>>Well, hello everybody. I'm John Walls here with the cube, and we're very happy to continue our coverage here of a splunk.com 21. And today we're going to talk about cyber security. Uh, obviously everybody is well aware of a number of, uh, breaches that have happened around the globe, but you might say there's been a surge in trying to prevent those from happening down the road. And I'm going to let our guests explain that Ryan Covar, who is the security strategist at Splunk. Ryan. Good to see you with, uh, with us here on the cube. Glad you could join us today. >>Thank you very much. I've wished we could have been doing this in person, but such as the time of life we live. >>Yeah. We have learned to live on zoom that's for sure. And, uh, it's the next best thing to being there. So, uh, again, thanks for that. Um, well, let's talk about surge, if you will. Um, uh, I know obviously Splunk and data security go hand in hand that is a high priority with the, with the company, but now you have a new initiative that you're just now rolling out to take that to an even higher level. Tell us about that. >>Yeah, something I'm extremely excited to announce. Uh, it's the first time we're really talking about it is that.com 21, which is wonderful. And it's kind of the culmination of my seven years here at Splunk. Uh, before I came to Splunk, I did about 20 years of cyber security research and defense and nation state hunting and threat intelligence and policy and compliance, and just about everything, uh, public sector in the U S and the UK private sector, a couple of different places. So I've kind of been around the block. And one of the things I've found that I'm really passionate about is just being a network defender or a blue teamer. And a lot of my time here at Splunk has been around that. It's been speaking at conferences, doing research, um, coming up with ways to basically defend organizations, but the tools they have at hand and something that we say Alon is, uh, we, we work on the problems of today and tomorrow, not the distant future, right? >>The really practical things. And we had an, you know, there was a little bit of a thing called solar winds. You might've heard of it. Um, that happened earlier in December and we were able to stand up kind of on an ad hoc ragtag group of Splunkers around the world, uh, in a matter of hours. And we worked about 24 hours for panning over to Australia, into a Mia, and then back over to America and able to publish really helpful work to, for our customers to detect or defend or mitigate against what we knew at the time around solar winds, the attack. And then as time went on, we were continuing to write and create material, but we didn't have a group that was focused on it. We were all kind of chipping in after hours or, you know, deep deprecating, other bits of work. >>And I said, you know, we really need to focus on this. This is a big deal. And how can we actually surge up to meet these needs if you will, uh, the play on the punter. So we created an idea of a small team, a dedicated to current events and also doing security research around the problems that are facing around the world insecurity who use Splunk and maybe even those who don't. And that's where the idea of this team was formed. And we've been working all summer. We're releasing our first research project, excuse me, uh, at.com, which is around supply chain, compromise using jaw three Zeke and Splunk, uh, author by myself and primarily Marcus law era. And we have other research projects coming out every quarter, along with doing this work around, just helping people with any sort of immediate cybersecurity threat that we're able to assist with. >>So what are you hoping that security teams can get out of this work? Obviously you're investing a lot of resources and doing the research, I assume, diversifying, you know, the areas and to which you're, um, exploring, um, ultimately what would be the takeaway if I was on the other end, if I was on the client and what would you hope that I would be, uh, extracting from this work? >>Sure. We want to get you promoted. I mean, that's kind of the, the joke of it, but we, we talk a lot. I want to make everyone in the world who use a Splunk or cybersecurity, looked into their bosses and defend their company as fast and quickly as possible. So one of the big, mandates for my team is creating consumable, actionable work and research. So we, you know, we joke a lot that, you know, I have a pretty thick beard here. One might even call it a neck beard and a lot of people in our community, we create things for what I would call wizards, cybersecurity wizards, and we go to conferences and we talk from wizard to wizard, and we kind of sit on our ivory tower on stage and kind of proclaim out how to do things. And I've sat on the other side and sometimes those sound great, but they're not actually helping people with their job today. And so the takeaway for me, what I hope people are able to take away is we're here for you. We're here for the little guys, the network defenders, we're creating things that we're hoping you can immediately take home and implement and do and make better detections and really find the things that are immediate threats to your network and not necessarily having to, you know, create a whole new environment or apply magic. So >>Is there a difference then in terms of say enterprise threats, as opposed to, if I'm a small business or of a medium sized business, maybe I have four or 500 employees as opposed to four or 5,000 or 40,000. Um, what about, you know, finding that ground where you can address both of those levels of, of business and of concern, >>You know, 20 years ago or 10 years ago? I would've answered that question very differently and I fully acknowledge I have a bias in nation state threats. That's what I'm primarily trained in, however, in the last five years, uh, thanks or not. Thanks to ransomware. What we're seeing is the same threats that are affecting and impacting fortune 100 fortune 10 companies. The entire federal government of the United States are the exact same threats that are actually impacting and causing havoc on smaller organizations and businesses. So the reality is in today's threat landscape. I do believe actually the threat is the same to each, but it is not the same level of capabilities for a 100% or 500 person company to a company, the size of Splunk or a fortune 100 company. Um, and that's something that we are actually focusing on is how do we create things to help every size of that business, >>Giving me the tools, right, exactly. >>Which is giving you the power to fight that battle yourself as much as possible, because you may never be able to have the head count of a fortune 100 company, but thanks to the power of software and tools and things like the cloud, you might have some force multipliers that we're hoping to create for you in a much more package consumable method. >>Yeah. Let's go back to the research that you mentioned. Um, how did you pick the first topic? I mean, because this is your, your splash and, and I'm sure there was a lot of thought put into where do we want to dive in >>First? You know, I'd love to say there was a lot of thought put into it because it would make me sound smarter, but it was something we all just immediately knew was a gap. Um, you know, solar winds, which was a supply chain, compromise attack really revealed to many of us something that, um, you know, reporters had been talking about for years, but we never really saw come to fruition was a real actionable threat. And when we started looking at our library of offerings and what we could actually help customers with, I talked over 175 federal and private sector companies around the world in a month and a half after solar winds. And a lot of times the answer was, yeah, we can't really help you with this specific part of the problem. We can help you around all sorts of other places, but like, gosh, how do you actually detect this? >>And there's not a great answer. And that really bothered me. And to be perfectly honest, that was part of the reason that we founded the team. So it was a very obvious next step was, well, this is why we're creating the team. Then our first product should probably be around this problem. And then you say, okay, supply chain, that's really big. That's a huge chunk of work. So the first question is like, well, what can we actually affect change on without talking about things like quantum computing, right? Which are all things that are, you know, blockchain, quantum computing, these are all solutions that are actually possible to solve or mitigate supply chain compromise, but it's not happening today. And it sure as heck isn't even happening tomorrow. So how do we create something that's digestible today? And so what Marcus did, and one of his true skillsets is really refining the problem down, down, down, down. >>And where can we get to the point of, Hey, this is data that we think most organizations have a chance of collecting. These are methodologies that we think people can do and how can they actually implement them with success in their network. And then we test that and then we kind of keep doing a huge fan of the concept of OODA loop, orient, orient, observe, decide, and act. And we do that through our hypothesizing. We kind of keep looking at that and iterating over and over and over again, until we're able to come up with a solution that seems to be applicable for the personas that we're trying to help. And that's where we got out with this research of, Hey, collect network data, use a tool like Splunk and some of our built-in statistical analysis functions and come out the other side. And I'll be honest, we're not solving the problem. >>We're helping you with the problem. And I think that's a key differentiator of what we're saying is there is no silver bullet and frankly, anyone that tells you they can solve supply chain, uh, let me know, cause I want to join that hot new startup. Um, the reality is we can help you go from a field of haystacks to a single haystack and inside that single haystack, there's a needle, right? And there's actually a lot of value in that because before the PR problem was unapproachable, and now we've gotten it down to saying like, Hey, use your traditional tools, use your traditional analytic craft on a much smaller set of data where we've pretty much verified that there's something here, but look right here. And that's where we kind of focused. >>You talked about, you know, and we all know about the importance and really the emphasis that's put on data protection, right? Um, at the same time, can you use data to help you protect? I mean, is there information or insight that could be gleaned from, from data that whether it's behavior or whatever the case might be, that, that not only, uh, is something that you can operationalize and it's a good thing for your business, but you could also put it into practice in terms of your security practices to >>A hundred percent. The, the undervalued aspect of cybersecurity in my opinion, is elbow grease. Um, you can buy a lot of tools, uh, but the reality is to get value immediately. Usually the easiest place to start is just doing the hard detail oriented work. And so when you ask, is there data that can help you immediately data analytics? Actually, I go to, um, knowing what you have in your network, knowing what you have, that you're actually trying to protect asset and inventory, CMDB, things like this, which is not attractive. It's not something people want to talk about, but it's actually the basis of all good security. How do you possibly defend something if you don't know what you're defending and where it is. And something that we found in our research was in order to detect and find anomalous behavior of systems communicating outbound, um, it's too much. >>So what you have to do is limit the scope down to those critical assets that you're most concerned about and a perfect example of critical asset. And there's no, no shame or victim blaming here, put on solar winds. Uh, it's just that, that is an example of an appliance server that has massive impact on the organization as we saw in 2020. And how can you actually find that if you don't know where it is? So really that first step is taking the data that you already have and saying, let's find all the systems that we're trying to protect. And what's often known as a crown jewels approach, and then applying these advanced analytics on top of those crown jewel approaches to limit the data scope and really get it to just what you're trying to protect. And once you're positive that you have that fairly well defended, then you go out to the next tier and the next tier in next year. And that's a great approach, take things you're already doing today and applying them and getting better results tomorrow. >>No, before I let you go, um, I I'd like to just have you put a, uh, a bow on surge, if you will, on that package, why is this a big deal to you? It's been a long time in the making. I know you're very happy about the rollout of this week. Um, you know, what's the impact you want to have? Why is it important? >>We did a lot of literature review. I have a very analytical background. My time working at DARPA taught me a lot about doing research and development and on laying out the value of failure, um, and how much sometimes even failing as long as you talk about it and talk about your approach and methodology and share that is important. And the other part of this is I see a lot of work done by many other wonderful organizations, uh, but they're really solving for a problem further down the road or they're creating solutions that not everyone can implement. And so what I think is so important and what's different about our team is we're not only thinking differently, we're hiring differently. You know, we have people who have a threat intelligence background from the white house. We have another researcher who did 10 years at DARPA insecurity, research and development. >>Uh, we've recently hired a, a former journalist who she's made a career pivot into cybersecurity, and she's helping us really review the data and what people are facing and come up with a real connection to make sure we are tackling the right problems. And so to me, what I'm most excited about is we're not only trying to solve different problems. And I think what most of the world is looking at for cybersecurity research, we've staffed it to be different, think different and come up with things that are probably a little less, um, normal than everyone's seen before. And I'm excited about that. >>Well, and, and rightly so, uh, Ryan, thanks for the time, a pleasure to have you here on the cube and, uh, the information again, the initiative is Serge, check it out, uh, spunk very much active in the cyber security protection business. And so we have certainly appreciate that effort. Thank you, Ryan. >>Well, thank you very much, John. You bet Ryan, >>Covar joining us here on our cube coverage. We continue our coverage of.com for 21.

