>> Narrator: From downtown San Francisco, it's theCUBE, covering RSA North America 2018. >> And welcome back everybody, Jeff Frick here with theCUBE. We're at the RSA Conference in San Francisco, it's 40 thousand plus people talking security, really one of the biggest conferences in San Francisco, and security continues to be an ever increasing and important topic, and more and more complex and complicated and multifaceted. We're excited to have really an innovator who just recently sold his company to Sumo Logic, he's Dave Frampton, VP of security solutions now at Sumo Logic. Dave, great to see you. >> Dave: Good to be here. >> So you guys were relatively a relatively small team working on a very specific piece of this giant pie. So, tell us a little bit about what you're doing and what attracted Sumo Logic to you. >> FactorChain, acquired by Sumo Logic in Q4 of last year was focused on building an investigation platform to really help security analysts very quickly and completely identify, for an individual threat or alert of which they get an avalanche every day, what happened, where did it spread, and then what should be done about it, more importantly. >> It's funny 'cause we talk often, at all these conferences, right, everybody in the keynote will talk about it, "six months before you know you've been breached", or two years, or whatever the average, it changes all the time. But nobody ever really talks about once you've figured it out, then what? So that's really what you guys are about, the "then what?" So what are some of the things that people do wrongly, and what are some of the immediate triage and best practices that people should be aware of if they're not already? >> It's a great question, there's really a difficult work flow that exists when you start digging into one of these indicators of compromise or alerts, typically an analyst is trying to connect the dots across huge numbers of systems and huge data sets. They may have to go to five to ten different systems, run queries which take a long time to run and then take a long time to interpret, kind of stitch together the clues across all of them, and this process can often take 30 minutes, an hour, or even two hours against an inflow rate of hundreds of these per day. So there's sort of this expanding backlog of uninvestigated urgent threats. In many cases, people only get to about 10% of the most urgent threats or alerts that come in to their security operation center, or SOC. And FactorChain's innovation was to develop some new techniques to help human analysts quickly connect the dots across these huge data sets. Integrate a lot of those different systems, so you can go to one place, see huge, deep connections between data sets, and then kind of put it all together in a very concise work flow that helps you get through this process just a lot faster, a lot more skilled. >> So are you identifying patterns of past behavior, 'cause you have a database of how these things work, are you looking for consistency of behavior within one system in others, I mean, what are some of the, obviously you're not going to tell us your secret sauce, but what are some of the tricks and tips that enable you to speed up that process? It's scary to hear that they have hundreds of high priority that they can't get to. >> There's two main components of trying to accelerate this whole work flow. The first one is trying to help analysts very quickly get insight into how variables change in an environment. This investigation process is little bit like a game of whack-a-mole, you're following a particular user or particular machine, but then the name will change, and then there'll be another variable introduced but it will change four times, and you're left to try to figure out which one of these changes map to the original. This process just repeats over and over again. So part of our insight was to try to figure out how to chain, hence the name FactorChain, all of these variable changes together in a very, very concise way, so you can help the analyst find the right path through the data and ignore all the false trails, get back on the trail when they lose the trail. So it's really sort of a data navigation and insight, sort of the key core of FactorChain's innovation. >> So a big factor, shouldn't use that word again, but we'll use it again, factor happening today in the industry is everything going to cloud, right? A huge percentage of business going to cloud. AWS is up to 20 billion dollar run rate and Sumo is a big partner, and Microsoft and Google are trying to catch up from behind, and IBM's got a cloud. So cloud's a big thing and there's more and more cloud. Also, we're in this API economy now, so whether I want to use public data sets and inject those into my processes, or I've got partners that I'm, I'm connecting all these things via API's and I still have my on-prem stuff, or the stuff that just can't go to cloud or legacy for whatever reason. So the environment is becoming way more complex, the number of third party people that you're playing nice with is becoming much, much larger, and a lot of these connections are completely automated, right, when you look at ad tech and some of the financial trading systems. So how does that increasing complexity play into what you guys are doing? >> The migration to the cloud is putting enormous disruptive pressure on some of these traditional security processes. You think about, the old world involved a security operations center and a small team of analysts just going through