(upbeat music) >> Narrator: Live from Las Vegas, it's theCUBE, covering Splunk .Conf19. Brought to you by Splunk. >> Welcome to theCUBE everybody, we're here in Las Vegas for Splunk's .Conf, I'm John Furrier, host of theCUBE, here with Lisa Martin for the next three days. Lisa will be here tomorrow and the next day. I'm going to be carrying it solo, this is our seventh year .Conf, Splunk's conference celebrating their 10th year. Our first guest is Melissa Zicopula, vice president of managed services of Herjavec Group. Robert's been on before, welcome to theCUBE. >> Thank you. >> I always get that, Herjavec? >> Herjavec Group. >> Herjavec Group. >> Happy to be here. >> Well known for the Shark Tank, but what's really interesting about Robert and your company is that we had multiple conversations and the Shark Tanks is what he's known for in the celebrity world. >> Melissa: Yes. >> But he's a nerd, he's a geek, he's one of us! (laughing) >> He's absolutely a cyber-security expert in the field, yes. >> So tell us what's going on this year at .Conf obviously security continues to be focus you guys have a booth here, what's the message you guys are sharing, what's the story from your standpoint? >> Yeah, so we do, Herjavec we're focusing on managed security services, where information security is all we do, focusing on 24/7 threat detection, security operations and also threat management. So, we want to be able to demo a lot of our capabilities, we're powered by Splunk, our HG analytics platform uses, heavily uses Splunk on the back end. So we want to be able to showcase for our customers, our clients, our prospects different types of use cases, different types of ways to detect malicious activity, while leveraging the tool itself. >> And data we're been covering since 2013, Splunk's .Conf, it's always been a data problem, but the data problem gets bigger and bigger, there's more volume than ever before which shifts the terms to the adversaries because ransomware is at an all time high. >> Melissa: Sure. >> Data is where the value is, but that's also where the attack vectors are coming from. This isn't going away. >> Absolutely, yeah, we want to focus on not just what type of data you're ingesting into your instance but to also understand what types of log sources you're feeding into your sim today. So we have experts actually focus on evaluating the type of log sources we're bringing in. Everything from IPS, to AV, to firewall you know, solutions into the sim so that way we can build use cases those, to be able to detect different types of activity. We leverage different types of methodologies, one of them is Mitre framework, CIS top 20. And being able to couple those two together it's able to give you a better detection mechanism in place. >> I want to some kind of, clarification questions because we talked to a lot of CSOs and CIOs and and CXOs in general. >> Melissa: Sure. >> The roles are changing, but the acronyms of the providers out in the market place are specializing, some have unique focuses, some have breadth, some have depth, you guys are an MSSPP. So, MSSPP, not to be confused with an MSP. Or ISV, there's different acronyms, what is the difference between an MSSPP versus an MSP? >> Melissa: Correct, so it's, we are a MSSP, which is a Managed Security Service Provider. And what we do is just, we're focused on we're very security-centric. So information, security is all we do everything from threat detection, we even have a consulting advisory role where we're actually doing penetration exams. We're PCI compliant, obviously SOC operations are the bread and butter of our service. Whereas, other MSPs, Managed Services Providers, they can do anything from architecture, network operations in that purview. So, we're focused on more of SIM solutions, endpoint, being able to manage any of your security technologies. And also, monitor them to take a fact into the SOC. >> So you guys are very focused? >> Melissa: Very focused on security. >> Then what's the key decision point for a customer to go with you guys, and what's the supplier relationship to the buyer because they're buying everything these days! >> Melissa: Sure. >> But they want to try and get it narrowed down so the right people are in the right place. >> Melissa: Yeah, so one of the great things about Herjavec Group is we are, you know, we're vendor agnostic, we have tons of experts in, you know, expertise resources that monitor, manage different types of technologies. Whether it's Splunk and other technologies out there, we have a team of people, that are very, very, you know, centric to actually monitor and manage them. >> How big is Splunk, in relative with your services? How involved are they with the scope? >> Melissa: Over 60% of our managed clients today, utilize Splunk, they're heavy Splunk users, they also utilize Splunk ES, Splunk Core, and from a management side, they're implementing them into their service. All of the CSOs and CROs or CIOs are leveraging and using it, not just for monitoring and security but they're also using it in development environments, as well as their network operations. >> So, one of the things I've been, I won't say preaching, because I do tend to preach a lot, but I've been saying and amplifying, is that tools that have come a long in the business and there's platforms and Splunk has always kind of been that, a platform provider, but also a good tool for folks. But, they've been enabling value, you guys have built an app on Splunk, the proprietary solutions. >> Absolutely. >> Could you tell me about that because this is really where the value starts to shift, where domain expertise focused practices and services, like you guys are doing, are building on someone else's platform with data, talk about your proprietary app. >> Absolutely, so we discovered, a few years ago, was that customers needed help getting to the data faster. So we were able to build in built-in queries, you know literally one click, say if you wanted to get to a statistical side of how many data sources are logging your SIM, is the data, you know, modeling complete, you know, is there anything missing in the environment or are there any gaps that we need to fill? You're able to do it by just clicking on a couple of different, you know, buttons within the tool itself. It gives you a holistic view of not just the alerts that are firing in your environment but all the data log sources that are coming into your SIM instance. It's a one stop shop. And also, what's great about it, is that it also powers Splunk ES, so Splunk ES also has similar tools and they are, literally, I mean that tool is so great you can go in, you can look at all the alerts, you can do an audit trail, you can actually do drill-down analysis, you can actually see the type of data like PCAP analysis, to get to the, you know, the type of activity you want to get to on a granular level. So, both tools do it really well. >> So you have hooks into ES, Splunk ES? >> Yes, we can actually see, depending on the instance that it's deployed on, 'cause our app is deployed on top of Splunk for every customer's instance. They're ale to leverage and correlate the two together. >> What are some of the trends in the marketplace that you're seeing with your customers? Obviously, again, volumes are increasing, the surface area of attacks is coming in it's more than log files now, it's, you got traces, you got other metrics >> Melissa: Sure. >> Other things to measure, it's almost It's almost too many alerts, what do you-- >> Yeah, a lot of KPI's. The most important thing that any company, any entity wants to measure is the MTTD, the Mean Time To Detection, and also mean time to resolve, right? You want to be able to ensure that your teams are have everything at their fingertips to get to the answer fast. And even if there's an attack or some type of breach in their environment, to at least detect it and understand where it is so they can quarantine it from spreading. >> What's the biggest surprise that you've seen in the past two years? I mean, 'cause I look back at our interviews with you guys in 2013, no 2015. I mean, the narrative really hasn't changed global security, I mean, all the core, top line stories are there, but it just seems to be bigger. What's the big surprise for you in terms of the marketplace? >> The big surprise for me is that companies are now focusing more on cyber-hygiene. Really ensuring that their infrastructure is you know, up to par, right? Because you can apply the best tools in-house but if you're not cleaning up you know, your backyard (laughing) it's going to get tough. So now we have a lot of entities really focusing and using tools like Splunk you know, to actually analyze what's happening in their environment, to clean up their back of house, I would say and to put those tools in place so they could be effective. >> You know, that's a classic story clean up your own house before you can go clean up others, right? >> Right. >> And what a trend we've been seeing in the marketplace on theCUBE and talking to a lot of practitioners is, and channel partners and suppliers is that, they tend to serve their customers, but they don't clean up their own house and data's moving around so now with the diversity of data, they've got the fabric search, they got all kind of new tools within Splunk's portfolio. >> It's a challenge, and it could be you know, lack of resources, it just means that we have you know, they don't have the right expertise in-house so they used managed security providers to help them get there. For example, if a network, if we identify the network being flat, we can identify you know, how to help them how to be able to kind of, look at the actual security landscape and what we need to do to have good visibility in their environment from places they didn't know existed. >> What's the one, one or two things that you see customers that need to do that, they aren't doing yet? You mentioned hygiene is a trend, what are some other things that that need to be addressed, that are almost, well that could be critical and bad, but are super important and valuable? >> I think now a lot of, actually to be quite honest a lot of our clients today or anyone who's building programs, security programs are getting you know, very mature. They're adopting methodologies, like Mitre Framework, CIS Top 20, and they're actually deploying and they're actually using specific use cases to identify the attacks happening in their environment. Not just from a security-centric standpoint but also from an operations side you know, you could identify misconfigurations in your environment, you can identify things that are you know, just cleaning up the environment as well. >> So, Splunk has this thing called SOAR, Security-- >> Automation. >> Orchestration Automation Recovery, resilience whatever R, I think R stands for that. How does that fit in to your market, your app and what you guys are doing? >> So it definitely fits in basically, being able to automate the redundant, mundane types of tasks that anyone can do, right? So if you think about it, if you have a security operations center with five or 10 analysts, it might take one analyst to do a task, it might take them two or three hours, where you can leverage a tool like Phantom, any type of SOAR platform to actually create a playbook to do that task within 30 seconds. So, not only are you minimizing the amount of you know, head count to do that, you're also you know, using your consistent tool to make that function make that function you know, more, I want to say enhanced. So you can build play books around it, you can basically use that on a daily basis whether it's for security monitoring or network operations, reporting, all that