>> Announcer: Live from Miami Beach, Florida It's theCUBE! Covering UiPathForward Americas. Brought to you by UiPath. >> Welcome back to South Beach everybody. You are watching theCUBE, the leader in live tech coverage. I'm Dave Vellante, Stu Miniman is here. This is UiPathForward Americas. UiPath does these shows all around the world and they've done, I don't know how many. But they've reached 14,000 customers this year. But Bobby Patrick knows, he's the CMO of UiPath. Bobby, great to see you again. >> It's great to be on again. >> So, how many of these events have you done in the last 12 months? >> We've probably done a dozen, all major cities. We still have Beijing and Dubai coming up. Over 14,000 people at our events alone. We go to a lot of other industry events obviously, but yeah, at our own events, every single event we break our records. We're always undersizing our events, it drives everyone nuts. >> You're always riding the wave, Bobby. You hit Cloud, right as the wave was building. How did you find this company? >> Yeah, so I was the HP of Cloud, they were, split assets off and took a little time, got a call and robotic process automation. Of course, I thought of physical robots. I look online and say wow that's interesting. I did some search terms on it and I saw RPA kind of sky rocketing in search and my background is actually in integration, data integration before Cloud. And then I met Daniel and I fell in love with Daniel and this was a year ago. I was employee 270, right? We'll have 2,000 by the end of the year. So, it's been everything I expected which was a rocket ship, has completely, constantly I've underestimated, it's amazing. >> So, you're the one who turned me onto this whole space. You sent me the Forrester Wave, >> Bobby: Right >> Where it was last year's and you guys were third this year, you leapfrogged into first. >> Bobby: Right. >> And then we said wow that's kind of cool. Let's download this and play with it. And we tried to download the other ones but we couldn't. You, know it was kind of too complicated. They wanted us to talk to resellers and, it was like, no no no. you guys were, like, really open. >> Bobby: It's part of our culture. >> And we found it super simple to use. It was, one of our guys wasn't a coder. Smart dude, but it was low code, no code type of situation. You were explaining to me at Legal Seafoods last week that you actually have written some automations. So, it's pretty simple to get started but there's a spectrum, right, and it's pretty powerful too. >> Yeah, it's an epiphany that hits everybody. This is the part where I see it, even in myself, when I realized every morning I was getting up and going to Google Trends and I was looking at us versus Automation Anywhere versus Blue Prism and we're pulling away. It's great, I'll get happy in the morning and I'll screen shot it and then I'll go to Slack and send it to the comp team. Why am I doing this? So, in 20 minutes now I have a robot everyday, every morning that does it for me. And I get a text and I get an email. We have, in marketing, a dozen of these. I've got one that does our Google Ad Words around the world. I've got one that takes all of our 30,000 inbound new contacts a month, in different languages, translates, finds out what country they are in, and routes them to the right country. These are simpler examples, but once you realize that anything you do that's routine and mundane that a robot can do for you. It brings, it makes you happy first of all, right? And you realize the vision we have for a robot for every person, its a very realistic vision and its two, three years out. >> Bobby, one on the things that has really interested me today is talking about what this means for jobs and careers. Dave and I were at Splunk earlier this week, talking about Splunkers, data is at the center of what they do and everybody comes to them, how do I leverage my data? I did operations for a bunch of my career and I'd spend lots of time with my team saying, what do you hate doing, what are you manually doing? What can you get rid of and there's a collaboration between, I hear, that your customers. It's not just oh some consultancy comes in and they cut something away and they took it away from you. Oh no wait, you're actually involved with this, it seems like an ongoing process and you're making people's jobs better. Can you talk a little about that dynamics of how this transforms a company? The vision for, I hear from UiPath, is that you're going to change the world. >> Yeah, so you have to sit in, you're talking about the future of work, or digital, you have to sit in a conference room and watch a bunch of workers sit around and I'll give you an example. At DISA, big federal government agency, federal government has lifetime workers, right? In the room, where 30 workers, who everyday download assets and then they compile them and then they analyze them. They have their best, fastest kind of human go against the UiPath robot that they automated. In 15 minutes, the human downloaded two assets or archives and the robot did 17. The entire room of 30 cheered! Cheered. No longer do we have to do that crap ever again. And this is, we see this in every industry. It's so much fun because you see just, people just radiating with excitement, right? Because, I was out with a customer today that says they can't even fulfill today with the humans they have, the 25% of the work they got. So, your robots are creating capacity, they're filling the void. You probably heard about Japan, right, and the aging population? And RPA and UiPath addressing suicide rates. This about making society better. This is about robots doing the work that we hate, right? One of our great customers, Holly Uhl from State Auto, said on stage that, you know, robots do the work nobody misses. And, I think that's trivial. Now what about job impacts, right? So, we worry everyday about what this means, right? So, we spend a lot of time on our academy, making it easier to train people, build digital era skills. We announced our academic alliance, right? We hired an amazing Chief of Learning Officer. You saw Tom Clancy. You know him and his team. We're going to train a million students in three years. You know, we're worried about the middle class. We're worried about people who are farther along in their careers and helping them re-skill. So, we take that as a part of our job as a company to figure out how to up-skill people and make them a part of this. And I'm really excited because a year ago when I joined, everybody said, the big problem you have is people going to worry about taking away jobs. I don't hear that from the 1500 customers in here today. >> Well, isn't a part of that re-skilling? Learning how to apply automation, maybe even learning how to apply RPA? Maybe even doing some automation? >> Yeah, so obviously there is-- World Economic Forum came out two weeks ago with a study that said, automation will add net 60 million jobs, I think that was for the people that losses, it will two x gains in jobs. Now those are different jobs in some cases. Some of those jobs are digital era skills, some of those jobs are AI, data science. So, I think that there's... But there are some cubicle jobs that will be affected, right? There are some swivel chair jobs that will be affected, but no different than when they automated toll booths, right? Or automated different parts of mundane work that we've all seen throughout our lives, right? So I think the speed at which this is happening is what worries people. Unlike, in the past, it took a little longer for automation or industrialization to impact jobs. But we're focused on this, right? We're going to put money towards this and we're just not seeing that today. Maybe it's because the economy is doing so great. People have a workforce shortage, but we're just not hearing it. >> Well, I mean, maybe a number of factors. I mean, there's no question, machines have always replaced humans. This is the first time in history of replacing humans in cognitive functions. >> Bobby: Augmenting >> Yes, absolutely, but It does suggest that there's opportunities for whether it's for education, you guys are investing there, training, and re-skilling whether it's around creativity and that's really where the discussion, in our view anyway, should be. Not about, okay lets protect our future, the past from the future. You don't want to just repave the cow path and use another bromide. You got to move forward and education is a key part of that. And you guys are putting your money where your mouth is. >> Yeah, we are and I think our academy that we launched a little over a year and a half ago has a quarter of a million people in it. They are already diplomas on LinkedIn. I watch everyday, people post their new diplomas, the different skills they've earned, right? Go through the courses, it's free. Democratization runs at the heart of this company, it's why we're growing so much faster than at automation anywhere, right? It's why we are a different kind of company. They're a very commercial minded kind of company. They're a marketplace, you have to be a customer. If your URL when you type in your email isn't a customer, you can't go to their store and do anything. We're free, open, share your automations and it's a very different mindset and community runs at our heart. If you're a small business, you know, under a million dollars, you get to use our software for free. And you can run your robots and we have one of our orchestrators run a manager. So, I think all of this is helping get companies and people more comfortable with our technology. There are kids and students now, we had University of Maryland up here. The professor, he's building whole classes now at the University of Maryland. All in the business school, all using our technology. Every student should have a robot, through their entire career, through their entire time at University of Maryland. That's every university, this is going to go so fast, Dave and Stu, so fast. And when I think back again, a year ago, I mean next year when we do this again, right? At our big flagship event, at three or four thousand people, you'll have felt that progression but the year I've been here, it's night and day already. >> Alright, so Bobby you know we're big fans of community. The open source stuff, you've for a long background in that. Help us put together some of these stats here. When I looked in your keynote, you said there's 114,000 certified RPA developers out there across the globe. 139 countries, 250,000 people have downloaded. You've only got at UiPath about 2,000 customers. So, you know, we talk business model and how your business grows, the industry grows, you know? Help us understand that dynamic. >> These are going to go exponential. So, we have large companies now that are committing to deploy UiPath to every employee. Every employee becomes a user then, so you're going to see that user number go like this. While the enterprise customer number goes like this. We're adding six new customers a day right now. The real opportunity for us is every one of our customers, very few are down their journey like an SMBC is. SMBC, RPA is in their annual reports, right? They say 500 million dollars already, right? It's a societal thing. They actually in Japan share together, to help each company. Here, in the U.S., we're a little competitive, right? Banks don't share with other banks typically, right? But, this is kind of what we're driving. It's, when you make an automation at UiPath. While we're not open source as a platform, the automation is open source. You put it on go, I can take that, you can take that. I had the same kind of problem. Put in the studio right away, modify it a bit and you're good to go. Now you've sped your implementation which is already fast by 70, 80, 90%. This is, we're just getting started. So, you're going to see companies adopting across HR, across supply chain, contact centers, you know. Today we're, for the most of our customers we're in one division. So, the opportunity to grow within a company, where we were barely 5% penetrated in our biggest client. >> And you've seen my prediction. A lot of the market forecast are under counting this space. >> Bobby: Right. >> There is a labor shortage, a skilled labor shortage There's more jobs than there are people to fill them. They don't have the right skills today. There is a productivity problem >> Bobby: Right. >> Productivity line is flat. RPA is going to become a fundamental component of digital transformations. It's about a billion dollar business today. I got it pegged at 10X by 2023. >> Craig at Forestry upped his guidance today, he may have told you all, to a 3.3 billion dollar market in 2021. Now I was a little disappointed, it was 2.9 before. I think he's still way under shooting it. But nevertheless, to grow 10% in one year, in his mind, is still pretty big. >> Yeah, a lot of those market forecasts are kind of linear. You're going to see, you know, an S curve, like growth in this market. I think there's no question about it. Just, in speaking to the customers today, we've seen this before in other major industry trends. We certainly saw it at ServiceNow, we saw it at Splunk, we saw it at Tableau. UiPath feels like a very similar vibe here. In Tenex, when we did the show here. I just feel an explosion coming, I already see it. It's palpable. >> One other reason for the explosion which is a little different than say most of the open source tech companies is that they were in IT sales. You don't have to use code to automate your tasks, right? The best developers for us are actually the subject matter experts in finance, in supply chain, in HR. So suddenly we've empowered them. Because IT everywhere is constrained, right? They're dealing with keeping systems current. So suddenly this these tools of software is available to any employee to go learn and automate what they do. The friction we've removed between business have to go to IT, IT be understaffed, IT have to get the requirements. All that's gone! So you create robots overnight, over the weekend. And make your life better. Again, most of the world still does not understand what's going on. I mean you can feel it now. But it's an epiphany for anyone when they see it. >> Well the open mindset that Daniel talked about today, he said, you know our competitors are doing what we do and that's okay. The rising tide lifts all boats kind of thing. That puts pressure on you guys to stay ahead of the pack. Big part of what Tom Clancy is doing is the training piece. That's huge. Free training. So you got to move faster than the market. You're confident you can do that. What gives you confidence? >> I think, one, is our product is simpler to use. So I think, you know, you go to Automation Anywhere and you need the code, right? You don't have to code with our design tool. We're told, we're about 40% faster to implement. And that's, look at the numbers. We shared our numbers again today. 