this list of alerts that were sent in by their infrastructure. The cloud really challenges that in two fundamental ways. I think one of them you hit really well in your description of it, which is just the sheer surface area of possible attack has increased so dramatically. You hit all the key points, there's automated processes, there's a lot of customer facing and production security that didn't exist in the old worlds, so you have so many more ways for the attackers to get in. But importantly, there are new sources of information which are critical to actually orchestrating the defense, to figuring out what to pay attention to and how to pay attention to it. Application layer information is much more relevant in a cloud context. And you have a lot of the infrastructures being standardized underneath, but a lot of the interesting insight might be from the application. Is this a customer or is it a partner? Is it a sensitive piece of information or application, or not? There's all sorts of context which needs to be brought in to the forensic process to help the investigators really get to the bottom of what happened and where did it spread. There's also a need to collaborate across security and other functions in IT in a much more seamless, horizontal way. A typical example would be an analyst in the SOC might understand an awful lot about security forensics but may not really understand some of this application context or even how to interpret some of the application logs at all. So you really need a horizontal collaboration involving IT operations, you hear a lot about DevOps and sort of DevSecOps, you need a much more collaborative work flow, not just a common data set, which I think everybody recognized a few years back, but also common analytics and a common work flow, common tooling that they can collaborate in the same system on the same investigation. And so those are the ways in which the traditional security industry and the boundaries around its processes and its tools are really being challenged and disrupted by the migration to the cloud, and at Sumo Logic, this is sort of at the center of where we live. We live in a world where people are rapidly migrating to the cloud, looking for monitoring and troubleshooting and security analytics, functionality. As they do that, looking at modern applications and how their architectures are changing and what implications that has for security. So we have our sights squarely set on sort of creating that new model for that new cloud-oriented environment. >> Right, and then how much do you work with other applications, which I guess in the past may have been thought of as competitive, but when you're in an environment with all these integrated systems at a customer, and there's probably tremendous benefit to sharing some level of information in terms of the signature of threats and when threats are coming in. I'm sure there's ton of great data that, if shared across people on the good side of the fence, will probably be to the benefit of all. So has that been changing, is that evolving, how do you see kind of working with other apps within, let's just pick the AWS cloud for example, within a particular customer, whether it's AWS directly or other partners in the ecosystem? >> Right, well first, you hit it, I mean, this function of security operations has to be agnostic, right? You have to be open to ingesting context from whichever system and whichever vendor and whatever source it might come from. And so these ecosystems are really important, and integration so that you can quickly, not only take in information from third parties, but then quickly get trending and visualization and really bring insight to that data. And so to that end, Sumo Logic's a leader in the AWS ecosystem, we've been built from the ground up on AWS, and we have rich partnerships with the vast majority of the ecosystem of tools that surround the AWS environment. So we can bring that in and very quickly deliver insight, make correlations, figure out what you need to pay attention to, and then do this investigation work flow that we were talking about earlier. >> Alright, crazy times. So, 40 thousand people here, what are you looking forward to for the next couple of days here at RSAC? >> I think a couple of things. One is, I think everyone is focused, right now, on the upcoming deadline for GEPR, and sort of data protection, data privacy, how do we identify within our data what might be subject to some of these regulations and new compliance requirements, and then how many of those overlap. Though the best of intentions, it creates some dilemmas about how to approach problems, such as for example, right to be forgotten. And I think seeing the community come together and sort of in a live venue, which is really what the show is all about, and kind of discuss and debate those issues, I think that's one. Two is the center of what we've been talking about, is the impact of modern application architectures and cloud on some of these old, traditional security practices and models. And that's why we have a bigger presence this year at the show, because we think that's something that is going to change the way things have been done in the security industry, and we want to be a part of that conversation and obviously giving previews of our upcoming products that address some of those problems. Looking forward to a good week. >> Should be good of a week for you, be busy. >> Dave: Absolutely. >> Thanks for taking a few minutes, and again congratulations on the acquisition with Sumo, great marriage I'm sure, and look forward to following the story. >> Thanks so much. >> Alright, he's Dave Frampton, I'm Jeff Frick. You're watching theCUBE from RSAC 2018 San Francisco. Thanks for watching.