becomes more streamlined. >> And the impact to the organization is those mundane tasks can be demotivating. Or, there's a lot more problems to solve so for productivity, creativity, can you give some examples of where you've seen that shift into the personnel, HR side the human resource side of it? >> Yeah, absolutely so you know, you want to be able to have something consistent in your environment, right? So you don't want others to get kind of, get bored or you know, when you're looking at a platform day in and day out and you're doing the same task everyday, you might miss something. Whereas, if you build an automation tool that takes care of the low hanging fruit, so to speak, you're able to use a human component to put your muscles somewhere else, to find some you know, the human element to actually look for any types of malicious anomalies in the environment. >> How much has teamwork become a big part of how successful companies manage a security threat landscape? >> Very, very important. I mean, you're talking about leveraging different teams on the engineering side, on the operations side, even you know, coupling that with business stakeholders. You absolutely need to get the business involved so they have an understanding of what's critical to their environment, what's critical to their business, and making sure that we're taking security, obviously seriously, which a lot of companies know already, but not impeding on the operation. So doing it safely without having to minimize impact. >> Well let's just, I got to ask you this question around kind of, doing the cutting edge but not getting bled out, bleeding edge, bleeding out and failing. Companies are trying to balance you know, being cutting edge and balancing hardcore security Signal FX is a company that Splunk bought, we've been following them from the beginning. Strong tracing, great in that cloud native environment. So cloud native with micro services is super hot in areas you know, people see with Kubernetes and so on happening, kind of cutting edge though! >> Melissa: Right. >> You don't want to be bleeding edge 'cause there's some risks there too so, how do you guys advise your clients to think about cloud native with Splunk and some of the things that they're there but as the expression goes "there's a pony in there somewhere" but it's risky still, but certainly it's got a lot of promise. >> Yeah, you know, it's all about you know, everyone's different, every environment's different. It's really about explaining those options to them what they have available, whether they go on the cloud, whether they stay on-prem, explaining them from a cost perspective, how they can implement that solution, and what the risks are involved if they had and how long that will take for them to implement it in their environment. >> Do you see a lot of clients kicking the tires in cloud native? >> A lot of customers are migrating to cloud. One, because they don't have to keep it in a data warehouse, they don't have to have somebody manage it, they don't have to worry about hardware or licenses, renewals, all that. So, it's really easy to spin up a you know, a cloud instance where they can just keep a copy of it somewhere and then configure it and manage it and monitor it. >> Melissa, great insight, and love to have you on theCUBE, I got to ask you one final question >> Melissa: Sure. >> As a, on a personal note well, personal being you're in the industry you know, I hear a lot of patterns out there, see a lot of conversations on theCUBE. One consistent theme is the word scale. Cloud brings scale to the table, data scaling, so data at scale, cloud at scale, is becoming a reality for customers, and they got to deal with it. And this also impacts the security piece of it. What are some of the things that you guys and customers are doing to kind of one, take advantage of that wave but not get buried into it? >> Absolutely, so you just want to incorporate into the management life cycle, you know you don't want to just configure then it's one and done, it's over. You want to be able to continually monitor what's happening quarter over quarter you know, making sure that you're doing some asset inventory, you're managing your log sources, you have a full team that's monitoring, keeping up with the processes and procedures, and making sure that you know, you're also partnering with a company that can can follow you you know, year over year and build that road map to actually see what you're building your program, you know. >> So here's the personal question now, so, you're on this wave, security wave. >> Melissa: Sure. >> It's pretty exciting, can be intoxicating but at the same time, it's pretty dynamic. What are you excited about these days in the industry? What's really cool that you're getting jazzed about? What's exciting you in the industry these days? >> Automation, absolutely. Automation, being able to build as many playbooks and coupling that with different types of technologies, and you know, like Splunk, right? You can ingest and you can actually, automate your tier one and maybe even a half of a tier two, right, a level two. And that to me is exciting because a lot of what we're seeing in the industry now is automating as much as possible. >> And compare that to like, five years ago in terms of-- >> Oh absolutely, you know, SOAR wasn't a big thing five years ago, right? So, you had to literally sit there and train individuals to do a certain task, their certain function. And then you had to rely on them to be consistent across the board where now, automation is just taken that to the next level. >> Yeah it's super exciting, I agree with you. I think automation, I think machine learning and AI data feeds, machine learning. >> Michelle: Right. >> Machine learning is AI, AI is business value. >> Being able to get to the data faster, right? >> Awesome, speed, productivity, creativity, scale. This is the new formula inside the security practice I'm John Furrier with theCUBE. More live coverage here for the 10th anniversary of Splunk .Conf, our seventh year covering Splunk from a start-up, to going public, to now. One of the leaders in the industry. I'm John Furrier, we'll be right back. (techno music)

live from Orlando Florida it's the cube coverage conf 18 got to you by spunk welcome back to Splunk kampf 18 hashtag Splunk conf 18 you watching the cube the leader in live tech coverage we go out to the events we extract the signal from the noise I'm Dave Volante with my co-host Stu many men we love to talk to the customers too we've had seven out of ten of our interviews today have been with the customers Tony Alessandra was here as the chief architect at the co-operators group limited insurance company up in Canada leader in that field Tony thanks so much for coming on the yeah it's great to be here thanks for having me so we were talking off-camera about some of the innovation that's going on in Toronto and want to get to that innovation is actually in your long title yeah there's the time but tell us about your role as chief architect and then some of the other areas that you touch yes certainly so my primary role at the co-operators group is to serve as chief architect for the group of companies and so it's a fancy term to mean that I influence how we invest in technology and process for our strategy and for our operational imperatives I also have responsibility for information security within our organization so I have a great team led by a C so at the co-operators group and essentially our role is to to protect the data of our clients right we have a million unique clients across Canada that entrust us with a lot of personal and confidential data we have thousands of financial advisers throughout the company and so we have retail outlets throughout the entire geography of Canada and essentially we collect a lot of data and and with respect to policies for commercial businesses for private clients for subscribers etc and I also manage an innovation portfolio for the organization and so it's actually I'll work with our business stakeholders within the organization to figure out how we could accelerate new businesses accelerate new capabilities with the use of technology who's excited that's a big big big role that you have if I want to send the the regime you have for security say the seaso reports to you yes sir and there's a set CIO there right there is yeah so I report to the to the executive vice president and CIO of the co-operators group of companies and and my responsibility within the organization is to report back to our CIO on all the responsibilities that I talked to you about okay so this the C so technically reports up through the CIO and C so reports up through me into the CIO yeah which is that's a whole other interesting discussion maybe if we have time we could talk about that absolutely um so a lot of data I mean we think about insurance company regulated you got your claim systems which are critical you have your agent systems which are also critical different types of data both data on customers but when you talk about the data that you guys collect where's it come from what are you trying to do with with that data yes so so you know I'll start I'll start with the motive right the problem that we're trying to solve and so I'll say first and foremost we're an insurance company we offer assurance and protection to our clients right and so in the process of offering assurance and protection to our clients you know they entrust us with massive amounts of data like you know as we as we mentioned before but we'll also need to set a good example because a lot of the assurance some of the assurance that we offer to our clients is also cyber protection we offer cyber insurance to our clients we need to set a good example we need to demonstrate resilience right Splunk is a primary tool in our Arsenal where we're showing our clients that we have good resilience to be able to detect and respond to security threats when they happen that's part of our mandate right so our responsibility with respect to using Splunk is to collect data from all of our major systems within our organization we use Blonk to monitor we use Blanc to detect and we also use Splunk to respond when something is going on what is this is really interesting you're being proactive about from your you know from an actuarial standpoint you rate your risk you're being very proactive when many if not most insurance companies would do is say ok what what's the history yeah and are there any high-profile breaches and yeah as opposed to what you're doing like sounds like you're really inspecting what the policies and the procedures and the technology of your clients is I think you hit on an important point right and so the important point is that you know the the the art of actuarial science is to rely on a lot of history in the past you know to predict the risks of the future but the reality is that model is falling apart very quickly because there is very little history for cyber threats and the other aspect of it is its inconsistent its evolving and it's changing on a regular basis right and so that's why you use platforms like Splunk use platforms like spunk to detect new threats and to end to in sort of to advance new correlations what should we be concerned about which threats are relevant to us which ones can we ignore and unless you have good platforms to do correlation unless you have good automation you're gonna need a large army of people to chase things that may not be relevant to either you or your clients so Tony your industry usually has quite a bit of M&A as to kind of fund the growth that's going on curious how does Splunk in your data strategy fit into M&A type a quiz yeah yeah and