100 million we announced in July 1st, for our first half of in ARR, 140 now, right? We are telling our numbers, we're open and transparent. Our competitors, well Blue Prism is public, right? We know they're growing slower. Another difference is the market, requirements are not created equal. Blue Prism only works in an unattended robot fashion, only in the back office. So, if you have front office automation, with call centers and customer service, they don't have the concept of an attended robot. You know, this idea of so, they lack the ability to serve all the requirements of a customer. I, think, it's just architecturally, I think what we're seeing in terms of simplicity and openness. And then market coverage very different then either Automation Anywhere or BluePrism. >> Alright Bobby, let me poke at something. So, if I look at, you came out this morning and said accelerate everything. One of the concerns I have is say okay, if I take existing processes, a lot of the time if you look at them, they're not ideal. They were manual in nature, it's great to do that but, how much do you need to wait and revisit and get consultants in to kind of fix things rather than just say oh okay. Faster is better for some things but not necessarily for all things unless you can make some adjustments first. >> You don't want to automate a bad process, right? So, we're not encouraging anyone to do that. So, you see a combination of... One thing about RPA is which great, is you don't have to go in and say, I'm going to go do procure to pay like Traditional IT guy. And so you can go into that process and say, oh look at all these errors, these tasks, these sub processes, these tasks. Where this huge friction and you can go automate that and get huge value. >> Almost like micro services. >> Yes, exactly. You're able to go in and that's really what people are doing. On the more ambitious projects, they're saying I'm also going to go optimize my process, think differently. But the reality is, people are going in, they're finding these few parts of a bigger process, automating it, getting immediate outcomes, immediate outcomes. And paying back that entire project in six months, including the fees on extension or PWC or other. That doesn't exist anywhere in technology. That kind of, you know, speed to an outcome and then payback period. It just doesn't exist. >> Well, the fact that the SIs are here. Yeah, we heard 15 day payback today. Super fast, ROI. The fact that the big SIs are here, especially given the relatively early days says a lot about the potential market size. I always joke, those guys like to eat at the trough. This is big business and it's important for you guys because they're strategic, they're at the board level. You need the top down support, at the same time, it sounds like there's a lot of bottom up activity. >> Bobby: Right. >> And that's where the innovations going to come from. What's next for you guys, you taking this show on the road again? >> Right, so the next Forward is in London. So, we had one in Europe and one in the U.S. We do what we call togethers, which is more intimate. Or all around the world, which are country specific or industry. I mean, we're going to go and call it the Automation First Tour. And we're going to go start our next tours up all through next year. Hit all the cities again, probably three times this size, each city. You know, I looked at Washington D.C. with federal government, we started federal government in January. Federal government for us next year should be a 60 million software business. For our partners, give them 6, 8, 10X on services on top of that. That's meaningful, that's why you see them here. That same calculation exists in every vertical and in every country. And so it's good for our partners. It's great, we want them to focus on building their skills though. Getting good skills and quality. So, we do a lot with them. We host a partner Forward yesterday with 500 partners, focusing on them. Look, we are investing in you, but you got to deliver quality, right? So, I think we amplify everything we did this year because it worked for us well. We amplify it big time and Forward in a year from now, whether it's Vegas or Orlando or we'll announce it soon, willl be substantially larger. >> Well, any company that's digitally transforming is going to put RPA as part of that digital transformation. It's not without its challenges but it's a tailwind. You better hop on that wave or you going to end up driftwood as Pat Gelsinger likes to say. Bobby, thanks so much. >> Bobby: Thank you Dave. >> Thanks for having us here. This has been a fantastic experience and congratulations and good luck going forward. >> Thank you. >> Alright guys, that's a wrap from here. This is theCUBE. Check out theCUBE.net Check out SiliconeANGLE.com for all the news. Cube.net's where all the videos are, wikimon.com for all the research. We are busy Stu, we're on the road a lot. So again, look at the upcoming events. Thanks for watching everybody. We'll see you next time.

>> Live from Orlando, Florida, it's theCUBE, covering .conf2018! Brought to you by Splunk. (techno music) >> Welcome back to Orlando, everybody. We're here with theCUBE covering Splunk.conf2018. I'm Dave Vellante with my co-host, Stu Miniman. Chris Crocco is here, he's the Lead Solutions Engineer at ViaSat. Great to see you, thanks for coming on theCUBE. >> Well, thanks for having me. I appreciate it. >> You're very welcome. Let's start with ViaSat. Tell us what you guys do and what your role is all about. >> So ViaSat is a global communications and technology company primarily focused on satellite-based technologies, anything from government services to commercial aviation and residential service. >> And what does a Lead Solutions Engineer do? >> My primary role is to help us kind of transition from a traditional operations state into more of a DevOps environment including monitoring, alerting, orchestration and remediation. >> Oh, we love this conversation, don't we? Okay. The basic question is, and I know it's hard, but it's subjective, it's kind of if you think about the majority of your organization in the context of DevOps, on a scale of one to five, five being nirvana, so let's assume you're not at five 'cause it never ends, right? You're constantly evolving. Where would you say you are? Are you just getting started? Are you more like a four, 4 1/2, what do you think? >> That's a good question. I would say we're probably three on our way to four. We've had a lot of growing pains, we've had a lot of learning opportunities. The processes of DevOps are getting pretty well-entrenched and right now, we're working on making sure that the culture sticks with the DevOps. >> That's critical, right? >> I mean, that's really where the rubber meets the road is that organizational and political. Without getting into the dirt of it, give us what it looked like before and where you are today. >> Sure. Prior to our shift to DevOps, which was mainly motivated by our latest spacecraft, ViaSat-2, we had a very traditional operational model where we had everything funneled through a Network Operations Center, we had a Technical Operations Team, and if they weren't able to triage and remediate issues, they kicked it over the fence to engineers and developers who would then throw something back. There wasn't a lot of communication between the two organizations, so when we did find recurring problems, recurring issues in our network and in our environment, it took a long time to get those resolved and we had to have a large volume of staff there just to kind of put out the fires. With the transition of DevOps, one of the things that we've been focusing on is making sure that our development teams, our engineering teams understand the customer experience and how it's impacted by what they do, and de-centralizing that operation structure so all of the triage work goes to the people who actually work on those services. So it's a pretty big paradigm shift but it's also helping us solve customer problems faster and get better education about what the customer experience is to the people who actually make it better. >> And roughly, what was the timeframe that it took to go from that really waterfall model to the structure that you have today? >> We've been going for about two or three years now in this transition. Like I said, the first year or so was kind of bumpy and we've really kind of ramped up over the past year in terms of the amount of teams that are practicing DevOps, the amount of teams that are in an agile and scrum model. So overall, two to three years to get to where we are today. >> So the problem with the traditional model is you have time to deployment is slower, that means time, the value is slower, a lot of re-work. Here, you take it. No, you take it. Hey, it worked when I gave it to you, a lot of back and forth, and not a lot of communication creates frustration, not a lot of collaboration and teamwork, then you're working through that now. How large is the team? >> My team is five people. We have 4,500 people roughly at ViaSat as a whole. I believe roughly 2,000 of them are in an engineering or technical role. >> Okay, but in the previous model, you had developers and you had operations folks, is that right? And your five are sort of split over those or was it a much, much larger corpus of folks? >> It was a very large distribution of people. It was very engineering and developer-centric. We still had a Core Operations Team of 60 to 100 people based in our Denver office. We're keeping our headcount relatively the same with respect to our operations and we're growing a lot in terms of those DevOps teams. So as those teams continue to grow, we're adding more operational resources to them and kind of inserting a lot of that knowledge into other parts of the organization. >> You're doing a lot more with the same. Are you coming from the ops side or the dev side? >> I come from the ops side. I actually started my career with ViaSat in our knock in Denver. From there, I transitioned into a ops analyst role and then we created the Solutions Engineering Team and I took the lead on that. >> Chris, can you tell us how Splunk plays into your DevOps? Did you start using it in the knock and kind of go from there? >> We did, actually. Splunk started out as just a tool for us to see how many modems were offline in the knock. It was up on the video wall and we would see spikes and know that there was a problem. And as we've made this transition at DevOps, a lot of teams that were using other solutions, other open-source and home-grown solutions were kind of organically pivoting to Splunk because it was a lot easier for them to use for alerting dashboards, deep-data analysis, a lot of the things they needed to do their job effectively. So as we've grown as a company, as we've grown in this organizational model, Splunk has kind of grown along with that in terms of use case. >> That growth is predominately in IT operations and security, correct? >> Well, it's actually pretty interesting. It's kind of all over the board in our organization. It started in IT operations and security, but we have people in our marketing department using it to make sales and campaign decisions. We have executive leadership looking at it to see the performance of our spacecraft, we have exploratory research being done with it in terms of what's effective and what's not for our new spacecraft that will be coming out, the ViaSat-3 Constellation. So it's really all over the board in our organization. >> That's interesting, Stu, you're not the first customer who's told us that no, it's not just confined to IT, it's actually seeping through the organization. Despite the fact that we heard a bunch of announcements today, I don't know if you saw the keynotes, making it simpler for lines of business folks to actually utilize Splunk, so given that a lot of your teams in the business are actually using it already, what do you think these announcements will do for them? Maybe you haven't had time to evaluate it, but essentially, it's making it easier for business people, you know, simplifying it. >> Yeah, you know, all of the announcements in the keynotes over the past two days have been really, really exciting. Everything that I was hoping for got checked off the list. So I think one of the big things that it's going to allow us to do is get our customer-facing teams and our customer care organizations more involved with the tool. And getting them the information that they need to better serve customers that are calling in, and potentially even prevent the situations that customers have to call in for in the first place. So giving them a lot of account information quickly, giving them the ability to access information that is PCI and PII-compliant but still allowing them to get the data they need to service an individual customer, all of those things I think are really going to be impacted by the announcements in this conf. >> So you were the keynote yesterday. >> I was! >> Were you shaking the phone? >> I was, yeah. >> Which group were you, were you orange? >> We were orange group, yeah. >> We were orange, too! But we were sitting in the media section and all the media guys were sitting on their hands but we had a lot of devs and ops guys shaking with us. It's like when you do the wave at Fenway Park when it gets behind home plate, everybody just kind of sits down, but we were plugging hard. Alright, Chris, what else has excited you about .conf2018? School stuff that you've seen, some innovations, things you've learned. >> Well, I'm really excited about the app for infrastructure. That's something that we've been trying to get for ITSI for a long time now in terms of NED-level monitoring and NED-level thresholding. I think that's going to complement our business really, really well. The advancements that they're doing with the metrics store, specifically with things like Syslog are really, really exciting. I think that that's going to allow us to accelerate our data and make it more performant. The