>> Narrator: Live from Las Vegas, it's the CUBE. Covering AWS re:Invent 2017, presented by AWS, Intel, and our ecosystem of partners. (the CUBE theme music) >> Hey, welcome back everyone. Here live in Las Vegas, the CUBE's coverage of Amazon re:Invent. It's 45,000 people, lot of action. Again, three days of wall-to-wall coverage. This is day two, trying not to lose my voice. I'm here with Justin Warren, my cohost this week, along with Stu Miniman, Keith Townsend, and a variety of other great, great hosts for the CUBE. Doing our share to get that data to you. Our next guest is Kalyan Ramanathan, who's the vice president in product market at SumoLogic, but also the author with a group of people from SumoLogic on a great report that they have out called Modern Applications in the Cloud, and he came and he took some time to come from his meetings to come on the CUBE to talk about it. Because we've been riffing on what is a modern application? What is a modern cloud? You know that Justin and I were talking about this renaissance in software development. Obviously, the cloud wars are happening. The water's being pulled out, that tsunami's coming. It's changing the face of startups, IT, and developers at the heart of the action, a new cultural renaissance. Welcome to the CUBE. >> Thank you very much. >> So, a little editorializing there, an opining. But we believe that we are seeing a C change, a renaissance in software. Because the things that are now possible, the creativity, the power of developers, the end-to-end visibility into services is just like putting a PowerPoint slide together, or LEGO blocks. It's just like, it's so easy, not. But I mean, it could be easy, it's easier. >> Kalyan: Absolutely. >> So modern applications are top of our mind, so everyone wants to be modern. They wanna be hip, they wanna be cool. But there's some serious work getting done right now in the cloud. And there's a shift of greatness coming. What does your report show? Because we wanna dig into it. What the hell is a modern application? Is Oracle a modern application? Do I buy Watson at IBM? I see that on TV a lot. What is a modern application? >> Yeah let me, thank you John. So let me start with a quick introduction about SumoLogic, so that I can set a context about this modern application report. So SumoLogic is a cloud-native machine data analytics service, and what we do is to help our customers manage the operations and security of their mission-critical applications, right? The end goal to our customers is that now they can deliver an application with very good security posture and with exceptionally good customer experience. Now, we've been in AWS for about seven years. We have about 1,600 customers under management today. So what we've been able to do in this modern application report is to fundamentally mine data from our customers in a very anonymous way and give insight into what typically makes up a modern application in the cloud, right? And when we talk about a modern application, and I typically see three characteristics to these modern applications. First and foremost, many of these applications are indeed architected or perhaps I should say even re-architected in public cloud environments like AWS or Azure or Google Cloud Platform. Secondly, many of these applications are built using DevOps and Agile-style practices, so the rate and speed of change in this application is completely off the charts. The third thing that we are starting to see a lot more of is that many of these applications are built using Microservices-style technology, so it's very easy to compose these applications. You can put them together very easily, you can make changes to these applications a lot. So that's our typical definition of a modern application. >> Okay, well, we heard Andrew Jassy, I think, one or two days ago, was talking about if I started AWS again from scratch, today I would be using serverless. So I wouldn't be deploying virtual machines, I wouldn't actually be using a lot of the AWS services that we have today. So what are you seeing in the momentum for how developers are using the different types of stack. We're seeing a lot of growth in NoSQL, we're seeing a lot of growth in serverless functions. If I were starting a modern application today, what would my stack look like? >> Yeah, I mean, that's at the heart of the report that we put together, right? The report actually provides an end-to-end application stack, starting all the way from the infrastructure layer to the applications and even perhaps the management and the security technologies that you may need to manage these modern applications well. So let's start off with the infrastructure layer, right? So what SumoLogic has identified in, anonymously again, mining our customer data is that, you know, on the infrastructure side, Linux rules. As a operating system, goes without saying, Linux is the dominant operating system in AWS and that is to be understood. But here's the other interesting data point. Linux is also getting significant foothold in the Azure world. And that is not commonplace knowledge today, right? I mean, you would expect that Windows is ruling the Azure world, but we are actually starting to see dramatic year over year growth in terms of Linux within the Azure world. Now, let's move up