so I think that's one of the biggest potential uses of Splunk for us right and so the way that insurance is evolving right now is insurance companies are all trying to figure out how they get involved in the loss prevention game right in the past it's all been about assurance right it's all been about protection and so when you think about the Internet of Things is one of the biggest untapped opportunities for insurance companies it's all about data right so smart homes smart buildings cars outfitted with telematics so it's every history you wearing wearable devices so in terms of health and you know a health insurance and life insurance protection etc all of this data is meaningful to offer value to clients beyond what we've been able to do in the past one of the things we've looked at I know the industry is looking at is well how do you value that data is that something your company's gotten into yeah absolutely and so you know part of what we need to figure out is how to model that data to give the right level of engagement to the customer so to create that two-way engagement with the customer right how am i doing how am i driving is the weather a threat for me in in the in the foreseeable future in terms of things that I need to protect is there a hailstorm coming you know should I should I you know have alerts and and and you know provide you know ask clients to move some of their valuables indoors I mean all of these are things that will increase that engagement with our clients because face it with insurance your clients engage with you two times a year right two major time policy renewal and if they're unfortunate enough to have a claim right we need to have a but we need to have a better game much more proactive game with them so you're in other ways a risk consultant with your your clients right yeah so describe that so you client comes to you says they're interested or you go to them they're interested in in in in a security you know insurance where does it start do you ask them you have Splunk do you advise them as to what are you going to look at their policies and procedures well how does it work so so I think you know Splunk is one of those valuable assets that enables the capability right insurance you know the game is becoming all about data having massive amounts of data and being able to use that data to help assess the risks for a client properly right because without having good data everything is a great guest these days I mean with climate change with cyber risks evolving with customers preferences changing data is going to be the meaningful difference in terms of understanding what risks a client has what the probability is and how to write a meaningful policy for them where they're engaged and they understand it well enough as well understand it well enough to prevent some of their losses and that's really the issue that we're trying to figure out how do we help clients understand their risks and then prevent losses prevent or minimize losses for them and and what role does Splunk play in that you you know your your your client are you a an advisor or you encourage your customers to use belong counters at all so we're talking about our future roadmap right now and this is what we're trying to figure out what's blanc this is where we see the strategic opportunities with blah right and so when we look at the co-operators the way that co-operators has been using Splunk in the past is for their security sim we were one of the very first large companies in Canada to put our security sim on Splunk we were the very first large company in Canada to put our sim in Splunk clout right and so we we you know we're very proud with being able to work with Splunk for for charting that course right for setting the example our next course is how do we leverage a platform as powerful as Splunk now to give value to our customers we're protecting our customers data assets and now it's about returning valuable insights back to the customers in terms of loss prevention that's our forward-thinking approach in terms of how we stay ahead in terms of leveraging this as a unique asset as a unique capability so your leader you've got street cred you can now extend that to your client base I mean for an insurance company risk you know chaos is just cash as I like to say it's opportunity for you guys and to the extent that you can help clients mitigate that risk to win-win it's essentially for them the reduction in expected loss it can actually hate to say this but could actually pay for the insurance which is let's take attractive it's a massive win and I think you know the other part you know that people need to think differently about is the way that people consume insurance will change dramatically as well in the next tenure so and so where you think now that you know your typical home and auto insurance you will buy an annual policy well the reality is that Home Sharing car sharing ride-sharing insurance will change to what we call episodic oh right and so essentially you'll be consuming insurance for an activity right and the only way that you'll be able to sort of drive that activity in a meaningful way is to have a lot of data on that activity right where are you driving how did you drive you know what what are the risks associated to when you're driving in the geography that you're driving where are you renting out your home what are the rooms to which client and so understanding all of those elements give us the best opportunity at giving you just in time insurance for the right risks surance as a service I love it personalized for me I mean the model generally item as a consumer is broken it's very bespoke my insurance company doesn't know who I am it's just to check a bunch of boxes off and they sent me another form every year and advised some new things and I don't even know what half the time they are that's exactly right right then the and the only way you're able to personalize is to have all of that data on an individual on a company on an event right so we give you insurance for you based on your needs based on your risks Tony we know there's a lot of AI happening up in the Toronto area yeah maybe our audience might not know tell them a little bit about that and how you're thinking about AI and what interest you have and what's Blanc's talking about when they talk about AI yeah you're absolutely right I mean there's a loop there's a massive amount of artificial intelligence activity in the Toronto Kitchener corridor within southern Ontario I would say it's early days for insurance in terms of how we leverage AI I think you know some of the early wins for us have been what we refer to as chat BOTS or virtual assistants right helping clients so this is basically speed and convenience for clients right clients need to know something very quickly very predictive short-tailed answers we're there for customers who choose to do that where it's going next is helping clients assess risk and predict outcomes associated to risks right and so there's a lot of different use cases that we're working there partnerships with startups partnerships with mainstream organizations like Splunk is an important partner for us in this area and of course academic institutions that are investing right this is all part of it for the sales channel for the risk channel for claims processing so imagine being able to submit a claim on a mobile device gathering all that data being able to correlate that data to say we've seen this before right based on the correlation here's your damages we could processes as quickly here's the experts you need to go to here's the restoration facilities that you'll engage those are massive opportunities for client service and for an ability for an insurance company to settle things quickly right we're talking about weather before it's obviously a changing dynamic has a change variable and maybe it's it's model Abel I don't know but but clearly weather incidents are on the rise have caught companies and probably insurance companies you know a little bit off guard you know climate change etc the boiling seas this we've heard yeah what do you guys what's your position on that how do you accommodate that and pass it on to your customers and well I think this is what we're well known for right and so first of all we're not gonna be able to control the weather but what we'd be able to do is prevent it from getting worse right and so when you'll hear the leadership within our organization talk especially our CEO our CEO is very passionate about building resilient communities and that starts with making sure that we're building communities in the right spots not in flood plains not in areas of high risk of forest fires or or other things that you could you know potentially prevent you know within a certain geography and so that's first and foremost right and so we're a leader in this space in Canada how do you become a leader in this area you collect data understand the geography understand the trends associated to the understand the future risks associated to those geographies based on weather trends and then lobby governments builders entrepreneurs everybody land development consortiums to say we need to build communities in better places we need to build more resilient communities and then thereafter it's making sure that you're leveraging data to be able to predict and minimize losses for clients in those areas right and that's what you'll use weather data for right who do I need to alert we have threats on the way what can we prevent how do we minimize these losses for Canadians I think the big risk that we all need to understand if the weather continues to change at the same pace are our you know people will not be able to afford the risks right and so the insurance will rise exponentially and and you know will we we won't have a sustainable model for the future so it's clear for you guys it's really all about the data one of the challenges that a lot of companies in your industry have is the data it's about the data for them to insurance companies you could argue our you know IT companies in many respects they develop products that are put together by technologists but a lot of the data is in silos yeah as Splunk allowed you to break down those silos and and is that yet part while you're a leader well like I could talk about what's where Splunk has been able to to offer us that that that ability is with security right and so we have data we have information security log data associated to our systems and our application everywhere on Prem our partner sites in our agency offices on different endpoint devices in the cloud with our different service providers so what Splunk has been able to do is us to be able to aggregate that data consume that data build valid use cases and to correlate that and raise proper alerts right that's our main priority right now is to build resilience with information security that knowledge will take us to these other areas that we want to do in offering now the value back to our clients right embed that value into our product offerings is our next logical step awesome Tony thanks very much for coming on the cube really appreciate it you're welcome it's good to meet you in the pleasure have the leaves changed in Toronto its Toronto by the way stew no tea it's coming it's coming fast Dave a lot a force to Minutemen thanks for watching we'll be right back after this short break you're watching the cube from Splunk Kampf 18 [Music]