S3 compliant storage is absolutely fantastic and it comes in black now and that's really, really fantastic. >> Oh right! The dark mode! >> Dark mode, yup. >> You mentioned the ITSI. Have you used the VictorOps pieces before or is that something you're looking to do? >> We haven't looked at VictorOps as of yet. We're an xMatters customer right now so we've been using their integration that they built out and it's on Splunk base. But VictorOps, it'll be interesting to see how that organization changes now that it's part of the Splunk. >> So dark mode actually, it's one of those things that it really got such a loud ovation. It was funny, I was actually talking to a couple Splunkers that are like, "We want that dark mode t-shirt." Which I think you have to be a user and you need to sign up for some research thing that they're doing, and they're giving out the black shirt that has like gray text on it. >> Awesome! >> Why does that resonate with you, the dark mode? >> Well, it was actually what they talked about in the keynote. If you have it up on a video wall, which we have in various parts of our company, or if you're sitting in a dark office, something like that, looking at a really white screen for a long period of time, it's not easy on your eyes, it's hard to look at for a long period of time. And generally speaking, a lot of our presentation layers go towards that visual format. So I think this is going to allow us to make it much more appealing to the people who are putting this up on screens in front of people. >> Your responsibility extends out into the field, I presume. The data that's in the field, is that true? >> It does. >> Okay, so I'm interested in your reaction to the industrial IoT announcements, how you see or if you see your organization taking advantage of that. >> Well, we're a very vertically integrated company so we actually manufacture a lot of the devices that we use and that we provide to our customers. I think a lot of our manufacturing capabilities would really benefit from that. Anything from building antennas for ground segment that actually talked to the spacecraft. It's the modems that we put in people's houses, that entire fabrication process I think would benefit a lot. I really loved the AR presentation that they did where they were actually showing the overlay of metrics on a manufacturing line. I think that's something that would be fantastic for us, particularly for sending somebody to an antenna or a ground station to replace a piece of equipment. We can overlay those metrics, we can overlay all of that, we can use the industrial analytics piece of that to actually show which piece of hardware is most affected and how best to replace that. So a lot of opportunities there for our company. >> So I wonder if you could help us understand what's, from your perspective, on Splunk's to-do list. We're going to have Doug Merritt on a little later. If you had Doug right here and he said, Chris, what can we do to make your life better? What would you tell him? >> You know, I think a couple of the things that would make it better, and it looks like they're heading this direction, is streaming in and streaming out. You know, streaming in is of course important, that's where a lot of your data lives, but you also have to be able to send that out to Kafka, to Kinesis, to other places, so other people can consume the output of what Splunk is doing. So I think that would be a really, really important thing for us to socialize the benefit of Splunk. And then vertically integrating the incident management chain, it looks like something that's on their roadmap and I'd be interested to see what their roadmap looks like in terms of pulling in Phantom, pulling in VictorOps, pulling in some of these other technologies that are now in the Splunk umbrella to really make that end-to-end process of detecting, directing and remediating issues a lot more efficient. >> Okay, and do you see at some point that the machine will actually do, the machine intelligence will do a lot of that remediation? >> I think so. >> Do you see the human still heavily involved? >> Well, I think one of the important things is for a lot of these remediation things, we shouldn't have a human involved, right? Particularly things that are well-known issues. Human beings are expensive and human beings are important, and there are a lot more important things that they can be doing with their time than putting out fires. So if we can have machines doing that for them, it frees them up to do a lot more cool stuff. >> You're right. Alright, Chris, well listen, thanks very much for coming on theCUBE. It was great to have you. >> Yeah! Appreciate it very much. >> Thanks for your insights. Alright, keep it right there, everybody. Stu and I will be back with our next guest. You're watching theCUBE from Orlando Splunk.conf2018. Be right back. (techno music)

>> Announcer: Live from Orlando, Florida It's theCUBE covering .conf18. Brought to you by Splunk. >> Welcome back to theCUBE's coverage of Splunk .conf18. It's Florida week. I'm Stu Miniman, and my co-host for this week is Dave Vellante. Dave, I'm really excited. You've done this show a handful of times. It's our seventh year doing theCUBE here. It is my first time here. Thought I understood a few of the pieces and what's going on, but it's really been crystallizing to me. When we talk about on theCUBE, for the last couple of years, data is at the center of everything, and in the keynote this morning they talked about Splunkers are at the crossroads of data. I've talked to a bunch of practitioners here. People come to them to try to get access to data, and the vision that they've laid out this week for Splunk Next is how they can do a massive TAM expansion, try to get from the 16,000 users that they have today to 10x more. So, what's your take been on where we are today and what Splunk of the future looks like? >> Well so Stu, as you know, the keynotes are offsite, about a half hour away from the hotel where we're broadcasting, and there's like 8,000 buses that they're jamming customers in. It's a bit of a pain to get there, so logistically it's not ideal. So I thought the keynotes today, just remotely, we didn't hop in the bus because we had to miss a lot of the keynotes yesterday, to get back here. So we watched remotely today. It just felt like there wasn't as much energy in the room. And I think that's for a couple of reasons, and I'll get into that. But before I do, you're right. This is my fourth .conf, and I was struck by in the audience at how few people actually, it was probably less than a third of the audience, when they asked people to stand up, had been to four or more .confs. A ton of people, first year or second year. So, why is that relevant? It's relevant because these are new people. The core of Splunk's audience are security people and IT operations management people. And so with that many newbies, newbies, they're trying to learn about how they can get more value out of the tool. Today's announcements were all about line of business and industrial IOT. And frankly, a lot of people in the audience didn't directly care. Now, I'll explain why it's important, and why they actually do care and will care going forward. But the most important thing here is that we are witnessing a massive TAM expansion, total available market expansion, for Splunk. Splunk's a one point six, one point seven billion dollar company. They're going to blow through two billion. This is a playbook that we've seen before, out of the likes of particularly ServiceNow. I'm struck by the way in which Splunk is providing innovation for non-IT people. It's exactly the playbook that ServiceNow has used, and it works beautifully, and we'll get into some of that. >> So Dave, one of the things that really struck me, we had seven customers on the program yesterday, and the relationship between Splunk and the customers is a little different. You always hear, oh well, I love this technology. Lots of companies. You've been telling me how passionate you were. But really partnerships that you talk about, when you talked about, we had an insurance company from Toronto, and how they're thinking about how the security and risks that they look at, how that passes on to their customers. So many, it's not just people are using Splunk, but it's how it affects their business, how it affects their ultimate end users, and that value of data is something that we come back to again and again. >> So the classic Splunk user is somebody in IT, IT operations management, or the security knock. And they're hardcore data people, they're looking at screens all day and they love taking a bath in data. And Splunk has completely changed their lives, because rather than having to manually go through log files, Splunk has helped them organize that sort of messy data, as Doug Merritt said yesterday. Today, the whole conversation was about expanding into line of business and industrial IOT. These are process engineers, there weren't a lot of process engineers in the audience today. That's why I think not a lot of people were excited about it. I'm super excited about it because this is going to power, I've always been a bull on Splunk. This is going to power the next wave of growth at Splunk. Splunk is a company that got to the public markets without having to raise a ton of capital, unlike what you're seeing today. You're seeing hundreds of millions of dollars raised before these companies IPO. So, Splunk today in the keynotes, first of all, they had a lot of fun. I was laughing my you-know-what off at the auditions. I mean, I don't really, some of that stuff is kind of snarky, but I thought it was hilarious. What they did is, they said, well Doug Merritt wasn't a shoo-in to keynote at this, so we auditioned a bunch of people. So they came in, and people were singing, they were goofing, you know, hello, Las Vegas! We're not in Las Vegas, we're in Orlando this year. I thought it was really, really funny and well done. You know Stu, we see a lot of this stuff. >> Yeah, absolutely. Fun is definitely part of the culture here at Splunk, love that we talked about yesterday, the geeky t-shirts with all the jokes on that and everything. Absolutely so much going on. But, Dave there's something I knew coming in, and we've definitely heard it today in the keynotes, developers are such an audience that everybody is trying to go after, and you talk about kind of the traditional IT and security might not really be the developer audience, but absolutely, that's where Splunk is pushing towards. They announced the beta of the Splunk Developer Cloud, a number of other products that they've put in beta or are announcing. What's your take as to how they go beyond kind of the traditional Splunk user? >> Yeah so that's what I was saying. This is to me a classic case of, we saw this with ServiceNow, who's powering their way through five billion land and expand, something that Christian Chabot, former CEO of Tableau used to talk about. Where you come in and you get a foot in the door, and then it just spreads. You get in like a tick, and then it spreads to other parts of the business. So let's go through some of the announcements. Splunk Next, they built on top of that today. Splunk Business Flow, they showed, what I thought was an awesome demo. They had a business person, it was an artificial example of the game company. What was the name of the game company? >> Stu: Buttercup Sames. >> Buttercup Games. So they took a bunch of data, they ingested a bunch of data on the business workflow. And it was just that, it was just a big, giant flow of data. It looked like a huge search. So the business user was like, well what am I supposed to do with this? He then ingested that into Splunk Business Flow, and all of a sudden, you saw a flow chart of what all that data actually said in terms of where buyers were exiting the system, calling the call center, et cetera. And then they were able to make changes through this beautiful graphical user interface. So we'll come back to that, because one would be skeptical naturally as to, is it really that easy? They also announced Splunk for industrial IOT. So the thing I like about this, Stu, and we've seen a lot of IOT announcements in the past year from IT companies. What's happening is that IT companies are coming in with a top-down message to industrial IOT and OT, Operations Technology, professionals. We think that is not the right approach. It's going to be a bottoms-up approach, driven by the operations technology professionals, these process engineers. What Splunk is doing, and the brilliance of what Splunk is doing is they're starting with the data. We heard today, OEE. What's OEE? I haven't heard that term. It's called Overall Equipment Effectiveness. These aren't words that you hear from IT people. So, they're speaking a language of OT people, they're starting with the data, so what we have seen thus far is, frankly a lot of box companies saying, hey we're going to put a box at the edge. Or a lot of wireless companies saying, hey, we're going to connect the windmill. Or analytics companies saying, we're going to instrument the windmill. The engineers are going to decide how it gets instrumented, when it get instrumented, what standards are going to be used. Those are headwinds for a lot of the IT companies coming in over the top. What Splunk is doing is saying, we're going to start with the data coming off the machines. And we're going to speak your language, and we're going to bring you tooling you can use to analyze that operations data with a very specific use case, which is predictive maintenance. So instead of having to do a truck roll to see if the windmill is working properly, we're going to send you data, and you're going to have to roll the truck until the data says there's going to be a problem. So I really like that. Your thoughts on Splunk's IOT initiative versus some of the others we've seen? >> Yeah, Dave. That dynamic of IT versus OT, Splunk definitely came across as very credible. The customers we've talked to, the language that they use. You talk about increasing plan for performance and up time. How can they take that machine learning and apply it to the IOT space, it all makes a lot of sense. Once again, it's not Splunk pushing their product, it's, you're going to have more data from more different sources, and therefore it makes sense to be able to leverage the platform and take that value that you've been seeing with Splunk in more spaces. >> So the other thing that