(upbeat music) >> Hey everyone. And welcome to this CUBE Conversation which is part of the AWS startup showcase. Season two, episode four of our ongoing series. The theme of this episode is cybersecurity, detect and protect against threats. I'm your host, Lisa Martin, and I'm pleased to be joined by the founder and CEO of Hunters.AI, Uri May. Uri, welcome to theCUBE. It's great to have you here. >> Thank you, Lisa. It's great to be here. >> Tell me a little bit about your background and the founders story. This company was only founded in 2018, so you're quite young. But gimme that backstory about what you saw in the market that really determined, this is needed. >> Yeah, absolutely. So, I mean, I think the biggest thing for us was the understanding that significant things have happened in the cybersecurity landscape for customers and technology stayed the same. I mean, we tried on solving the same... We tried on solving a big problem with the same old tools when we actually noticed that the problem has changed significantly. And we saw that change happening in two different dimensions. The first is the types of attacks that we're defending against. A decade ago, we were mostly focused on these highly sophisticated nation state efforts that included unknown techniques and tactics and highly sophisticated kind of methods. Nowadays, we're talking a lot about cyber crime gangs, whoops of people that are financially motivated or using off the shelf tools, of the shelf malware, coordinating in the dark web, attacking for money and ransom basically, versus sophisticated intelligence kind of objectives. And in the same time of that happening, we also saw what we like to refer to as explosion of the securities stack. So some of our customers are using more than 60 or 70 different security tools that are generating sometimes tens of terabytes a day of flows. That explosion of data, together with a very persistent and consistent threat that is continuously affecting customers, create a very different environment, where you need to analyze a big variety of data and you need to constantly defend yourself against stuff that are happening all the time. And that was kind of like our wake moment when we understand that the tools that are out there now might have been the right tools a decade ago, they are probably not the right tools to solve the problem now. So yeah, I think that that was kind of what led us to Hunters. And in the same time, and I think that that's my personal kind of story behind it. We used to talk a lot about the fact that we want to solve a fundamental problem. And we, as part of the ideation around Hunters and us zooming in on exactly the areas that we want to focus on in security, we talked with a lot of CSOs, we talked with a lot of industry experts, everyone directed us to the security operation center. I mean the notion that there's a lot of tools and there's always going to be a lot of tools, but eventually decisions are being made by people that are running security operation center, that are actually acting as the first line of defense. And that's where you feel that the processes are woke. That's where you feel that that technology doesn't really meet the rabel, and the rabel doesn't really meet the hold. And for us, it was a very clear sign that this is where we need to focus on. And that set us on a journey to explore red hunting and then understand that we can solve something bigger than that. And then eventually get to where we are today, which is go to market around. So holistic a platform that can help SOC analysts doing the day to day job defending the organizations. >> So you saw back in 2018, probably even before that that the SIEM market was prime and right for disruption. And only in a four year time period, there's been some pretty significant milestones and accomplishment that the team at Hunters has made in that short timeframe. Talk to me about some of those big milestones that the company has reached in just four years. >> Yeah, I think that the biggest thing and I know that it's going to sound like a cliche, but we're actually believing that I think it's the team. I mean, we're able to go to an organization of around 150 employees. All over the world, the course, I think I mean the last time that I checked, like 15 countries. That's the most amazing feeling that you can have. That ability to attract people to a single mission from all over the world and to get them collaborate and do amazing things and achieve unbelievable accomplishment. I think that's the biggest thing. The other thing for us was customers. I mean, think about it like, SIEM it's such a central and critical system. So for us as a young startup from Tel Aviv to go out to Enterprise America and convince the biggest enterprise around the world to rip and replace the the existing solutions that are being built by the biggest software brands out there and install Hunters instead, that's a huge leap of trust, that we are very grateful for, and we're trying to handle with a lot of care and a lot of responsibility. And obviously, I think that other than that, is all of the investors that we were able to attract that basically enabled all of that customer acquisition and team building and product development. And we're very fortunate to work with the biggest names out there, both from a strategic perspective and also from tier one VCs from mainly