>> Announcer: Live from Washington, DC it's theCUBE. Covering .conf2017. Brought to you by Splunk. >> Welcome back here on theCUBE continuing our coverage of .conf2017 sponsored by Get Together in your nations capitol, we are live here at the Walter Washington Convention Center in Washington, DC. Along with Dave Vellante I'm John Walls Joined now by a couple CUBE alums, actually, you guys were here about a year ago. Yeah, Robert Herjavec, with the Herjavec Group of course you all know him from Shark Tank fame answer Atif Ghauri who is the VP of Customer Service Success at the Herjavec Group. I love that title, Atif we're going to get into that in just a little bit. Welcome. >> Thank you. >> Good to see you all. >> We're more like CUBE groupies We're more like CUBE groupies. >> Alums. >> Alums, okay, yeah. >> If we had a promo reel. >> Yeah, we love it here. We get free mugs with the beautiful Splunk. >> That doesn't happen all the time does it. >> Where did you get those? >> They're everywhere. >> Dave, I'll share. >> So again for folks who don't, what brings you here what, what's the focus here for the Herjavec Group in in terms of what you're seeing in the Splunk community and I assume it's very security driven. >> Yeah, well we've been part of the Splunk community for many years going on gosh, eight, nine years. We're Splunkers and we use Splunk as our core technology to provide our managed service and we manage a lot of customer environments with Splunk and we've been really forefront of Splunk as a SIM technology for a long time. >> Atif, excuse me, David, just the title, VP of Customer Service Success, what's under that umbrella? >> Yeah, it's actually pretty simple and straightforward given especially that Splunk's aligned the same way. Christmas success is King, right. If our customers aren't successful then how are we successful? So what we're trying to do there is putting the customer first and help in growing accounts and growing our services starting with our customers that we have today. >> It was actually Doug Maris, I have to give him full credit him and I were on a flight, and I said to him what's really critical to you growing revenue, efficiency, innovation and he said, number one for us is customer success. So we're very happy to steal other people's ideas if they're better. >> So security's changing so fast. You mentioned SIM, Splunk's narrative is that things are shifting from a traditional SIM world to one of an analytic driven remediation world. I wonder if you could talk about what you're seeing in the customer base, are people actually shifting their spending and how fast and where do you see it all going? >> Yeah, so the days of chasing IOC's is a dead end. Because that's just a nonstop effort. What's really happening now is technique detection. Defining, looking at how hackers are doing their trade craft and then parroting that. So Splunk has ideas and other vendors have ideas on how to go about trying to detect pattern recognition of attacker trade craft. And so what definitely was driving what's next when it comes to security automation, security detection, for our customers today. >> You know, we always tell people and it's just dead on but the challenge is people want to buy the, sexy, exciting thing and why I always try to say to customers is you're a dad and you have three kids, and you have a minivan. You don't really want to own a minivan, you want a really nice Ferrari or Corvette but at the end of the day, you have three kids and you got to get to the store. And in the security world it's a little bit like that. People talk about artificial intelligence and better threat metrics and analytics but the core, foundational basis still is logs. You have to manage your log infrastructure. And the beauty of Splunk is, it does it better than anyone and gives you an upstream in fact to be able to do the analytics and all those other things. But you still got to do the foundation. You still got to get three kids into the minivan and bring back groceries. >> So there's been a lot of focus, obviously security's become a Board level topic. You hear that all the time, you used to not hear it all the time, used to be IT problem. >> Absolutely, the only way I could get a meeting with the CEO or CIO was because I was on Shark Tank. But as a security guy, I would never meet any executives. Oh yeah I spend 80% of my time meeting with CEO, not just CIO's, but CEO's and Boards and that kind of stuff, absolutely. >> How should the CIO be communicating the Board about security, how often, what should be the narrative you know, transparency, I wonder if you could give us your thoughts. >> It's a great question. There's a new financial regulation that's coming out where CISO's and CIO's actually have to sign off on financial statements related to cyber security. And there's a clause in there that says if they knowingly are negligent, it carries criminal charges. So the regulations coming into cyber security are very similar to what we're seeing and Sarbanes Oxley like if a CEO signs an audit statement that he suspects might have some level of negligence to it I'm not talking about outright criminal fraud but just some level of negligence, it carries a criminal offense. If you look at the latest Equifax breach, a lot of the media around it was that there should be criminal charges around it. And so as soon as as you use words like criminal, compliance, audit, CEO's, executives really care. So the message from the CIO has to be we're doing everything in our power, based on industry standards, to be as secure as we can number one. And number two we have the systems in place that if we are breached, we can detect it as quickly as possible. >> So I was watching CNBC the other day and what you don't want to see as a Board member, every Board members picture from Equifax up there, with the term breach. >> Is that true? >> Yeah, yeah. >> See, but, isn't that different. Like you never, like if we think back on all the big breaches, Target and Sony they were all seminal in their own way. Target was seminal because the CEO got fired. And that was the first time it happened. I think we're going to remember Equifax, I didn't know that about the Board. >> For 50 seconds it was up there. I the sound off. >> You don't want to be a Board member. >> I mean, I hate to say it, but it's got to be great for your business, first of all it's another reason not to be a public company is one more hurdle. But if you are they need help. >> They absolutely need help. And on point I don't want to lose is that what we're seeing with CISO's, Chief Information Security Officers, Is that that role's transcending, that role is actually reporting directly to in to CEO's now. Directly into CFO's now, away from the CIO, because there's some organizational dynamics that keep the CISO from telling, what's really going on. >> Fox in henhouse. >> Exactly. >> You want to separate those roles. You're you're seeing that more often. What percent of the CISO's and CIO's are separate in your experience? >> Organizations that have a mature security program. That have evolved to where it's really a risk-based decision, and then the security function becomes more like risk management, right. Just what you they've been doing for decades. But now you have a choice security person leading that charge. >> So what we really always saying theCUBE, it's not a matter of if, it's when you're going to get infiltrated. Do you feel as though that the Boards and CIO's are transparent about that? Do Boards understand that that it's really the remediation and the response that's most important now, or there's still some education that has to go on there? >> You know, Robert speaks to Boards are the time he can comment on that, but they really want to know two things, how bad is it and how much money do you need. And those are the key questions that's driving from a Board perspective what's going to happen next. >> What's worse that Equifax got breached or that Equifax was breached for months and didn't know about it. I mean, as a Board member the latter is much worse. There's an acceptance like I have a beautiful house and I have big windows a lots of alarms and a dog, not a big dog, but still, I have a dog. >> A yipper. >> Yeah, I have a yipper. It's worse to me if somebody broke into my house, was there for a while and my wife came home at night and the person was still there. That to me is fundamentally worse than getting an alarm and saying, somebody broke the window, went in, stole a picture frame. You're going to get breached, it's how quickly you respond and what the assets are. >> And is it all shapes and sizes, too I mean, we talk about big companies here you've mentioned three but is it the mid-level guys and do smaller companies have the same concerns or same threats and risks right now? >> See these are the you heard about. What about all the breaches you don't know. >> That's the point, how big of a problem are we talking about? >> It's a wide scaling problem right and to the previous question, the value now in 2017, is what is the quality of your intelligence? Like what actions can I take, with the software that you're giving me, or with the service that you're giving me because you could detect all day but what are you going to do about it? And you're going to be held accountable for that. >> I'm watching the service now screen over here and I've seen them flash the stat 191 days to detect an infiltration. >> That sounds optimistic to me. I think most people would be happy with that if they could guarantee that. >> I would think the number's 250 to 300 so that now maybe they're claiming they can squeeze that down but, are you seeing any compression in that number? I mean it's early days I know. >> I think that the industry continues to be extremely complicated. There's a lot of vendors, there's a lot of products. The average Fortune 500 company has 72 security products. There's a stat that RSA this year that there's 1500 new security start ups every year. Every single year. How are they going to survive? And which ones do you have to buy because they're critical and provide valuable insights. And which ones are going to be around for a year or two and you're never going to hear about again. So it's a extremely challenging complex environment. >> From the bad guys are so much more sophisticated going from hacktivists to whatever State sponsored or criminal. >> That's the bottom line, I mean the bad guys are better, the bad guys are winning. The white hats fought their way out to the black hats, right. The white hats are trying, trying hard, we're trying to get organized, we're trying to win battles but the war is clearly won by the by the black hats. And that's something that as an industry we're getting better at working towards. >> Robert, as an investor what's your sentiment around valuations right now and do you feel as though. >> Not high enough. >> Oh boy. >> Managed security companies should be trading way higher value. >> Do you feel like they're somewhat insulated? >> Its a really good question, we're in that space you know we're we're about a $200 million private company. We're the largest privately held, managed security company in the world actually. And so I always think every time we're worth more I think wow, we couldn't be worth more, the market can't get bigger. Because your values always based for potential size. Nobody values you for what you're worth today. Because an investor doesn't buy history an investor doesn't buy present state, an investor buys future state. So if the valuations are increasing, it's a direct correlation because the macro factors are getting bigger. And so the answer to your question is values are going to go up because the market is just going to be fundamentally bigger. Is everybody going to survive? No, but I think you're going to see valuations continue to increase. >> Well in digital business everybody talks about digital business. We look at digital business