot of, actually to be quite honest a lot of our clients today or anyone who's building programs, security programs are getting you know, very mature. They're adopting methodologies, like Mitre Framework, CIS Top 20, and they're actually deploying and they're actually using specific use cases to identify the attacks happening in their environment. Not just from a security-centric standpoint but also from an operations side you know, you could identify misconfigurations in your environment, you can identify things that are you know, just cleaning up the environment as well. >> So, Splunk has this thing called SOAR, Security-- >> Automation. >> Orchestration Automation Recovery, resilience whatever R, I think R stands for that. How does that fit in to your market, your app and what you guys are doing? >> So it definitely fits in basically, being able to automate the redundant, mundane types of tasks that anyone can do, right? So if you think about it, if you have a security operations center with five or 10 analysts, it might take one analyst to do a task, it might take them two or three hours, where you can leverage a tool like Phantom, any type of SOAR platform to actually create a playbook to do that task within 30 seconds. So, not only are you minimizing the amount of you know, head count to do that, you're also you know, using your consistent tool to make that function make that function you know, more, I want to say enhanced. So you can build play books around it, you can basically use that on a daily basis whether it's for security monitoring or network operations, reporting, all that becomes more streamlined. >> And the impact to the organization is those mundane tasks can be demotivating. Or, there's a lot more problems to solve so for productivity, creativity, can you give some examples of where you've seen that shift into the personnel, HR side the human resource side of it? >> Yeah, absolutely so you know, you want to be able to have something consistent in your environment, right? So you don't want others to get kind of, get bored or you know, when you're looking at a platform day in and day out and you're doing the same task everyday, you might miss something. Whereas, if you build an automation tool that takes care of the low hanging fruit, so to speak, you're able to use a human component to put your muscles somewhere else, to find some you know, the human element to actually look for any types of malicious anomalies in the environment. >> How much has teamwork become a big part of how successful companies manage a security threat landscape? >> Very, very important. I mean, you're talking about leveraging different teams on the engineering side, on the operations side, even you know, coupling that with business stakeholders. You absolutely need to get the business involved so they have an understanding of what's critical to their environment, what's critical to their business, and making sure that we're taking security, obviously seriously, which a lot of companies know already, but not impeding on the operation. So doing it safely without having to minimize impact. >> Well let's just, I got to ask you this question around kind of, doing the cutting edge but not getting bled out, bleeding edge, bleeding out and failing. Companies are trying to balance you know, being cutting edge and balancing hardcore security Signal FX is a company that Splunk bought, we've been following them from the beginning. Strong tracing, great in that cloud native environment. So cloud native with micro services is super hot in areas you know, people see with Kubernetes and so on happening, kind of cutting edge though! >> Melissa: Right. >> You don't want to be bleeding edge 'cause there's some risks there too so, how do you guys advise your clients to think about cloud native with Splunk and some of the things that they're there but as the expression goes "there's a pony in there somewhere" but it's risky still, but certainly it's got a lot of promise. >> Yeah, you know, it's all about you know, everyone's different, every environment's different. It's really about explaining those options to them what they have available, whether they go on the cloud, whether they stay on-prem, explaining them from a cost perspective, how they can implement that solution, and what the risks are involved if they had and how long that will take for them to implement it in their environment. >> Do you see a lot of clients kicking the tires in cloud native? >> A lot of customers are migrating to cloud. One, because they don't have to keep it in a data warehouse, they don't have to have somebody manage it, they don't have to worry about hardware or licenses, renewals, all that. So, it's really easy to spin up a you know, a cloud instance where they can just keep a copy of it somewhere and then configure it and manage it and monitor it. >> Melissa, great insight, and love to have you on theCUBE, I got to ask you one final question >> Melissa: Sure. >> As a, on a personal note well, personal being you're in the industry you know, I hear a lot of patterns out there, see a lot of conversations on theCUBE. One consistent theme is the word scale. Cloud brings scale to the table, data scaling, so data at scale, cloud at scale, is becoming a reality for customers, and they got to deal with it. And this also impacts the security piece of it. What are some of the things that you guys and customers are doing to kind of one, take advantage of that wave but not get buried into it? >> Absolutely, so you just want to incorporate into the management life cycle, you know you don't want to just configure then it's one and done, it's over. You want to be able to continually monitor what's happening quarter over quarter you know, making sure that you're doing some asset inventory, you're managing your log sources, you have a full team that's monitoring, keeping up with the processes and procedures, and making sure that you know, you're also partnering with a company that can can follow you you know, year over year and build that road map to actually see what you're building your program, you