they announced was machine learning and natural language processing four dot oh. They had BMW up on the stage, talking about, that was really a good IOT example, but also predicting traffic patterns. If you think about Waze, you and I, well I especially, use Waze, I know that Waze is wrong. It's telling me I'm going to get there at four thirty, and I know traffic is building up in Boston, I'm not going to get there until ten to five, and Waze somehow doesn't know that. BMW had an example of using predictive analytics to predict what traffic flow is going to look like in the future so I thought that was pretty strong. >> And I loved in the BMW example, they've got it married with Alexa so the business person, sitting at their desk can say, hey Alexa, go ask Splunk something about my data, and get that result back. So pretty powerful example, really obvious to see how we get the value of data to the business user, even faster. >> Now the problem is, I'm going to mention some of the challenges I see in some of these initiatives. The problem with NLP is NLP sucks. Okay, it's not that good today, but it's going to get better. They used an example on stage with Alexa, it obviously worked, they had it rehearsed. It doesn't always work that way, so we know that. They also announced the Splunk Developer Cloud. They said it was three Fs: familiar, flexible, and fast. What I love about this is, this is big data, actually in action. Splunk, as I've been saying all week, they never use the term big data when big data was all on the hype cycle, they now use the term big data. Back when everybody was hyping big data, the big vacuum was applications. Pivotal came out, Paul Maritz had the vision, We're going to be the big data application development platform. Pivotal's done okay there, but it's not taking the world by storm. It's a public company, it had a decent IPO, but it's not like killing it. Splunk is now, maybe a little late to the game, a little later than Pivotal, or maybe even on IBM, but they key is, Splunk has the data. I keep coming back to the data. The data is the linchpin of all of this. Splunk also announced SplunkTV, that's nice, you're in the knock, and you got smart TV. Woo hoo! That's kind of cool. >> Yeah but Dave, on the Developer Cloud, this is a cloud native application, so it's fitting with that model for next generation apps, and where they're going to live, definitely makes a lot of sense. >> They talked about integrating Spark and TensorFlow, which is important obviously in that world. Stu, you in particular, John Ferrier as well, spent a lot of time, Jim Kabilis in the developer community. What's your take on what they announced? I know it was sort of high level, but you saw some demos, you heard their language. There were definitely some developers in the room. I would say, as a constituency, they sounded pretty excited. They were a relatively small number, maybe hundreds, not thousands. >> One of the feedback I heard from the community is being able to work with containers and dockers, something that people were looking for. They're delivering on that. We talked to one of the customers that is excited about using Kubernetes in this environment. So, absolutely, Splunk is reaching out to those communities, working with them. When we talked to the field executive yesterday, she talked about- >> Dave: Susan St. Ledger >> How Splunk is working with a lot of these open source communities. And so yeah, good progress. Good to see where Splunk's moving. Absolutely they listen to their customers. >> So, land and expand, Splunk does not use that term. It's my term that I stole from Christian Chabot and Tableau. Certainly we saw that with ServiceNow. We're seeing a very similar playbook. Workday, in many ways, is trying it as well, but Workday's going from HR into financials and ERP, which is a way more entrenched business. The thing I love about Splunk, is they're doing stuff that's new. Splunk was solving a problem that nobody else could solve before, whereas Workday and ServiceNow, as examples, were essentially replacing legacy systems. Workday was going after PeopleSoft. ServiceNow was going after BMC. Tableau, I guess was going after old, tired OBI. So they were sort of disruptive in that sense. Splunk was like, we can do stuff that nobody's been able to do before. >> Yeah Dave, the last thing that I want to cover in this analysis segment is, we talk about the data. It's the people interacting with it. We've been talking for years, there's not enough skills in data scientists. There's so many companies that we're going to be your platform for everything. Splunk is a platform company, but with a big ecosystem at the center of everything they do. It's the data, it's the data that's most important. They're not trying to say, this is the rigid structure. We talked about a lot yesterday, how Splunk is going to let you use the data where you want it, when you want it. How do you look at what Splunk does, the Splunkers out there, all the people coming to them? Compare and contrast against the data scientists. >> Well this is definitely one of the big challenges. To me, the role of a Splunker, they're IT operations people, they're people in the security knock, and Splunk is a tool for them, to make them more productive, and they've fallen in love with it. You've seen the guys running around with the fez, and that's pretty cool. They've created a whole new class of skill sets in the organization. I see the data scientists as, again, becoming a Splunker and using the tools. Splunk are giving the data scientists tools, that they perhaps didn't have before, and giving them a way to collaborate. I'll come back to that a little bit. If I go through the announcements, I see some challenges here, Stu. Splunk next for the LLB. Is it really as easy as Splunk has shown? As time will tell, we're going to have to just talk to people and see how quickly it gets adopted. Can Splunk democratize data for the line of business? Well on the IOT side, it's all about the operations technology professionals. How does Splunk reach those people? It's got to reach them through partnerships and the ecosystem. It's not going to do a belly to belly direct sales, or it's not going to be able to scale. We heard that from Susan St. Ledger yesterday. She didn't get into IOT because it hadn't been announced yet, but she hinted at that. So that's going to be a big thing. The OT standards, how is Splunk going to adopt those. The other thing is, a lot of the operations technology data is analog. There's a headwind there, which is the pace at which the engineers are going to digitize. Splunk really can't control that in a big way. But, there's a lot of machine data and that's where they're focusing. I think that's really smart of Splunk. The other thing, generally, and I don't know the answer to this Stu, is how does Splunk get transaction data into the system? They may very well may do it, but we heard yesterday, data is messy. There is no such thing as unstructured data. We've heard that before. Well there's certainly a thing as structured data, and it's in databases, and it's in transaction systems. I've always felt like this is one of IBM's advantages, as they got the mainframe data. Bringing transaction data and analytic data together, in real time, is very important, whether it's to put an offer in front of the customer before you lose that customer, to provide better customer service. Those transaction systems and that data are critical. I just don't know the answer to how much of that is getting into the Splunk system. And again, as I said before, is it really that easy as Spark and TensorFlow integration enough? It sounds like the developers will be able to handle it. NLP will evolve, we talked about that as a headwind. Those are some of the challenges I see, but I don't think they're insurmountable at all. I think Splunk is in a really good position, if not the best position to take advantage of this. Why? Because digital transformation is all about data, and Splunk is data. They're all about data. They don't have to go find the data, obviously they have to ingest the data, but the data's there. If you're a Splunker, you have access to that data. All the data? Not necessarily, but you can bring that through their API platforms, but a lot of the data that you need is already there. That's a huge, huge advantage for Splunk. >> Well, Dave, this is one of the best conferences I've been at, with data at the core. It's been so great to talk to the customers. We really appreciate the partnership of Splunk. Splunk events team, grown this from seven years ago, when we started a 600 person show, to almost 10,000 now. So for those of you that don't know, there's so much that goes on behind the scenes to make something like this go off. Really appreciate the partnership and the sponsorship that allows us to help us document this, bring it out to our communities. The analysis segments that we do, we actually bring in podcast form. Go to iTunes or Spotify, your favorite podcast player, look for theCUBE insights. Of course go to theCUBE.net for the video. SiliconANGLE.com for all of the news. Wikibon.com for the research, and always feel free to reach out with us, if you've got questions, or want to know what shows we're going to be in next. For my cohost, Dave Vellante who is Dvellante on Twitter. I'm Stu Miniman, at stu on Twitter, and thanks so much for watching theCUBE. (techno music)

>> Announcer: Live from Washington, DC, it's the Cube, covering .conf2017, brought to you by Splunk. (busy electronic music) >> Welcome back to the Washington Convention Center, the Walter Washington Convention Center, in our nation's capital as our coverage continues here of .conf2017. We're here at Splunk along with Dave Vellante. I'm John Walls, and kind of coming down the home stretch, Dave. There's just something about the crowd's lingering still, the show for, still has that good vibe to it, late second day, hasn't let off yet. >> Oh, no, remember, the show goes on through tomorrow. There's some event tonight, I think. I don't know, the band's here. >> Yeah, but-- >> Be hanging out, partying tonight. >> But you can tell the Splunkers are alive and well. We have Terry Ramos with us, who's going to join us for the next 15 minutes or so, the VP of Business Development of Palo Alto Networks. Terry, good to see you, sir. >> Good, really appreciate you having me here. >> You bet, you bet, thanks for joining us. You've got a partnership now, you've synced up with Splunk. >> Terry: Yes. >> Tell us a little bit about that. Then we'll get into the customer value after that. But first off, what's the partnership all about? >> Sure. We've actually been partners for about five years, really helping us solve some customer needs. We've got about several thousand customers who are actually using both products together to solve the needs I'll talk about in a minute. The partnership is really key to us. We've invested a ton of time, money, effort into it, we have executive level sponsorship all the way down to sales. In the field, we have reps working together to really position the solution to customers, both us and Splunk and then how we tie together. We're the number one downloaded app for Splunk by far that's a third party, so they have a couple that are more downloaded than us, but for third party, we've done that. We develop it all in house ourselves. For customers out there who think the app's great, I'll talk about the new version coming, I'd love any feedback on what should we do next, what are the next things we should do in the app, because we're really developing this and making this investment for customers to get the value out of it. >> What about the business update for Palo Alto Networks? I mean, can you give us the sort of quick rundown on what's going on in your world? >> Sure. I think most people know Palo Alto Networks has done pretty well. We just finished our FY '17, finished with about 42,500 customers. Revenue was, I think, 1.8 billion, approximately. We're still a very high growth company, and been growing the product set pretty well, from products next-gen firewall, all the attached subscriptions. Then we've got things like the Endpoint Traps now that's really doing well in the market, where customers need help on preventing exploits on the endpoint. That's been a growing market for us. >> It's the hottest space in the data center right now, and everybody wants to partner with you guys. Obviously, Splunk, you go to all the big shows, and they're touting their partnerships with Palo Alto. What do you attribute that sort of success to? >> Customers, truly. I run the partnerships for the company. If we do not have a customer who will be invested in the integration and the partnership, we don't do it. The number one thing we ask when somebody says, I want to partner with you, is, who's the customer, what's the use case, and why, right. Then if we can get good answers to that, then we go down the path of a partnership. Even then, though, we're still pretty selective. We've got 150 partners today that are technology partnerships. But we've got a limited number, Splunk's a big one, that we really invest heavily in, far more than the others, far more than just an API integration, the stuff of getting out to customers in the field the development of apps and integration, those things. >> Talk about, we laugh about Barney deals sometimes, I love you, you love me, let's do a press release. What differentiates that sort of Splunk level of partnership? Is it engineering resources? Is it deeper go to market? Maybe talk about that a little. >> Yeah, I hate Barney partnerships completely. If I do those, fire me, truthfully. I think the value that we've done with Splunk that we've really drawn out is, we've built this app, right, so BD has a team of developers on our team that writes the app for Splunk. We have spent four years developing this app. We were the first company to do adaptive response before it was called adaptive response. You see something in Splunk, you can actually take action back to a firewall to actually block something, quarantine something, anything like that. The app today is really focused on our products, right, through Endpoint, WildFire, things like that, right, so it's very product focused. We're actually putting in a lot of time and effort into a brand new app that we're developing that we're showing off now that we'll ship in about a month a half that's really focused on adversaries and incidents. We have something