as how well you leverage data. We think the value of data is going through the roof but I'm not sure customers understand the intrinsic value of the data or have a method to actually value their data. If they did, we feel like they would find it's way more valuable and they need to protect it better. What are you seeing in that regard with customers? >> There's an explosion of data in that with IoT, internet of things, and the amount of additional data that's come now. But, to your point, how do you sequence and label data? That's been a multi-decade old question more organizations struggle with. Many have gone to say that, it's all important so let's protect it all, right. And verses having layers of approach. So, it's a challenging problem, I don't think across all our customer base. That's something that each wrestling with to try to solve individually for their companies. >> Well, I think you also have the reality though of money. So, it's easy to say all the data is important, Structured unstructured, but you look at a lot of the software and tools that you need around this floor are sold to you on a per user or per ingestion model. So, even though all your data is critical. You can't protect all your data. It's like your house, you can't protect every single component of it, you try, and every year gets better maybe get a better alarm maybe I'll get rid the yappy dog and get a Doberman you know you're constantly upgrading. But you can't protect everything, because reality is you still live in an unstructured, unsafe world. >> So is that the complexity then, because the a simple question is why does it take so long to find out if there's something wrong with your house? >> I think it's highly complex because we're dealing with people who are manipulating what we know to their benefit in ways we've never done it. The Wannacry breach was done in a way that had not been done before. If it had done before we could have created some analytics around it, we could created some, you know, metrics around it but these are attacks that are happening in a way we've never seen before and so it's this element of risk and data and then you always have human nature. Gary Moore was that the Council this morning. The writer of Crossing the Chasm, legendary book, and he said something very interesting which was Why do people always get on a flight and say, good luck with the flight, hope you fly safe. But they don't think twice about hopping in their car and driving to the grocery store. Whereas statistically, your odds of dying in that car are fundamentally greater, and it's human nature, it's how we perceive risk. So it's the same with security and data in cyber security. >> As security experts I'm curious and we're here in DC, how much time you think about and what your thoughts might be in the geopolitical implications of security, cyber war, you know it's Stuxnet, fast forward, whatever, ten years. What are you thoughts as security practitioners in that regard? >> The longest and most heated battles in the next World War, will not be on Earth, they'll be in cyberspace. It's accepted as a given. That's the way this Country is moving. That's the way our financial systems are tied together and that's the way we're moving forward. >> It's interesting we had Robert Gates on last year and he was saying you know we have to be really careful because while we have the United States has the best security technologies, we also have the most to lose with our infrastructure and it's a whole new you know gamification or game theory balance we have to play. >> I would agree with him that we have some of the best security technology in the world but I would say that our barometer and our limiter is the freedom of our society. By nature what we love about our country and Canada is that we love freedom. And we love giving people access to information and data and free speech. By nature we have countries that may not have as good a security, but have the ability to limit access to outsiders, and I'm not saying that's good by any means but it does make security a little bit easier from that perspective. Whereas in our system, we're never going to go to that, we shouldn't go to that. So now we have to have better security just to stay even. >> To Dave's point talking about the geopolitical pressures, the regulatory environment being what it is, you know legislators, if they smell blood right, it in terms of compliance and what have you, what are you seeing in terms of that shift focus from the Hill. >> Great question. I did a speech to about two thousand CIO's, CISO's not long ago and I said, how many people in this room buy security to be more secure and how many people buy because you have to be compliant. 50/50, even the security ones admitted that how they got budget was leveraging the compliance guys. It was easier to walk into CEO's office and say look, we have to buy this to meet some kind of a political, compliance, Board issue. Than it was to say this will make us better. Better is a hard sell. So that, has to go to the head to pull the trigger to do some of that. >> You know, I think in this geopolitical environment it's look at the elections, look at all the rhetoric. It's just there is going to be more of that stuff. >> A lot's changed in crypto and its potential applications in security. More money poured into ICO's in the first half than venture backed crypto opportunities. >> There are practical applications of blockchain technology all across the board, right, but as you mentioned is fundamentally built on pathology. On core gut security work and making a community of people decide whether something's authentic or not. It's a game changer, as far what what we could do from a platform standpoint to secure our financial systems and short answer it's volatile. As you saw with the fluctuation of Bitcoin and then the currency of Bitcoin, how it's gone up and down. It's quite volatile right now because there's a lot of risk So I say what's the next Bitcoin in six months or eighteen months and what's going to happen to the old Bitcoin and then all the money that into there, where is that going to go? So that's a discuss the pivot point I think for the financial services industry and more and more their larger institutions are just trying to get involved with that whole network of blockchain. >> Crypto currencies really interesting. In some ways it's the fuel that's funding the cyber security ransomeware. I mean it's one of the easiest ways to send money and be completely anonymous. If you didn't have crypto currency, how would you pay for ransomware? You give them your checking account? You deposit into their checking account? So, I think that you're seeing a big surge of it but if you look at the history of money or even checks, checks were developed by company called Deluxe here in the United States 104 years ago. They're a customer of ours, that's why I know this, but the basis of it is that somebody, a real institution with bricks and mortar and people in suits is backing that check, or that currency. Who's backing crypto currency today? So you have, by nature, you have this element of volatility and I don't know if it's going to make it or it's not going to make it. But inevitably has to cross from a purely electronic crypto form to some element of a note or a tender that I can take from that world and get backing on it. >> That's kind of what Warren Buffet has said about it. I mean I would respond that it's the community, whatever that means, that's backing it. I mean, what backs the greenback, it's the US Government and the US military. It's an interesting. >> Right like, at the end of the day I would still rather take a US dollar than even a Canadian dollar or a UK dollar. >> Gentlemen thanks for being with us. >> Great to see you. >> Thank you for the coffee mug. >> This is incredible. >> There's actually stuff in it too so be careful. >> I drank it is that okay? >> Can I go to the hospital. >> Atif, thanks for the time and Robert good luck with that new dog. (all laughing) >> Don't tell my wife I got rid of her dog. >> In time. >> In time. All things a time, theCUBE continues live here Washington DC at .conf2017 right after this.

>> Live from the Walt Disney World Swan and Dolphin Resort in Orlando, Florida, it's theCUBE, covering Splunk .conf2016. Brought to you by Splunk. Now, here are your hosts John Furrier and John Walls. >> And welcome back here on theCUBE. The flagship broadcast of SiliconANGLE TV where we extract a signal from the noise. We're live at conf2016 here in Orlando, Florida on the show floor. A lot of activity, a lot of excitement, a lot of buzz and a really good segment coming up for you here. Along with John Furrier, I'm John Walls and we're joined by two gentlemen from the Herjavec Group, Robert Herjavec. Good to see you, sir. >> Greetings. Thank you for having us. >> The CEO, and Atif Ghauri is Senior VP at Herjavec. Good to see you, sir. >> Yes. >> First off, Robert, congratulations. Newly married, your defense was down for a change. Congratulations on that. (laughter) >> Oh thank you. It was wonderful. It was a great wedding, lots of fun but casual and just a big party. >> Yeah, it was. Looked like, pictures were great. (laughter) People obviously know you from Shark Tank. But the Herjavec Group has been, really, laser focused on cyber security for more than a decade now. Tell us a little bit about, if you would, maybe just paint the broad picture of the group, your focus, and why you drilled down on cyber. >> Yeah, I've been in the security business for about 30 years. I actually helped to bring a product called CheckPoint to Canada firewalls, URL filtering, and that kind of stuff. And we started this company 12 years ago, and our vision was to do managed services. That was our vision. No other customer's vision, but our vision. And we thought we'd do $5 million in sales in our first year and we did $400000. The market just wasn't there. SIEM technology, log aggregation isn't what it is today. I mean, I think at the time, it was enVision. What was it called? >> Yeah, enVision. >> enVision. And then RSA bought them. That was really the first go-to-market SIEM. Then you had ArcSight and Q1. So our initial business became around log aggregation, security, writing parsers. And then over time it grew. It took us five years to get to $6 million in sales, and we'll do about $170 million this year. We went from a Canadian company to really a global entity. We do a lot of business in the States, UK, Australia, everywhere. >> But you're certainly a celebrity. We love havin' you on theCUBE, our little Shark Tank in and of itself. But you're also an entrepreneur, right? And you know the business, you've been in software, you've been in the tech business, so you're a tech athlete, as we say. This world's changing right now. And I'm certain you get a lot of pitches as entertainment meets business. But the fact that the entrepreneurial activity, certainly in the bay area and San Francisco, the Silicon Valley, where I live, and all around the world, is really active. Whether you call the programmer or culture or just the fact that the cloud is allowing people to start companies, you're seeing a surge in entrepreneurship in the enterprise. (laughs) Which is like, was boring in the past, you know? You just mentioned CheckPoint in the old days, but now it's surging. Your thoughts on the entrepreneurial climate? >> I dunno if the enterprise entrepreneurship element is surging. By the way, I'm going to say intrepreneur, just the way I say it. Cuban always makes fun of me. (laughter) We don't say it like that in America! I'm like, screw off! (laughter) >> That's how you say it! >> I want to say it the way I want to say