know. >> So here's the personal question now, so, you're on this wave, security wave. >> Melissa: Sure. >> It's pretty exciting, can be intoxicating but at the same time, it's pretty dynamic. What are you excited about these days in the industry? What's really cool that you're getting jazzed about? What's exciting you in the industry these days? >> Automation, absolutely. Automation, being able to build as many playbooks and coupling that with different types of technologies, and you know, like Splunk, right? You can ingest and you can actually, automate your tier one and maybe even a half of a tier two, right, a level two. And that to me is exciting because a lot of what we're seeing in the industry now is automating as much as possible. >> And compare that to like, five years ago in terms of-- >> Oh absolutely, you know, SOAR wasn't a big thing five years ago, right? So, you had to literally sit there and train individuals to do a certain task, their certain function. And then you had to rely on them to be consistent across the board where now, automation is just taken that to the next level. >> Yeah it's super exciting, I agree with you. I think automation, I think machine learning and AI data feeds, machine learning. >> Michelle: Right. >> Machine learning is AI, AI is business value. >> Being able to get to the data faster, right? >> Awesome, speed, productivity, creativity, scale. This is the new formula inside the security practice I'm John Furrier with theCUBE. More live coverage here for the 10th anniversary of Splunk .Conf, our seventh year covering Splunk from a start-up, to going public, to now. One of the leaders in the industry. I'm John Furrier, we'll be right back. (techno music)

>> Announcer: Live from Washington, DC it's theCube covering .conf 2017 brought to you by Splunk. >> Welcome back here on theCube the flagship broadcast for Silicon Angle TV, glad to have you here at .conf 2017 along with Dave Vellante, John Walls. We are live in Washington, DC and balmy Washington, DC. It's like 88 here today, really hot. >> It's cooler here than it is in Boston, I here. >> Yeah, right, but we're not used to it this time of year. Brad Medairy now joins us he's an SVP at Booz Allen Hamilton and Brad, thank you for being with us. >> Dave: And another Redskins fan I heard. >> Another Redskins fan. >> It was a big night wasn't it? Sunday night, I mean we haven't had many of those in the last decade or so. >> Yeah, yeah, I became a Redskins fan in 1998 and unfortunately a little late after the three or four superbowls. >> John: That's a long dry spell, yeah. >> Are you guys Nats fans? >> Oh, huge Nats fan, I don't know, how about Brad, I don't want to speak for you. >> I've got a soft spot in my heart for the Nats, what's the story with that team? >> Well, it's just been post-season disappointment, but this year. >> This is the year. >> This is the year, although-- >> Hey, if the Redsox and the Cubs can do it. >> I hate to go down the path, but Geos worry me a little bit, but we can talk about it offline. >> Brad: Yeah, let's not talk about DC Sports. >> Three out of five outings now have not been very good, but anyway let's take care of what we can. Cyber, let's talk a little cyber here. I guess that's your expertise, so pretty calm, nothing going on these days, right? >> It's a boring field, you know? Boring field, yeah. >> A piece of cake. So you've got clients private sector, public sector, what's kind of the cross-pollination there? I mean, what are there mutual concerns, and what do you see from them in terms of common threats? >> Yeah, so at Booz Allen we support both federal and commercial clients, and we have a long history in cyber security kind of with deep roots in the defense and the intelligence community, and have been in the space for years. What's interesting is I kind of straddle both sides of the fence from a commercial and a federal perspective, and the commercial side, some of the major breaches really force a lot of these organizations to quickly get religion, and early on everything was very compliance driven and now it's much more proactive and the need to be much more both efficient and effective. The federal space is, I think in many cases, catching up, and so I've done a lot of work across .mil and there's been a lot of investment across .mil, and very secure, .gov, you know, is still probably a fast follower, and one of the things that we're doing is bringing a lot of commercial best practices into the government space and the government's quickly moving from a compliance-based approach to cyber security to much more proactive, proactive defense. >> Can you get, it's almost like a glacier sometimes, right, I mean there's a legacy mindset, in a way, that government does it's business, but I would assume that events over the past year or two have really prompted them along a little bit more. >> I mean there's definitely been some highly publicized events around breaches across .gov, and I think there's a lot of really progressive programs out there that are working to quickly you know, remediate a lot of these issues. One of the programs we're involved in is something called CDM that's run out of DHS, Continuous Diagnostic and Mitigation, and it's a program really designed to up-armor .gov, you know to increase situational awareness and provide much more proactive reporting so that you can get real-time information around events and postures of the network, so I think there's a lot of exciting activities and I think DHS and partnership with the federal agencies is really kind of spearheading that. >> So if we can just sort of lay out the situation in the commercial world and see how it compares to what's going on in gov. Product creep, right, there's dozens and dozens and dozens of products that have been installed, security teams are just sort of overwhelmed, overworked, response is too slow, I've seen data from, whatever, 190 days to 350 days, to identify an infiltration, nevermind remediate it, and so, it's a challenge, so what's happening in your world and how can you guys help? >> Yeah, you know it's funny, I