called the adversary score card where it'll show you, this is what's actually happening on my network, how far is this threat penetrating my network and my endpoints, is it being stopped, when is it being stopped. Then we've got an incident flow, too, that shows that level down to Traps prevented this, and here's how it prevented it. Then if we go back to the adversary score card, it ties into what part of the kill chain did we actually stop it at. For a CISO, when you come in and you say, there's a new outbreak, there's a new worm, there's a new threat that's happening, how do I know that I'm protected? Well, Splunk gives you great access to that data. What we've done is an app on top of it that's a single click. A SOC guy can say, here's where we're at, here's where we've blocked it. >> I guess I've been talking to a lot of folks here the last two days, and we've got a vendor right over here, we're talking, they have a little scorecard up, and they tell you about how certain intrusions are detected at certain intervals, 190 days to 300 and some odd days. Then I hear talk about a scorecard that tells you, hey, you've got this risk threat, and this is what's happened. I mean, I guess I'm having a hard time squaring that all up with, it sounds like a real time examination. But it's really not, because we're talking about maybe half a year or longer, in some cases, before a threat is detected. >> Yeah, so as a company, we've really focused on prevention. Prevent as much as you can. We have a product called WildFire, where we have tens of thousands of customers who actually share data with us, files and other things, files, URLs, other things. What we do is we run those through sandboxing, dynamic analysis, static analysis, all sorts of stuff, to identify if it's malicious. If it's malicious, we don't just start blocking that file, we also send down to the firewall all the things that it does. Does it connect to another website to download a different payload, does it connect to a C&C site, command and control site? What's that malware actually doing? We send that down to the customer, but we also send it to all of our customers. It may hit a target, right, the zero day hit one customer, but then we start really, how do we prevent this along the way, both in the network and at the endpoint? Yeah, there are a lot of people that talk about breaches long term, all that, what we're trying to make sure is we're preventing as much as we can and letting the SOC guys really focus on the things that they need to. A simple piece of malware, they shouldn't be having to look at that. That should be automatically stopped, prevented. But that advanced attack, they need to focus on that and what are they doing about it. >> The payloads have really evolved in the last decade. You mentioned zero day. Think about them, we didn't even know what it was in the early 2000s. I wonder if you could talk about how your business has evolved as the sophistication of the attackers has evolved from hacktivist to organized crime to nation state. >> Yeah, yeah. It has evolved a lot, and when you think about the company, 42,500 customers says a lot. We've been able to grow that out. When you talk about a product, something like WildFire that does this payload analysis, when we launched the product it was free. You'd get an update about every 24 hours, right. We moved it down to, I think it was four hours, then it was an hour, 20 minutes, and now it's about five minutes. In about five minutes, we do all that analysis and how do we stop it. Back to the question is, when you're talking about guys that are just using malware and running it over and over, that's one thing. But when you're talking about sophisticated nation states, that's where you've got to get this, prevent it as quickly as you possibly can. >> If we're talking about customer value, you've kind of touched on it a little bit, but ultimately, you said you've got some to deal with Splunk, some to deal with you, some are now dealing with both. End of the day, what does that mean to me, that you're bringing this extra arsenal in? How am I going to leverage that in my operations? What can I do with it better, I guess, down the road? >> Yeah, I think it really comes down to that, how quickly can you react, how do you know what to react to. I mean, it's as simple as that, I know it sounds super simple, but it is that. If I'm a SOC guy sitting in a SOC, looking at the threats that are happening on my network, what's happening on my endpoints, and being able to say, this one actually got through the firewall. It was a total zero day, we had never seen it before. But it landed at the endpoint, and it tried to run and we prevented it there. Now you can go and take action down to that endpoint and say, let's get it off the endpoint, the firewall's going to be updated in a few minutes anyway. But let's go really focus on that. It's the focus of, what do you need to worry about. >> Dave: Do you know what a zero day is? >> You've kind of, yeah, I mean, it's the movie, right? >> He's going, no, no, there was a movie because of the concept-- >> Because of the idea. >> David's note, there's been zero days of protection. But you can explain it better than I can. >> Yeah, zero day means it's a brand new attack, never seen before, whether it be-- >> Unique characteristics and traits in a new way that infiltrate, and something that's totally off from left field. >> When you think about it, those are hard to create. They take a lot of time and effort to go find the bugs in programs, right. If it's something in a Microsoft or an Oracle, that's a lot of effort, right, to go find that new way to do a buffer overflow or a heap spray or whatever it is. That's a lot of work, that's a lot of money. One of the things we focused on is, if we can prevent it faster, that money, that investment those people are making is out the window. We really, again, are going to focus on the high end, high fidelity stuff. >> The documentary called "Zero Days," but there was, I don't know how many zero day viruses inside of Stuxnet, like, I don't know, four or five. You maybe used to see, the antivirus guys would tell you, we maybe see one or two a year, and there were four or five inside of this code. >> Loaded into one invasion, yeah, yeah, yeah. >> It's the threat from within. I mean, one of the threats, if I recall correctly, was actually, they had to go in and steal some chip at some Taiwanese semiconductor manufacturer, so they had to have a guy infiltrate, who knows, with a mop or something, stick a, had to break in, basically. These are, when you see a payload like that, you know it's a nation state, not just some hacktivist, right, or even organized crime doesn't necessarily have the resources for the most part, right? >> It's a big investment, it is. Zero days are a big investment, because you've got to figure it out, you may have to get hardware, you have to get the software. It's a lot of work to fund that. >> They're worth a lot of money on the black market. I mean, you can sell those things. >> That's why, if we make them unusable fairly quickly, it stops that investment. >> We were talking with Monte Mercer earlier, just talking about his comments this morning, keynotes about you could be successful defending, right. It's not all bets are off, we're hopeless here. But it still sounds as if, in your world, there are these inherent frustrations, because bad guys are really smart. All of a sudden, you've got a whole new way, a whole new world that you have to combat, just when you thought you had enough prophylactic activity going on in one place, boom, here you are now. Can you successfully defend? Do you feel like you have the tools to be that watch at the gate? >> I'd be a liar if I say you can prevent everything, right. It's just not possible. But what you've got to be able to prevent is everything that's known, and then take the unknown, make it known as quickly as possible, and start preventing that. That's the goal. If anybody out here is saying they prevent everything, it's just not true, it can't be true. But the faster you take that unknown and make it known and start preventing it, that's what you do. >> Well, and it's never just one thing in this world, right? Now there's much more emphasis being placed on response and predicting the probability of the severity and things of that nature. It really is an ecosystem, right. >> Terry: It is, that's what I do. >> Which is kind of back to what you do. How do you see this ecosystem evolving? What are your objectives? >> I think that from my standpoint, we'll continue to build out new partnerships for customers. We really focus on those ones that are important to customers. We recently did a lot with authentication partners, right, because that's another level of, if people are getting those credentials and using them then what are they doing with them, right? We did some new stuff in the product with a number of partners where we look at the credentials, and if they're leaving the network, going to an unknown site, that should never happen, right? Your corporate credentials should never go to some unknown site. That's a good example of how we build out new things for customers that weren't seen before with a partner. We don't do authentication, so we rely on partners to do that with us. As we continue to talk about partnership and BD, we're going to continue to focus on those things that really solve that need for our customer. >> Well, I don't know how you guys sleep at night, but I'm glad you do. >> Dave: No, we don't. What do you mean? I'm glad you don't. >> It's 24/7, that's for sure. >> Terry: Yes. >> Terry, thanks for being with us. >> Thank you very much. >> We appreciate the time, glad to have you on the Cube. The Cube will continue live from Washington, DC, we're at .conf2017. (busy electronic music)

>> Announcer: Live from Washington, DC it's theCUBE. Covering .conf2017. Brought to you by Splunk. >> Welcome back here on theCUBE we continue our coverage of .conf2017 here at the Splunk event with about seven thousand plus Splunkers. Along with Dave Vellante, John Walls. I like that Splunkers. >> You a Splunker? >> Not sure I'd be qualified. >> I'm learning how. >> I'm not qualified. >> to be come one. >> I don't think. >> I think we're kind of in the cheap seats of Splukism right now. Certainly there's a definitely vibe and I think that there's this whole feeling of positivity amongst our community right, that is to get a sense of that here. >> Dave: Hot company, data centers booming. >> It's all happenin', so we are in the Walter Washington Convention Center day two of the convention. We're joined now by of Stephen Hunt who is the CIO of an organization called Team Rubicon. Stephen thanks for joining us here on theCUBE. Good to have you Sir. >> Thank you for having me. >> And CTO too correct? >> And CTO. >> So first off let's talk about Team Rubicon. Veterans based organization, you team up with disaster emergency responders, first responders, to come in a crisis management times of disasters I'm sure extremely busy right now. Gave birth to this organization back in 2010 after the Haiti earthquakes. So tell us a little bit more about your mission and what you're doing now I assume you're up to your ears and all kinds of work, unfortunately. >> Yeah so our, just speaking to our mission, our purpose is to leverage the skills a military vets and first responders in disaster. The capacity and skills that vets bring after active duty in the in the services, is remarkable resource that we've learned to tap to help people in need around the world. This is one of our or this is our busiest time right now. You know we're responding in the greater Houston area in Florida, the Florida Keys, British Virgin Islands, Puerto Rico, Mexico, Turks and Caicos. And it's just it's incredible what we're able to do and in aiding people from the point of search and rescue to recovery and resilience, there's a broad spectrum of activities that are our people engage in to make that all happen and across a diversity of locations. It's been truly remarkable and challenging in ways that we never imagined right now. >> And I should add that you're a veteran yourself. Paratrooper, 82nd Airborne, a reservist, but also have an engineering background MIT Lincoln Laboratories for 20 some plus years. So you've got this interesting combination of experiences that have brought you into a company that is also a beneficiary of the Splunk for Good Program part of the Splunk pledge Program. So are you bring a pretty interesting portfolio to the job here Stephen. >> It's a bit unusual I do understand how a lot of the world works, not because I'm the smartest person in the room, I have a bit of a head start there's a lot of experience there and so bringing my engineering skills to the field, as well as to the business office and how we operate. And working with companies like Splunk, you know I can see, pretty quickly, what's hard, what's easy. I understand that Splunk needs our requirements in order to deliver product that's meaningful to us and our mission. So tying that all together it is a bit unusual for an NGO to have someone like me around. I got involved simply to help people. When they told me at some point are that we're going to build a business to help people, I said I don't come here to build a business. And it took me a little while to get oriented around the fact that as we expand the brand as we bring it around the globe, it takes a strong business model and a strong technical model in how we project humanitarian aid in austere settings. >> In order to scale right. >> So Tell us more about the organization how large is the organization, you know, where do you get the resources, how is it funded. >> So we're almost a 100% privately funded. So corporations, foundations, individual donors from across the country and across the world. We have about sixty thousand members and these are volunteers in and globally, so how in the world do you do that? Well, it turns out we grew up at about the same time the cloud industry grew up, we've been around seven years. And I would like to say that I'm some kind of genius and I said well we should follow the cloud, it was a judgment call and it was what we could manage. Today we have about thirty five to forty cloud software products that drive everything from donor management, volunteer management, how we deal with our beneficiaries, as well as our employees. And and it's not just about product in mission it's about