the stack, right? Let's go from the host and the operating system now to the container world. What we are starting to see is dramatic growth in container adoption within AWS. Last year, when we put out the first version of this report, we saw that 18% of our customers are using Docker within AWS. This year, we are seeing that one in four customers are actually using Docker within their environment. >> Node.js, we saw a New Relic kind of report too. They laid out a little bit different instrumentation of it, with what languages. Python and Node.js, certainly Node.js, really awesome for the cloud and you're seeing that continue to be great. How does that gonna fit into Azure, for instance? What are they doing in their clients? So we were talking about Azure, right? So you look at their numbers, right? Azure versus AWS OS adoption. Okay, Linux is moving up because they made that announcement. But people have been looking at Azure and confused by the Azure stack. It's almost like a black box. Here, Amazon lays it out very cleanly. How is the Azure stack piece impacted? >> Yeah I mean, Microsoft, they've historically been a much more of a closed ecosystem. But I think in the Azure world, we are definitely starting to see Microsoft open the kimono, in some sense, and start to adopt, not just opensource technologies, but also technologies that are not very core to the Microsoft stack itself. A lot of our customers who are using us in Azure today, are, as I mentioned, they're using Linux in a fairly significant way. We are also starting to see Azure functions being used in a significant way. In terms of the entire application stack, again, Azure has, while they are behind AWS in terms of the number of services, the richness of the services, we are starting to see them catch up in a very significant way. >> All right, here's a Here's a pointed question for you, it's a tough question, okay? Maybe tough to answer, maybe you know the answer. A lot of people will try to fake it until they make it. And you've heard that term around. You really can't fake being a modern application, so what do you see as ones that aren't making it, in terms of architecture and stacks? Maybe it's Legacy trying to bolt on a little bit of glam front end, Javascript, or Node. Where's the failure, or having one relational database, maybe Oracle and trying to blend that in? Is there a formula that you see that's not working? >> You know, I think the act of just putting on a shim around a Legacy technology and calling that modern, I think what we are starting to see more and more of, is that that can take you so far, but only so far, right? The underlying infrastructure technologies of today, especially containers and you guys heard Andy Jassy talk about Kubernetes today at his keynote. There are such technology advances that are so core to the architecture of the modern app that if you choose not to implement them and if you just put, in some sense, a lipstick on a pig and a tiny little shim on top of a Legacy application, >> Sprinkle a little bit of glitter on things, yeah. >> You're, can you get away with it for a year or so? Absolutely, but then you're talking about, you know, dealing with extreme scalability, high elasticity, security of the kind that is needed for most enterprises. That's where the Legacy technology and just a sprinkling of dust, as you described it, is going to fall apart. >> I love the top two data, two of the three top datas are NoSQL. Interesting you got MySQL, Redis, Mongo and PostgreSQL, and then Cassandra and then Redshift. Redis, really kicking ass at number two. >> Kalyan: Absolutely. That's surprising. I always loved Redis but that's moving up. That's ahead of Mongo. >> Yeah, absolutely. I mean, Redis has a huge following. It's a in-memory database, as you know. It also has a lot of shades of NoSQL. >> John: It's flexible. >> It's very flexible, absolutely. So I mean, the interesting data point in the database analysis that we did was that in the cloud world, NoSQL and SQL are pretty much head-to-head, right? So, I mean the way we think about it is, when you are re-architecting your applications to the cloud, it really gives you the opportunity to step back and say, what do I do with my data store? Does it have to be the Oracle of the past? Can I re-architect it for something that's more optimized for what I'm trying to do now? And that's where, I think NoSQL has really caught on. >> We, you know Justin, we were talking yesterday, and then Andy's keynote. I had one-on-one with him a week ago. It's good, some of my content made it into his keynote, because one of the things I've been banging on we talked about yesterday was, these modern databases, modern apps, could have multiple databases. And you, look at Redis, there's different use cases. DynamoDB is slow on lookups, I might wanna have a queue there. I might wanna tie it with Redis and a little bit of architectural shape. It's a whole new normal, it's not a one trick pony. >> Yeah, and Redis is really popular in the Kubernetes community, I know. So as we see Kubernetes growing, then I expect that the Redis growth will also follow that. >> The question is, this is what I've put, and he put inside his keynote was, the new modern app can have multiple databases. This is gonna have a huge impact. How does that impact this report? What do you see, because now it kinda changes the game? It's not one, I can't just throw MySQL at it, or Mongo. Used to be the old days, LAMP stack and say, okay, Mongo's awesome, I'm gonna build my