it. >> Well, internal entrepreneurs, right? Is that what you mean by intrepreneurship? >> Well, no. I'm just, it's just the way I say it. >> It's a Canadian thing. >> But business to business enterprise, we've always been in the enterprise business. So we're seeing a lot of growth in that area, a lot of VC money's going into that area, because it's more, you know, you can measure that level of return and you can go and get those customers. But on our show, we're a bubble. We don't do a lot of tech deals like we're talking because it's boring TV. Tech people love tech, consumers love the benefit of tech. You know, no consumer opens up their iPhone and says, oh my gosh, I love the technology behind my iPhone. They just love their iPhone. And our show is really a consumer platform that is-- >> It's on cable TV, so it's got a big audience. So you got to hit the wide swath-- >> We're one of the highest-rated shows on network television. Eight years, three Emmys. You know, it's a big show now. And what we've all learned is, because Mark Cuban and I are tech guys, we used to look for stuff we know. We don't invest in stuff we know any more. We invest in slippers, ugly Christmas sweaters, food products, because if you can tap into that consumer base, you're good to go. >> So bottom line, has it been fun for you? I mean, the show has been great. I mean, obviously the awards have been great. Has it been fun for you? What's it been like, what's the personal feeling on being on the Shark Tank. >> You know, filming is fun, and hanging out is fun, and it's fun to be a celebrity at first. Your head gets really big and you get really good tables at restaurants. There's no sporting venue-- >> People recognize you. >> Yeah. >> You get to be on theCUBE. (laughter) >> I get be on theCUBE. >> Doesn't happen every day. >> You get to go everywhere. But after a while it gets pretty dry. But it really helps our brand. We compete, typically, against IBM, Verizon, and you know, the CEO of IBM, you're not going to see him selling his security. >> Well I know they're doin' a lot, spending a lot of cash on Watson, trying to get that to work, but that's a whole 'nother story. But let's get down and dirty on Splunk. You're here because you're doin' a talk. Give a quick take on what you're talking about, why are you here at .conf for Splunk? >> Yeah, we're doing a talk on data transformation. The world today is about data. And the amount of data points and access points and the internet of things, it's just exponential growth. The stat I always love, and Atif's heard it 1000 times is, there's roughly three billion people on the internet today, and there's roughly six billion or seven billion IP addresses. By 2020, according to the IPV Committee, there'll five, six billion people connected. And hundreds of trillions of IP addresses. >> And the IoT is going to add more surface area to security attacks. I mean, it used to be, the old days, in CheckPoint, the moat, the firewall, backdoor, frontdoor. >> The idea of the perimeter is gone now. There is no such thing as a perimeter any more, because everything you can access. So a lot of work in that area. And all of that comes to data and log aggregation. And what we've seen for years is that the SIEM vendors wanted to provide more analytics. But if you really think about it, the ultimate analytics engine is Splunk. And Splunk now, with their ESM module, is moving more into the security world and really taking away market share. So we're very excited by, we have a great relationship with the Splunk guys, we see nothing but future growth. >> And you're using Splunk and working with it with your customers? >> We do, we've been using Splunk for a while. We have a private cloud. Tell us a little bit about that. >> Yeah, so we eat our own dog food. So not only do we sell Splunk, but we also use it in-house. We've been usin' it for over five years, and it powers our analytics platform, which is a fancy way to say, reduces the noise from all the different clutter from all the IoT, from all the different type of alerts that are comin' in. Companies need a way to filter through all that noise. We use Splunk to solve that problem for us internally, and then, of course, we sell it and we manage it for Global 2000 customers, Fortune 100 companies all over the world. >> Tell us what about the role of data, 'cause data transformation has been a big buzzword it's a holistic message around businesses digitizing and getting digital assets in front of their customers. We have a big research division that does all of this stuff. By the end of the day, you know, the digitization business means you're going to have to go digital all the way. And role of data is not the old data warehousing days, where it's fenced away, pull it in, now you need data moving around, you need organic sharing of data, data's driving policies and new pattern recognitions for security. How do you guys see that evolving? How do you talk to your customers, because in a way, the old stuff can work if you use the data differently. We're seeing a pattern, like, hey, that's an algorithm I used 10 years ago. But now, with new data, that might be workable. What are some of the things that you're seeing now that customers are doing that you talk to that are leveraging data, like Splunk, in a new way? >> Well, that's really where Splunk adds so much value, because a friend of mine is the dean of USC. And he has a great saying, more data is not necessarily more information. And so, the mistake that we see customers making a lot is they're collecting the data, but they're not doing the right things with it. And that's really where Splunk and that level of granularity can add tremendous value, not just from logging, but from analytics and going upstream with it. >> Yeah, and also, to that point, it's just automation. There's too much data >> That's a great point. >> And it's only going to get bigger, right, based on that stat Robert rattled off. Now, we need some machine learning analytics to move it further. And all points aside, machine learning isn't where it needs to be right now. Today in the market, it still has a long way to go. I would call it a work in progress. But however, it's the promise, because there's too much data, and to secure it, to automate behavior, is really what what we're looking for. >> The example I saw is the innovation strategy's comin' to take, and they're growin' with mobility, growin' with cloud, increase the surface area, IoT. But the supervised areas of the enterprise were the doors, right? Lock the doors. And perimeter is now dead. So now you have an unsupervised environment and the enterprise at risk. Once the hackers get in, they're havin' their way. >> The internet is, like, a kindergarten playground where there are no rules and the teacher went home at lunch. (laughter) That is the internet. And kids are throwin' crap. >> And high school. I think it would be high school. Kindergarten through high school! >> And you have different-aged kids in there. >> It's chaos, bedlam! >> Very well said. The internet is chaos, but by nature, that's what we want the internet to be. We don't want to control the chaos because we limit our ability to communicate, and that's really the promise of the internet. It's not the responsibility of the internet to police itself, it's the responsibility of each enterprise. >> So what new things are happening? We're seeing successes. Certainly, we're reporting on companies that are being successful are the ones that are doing reverse of what was once done, or said differently, new ways of doing things. Throwin' out kind of tryin' to do a hybrid legacy approach to security, and seeing the new ways, new things, new better cat and mouse games, better honeypots, intelligent fabrics. What do you guys recommend to your customers and what do you see, in your talk, this digital transformation's definitely a real trend, and security is the catastrophic time bomb that's ticking for all customers. So that's, it dwarfs compliance, risk management, current... >> Well, I dunno if that's necessarily true, that it's a time bomb. You know, the number one driver for security, still, is compliance. We sell stuff people don't really want to buy. Nobody wakes up and the morning and says, yeah, I want to go spend another $5 million on security. They do it, frankly, because they have to. If none of their competitors were spending money on security, I don't think most enterprises would. I mean, whenever you have to do something because it's good to do, you have a limited up cycle. When you do something because there's a compliance reason to do it, or bad things happen to you, you're really going to do it. >> So you think there's consumer pressure, then, to have to do this, otherwise-- >> Interesting stat, the Wall Street Journal did a study and asked 1000 people on a street corner in New York if, for a hamburger, they will give away their social insurance number, their home number, and their name. 72% of people gave out that information freely. >> Better be a good hamburger. (laughs) >> Back to your point, though, I want to get a-- >> So I think consumers have an expectation of security, and how they police that is they simply go to somebody else. So if you're my retailer and you get breached, you know what I'm going to do? I'm going to go next door. But I think that the average consumer's expectation is, security's your responsibility, not mine. >> Okay, so on the B to B side, let's get that. I wanted to push you on something I thought I kind of disagreed with. If compliance, I agree, compliance has been a big part of data governance and data management. >> Yeah, PCI has been the biggest driver in security in the last five years. >> No doubt. However, companies are now sharing data more with other companies. Financial institutions are sharing core data with other financial institutions, which kind of teases out the trend of, I'll give you some of my data to get, to fight the fraud detection market because it's a $1 trillion problem. So as you start to see points of growth where, okay, you start to see people go outside their comfort zone on compliance to share data. So we're tryin' to rationalize that. Your thoughts? I mean, is that an indicator? Do you see that as a trend, or, I mean, obviously locking down the data would be, you know. >> I think it's challenging. I mean, we were at the president's council on security last year at Stanford. And you know, President Obama got up there, made some passionate speech about sharing data. For the goodness of all of us, we need to share more data and be more secure. I got to tell you, you heard that speech and you're like, yeah baby, I'm going to share my data, we're all going to work together. Right after him, Tim Cook got up there (laughter) and said, I will never share my data with anybody in the government! And you heard him, and you're like, I am never sharing my data with anybody. >> Well there's the tension there, right? >> Well, this is a natural-- >> Natural tension between government and enterprise. >> Well, I think there's also a natural tension between enterprises. There's competitive issues, competitor pressures. >> Apple certainly is a great case. They hoard their data. Well, this is the dilemma, right? You want to have good policy, but innovation comes from experimentation. So it's a balancing act between what do you kind of do? How do you balance-- >> Yeah, it's a great time to be in our space. I mean, look at this floor. How many companies are here? Splunk is growing by 30%, the show itself, 30% per year. They're going to outgrow this venue next year and they're going to go, probably, Vegas or somebody. I think that's exciting. But these are all point products. The