love going out to the RSA conference and, you know, I watch a lot of folks in the space, walking around with a shopping cart and they meet all these great vendors and they have all these shiny pebbles and they walk away with the silver bullet, right, and so if they implement this tool or technology, they're done, right? And I think we all know, that's not the case, and so over the years I think that we've seen a lot of, a lot of organizations, both federal and commercial, try to solve a lot of the problems through, you know, new technology solutions, whether it's the next best intrusion detection, or if it's endpoint, you know, the rage now is EDR, MDR, and so, but the problem is at the end of the day, the adversaries live in the seams, and in the world that I grew up in focused a lot around counter-terrorism. We took a data-centric approach to finding advanced adversaries, and one of the reasons that the Booz Allen has strategically partnered with Splunk is we believe that, you know, in a data-centric approach to cyber, and Splunk as a platform allows us to quickly integrate data, independent of the tools because the other thing with these tool ecosystems is all these tools work really well within their own ecosystem, but as soon as you start to mix and match best of breed tools and capabilities, they tend to not play well together. And so we use Splunk as that integration hub to bring together the data that allows us to bring our advanced trade-craft and tech-craft around hunting, understanding of the adversaries to be able to fuse that data and do advanced detection and help our clients be a lot more proactive. >> So cyber foresight is the service that you lead with? >> Yeah, you know, one of the things, having a company that's been, Booz Allen I think now is 103 years old, with obvious deep roots in the federal government, and so we have a pedigree in defense and intelligence, and we have a lot of amazing analysts, a lot of amazing, what we call, tech-craft, and what we did was, this was many many years ago, and we're probably one of the best kept secrets in threat intelligence, but after maybe five or six years ago when you started to see a lot of the public breaches in the financial services industry, a lot of the financial service clients came to us and said, "Hey, Booz Allen, you guys understand the threat, you understand actors, you understand TTPs, help educate us around what these adversaries are doing. Why are they doing it, how are they doing it, and how can we get out in front of it?" So the question has always been, you know, how can we be more proactive? And so we started a capability that we, or we developed a capability called cyber foresight where we provided some of our human intelligence analysts and applied them to open-source data and we were providing threat intelligence as a service. And what's funny is today you see a lot of the cyber threat intelligence landscape is fairly crowded, when I talk to clients they affectionately refer to people that provide threat intelligence as beltway book reporters, which I love. (laughter) But for us, you know, we've lived in that space for so many years we have the analysts, the scale, the tradecraft, the tools, the technologies, and we feel that we're really well positioned to be able to provide clients with the insights. You know, early on when we were working heavily in the financial services sector, the biggest challenge a lot of our clients had in threat intelligence was, what do I do with it? Okay, so you're going to send me, what we call a Spot Report, and so hey we know this nation-state actor with this advanced set of TTPs is targeting my organization, so what, right? I'm the CISO, I'm the CIO, should I resign? Should I jump out the window? (laughter) What do I do? I know these guys are coming after me, how do I actually operationalize that? And so what we've spent a lot of time thinking about and investing in is how to operationalize threat intelligence, and when we started, you kind of think of it as a pitcher and a catcher, right? You know, so the threat intelligence provider throws those insights, but the receiver needs to be able to catch that information, be able to put it in context, process it, and then operationalize it, implement it within their enterprise to be able to stop those advanced threats. And so one of the reasons that we gravitated toward Splunk, Splunk is a platform, Splunk is becoming really, in our mind, one of the defacto repositories for IT and cyber data across our client space, so when you take that, all those insights that Splunk has around the cyber posture and the infrastructure of an enterprise, and you overlay the threat intelligence with that, it gives us the ability to be able to quickly operationalize that intelligence, and so what does that mean? So, you know, when a security operator is sitting at a console, they're drowning in data, and, you know, analysts, we've investigated tons of commercial breaches and in most cases what we see is the analyst, at some point, had a blinking red light on their screen that was an indicator of that particular breach. The problem is, how do you filter through the noise? That's a problem that this whole industry, it's a signal to noise ratio issue. >> So you guys bring humans to that equation, human intelligence meets analytics and machine intelligence, and your adversary has evolved, and I wonder if you can talk about that, it's gone from sort of hacktivists to organized crime and nation-states, so they've become much more sophisticated. How have the humans sort of evolved as well that your bridge to bear? >> Yeah, I mean certainly the bear to entry is lower, and so now we're seeing ransomware as a service, we're seeing attacks on industrial control systems, on IOT devices, you know, financial services now is extremely concerned about building control systems because if you can compromise and build a control system you can get into potentially laterally move into the enterprise network. And so our analysts now not only are traditional intelligence analysts that understand adversaries and TTPs, but they