from the U.S., but from all over the world, actually that are backing us. >> Great customers, solid foundation. Hunters is built for the clouds, is powered by Snowflake. This is AWS built. Talk to me about what's in it for me from an AWS customer perspective. What's that value in it for them? >> Yeah, so I think that the most important thing, in my opinion, at least, is the security value that you're getting from it. Other than the fact that Hunters is a multi-tenant SaaS application running in AWS, it's also a system that is highly tuned and specifically built to be very effective against detecting threats inside AWS environments. So we invested a lot of time in research, in analyzing the way attackers are operating inside cloud environments, specifically in AWS. And then we model these techniques and tactics and procedures into the system. We're leveraging data sets like AWS CloudRail and CloudWatch and VPC Flow Logs, obviously AWS GuardDuty which is an amazing detection system that AWS offer to its customer, and we're able to leverage it, correlate it with other signals. And at the same time, there's also the commercial aspect and the business aspect. I mean, we're allowing AWS customers to leverage the AWS credits to the marketplace to fund same projects like Hunters that comes with a lot of efficiencies also. And with a lot of additional capabilities like I mentioned earlier. >> So let's crack open Hunters.AI. What makes this approach different? You talked about the challenges that you guys saw in the market that were gaps there, and why technology needed to come in from a disruption standpoint. But describe the differentiators. When you're talking to perspective customers, what are those key differentiators that Hunters brings to the table? >> Yeah, absolutely. So we like to divide it into three main pillars. The first pillar is everything that we do with data, that is very different from our competitors. We believe that data should be completely liberated from the analytical layer. And that's why we're storing data in a dedicated data warehouse. Snowflake, as you mentioned earlier, is one of our go to data warehouses. And that give customers the ability to own their own data. So you as a customer can opt in into using Hunters on top of your Snowflake. It's not the only way. You can also get Snowflake bundled as part of that, your Hunter subscription, but for some customers that ability to reduce vendor lock risk on data on your own and also level security data for other kind of workflows is something that is really huge. So that's the first thing that is very different. The second thing is what we like to call security engineering as a service. So when you buy Hunters, you don't just buy a data platform. You actually buy a system, a SOC platform that is already populated with use cases. So what we are saying is that in today's world the threats that we're handling as a SOC, as security operations center professionals are actually shared by 80% of the customers out there. So 80% of the customers share around 80% of the threat. And what we're basically saying is let us as a vendor, solve the detection response around that 80%. So you as a customer could focus on the 20% that is unique to your environment. Then in a lot of cases generate 80% of the impact. So that means that you are getting a lot of rebuilt tools and detections, data modeling to your integrations, automatic investigations, scoring correlations. All of these things are being continuously deployed and delivered by us because we're multi tenant SaaS. And also allowing you again to get this effortless tail key kind of solution that is very different from your experience with your current SIEM tools that usually involves a lot of tuning, professional services, configuration, et cetera. And the last aspect of it, is everything that we're doing around automation. We're leveraging very unique graph technology and what we call automatic investigation enrichments that allows us to take all of these signals that we're extracting from all over the attacks, of say AWS included, but also the endpoint and the email and the network and IOT environments and whatever automatically investigate them, load them into a graph and then automatically correlate them to what we call stones, which are basically representation of incidents that are happening across your tax office. And that's a very unique capability that we bring into the table that demonstrates our focus on the analytical lens. So it's not just log aggregation, and querying and dashboarding kind of system. It's actually a security analytic system that is able to drive real insights on top of the data that you're plugging into it. >> So talk to me, Uri, when you're in customer conversations these days the market is there's so many dynamics and flux that customers are dealing with. Obviously, the threat landscape continues to expand and really become quite amorphous as that perimeter blends. What are some of the specific challenges that security operation center or SOC teams come to you saying, help us eliminate this. We have so many tools, we've probably got limited resources. What are those challenges and how does Hunters really wipe those off the plate? >> Yeah, so I think the first and foremost has to do with the second pillar that I mentioned earlier and that's security engineering. So for most security operations