fastest-growing segment in the computer business is managed services, because the complexity in that world is overwhelming, and it's extremely fragmented. There's no interlinking. >> Talk about your business in there right now. What are you guys currently selling, how many employees do you have, what's the revenues like, what's the product mix? >> Yeah, so we are a global company. So we have 10 offices worldwide and close to 300 employees. We're one of the fastest-growing companies in North America. We sell, our focus is managed security services. We do consulting as well as incident response remediation, but the day-to-day, we want your logs, we want to do monitoring, we want to help with-- >> So you guys come in and do deployments and integration and then actually manage security for customers? >> We do the sexy of gettin' it in, and then we also do the unsexy of managing it day-to-day. >> Atif, nothing unsexy about our work. (laughter) >> It's all sexy, that's what theCUBE show's about. >> It's all sexy! >> That's why theCUBE's a household name. We have celebrities coming on now. Soon we'll be on cable. >> That's right! This will be a primetime show. (laughter) >> Before we know it! >> That's funny, I got approached by a network, I can't tell you who, big network with a big producer to do a cybersecurity show. And so, they approached me and they said, oh, we think it's going to be so hot. It's such a topical thing. So they spent a day with me and our team to watch what we do. There is no cybersecurity show! (laughter) They're like, do you guys do anything besides sit on the computer? >> You have a meeting and you look at the monitor. It's not much of a show. >> Does anybody have a gun?! (laughter) >> It's not great for network TV, I think. >> Build a wall. >> Someone has to die in the end. That has to be network TV. And yeah, but I mean, there's a problem. There's 1.4 million cyber jobs open right now. And that's not even including any data science statistics. So you know, so we're reporting that-- >> I'm sure it's the same thing in data science. >> Same problem. How do you take a high skill that there's not enough talent for, hopefully, computer science education, all that stuff happens, and automate it. So your point about automation. This is the number one problem. How do you guys advise clients what the hell do they do? >> You know, automation's tough. We just had this meeting before we got on here, because in our managed service, it's people-driven. We want to automate it. But there's only a certain amount of automation you can do. You still need that human element. I mean, if you can automate it, somebody can buy a product and they're secure. >> Machine learning isn't where it's supposed to be. Every vendor aside, machine learning's not where it needs to be, but we're getting there. Having succinct automation helps solve the cybersecurity labor shortage problem, because the skill level that you hire at can go lower. So you reduce the learning curve of who you need to hire, and what they do. >> That's a great point. I think the unsupervised machine learning algorithms are going to become so much smarter with the Splunk data, because they are, that's a tough nut to crack because you need to have some sort of knowledge around how to make that algorithm work. The data coming in from Splunk is so awesome, that turns that into an asset. So this is a moving train. This is the bigtime. Okay, go step back for a second, I want to change gears. Robert, I want to get your thoughts, because since you're here and you do a lot of, you know, picking the stocks, if you will, on Shark Tank, in the tech world, our boring tech world that we love, by the way. >> We love it too. >> How do you, as someone who's got a lot of experience in cycles of innovation, look at the changing digital transformation vendor landscape, Splunk, companies like Oracle tryin' to transform, Dell bought EMC, IBM's pivoting, Amazon is booming. How do you look at the new digital enterprise, and how do you look at that from, if you're a customer, an investor, where's the growth stocks, where's the growth companies, what's the growth parameters, what's your thoughts? >> One of the reasons a lot of our industry, why I got into tech was I had no money, my dad worked in a factory, my mom was a receptionist. And the old adage is, to make money, you need money. To get ahead, it's not what you know, it's who you know. I didn't know anybody. And the value of tech is tech transforms every three years. We follow these cycles where we eat our own young and we throw away stuff that doesn't add value. Tech is the great equalizer, 'cause if you don't add value, nobody cares. And you know, when I'm starting out as a guy with a small company, I love that! We're going to kick ass, we're going to add value. Now that we're a little bigger-- >> Well, when you're a young company you can eat someone's lunch, because if they're not paying attention, you can come in and-- >> For sure. It gets harder as you get bigger because now we're the big guys that somebody in their basement's tryin' to take out. But you know, we see tremendous innovation in security. If you look back three years, who were the leaders in the SIEM space? ArcSight, Q1, Nitro to a lesser degree, and enVision. Today, does RSA have a strategy around a SIEM? They have Netwitness, you know, security analytics, which is kind of a SIEM. Q1 is in the throes of the IBM machine, somewhere in their gut, nobody knows. ArcSight, who buys ArcSight anymore? It's so complicated. Who's the leader? Splunk! >> So back to the old classic team. Obviously, you have good people on the management team. Product matters now, in tech, doesn't it? More than ever. Obviously, balance sheet. Okay, let's get back to the data transformation. So you know, data is so critical now, and again, it's more from that data warehouse, which still is around, but to real-time data having value, moving it into different applications. Question is, how do you value data? I mean, you can't put it on the balance sheet. I mean, people value factories. GE said, we have all this investment in machines and assets. They worry about someone getting their data and doing a judo move on them. So data is truly an asset that's flying out of their network. How does companies value data? Can it ever be on the balance sheet? How do you look at that? >> I don't think data, in of itself, has any value. It's the effect of the data that has the value. And it's a very singular, it's what somebody does to it. Whatever the data is worth to you, from a business perspective, it's worth fundamentally more to an outside bad party because they can package that data and sell it to a competitor, a foreign government, all those kind of places. So it's the collection of raw data and applying it to something that has meaning to a third party. >> So it's like thermodynamics, really. Until it's in motion, it's really not worth anything. I mean, that's what you're saying. Data's data until it's put to work. >> Right, I don't think you're ever going to see it on a balance sheet as a hard, core value, because it has to have a transformative value. You have to do something with it. It's the something. >> So pretend you're in Shark Tank and you're a data guy, and you say, boss, I need more budget to do security, I need more budget to expand our presence. And the guy says sorry, I need to see some ROI on that data. Well, I just have a gut feeling that if we move the data around, it's going to be worth something. Oh, I pass. You can't justify the investment. So a lot of that, I mean, I'm oversimplifying it, but that's kind of like a dialogue that we hear in customers. How do you get that-- >> What I always tell CIOs and CCOs, it's challenging to get budget to do a good thing or the right thing. It's easier to get budget to do the necessary thing. And so, necessary is defined by the nature of your business. So if you make widgets and you want to get more budget to protect the widgets, no one cares. No one's sitting around, and like oh, are my widgets safe? They are, to certain degree, and they'll have limited budget for that. But if you go to them and say, you know what, we have a risk that if somebody can attack our widgets, we're going to be down for three days. And being down for three days or three hours has a dollar cost of $5 million. I need an extra $2.5 million to protect that from happening. As a business guy and a CEO, I understand that. >> That's great advice. >> And that's the biggest challenge, still, with security people is, we're technical people. We're not used to talking to business guys. >> It's like house insurance, in a way, or insurance. You invest this to recover that. >> It's a great analogy. You know, I used to race cars, and I had a life insurance premium for key man insurance. And my insurance agent comes along and says, you should buy a bigger policy. I'm like, I don't need a bigger policy. It's so much money, we're okay. And then he says to me, you know, if you die in a racecar, I'm not sure you're covered. (laughter) But if you pay me another $10000 a year in coverage, you're covered. Did I buy it? Absolutely. And it's the same analogy. >> That's very necessary. Personal question for you. So if you're, your dad had a factory, you mentioned. I saw that you mentioned that earlier. If he had a factory today in a modern era of IoT, and you were going to give him a digital transformation consulting project, how would you advise him? Because a lot of people are taking their analog business and kind of digitizing it. Some already have sensors in there. So you see it in manufacturing, and certainly, the industrial aspect of IoT has been a big deal. How would you advise your dad building a factory today? >> Yeah, so I think there's two aspects to it. One is just, you know, everything we've been talking about, data transformation, data analytics, making things better, none of those things are possible unless you're actually collecting the data. It's like, customers come to us and say, you know what, we don't want you to just manage our logs and tell us what's going on, we want higher-level value. And I'm like, no, I get that, but unless you're actually aggregating the logs, none of the upstream stuff matters. So first thing is, you have collect the data. Whether that's sensors, old devices, mechanical devices, and so on. The second part of it is, the minute you open up your factory and open up the mechanical devices and attach them to a PC or anything that's network-based, you're open for risk. And so, we're seeing that now in utilities, we're seeing that with gas companies, oil companies. You know, up until a few years ago, you couldn't physically change the flow of a pipeline, unless there was a physical connection, a mechanical on-off. It was very binary. Today, all those systems are connected to the internet. And it saves companies a lot of money 'cause they can test them and stuff. But they're also open to hackers. >> Bigtime. >> Well gentlemen, we appreciate the time. >> Thank you. >> And who says tech hasn't got a little pizazz, I mean-- (laughter) >> Come on, I was on Dancing with the Stars, that's a lot of pizazz! >> It's been great! >> You guys are exciting, but you are, no! >> Dancing with the Stars, of course! >> All right. >> Thank you very much. >> Well, thanks for bein' in theCUBE Tank, we appreciate that. >> Thank you. >> Don't call us, we'll call you. (laughter) Gentlemen, thank you very much. >> We're booked, maybe we can get you on next time. >> Okay, we're out. >> .conf2016, CUBE coverage continues live from Orlando. (electronic jingle)