app, but now I gotta integrate it with another app. >> Yeah, no, absolutely. I mean, we're seeing heterogeneity across the board, right? And that is part of the goal of a report like this, too. Right, I mean, we put this report out mostly focused on cloud architects, DevOps engineers, SRE engineers who are rethinking what it takes to run an application in the cloud, may it be AWS, Azure, et cetera. And we wanted to provide them a roadmap of what are their peers doing in this world. >> Well, we really appreciate you and SumoLogic doing a report. New Relic has one. We love these kind of reports and when they're this good, we like to talk about them. I know you're being really nice and you don't wanna lose customers by pissing off other cloud guys, because you're in Switzerland, you play with all of them. But there's really some interesting data here that points to who's leading and who's not, and then the stacks do matter. The developers are influencing IT decisions now. So knowing the stack, knowing your stack, what works for developers, super important. We're gonna keep track of it. We'll certainly invite you into our powwow out at the studios to do some check-ins on the report. Maybe do a deeper dive, appreciate it. >> Yeah, and all I'll say is this report is available on our website. It's, you know, you don't have to register, you get it. >> John: Free. Yeah, it's free. >> They don't even ask for an email address, which is great. (laughter) So thanks so much for SumoLogic. Thanks for coming on the CUBE and breaking down the report. More live coverage here from Las Vegas, from Amazon re:Invent, I'm John Furrier with Justin Warren. We'll be right back with more after this short break. (the CUBE theme music)

>> Narrator: Live from Las Vegas. It's The Cube, covering AWS re:Invent 2017, presented by AWS, Intel, and our ecosystem of partners. >> Hey, welcome back to The Cube, our continuous coverage of AWS 2017. AWS re:Invent, I should say. 42,000 people, a lot of them here in the room here. I'm Lisa Martin with my co-host Keith Townsend. We're excited to be joined by a Cube alumni extraordinaire, Ramin Sayar, CEO and president of Sumo Logic. Welcome back to The Cube. >> Great. Thanks for having me. It's good to be back. >> You guys have had a big announcement today with AWS. What does that mean? What's in there for your customers? >> Sure. Well, it's good to know that for over seven and a half years we've been close partners with AWS. So we've designed and co-designed over 100 services together with AWS. And today's announcements around GuardDuty in particular is taking all the basic compute, network, storage, persistent type of stuff and toolkits and paths to the next level because, as you've seen, security has always been an afterthought when it comes to workloads and data in the cloud. So we've been pushing Amazon in particular to really up their game on security and so we designed the GuardDuty service to really start to provide a lens into threat intelligence with respect to cloud data. >> Why do you think security still continues to be not as big of a focus? We hear different things, it's not as big of a concern for customers anymore, but that's not actually true. Why do you think that trend is out there? >> Well, I don't think it's about focus, it's about uncertainty, and I say that because a lot of the CISOs that we engage with consistently, who use our platform to get not only visibility to user behavior, or infrastructure, or the workloads, when they move from the traditional world to this new world of cloud, there's uncertainty about what to do. There's uncertainty about what services to use because a lot of the cloud providers until recently haven't had a lot of these capabilities provided. So, in our case, as an example, seven and a half years ago when we started, born and bred in the cloud, we built our whole PKI infrastructure. We built encryption in transit and at rest. So we had to build all that stuff ahead of what the platform like Amazon had provided. So we've been able to leverage all those experiences and extend the platform for not only cloud data, but on-prem data to provide that unified view. So the vantage point we have as a result is really be that trusted advisor for CISOs and to guide them toward things like CloudTrail, that's part of their announcement. Things like VPC flow logs, and what they should and should not do there. And so the announcement today is really more of a guidance for CISOs as well as developers and operations folks, to better understand what they need to do differently in the cloud, not just from the technology point of view, but also from a threat intelligence point of view. >> So let's talk a little bit about education, because this is I think an opportunity to educate a lot of the market. Amazon has always preached share responsibility. They take care of the locks, the guards, the physical data center, all the way up to the hypervisor. And the hypervisor is ironically becoming less important with today's announcements, however there seems to be some uncertainty still with clients as to where their responsibility starts. How do you guys help with that conversation of shared responsibility? >> Well it actually starts back to the point I just made. In a lot of cases, we've become the trusted advisor because we've had such a long history of building a mission-critical platform that's analyzing 100 plus petabytes of data every single day. And so we know what the struggles are to understand new services as they come out, whether it's