centers and most organizations around the world, the feeling is that they're kind of like stuck on this third wheel. They keep on buying tools and then implementing these tools and then writing rules and then generating noise and then fine tuning the rules. And then testing the rules and understanding that the fine tuning actually generated misdetections. And they're kind of like stuck on this vicious side. And no one can really help because a lot of the stuff that they're building, they're building it in their environment. And what we're saying is that, let us do it for you. Well, that 80% that we've mentioned earlier and allows you to really focus on the stuff that you're doing and even offset your talent. So, we're not talking about really a talent reduction. Because everyone needs more talent in cybersecurity nowadays but we're talking a lot about offset. I mean, if we had a team of five people investing efforts in building walls, building automation, and now three or four of these people can go and do advanced investigations, instant response, threat hunting interval, that's meaningful. For a lot of SOCs, in a lot of cases that means either identifying and analyzing a threat in time or missing it. So, I mean, I think that that's the biggest thing. And the other thing has to do with the first thing that I mentioned earlier, and these are the data challenges. Data challenges in terms of cost, performance, the ability to absorb data sets that today's tools can't really support. I mean, for example, one of the biggest data sets that we're loading that is tremendously helpful is raw data for EDR products. Raw data for EDR products in large enterprises can get to 10, 15, 20 terabytes a day. In today's SIEMs and SOC platforms that the customers are using, this thing is just as prohibited from SOC. They can't really analyze it because it's so costly. So what we're saying is a lot of what we're seeing is a lot of customers, either not analyzing it at all, or saving it for a very little amount of time, account of days. Because they can't support the retention around it. So the ability to store huge data sets for longer period of time makes it something that a lot of big enterprises need. And to be honest, I think that in the next couple of years they would also be forced to have these kind of capabilities, even from a compliance perspective. >> So in terms of outcomes, I'm hearing reduction in costs really helping security teams utilize their resources, the ability to analyze growing volumes of data. That's only going to continue to increase as we know. Is there a customer story, Uri that you have that really, where the value proposition of Hunters really shines through? >> Yeah, I think that one thing comes to mind from those hospitality vertical and actually it's a reference customer. I mean, we can share the name. His name is booking.com. It's also publicly shown on our website. And they think the coolest thing that we were able to do with booking is give them that capability to stay up to date with the threats that they're facing. So it's not just that we saved a lot of efforts from them because we came with a lot of out of the box capabilities that they can use. We also kept them up to date with everything that they were facing. And there was a couple of cases, where we were able to detect threats that were very recently from threat perspective. Based on our ability to invest research time and efforts in everything that is going on in the ecosystem and the feedback that we got from the customer, and it's not a single of feedback. Like we're getting it a lot, is that, without you guys we wouldn't be able to do the effective research and then the implementation of this and the threat modeling and the implementation of these things in time. And walking with you kind of like made the difference between analyzing it and reacting in time and potentially blocking like a very serious bridge versus maybe finding out when it's too late. >> Huge impact there. And I'm kind of thinking, Hunters aim, might be one of the reasons that booking.com's tagline it's booking.com, booking.yeah. Yeah, we're secure. We know if we can demonstrate that to everyone that uses our service. I noticed kind of wrapping things up here, Uri. I noticed that back in I think it was January of 2022, Hunters raised about 60 million in series C. You talked about kind of being in the GTM phase, where are some of those strategic investments? What have you been doing, focusing on this year and what's to come as we round out 22? >> Yeah, absolutely. So, I mean, there's a lot of building going on. Yeah. Still, right. I mean, we're getting into that scale mode and scale phase but we're very much also building our capabilities, building our infrastructure, building our teams, building our business processes. So there's a lot of efforts going into that, but in the same time, I mean, we've being able to vary, to depending our relationship with DataBlitz which is a very important partner of us. And we got some big news coming up on that. And they were a strategic investor that participated in our series C. And in the same time we're walking in the air market which is a very interesting market for us. And we get a lot of support from one other strategic investor that joined the series C, Deutsche Telekom. And they are a huge provider in IT and security in email, other than doing a lot of