also need to be technologists, they need to have reverse engineering experience, they need to be malware analysts, they need to be able to look at attack factors in TTPs to be able to put all the stuff in context, and again it goes back to being able to operationalize this intelligence to get value out of it quickly. >> They need to have imaginations, right? I mean thinking like the bad guys, I guess. >> Yeah, I mean we spend a lot of time, we've started up a new capability called Dark Labs and it's our way to be able to unlock some of those folks that think like bad guys and be able to unleash them to look at the world through a different lens, and be able to help provide clients insights into attack factors, new TTPs, and it's fascinating to watch those teams work. >> How does social media come into play here? Or is that a problem at all, or is that a consideration for you at all? >> Well, you know, when we look at a lot of attacks, what's kind of interesting with the space now is you look at nation-state and nation-state activists and they have sophisticated TTPs. In general they don't have to use them. Nation-states haven't even pulled out their quote "good stuff" yet because right now, for the most part they go with low-hanging fruit, low-hanging fruit being-- >> Just pushing the door open, right? >> Yeah, I mean, why try to crash through the wall when you can just, you know, the door's not locked? And so, you know, when you talk about things like social media whether it's phishing, whether it's malware injected in images, or on Facebook, or Twitter, you know, the majority of tacts are either driven through people, or driven through just unpatched systems. And so, you know, it's kind of cliche, but it really starts with policies, training of the people in your organization, but then also putting some more proactive monitoring in place to be able to kind of start to detect some of those more advanced signatures for some of the stuff that's happening in social media. >> It's like having the best security system in the world, but you left your front door unlocked. >> That's right, that's right. >> So I wonder if, Brad, I don't know how much you can say, but I wonder if you could comment just generally, like you said, we haven't seen their best pitch yet, we had Robert Gates on, and when I was interviewing him he said, "You know, we have great offensive posture and security, but we have to be super careful how we use it because when it comes to critical infrastructure we have the most to lose." And when you think about the sort of aftermath of Stuxnet, when basically the Iranians said hey we can do this too, what's the general sort of philosophy inside the beltway around offense versus defense? >> You know, I think from, that's a great question. From an offensive cyber perspective I think where the industry is going is how do you take offensive tradecraft and apply it to defensive? And so by that I mean, think about we take folks that have experience thinking like a bad guy, but unleash them in a security operation center to do things like advanced hunting, and so what they'll do is take large sets of data and start doing hypothesis driven analytics where they'll be able to kind of think like a bad guy and then they'll have developers or techies next to them building different types of analytics to try to take their mind and put it into an analytic that you can run over a set of data to see, hey, is there an actor on your network performing like that? And so I think we see in the space now a lot of focus around hunting and red teaming, and I think that's kind of the industry's way of trying to take some of that offensive mentality, but then apply it on the defensive side. >> Dave: It just acts like kind of Navy Seal operations in security. >> Right, right, yeah. I mean the challenge is there's a finite set of people in the world that really, truly have that level of tradecraft so the question is, how do you actually deliver that at any level of scale that can make a difference across this broader industry. >> So it's the quantity of those skill sets, and they always say that the amazing thing, again I come back to Stuxnet, was that the code was perfect. >> Brad: Yeah. >> The antivirus guy said, "We've never seen anything like that where the code is just perfect." And you're saying it's just a quantity of skills that enables that, that's how you know it's nation-state, obviously, something like that. >> Yeah, I mean the level of expertise, the skill set, the time it take to be able to mature that tradecraft is many many years, and so I think that when we can crack the bubble of how we can take that expertise, deliver it in a defensive way to provide unique insights that, and do that at scale because just taking one of those folks into an organization doesn't help the whole, right? How can you actually kind of operationalize that to be able to deliver that treadecraft through things like analytics as a service, through manage, detection, and response, at scale so that one person can influence many many organizations at one time. >> And, just before we go, so cyber foresight is available today, it's something you're going to market with. >> Yeah, we just partnered with Splunk, it's available as a part of Splunk ES, it's an add-on, and it provides our analysts the ability to provide insights and be able to operationalize that within Splunk, we're super excited about it and it's been a great partnership with Splunk and their ES team. >> Dave: So you guys are going to market together on this one. >> We are partnered, we're going to market together, and delivering the best of our tradecraft and our intelligence analysts with their platform and product. >> Dave: Alright, good luck with it. >> Hey, thank you, thank you very much, guys. >> Good pair, that's for sure, yeah. Thank you, Brad, for being with us here, and Monday night, let's see how it goes, right? >> Yeah, I'm optimistic. >> Very good, alright. Coach Brad Medairy joining us with his rundown on what's happening at Booz Allen. Back with more here on theCube, you're watching live .conf 2017.