protection and seeing through what's happening at the company at scale. We have about anywhere from eight hundred to 15 hundred people sign up to join, to become a part of Team Rubicon every week. >> Dave: Every week? >> And we couldn't do that without scale, without cloud technology it's been truly remarkable. >> And the volunteers or or all veterans, is that right? >> About 80, 75 to 80% military vets, first responders and others. >> Okay, so they just they make time to take time off from work, or whatever it is and go volunteer. They'll get permission from whom ever. Their employers, their wives and husbands. >> The payment that we provide is a renewed sense of purpose. When you know you take off the uniform there is a certain part of your identity that goes on the hanger and people don't see in you that's missing and we get that back. Through service and being around like minded individuals it's just amazing when we bring all of our people together and they align to work to this common mission. >> So in the in the take a recent examples in Florida and Houston are they predominantly people that are proximate to those areas? Are you are you having to fly people in, how does that all work? We literally have people coming in from all over the world. Generally, with the way we run operations to keep them cost effective as we look first within 450 miles of an affected area, and and bring in people in close proximity. If there is need greater than that, then we expand the scope of the distance if you will. Logistically, where we bring folks in. we're all the way now to bring in people from Australia, Norway, Canada, as well as the UK and working alongside each other seamlessly and that's really due to our standards and training. You can imagine when we scale it's not just the technology but it's how you use it, in the field, and in the business environment in the office. >> Are they responsible for figuring out where they sleep, where they eat, I mean how does that all work. >> Yeah, we set that up, in the early days we kind of took care of it ourselves, you know we reach into our own pockets and the small groups run around the planet and help people. It was kind of a club, now it's a whole different story. When we're bringing in 500 people a day, we need to know how they're fed, is this safety, security and protection, not just physically, but also emotionally. You want to make sure that we're really looking after people before, during and after they deploy and help people. So we put them up, and typically it's not the Ritz, you know might be a cot in a warehouse somewhere. But I've stayed at hotels with Team Rubicon members and maybe sometimes eight in the room. My old job Wasn't like that, all these guys are fighting to see who's going to sleep on the floor. I mean it's it's a really interesting you know. >> You have very different dynamic I'm sure. So you talk about these global operations expanding what four or five countries you mentioned with thoughts of one larger. I know communications are huge part of that you have a partnership now with a a prominent satellite firm you know in Inmarsat and how is that coming to benefit your operations and does Splunk come in the play with that global communications opportunity? >> Inmarsat and Splunk have been truly remarkable impacting and working toward greater impact in how we deliver aid around the globe. And make a couple of very clear points and deliver a metric here. We're running maybe 15 simultaneous operations distributed across all those areas I just discussed earlier. And historically, in all the time that I've been with Team Rubicon we've always had outages when it comes to communicating with our staff in these austere settings. You know we have to life safety is everything. That's the most important thing on my list, is the welfare of the people I'm looking after, and our employees, volunteers and our beneficiaries. When we can't communicate if something goes wrong it's a problem Inmarsat has set us up with communications gear in such a way that even though running all these operations at our most challenging time, I haven't had one complaint. About not being able to communicate. And what's Splunk is doing, is integrating with the Inmarsat backend to provide us the status of all of that equipment and and so from a perspective where are they all located, what is the status of the you know the data usage to make sure that somebody doesn't get arbitrarily shut off, you know that strategic view of what's happening across the globe. And this was something that we've negotiated or Inmarsat asked us to do, and Splunk is stepping up to take care of that for us so that we can ensure life safety and coordination happen seamlessly. Just one more point about this, if you could communicate with everyone everyday you're planning team isn't sitting idle wondering what it needs to do next. So this tertiary effect, is really driven our planning team to perform in a way that guides material and resources that I didn't really think about, But it's quite remarkable. >> So, you please, I thought you finished, I apologize. >> No, it's OK. >> I'm excited. >> It's fantastic. >> So the tech let's get into the tech side of this. You got SaaS apps, you got logistics, you got comms, you got analytics stuff, you got planning, you got collaboration and probably a hundred other things that I haven't mentioned. Maybe talk about you put your CTO hat on. >> Oh no, absolutely, so one of the things I say to our people, you know the technology is important but people are more important. And and so how we work with technology, its adoption as a CIO is critical. I need to say that when we're provided quality top tier software technologies to support education and training, as I mentioned, volunteer management, information management and security. And they were adopted naturally and they take off like a fire on a dry day, it means Splunk and other companies produced a great product. And we've seen this time and again with our ecosystem. So it's a general statement about the cloud technologies. Many companies have just done an exceptional job at building products that our people can work with. So I don't really complain too much about adoption across the board or struggle with it, I should say. So Google, Microsoft, Splunk, Cornerstone OnDemand, Salamander, Everbridge, Palantir. >> Be careful it's like naming the kids you're going to leave somebody out. So many of these great benefactors. >> Yeah, they're used to it but we work with all and our new COO came in, I apologize, I was CIO/CTO of Team Rubicon USA for about three years and I just moved over to Team Rubicon global to help orchestrate our global footprint. And we've set up licensing and a model for where instances of software are located to meet the legal regulatory framework for doing business internationally. And but the the COO of USA, and I'm so proud of what USA is doing right now, it's just blowing up. I mean what they're accomplishing as the largest Team Rubicon entity. But he looked at me, he said, Steve we got to get rid of some of these software products, and I said well, tell me what you don't want to do and I'll delete it, happy to. And instead the numbers gone up by 10 you know since that conversation. So there's some great challenges with and great opportunities, but as you know when your capacity increases, working with data and information your risk also goes up. So we work hard it impacting the behaviors of all of our people, it doesn't happen in a month or two months it takes years. So that everyone is security minded and making good decisions about how we work with information and data, you know whether it's a collective view provided by a product like Splunk which gives us this global view of information. You know if we have people working in a in a dangerous area and all of a sudden we know where all of our people are we just don't post that up on the open internet right. That's a bad idea just to give you a simple example. Down to the PII of our members and employees. And we're becoming very good at that. And for an NGO that's unusual and we're going to be driving an independent security audit fairly soon, to push it even further with the Board of Directors and executives, and so the business team can make decisions about how what we do technically based on you know liability in business model, right for how we work, but for me, the highest priority's protection of everyone. >> Well, it is a wonderful organization and we sincerely Dave and I both thank you for your service, present and future tense, for your service absolutely. Team Rubicon they will accept contributions, both time and treasure so visit the website Team Rubicon and see what you might be able to do to lend help to the cause, great cause that it is. Thank you Stephen. Back with more from .conf2017 here in DC, right after this.

>> Announcer: Live from Washington, DC it's theCUBE. Covering .conf2017. Brought to you by Splunk. >> Welcome back here on theCUBE continuing our coverage of .conf2017 sponsored by Get Together in your nations capitol, we are live here at the Walter Washington Convention Center in Washington, DC. Along with Dave Vellante I'm John Walls Joined now by a couple CUBE alums, actually, you guys were here about a year ago. Yeah, Robert Herjavec, with the Herjavec Group of course you all know him from Shark Tank fame answer Atif Ghauri who is the VP of Customer Service Success at the Herjavec Group. I love that title, Atif we're going to get into that in just a little bit. Welcome. >> Thank you. >> Good to see you all. >> We're more like CUBE groupies We're more like CUBE groupies. >> Alums. >> Alums, okay, yeah. >> If we had a promo reel. >> Yeah, we love it here. We get free mugs with the beautiful Splunk. >> That doesn't happen all the time does it. >> Where did you get those? >> They're everywhere. >> Dave, I'll share. >> So again for folks who don't, what brings you here what, what's the focus here for the Herjavec Group in in terms of what you're seeing in the Splunk community and I assume it's very security driven. >> Yeah, well we've been part of the Splunk community for many years going on gosh, eight, nine years. We're Splunkers and we use Splunk as our core technology to provide our managed service and we manage a lot of customer environments with Splunk and we've been really forefront of Splunk as a SIM technology for a long time. >> Atif, excuse me, David, just the title, VP of Customer Service Success, what's under that umbrella? >> Yeah, it's actually pretty simple and straightforward given especially that Splunk's aligned the same way. Christmas success is King, right. If our customers aren't successful then how are we successful? So what we're trying to do there is putting the customer first and help in growing accounts and growing our services starting with our customers that we have today. >> It was actually Doug Maris, I have to give him full credit him and I were on a flight, and I said to him what's really critical to you growing revenue, efficiency, innovation and he said, number one for us is customer success. So we're very happy to steal other people's ideas if they're better. >> So security's changing so fast. You mentioned SIM, Splunk's narrative is that things are shifting from a traditional SIM world to one of an analytic driven remediation world. I wonder if you could talk about what you're seeing in the customer base, are people actually shifting their spending and how fast and where do you see it all going? >> Yeah, so the days of chasing IOC's is a dead end. Because that's just a nonstop effort. What's really happening now is technique detection. Defining, looking at how hackers are doing their trade craft and then parroting that. So Splunk has ideas and other vendors have ideas on how to go about trying to detect pattern recognition of attacker trade craft. And so what definitely was driving what's next when it comes to security automation, security detection, for our customers today. >> You know, we always tell people and it's just dead on but the challenge is people want to buy the, sexy, exciting thing and why I always try to say to customers is you're a dad and you have three kids, and you have a minivan. You don't really want to own a minivan, you want a really nice Ferrari or Corvette but at the end of the day, you have three kids and you got to get to the store. And in the security world it's a little bit like that. People talk about artificial intelligence and better threat metrics and analytics but the core, foundational basis still is logs. You have to manage your log infrastructure. And the beauty of Splunk is, it does it better than anyone and gives you an upstream in fact to be able to do the analytics and all those other things. But you still got to do the foundation. You still got to get three kids into the minivan and bring back groceries. >> So there's been a lot of focus, obviously security's become a Board level topic. You hear that all the time, you used to not hear it all the time, used to be IT problem. >> Absolutely, the only way I could get a meeting with the CEO or CIO was because I was on Shark Tank. But as a security guy, I would never meet any executives. Oh yeah I spend 80% of my time meeting with CEO, not just CIO's, but CEO's and Boards and that kind of stuff, absolutely. >> How should the CIO be communicating the Board about security, how often, what should be the narrative you know, transparency, I wonder if you could give us your thoughts. >> It's a great question. There's a new financial regulation that's coming out where CISO's and CIO's actually have to sign off on financial statements related to cyber security. And there's a clause in there that says if they knowingly are negligent, it carries criminal charges. So the regulations coming into cyber security are very similar to what we're seeing and Sarbanes Oxley like if a CEO signs an audit statement that he suspects might have some level of negligence to it I'm not talking about outright criminal fraud but just some level of negligence, it carries a criminal offense. If you look at the latest Equifax breach, a lot of the media around it was that there should be criminal charges around it. And so as soon as as you use words like criminal, compliance, audit, CEO's, executives really care. So the message from the CIO has to be we're doing everything in our power, based on industry standards, to be as secure as we can number one. And number two we have the systems in place that if we are