Amazon or another cloud provider, and what the implications of those services are. So now back to the root of the question here, what we really try to do is assess the maturity of a lot of our customers. So we really understand, well what are you using today with respect to SaaS applications? How much of your data is inside your data centers versus potentially in a cloud platform like AWS? What types of cloud services are you using? That allows to kind of categorize the maturity, but also start to lay out prescriptive roadmap as to what new application data, new infrastructure data, as well as the potential vulnerabilities and risks associated with users or infrastructure that they need to be concerned with when they make that transition to the cloud, or migration, or build natively in the cloud. >> So how much concern is it out there over these new services like Lambda that are no longer associated with, we can't just put an IP address or a firewall and say okay, this host can't talk to this host. It's service and data-based. Services like AWS that we really can't control from an OS-perspective, how's that impacting the conversation? >> So that's actually an interesting aspect of what the ecosystem provides, right. We analyze a lot of those connectivity and transport aspects because we look at the pattern of those datas. And it's not just about what's running in AWS, what's important here is you have your CDN providers, you have your on-premise data centers, you have your Kolos, and from a security posture perspective, you need a holistic view. More and more customers are moving away from packaged, on-prem apps to SaaS, and so understanding what the implications are from a 360-degree view is what Sumo helps provide them to do. And more specifically, back to the announcement here, the role that we play is not only to be that advocate, but also the champion to AWS because we're bringing a lot of these customers through in this migration. So a good example, they mentioned a customer called Samsung and SmartThings. They're one of our large customers of an IoT use case. And they're pushing the boundaries on understanding how to start to compress and encrypt this data, but start to analyze it real-time across millions and millions of devices that need to come in to look at the fingerprints and patterns. Those are services not yet available in Amazon or GCP or at Azure yet. So we're helping with SmartThings for example go to these platform providers and start to design new services or design new capabilities of existing services. >> One of the things I wanted to ask is a lot of companies talk about CICD. Sumo Logic is talking about continuous intelligence and you said the world holistic a minute ago, what is continuous intelligence? What does it mean? How does it differentiate Sumo Logic? >> Yeah so our view of this is that unfortunately in the fragmented world we live in, and the complexity of all these point tools that address small aspects of different parts of your stack, your application stack, as well as the lifecycle, to your point around CICD. There's never been a comprehensive platform like Sumo that not only addresses the lifecycle, everything from your source code control system, to your continuous release and deployment, to your downstream monitoring, let alone everything from bare metal, on-prem, to containerized, to logic. So Sumo actually created this strategy about seven and a half years ago when we founded the company that we wanna be the full-stack vendor, we wanna be the full-stack data analytics for structured data as well as unstructured data. And so the relevance of continuous intelligence in that notion is we're not only providing full-stack or 360, but we're also providing mechanisms to look at fingerprints and patterns in that data to take a lot of the guesswork out that typically a CISO's team or developer needs to do during the deployment of an application, during the release of infrastructure, or God forbid, in the case that there's been a breach. So we help proactively address these issues because we use a lot of machine learning algorithms, we use a lot of pattern recognition to understand what's normal and abnormal and we surface that up into a very salient view in terms of dashboards and alerts. >> So what does this solution look and feel like? I think on the SaaS part of it, that's pretty straightforward, but in the hybrid cloud environment in which I have on-premises information data that I'm trying to protect, that's talking to these SaaS cloud components, whether it's Amazon services or anyone else, what does the on-prem part of that look like? >> So interesting enough, it doesn't look like anything different than what the off-prem would look like, or in the cloud, because for us it's just where the data resides that we're collecting from. So whether it's top-of-rack switch, to discreet hardware, to converged hardware, to your CDNs, to your SaaS apps, to your cloud infrastructure services, we collect, ingest, analyze all that data and start to separate the signal-to-noise and provide meaningful, digestible insights, and that's what we refer to as continuous intelligence. >> What are your thoughts about security being an enabler of digital transformation? >> What's interesting is we predicted this probably about almost two years ago now, where we said it's no longer about this DevOps, it's about the DevSecOps model, right. And it's not about the security team being in the back room, but in the front room, meaning that the security operations, the