>>And welcome back to the cubes coverage of AWS summit public sector here live in Washington, DC, where we're actually having a physical event, but also broadcasting to a hybrid audience digitally. I'm John, your hosted, like you've got a great panel here. Martin Rieger's chief solutions, officer stack armor, the thin poli who's with Splunk group vice president of partner go to market Americas and public sector, and Troy Bertram, vice president sales, a telos. Good to see you guys. Thanks for coming on. It's great to be. So you guys stuck on them to have a great solution on AWS called faster. Okay. Which is nice name what's what's it all about? >>So faster is about getting cloud service providers to an authorization, to operate with the federal government, uh, basically as fast as possible. It is the collection of threat alert, which is a fed ramp designed solution and boundary solution. That includes all those key security stack components. Uh, primarily our partners over at Splunk and telos. Uh, those products are scripted, streamlined, and designed to get customers there as fast as possible in a compliant manner. >>I love the acronym fast tr faster on AWS. Uh, how did you guys come up with the threat alerts concept? What did, what's this all about? How did it all come together? >>Uh, threat alert was, was born out of one of our primary services, which is migration and, uh, for roughly about a five-year stretch migrating federal agency systems, um, to Amazon, both east, west and gov cloud, uh, we recognized quickly that there was a need to include a security stack of common components, such as vulnerability scanning, uh, security incident event monitoring, uh, as well as a number of other key components designed around the continuous monitoring aspect of it. And so we quickly realized that, you know, the packaging of this solution and putting together a dashboard that allows us to tie everything in, uh, deploy very, very quickly through infrastructure as a code, um, was a vehicle that could help, uh, our customers and CSPs as well as agencies get through the FedRAMP ATO process. Um, quickly >>Talk about the relationship with Splunk and telos. How's this all connecting with? Just what's your role? >>Yeah, so really with the support of NIST and the new Oscar standard, which I'm going to make sure I get the acronym right. Open securities controls, assessment language, or asked gal, um, with our release of Exacta and automation of the compliance standards working with, and the framework, we've been able to look at best of breed partners in the industry, and it is all around acceleration of how can we move faster to deliver the end customer, the controls they need and want in a secure compliant manner. Um, and as someone that served in the government, right, it's, it's passion for the mission. And that's really what brought the three companies together >>And my opinion, by the way, congratulations on Telus going public. You guys do a lot of great cyber work. Congratulations. Now that data is the heart of this. I mean, Splunk that's all you guys do is think about data. How do you guys connect into, into the product? >>Well, it's exactly that really providing that data platform, then they analytics capability to enable the subject matter experts to bring the data to life. Right. And that's what we, that's why these partnerships are so important to Splunk because, uh, they have the subject matter expertise and can really leverage the power of the data platform to provide services to customers. >>Yeah. One of the big trends that's kind of underreported, in my opinion, is that partnerships required to kind of get the cyber security equation, right? This is a huge trend. People are sharing, but also working together. How, how do you guys see that evolving? Because you know, there has to be an openness around the data. There has to be more open solutions. How do you guys see that evolving? Um, >>Well you kind of hit the hammer on the heads. Splunk is, is essentially the heart and soul of our auditing logging and continuous monitoring piece. Um, in terms of, of the relationships and how we all work together. We we've evolved now to a point where we are able to pre-stage customers well in advance. Um, and in working with our partners, uh, tell us on Splunk. By the time we get started with a customer, we, we reduced the amount of time this takes, uh, on average by 40%, um, and even faster with the exact piece because, uh, as, as Troy kind of mentioned, the OSC gal component, um, is the future of accreditation. And it's certainly not limited to fed ramp, but that machine language, that XML Yammel Jason code, we've got things to the point where not only are we deploying Splunk in a, in a scripted pre-configured manner to work with our technology, we're also doing the same thing with Exacta. >>So the controls are three documented for everything that we provide, which means we don't have to spend the time going through the process of saying, okay, tell me what you're doing. We already have that down. The other best of breed type components that were mentioned by Troy. Um, it's the same thing, right? So customers, when they show up, they have a security stack that's ready to go. They already have FIPs compliance for encryption. They already have hardening in place so that when, when they approach us, all they've really got to do is deploy their application and close a very small gap in documentation, which we do with Exacta and then auditors can come in, hit the, they can jump, get what they need out of Exacta. And eventually once everyone else catches up to OSC gal, we'll be connecting systems to other systems and just pushing the package, the days of PDFs. And those are almost gone >>As someone that went through, um, achieving an ATO, the paper process and the Excel spreadsheets. It's a nightmare. And you've got sales engineers, you've got solution architects that are spending their time, not focused on delivering mission outcomes or new products and services to our public sector customers, but on the process and the paperwork, >>Can you share order of magnitude the old way, time wasting versus this solution? What's, what's gained cause that's key. This needs a resources when people are >>Every CFO ad in ISV wants to do two things, right? They want to support the sales efforts to move into the federal or state environment, right? We're talking about fed ramp, but state ramp is upon us now. So they want two things. How do I do this at the lowest cost possible limit my resources that are really expensive on the engineering side and how do I shrink the amount of time? So 40% is a very conservative estimate. I believe that we can continue with implementations of Bosco and other ingestation points, especially across government. We can shrink that time, which reduces the cost immensely >>The time savings day. What about the stack? >>But if you want to put it in perspective, right? I've been doing this since the beginning in 2012, and I've stood up three different three pills. I've audited over 200 companies. I've been doing this a long time. And in the beginning it was an average of 12 months just to get someone ready, just to get ready. That didn't include the audit time. So we've evolved to a point now where on average, that's down to 12 weeks. And that was before the inclusion of the exact piece. We were able to shave off four more weeks with that, to the point where we're down to eight weeks and the government is pushing to try to get towards a 30 day ATO. And I think Oscar was the answer for that. And so to give you an idea of where we were to where we are now, we went from 12 months to 12 weeks. >>That's huge. So the data is the key in here. And then you got faster on AWS. Love the name wa how does that compare to other ATO solutions? How do you guys see that comparing a wonder place? >>I think in terms of the other solutions that are available out there, there, there's a couple key things that, that I think the rest of the market is trying to do to catch up. And one of those is the dashboard technology that we have in place integrates directly with Splunk and with Exacta, it pulls in from all the AWS sources that are available in terms of security and information and centralizes it in one spot. And so nobody else is doing that and we've been doing it for years. And this, this to me, OSS gal, and the addition of the exact component was the next evolution. >>Um, on the partnership side, how do you guys see it evolving? What's next >>More continuous monitoring, I think, right. It's not just about a FedRAMP authorization, but continuous monitoring in general for, for all of our public sector. >>That's day two operations continues ongoing AI operations. There's gotta be some machine learning in here somewhere. Is there? >>Yeah. I'll speak to the partnerships a little bit. And I think even back to AWS, right? Why we're here and it's great to be in person is it's around us working together as an industry and companies, right? The authority to operate on AWS, the ATO and AWS was started to bring like-minded companies together to help solve these problems. Yeah. >>I mean, it's a real benefit. It really shows that you can put a stack together, right. And then save time like that 12 months to 12 weeks. That's what cloud's about right now. Then the question is security. Think you should get that right. That is going to be an evolution. What's the vision of the product? >>Um, well, there's two things around that we, we, we talked about, yes, it's, it's planned prepare authorized, right? That is the current fed ramp mantra and post ATO. The continuous monitoring piece is really a core element. But in terms of the future three PAOs, the third-party assessment organizations that, that audit our customers, that, that we're all preparing together. Eventually they're systems, they're all developing audit systems around. And so where we're going is the auditor will connect to Exacta and they will simply over API or whatever calls they make. They will pull all of that audit information control information, which is only going to accelerate this even more. >>Yeah. I mean, the observability, the data, the automation all plays into more speed, more agility, faster, >>And, and meeting all of the standards, right? Whether it's smart Z or it's HIPAA state Ram home in Austin, Texas Tex ramp is, is a thing, right? How do we help each one of these customers with their own compliance or super smart, >>You know, the business model of reduce the steps it takes to do something, make it easier and faster is a good business model. Wow. >>It's not, it's becoming an ecosystem right. In the sense that, um, you know, Oscar has been under development for three years and, and, and stack armor, we've been supporting some components at NIST, but to the point where, uh, once we eliminate the, the traditional paper, you know, word doc XL PDF, um, and get to a point where everything is tied together. But one there's one important aspect to this is that it's all in boundary. So the authorization boundary is that invisible red line. We draw around everything in scope for an audit. And so that, by the way, is another critical component. The Splunk servers are in boundary. The exact servers are in boundary, which is a huge, huge element to this. >>Yeah. Good. Great. To see the spunk partnership, adding value here with telos, good, your cybersecurity expertise, pulling it all together. It's a great solution. >>It is, and great partners to work with, right? And I know that we will have additional solutions and product offerings in the future. >>Martin treadmill, Bethann. Thanks for coming on the queue. Appreciate it. Enjoy the rest of the show. As we wind down day two of cube live coverage in-person event, AWS public sector summit in Washington, DC. This is the cube. We right back after this short break,