breached, we can detect it as quickly as possible. >> So I was watching CNBC the other day and what you don't want to see as a Board member, every Board members picture from Equifax up there, with the term breach. >> Is that true? >> Yeah, yeah. >> See, but, isn't that different. Like you never, like if we think back on all the big breaches, Target and Sony they were all seminal in their own way. Target was seminal because the CEO got fired. And that was the first time it happened. I think we're going to remember Equifax, I didn't know that about the Board. >> For 50 seconds it was up there. I the sound off. >> You don't want to be a Board member. >> I mean, I hate to say it, but it's got to be great for your business, first of all it's another reason not to be a public company is one more hurdle. But if you are they need help. >> They absolutely need help. And on point I don't want to lose is that what we're seeing with CISO's, Chief Information Security Officers, Is that that role's transcending, that role is actually reporting directly to in to CEO's now. Directly into CFO's now, away from the CIO, because there's some organizational dynamics that keep the CISO from telling, what's really going on. >> Fox in henhouse. >> Exactly. >> You want to separate those roles. You're you're seeing that more often. What percent of the CISO's and CIO's are separate in your experience? >> Organizations that have a mature security program. That have evolved to where it's really a risk-based decision, and then the security function becomes more like risk management, right. Just what you they've been doing for decades. But now you have a choice security person leading that charge. >> So what we really always saying theCUBE, it's not a matter of if, it's when you're going to get infiltrated. Do you feel as though that the Boards and CIO's are transparent about that? Do Boards understand that that it's really the remediation and the response that's most important now, or there's still some education that has to go on there? >> You know, Robert speaks to Boards are the time he can comment on that, but they really want to know two things, how bad is it and how much money do you need. And those are the key questions that's driving from a Board perspective what's going to happen next. >> What's worse that Equifax got breached or that Equifax was breached for months and didn't know about it. I mean, as a Board member the latter is much worse. There's an acceptance like I have a beautiful house and I have big windows a lots of alarms and a dog, not a big dog, but still, I have a dog. >> A yipper. >> Yeah, I have a yipper. It's worse to me if somebody broke into my house, was there for a while and my wife came home at night and the person was still there. That to me is fundamentally worse than getting an alarm and saying, somebody broke the window, went in, stole a picture frame. You're going to get breached, it's how quickly you respond and what the assets are. >> And is it all shapes and sizes, too I mean, we talk about big companies here you've mentioned three but is it the mid-level guys and do smaller companies have the same concerns or same threats and risks right now? >> See these are the you heard about. What about all the breaches you don't know. >> That's the point, how big of a problem are we talking about? >> It's a wide scaling problem right and to the previous question, the value now in 2017, is what is the quality of your intelligence? Like what actions can I take, with the software that you're giving me, or with the service that you're giving me because you could detect all day but what are you going to do about it? And you're going to be held accountable for that. >> I'm watching the service now screen over here and I've seen them flash the stat 191 days to detect an infiltration. >> That sounds optimistic to me. I think most people would be happy with that if they could guarantee that. >> I would think the number's 250 to 300 so that now maybe they're claiming they can squeeze that down but, are you seeing any compression in that number? I mean it's early days I know. >> I think that the industry continues to be extremely complicated. There's a lot of vendors, there's a lot of products. The average Fortune 500 company has 72 security products. There's a stat that RSA this year that there's 1500 new security start ups every year. Every single year. How are they going to survive? And which ones do you have to buy because they're critical and provide valuable insights. And which ones are going to be around for a year or two and you're never going to hear about again. So it's a extremely challenging complex environment. >> From the bad guys are so much more sophisticated going from hacktivists to whatever State sponsored or criminal. >> That's the bottom line, I mean the bad guys are better, the bad guys are winning. The white hats fought their way out to the black hats, right. The white hats are trying, trying hard, we're trying to get organized, we're trying to win battles but the war is clearly won by the by the black hats. And that's something that as an industry we're getting better at working towards. >> Robert, as an investor what's your sentiment around valuations right now and do you feel as though. >> Not high enough. >> Oh boy. >> Managed security companies should be trading way higher value. >> Do you feel like they're somewhat insulated? >> Its a really good question, we're in that space you know we're we're about a $200 million private company. We're the largest privately held, managed security company in the world actually. And so I always think every time we're worth more I think wow, we couldn't be worth more, the market can't get bigger. Because your values always based for potential size. Nobody values you for what you're worth today. Because an investor doesn't buy history an investor doesn't buy present state, an investor buys future state. So if the valuations are increasing, it's a direct correlation because the macro factors are getting bigger. And so the answer to your question is values are going to go up because the market is just going to be fundamentally bigger. Is everybody going to survive? No, but I think you're going to see valuations continue to increase. >> Well in digital business everybody talks about digital business. We look at digital business as how well you leverage data. We think the value of data is going through the roof but I'm not sure customers understand the intrinsic value of the data or have a method to actually value their data. If they did, we feel like they would find it's way more valuable and they need to protect it better. What are you seeing in that regard with customers? >> There's an explosion of data in that with IoT, internet of things, and the amount of additional data that's come now. But, to your point, how do you sequence and label data? That's been a multi-decade old question more organizations struggle with. Many have gone to say that, it's all important so let's protect it all, right. And verses having layers of approach. So, it's a challenging problem, I don't think across all our customer base. That's something that each wrestling with to try to solve individually for their companies. >> Well, I think you also have the reality though of money. So, it's easy to say all the data is important, Structured unstructured, but you look at a lot of the software and tools that you need around this floor are sold to you on a per user or per ingestion model. So, even though all your data is critical. You can't protect all your data. It's like your house, you can't protect every single component of it, you try, and every year gets better maybe get a better alarm maybe I'll get rid the yappy dog and get a Doberman you know you're constantly upgrading. But you can't protect everything, because reality is you still live in an unstructured, unsafe world. >> So is that the complexity then, because the a simple question is why does it take so long to find out if there's something wrong with your house? >> I think it's highly complex because we're dealing with people who are manipulating what we know to their benefit in ways we've never done it. The Wannacry breach was done in a way that had not been done before. If it had done before we could have created some analytics around it, we could created some, you know, metrics around it but these are attacks that are happening in a way we've never seen before and so it's this element of risk and data and then you always have human nature. Gary Moore was that the Council this morning. The writer of Crossing the Chasm, legendary book, and he said something very interesting which was Why do people always get on a flight and say, good luck with the flight, hope you fly safe. But they don't think twice about hopping in their car and driving to the grocery store. Whereas statistically, your odds of dying in that car are fundamentally greater, and it's human nature, it's how we perceive risk. So it's the same with security and data in cyber security. >> As security experts I'm curious and we're here in DC, how much time you think about and what your thoughts might be in the geopolitical implications of security, cyber war, you know it's Stuxnet, fast forward, whatever, ten years. What are you thoughts as security practitioners in that regard? >> The longest and most heated battles in the next World War, will not be on Earth, they'll be in cyberspace. It's accepted as a given. That's the way this Country is moving. That's the way our financial systems are tied together and that's the way we're moving forward. >> It's interesting we had Robert Gates on last year and he was saying you know we have to be really careful because while we have the United States has the best security technologies, we also have the most to lose with our infrastructure and it's a whole new you know gamification or game theory balance we have to play. >> I would agree with him that we have some of the best security technology in the world but I would say that our barometer and our limiter is the freedom of our society. By nature what we love about our country and Canada is that we love freedom. And we love giving people access to information and data and free speech. By nature we have countries that may not have as good a security, but have the ability to limit access to outsiders, and I'm not saying that's good by any means but it does make security a little bit easier from that perspective. Whereas in our system, we're never going to go to that, we shouldn't go to that. So now we have to have better security just to stay even. >> To Dave's point talking about the geopolitical pressures, the regulatory environment being what it is, you know legislators, if they smell blood right, it in terms of compliance and what have you, what are you seeing in terms of that shift focus from the Hill. >> Great question. I did a speech to about two thousand CIO's, CISO's not long ago and I said, how many people in this room buy security to be more secure and how many people buy because you have to be compliant. 50/50, even the security ones admitted that how they got budget was leveraging the compliance guys. It was easier to walk into CEO's office and say look, we have to buy this to meet some kind of a political, compliance, Board issue. Than it was to say this will make us better. Better is a hard sell. So that, has to go to the head to pull the trigger to do some of that. >> You know, I think in this geopolitical environment it's look at the elections, look at all the rhetoric. It's just there is going to be more of that stuff. >> A lot's changed in crypto and its potential applications in security. More money poured into ICO's in the first half than venture backed crypto opportunities. >> There are practical applications of blockchain technology all across the board, right, but as you mentioned is fundamentally built on pathology. On core gut security work and making a community of people decide whether something's authentic or not. It's a game changer, as far what what we could do from a platform standpoint to secure our financial systems and short answer it's volatile. As you saw with the fluctuation of Bitcoin and then the currency of Bitcoin, how it's gone up and down. It's quite volatile right now because there's a lot of risk So I say what's the next Bitcoin in six months or eighteen months and what's going to happen to the old Bitcoin and then all the money that into there, where is that going to go? So that's a discuss the pivot point I think for the financial services industry and more and more their larger institutions are just trying to get involved with that whole network of blockchain. >> Crypto currencies really interesting. In some ways it's the fuel that's funding the cyber security ransomeware. I mean it's one of the easiest ways to send money and be completely anonymous. If you didn't have crypto currency, how would you pay for ransomware? You give them your checking account? You deposit into their checking account? So, I think that you're seeing a big surge of it but if you look at the history of money or even checks, checks were developed by company called Deluxe here in the United States 104 years ago. They're a customer of ours, that's why I know this, but the basis of it is that somebody, a real institution with bricks and mortar and people in suits is backing that check, or that currency. Who's backing crypto currency today? So you have, by nature, you have this element of volatility and I don't know if it's going to make it or it's not going to make it. But inevitably has to cross from a purely electronic crypto form to some element of a note or a tender that I can take from that world and get backing on it. >> That's kind of what Warren Buffet has said about it. I mean I would respond that it's the community, whatever that means, that's backing it. I mean, what backs the greenback, it's the US Government and the US military. It's an interesting. >> Right like, at the end of the day I would still rather take a US dollar than even a Canadian dollar or a UK dollar. >> Gentlemen thanks for being with us. >> Great to see you. >> Thank you for the coffee mug. >> This is incredible. >> There's actually stuff in it too so be careful. >> I drank it is that okay? >> Can I go to the hospital. >> Atif, thanks for the time and Robert good luck with that new dog. (all laughing) >> Don't tell my wife I got rid of her dog. >> In time. >> In time. All things a time, theCUBE continues live here Washington DC at .conf2017 right after this.