CISO, the security analysts needs to have a role in how these new architectures, new infrastructures are built and managed. And so what we see in a lot of organizations is whether those teams are merged or whether they're starting to work together, they need one single platform and that's why they choose Sumo. So you're seeing the formation informally of DevSecOps as well as formally of DevSecOps. And that's really providing the agility to be able to release applications faster, while also providing the security and credibility for making sure there's not a breach, a data breach or a user issue. >> So from a regulatory perspective, GDPR coming up quick, 2018 in May. A lot of customers are looking towards their security partners to help understand the data that they have on-premises, the data they have in the cloud, and get controls around that so they can avoid massive, 4% of their revenue fines, how does Sumo help with those accounts? >> Well back to your question just from right now, I think what's happening there is whether they're regulatory or industry-related standards, or security teams wanting to be more proactive, they're actually starting to be enablers for the business, surprisingly. And so what we're seeing in the case of GDPR is that's an accelerant to adopt cloud, because we actually isolate the data down into regions, and the way we've architected our platform from day one has always been a true, multi-tenant SaaS technology platform. And so there's not that worry about data resiliency and where it resides and how you get access to it because we've built all that out. And so when we go through all of our own attestations, whether it's SOC Type 1, Type 2, GDPR as an initiative, what we're doing for HIPAA, what we're doing for a plethora of other things, usually the CISO says "Ah, I get it, you're way more secure, now help me." "Because I don't want the folks in development or operations "to go amok, so to speak, I wanna be an enabler, "not Doctor No." >> So that relationship with the developer, how seamless is that? Are they changing their workflows from a development process? >> Absolutely, I think what's happening now is not only the formation of this DevSecOps model, you're starting to see the rationalization of tools to be able to support that. And so in a lot of cases, the CISOs are being pulled in because the business made the decision to move to the cloud. Now the CISO needs a new posture because of data access, data privacy, things like we just talked about, GDPR, and once they realize that Sumo can provide that lens and provide the analytics, but enable the developers to have the agility, they become our biggest advocate in a lot of these accounts. So they're the ones often times with initial budget, because there's a lot more budget typically for security, they'll bring Sumo Logic in, they deploy it, and then they extend it to other groups. I'll give you an example, we started with Pinterest. Pinterest had a PCI audit issue. They had a short window where they had to pass their auditor's requirements. They brought us in and in a span of a few weeks, we helped them get through that audit. They had the Sumo console and all the alerts, notifications up on the dashboard. The DevOps team got wind of it, six weeks later we did a multimillion-dollar, multi-year deal with them for their entire elastic displacement and their monitoring stack. That's all about the land and expand model that Sumo's been doing now for seven and a half years. And it's predicated on security being the champion, not always DevOps being the champion. >> Fantastic, so you guys have a booth here, we can see it right this direction. What are some of the cool things, last question, that people can see and learn coming to the Sumo booth here at AWS? >> So I think it's probably a bigger point that we're trying to illustrate here at the conference and just our point of view in general, I think the announcements that we all saw today with respect to what Jassy talked about, the ML toolkits, the things around Kubernetes, it's really about flexibility around choice. So what we're actually demoing here is our support for Kubernetes, and Docker containers, but it's all wrapped up into something even more intriguing here, and it's something that we look at as, something we refer to as, the analytics economy. All this technology, all this power that's being delivered and announced today, is empowering a slew of new use cases that have not been yet addressed. And so we feel like we're the forerunner in that in helping design things with GuardDuty for example, but it's not just about things that are running in AWS. I know we're at this event, but customers want choice. That's why Docker, that's why Kubernetes, that's why multi-cloud is important. So what they'll find in our booth is not only the best platform for building, running, and securing modern apps on AWS, but also the ability to have that portability and flexibility to pulling in GCP, to Azure, to their own data centers, because that's the world we live in, the complex world. >> Wow, exciting, your passion and excitement for what you guys do and how you're really have successfully become a trusted advisor is very palpable. So we'll have to have you back on the show, 'cause there's clearly a lot more to talk about. Unfortunately we're out of time. I'm Lisa Martin, for Keith Townsend and Ramin Sayar, thank you so much for watching The Cube. Stick around, we're live on day two of AWS re:Invent 2017. We'll be right back. (electronic music)