other things and including T-systems and T-Mobile and everything that has to do with that. So we're getting a lot of support from them. And regardless, I think, and that ties back to what we've mentioned earlier, the ability for us to come to really big customers with the quality of investors that we have is a very important external validation. It's basically saying like this company is here to stay. We're aiming at disrupting the market. We're building something big. You can count on us by replacing this critical system that we're talking about. And sometimes it makes a difference, like sometimes for some of the customers, it means that this is something that I can rely on. Like it's not a startup that is going to be sold two months after I'm deploying it. And it's not a founder that is going to disappear on me. And for a lot of customers, these things happen, especially in an ecosystem like cybersecurity, that is so big with such a huge variety of different systems. So, yeah, I think that we're getting ready for that scale mode and hopefully it'll happen sooner than what we think. >> A lot of growth already as we mentioned in the beginning of the program. Since just 2018 it sounds like from a foundation perspective, you guys are strong, you're rocking away and ready to really take things into 2023 with such force. Uri, thank you so much for joining me on the program, talking about what Hunters.AI is up to and how you're different and why you're disrupting the SIEM market. We appreciate your insights and your time. >> Absolutely. Lisa, the pleasure was all mine. Thank you for having me. >> Likewise. For Uri May, I'm Lisa Martin. Thank you for watching our CUBE Conversation as part of the AWS startup showcase. Keep it right here for more actions on theCUBE, your leader in tech coverage. (upbeat music)

>> Announcer: Live from Las Vegas, it's theCUBE, covering AWS re:Invent 2019. Brought to you by Amazon Web Services and Intel along with its ecosystem partners. >> Welcome back to the eighth year of AWS re:Invent. It's 2019. There's over 60,000 in attendance. Seventh year of theCUBE. Wall-to-wall coverage, covering all the angles of this broad and massively-growing ecosystem. I am Stu Miniman. My co-host is Justin Warren, and one of our Cube alumni are back on the program. Ramin Sayar, who is the president and CEO of Sumo Logic. >> Stu: Booth always at the front of the expo hall. I think anybody that's come to this show has one of the Sumo-- >> Squishies. >> Stu: Squish dolls there. I remember a number of years you actually had live sumos-- >> Again this year. >> At the event, so you know, bring us, the sixth year you've been at the show, give us a little bit of the vibe and your experience so far. >> Yeah, I mean, naturally when you've been here so many times, it's interesting to be back, not only as a practitioner who's attended this many years ago, but now as a partner of AWS, and seeing not only our own community growth in terms of Sumo Logic, but also the community in general that we're here to see. You know, it's a good mix of practitioners and business folks from DevOps to security and much, much more, and as we were talking right before the show, the vendors here are so different now then it was three years go, let alone six years ago. So, it's nice to see. >> All right, a lot of news from Amazon. Anything specific jump out from you from their side, or I know Sumo Logic has had some announcements this week. >> Yeah, I mean, like, true to Amazon, there's always a lot of announcements, and, you know, what we see is customers need time to understand and digest that. There's a lot of confusion, but, you know, selfishly speaking from the Sumo side, you know, we continue to be a strong AWS partner. We announced another set of services along with AWS at this event. We've got some new competencies for container, because that's a big aspect of what customers are doing today with microservices, and obviously we announced some new capabilities around our security intelligence capabilities, specifically for CloudTrail, because that's becoming a really important aspect of a lot of customers maturation of cloud and also operating in the cloud in this new world. >> Justin: So walk us through what customers are using CloudTrail to do, and how the Sumo Logic connection to CloudTrail actually helps them with what they're trying to do. >> Well, first and foremost, it's important to understand what Sumo does and then the context of CloudTrail and other services. You know, we started roughly a decade ago with AWS, and we built and intelligence platform on top of AWS that allows us to deal with the vast amount of unstructured data in specific use cases. So one very common use case, very applicable to the users here, is around the DevOps teams. And so, the DevOps teams are having a much more complicated and difficult time today understanding, ascertaining, where trouble, where problems reside, and how to go troubleshoot those. It's not just about a siloed monitoring tool. That's just not enough. It doesn't the analytics or intelligence. It's about understanding all the data, from CloudTrail, from EC2, and non-AWS services, so you can appropriately understand these new modern apps that are dependent on these microservices and architectures, and what's really causing the performance issue, the availability issue, and, God forbid, a security or breach issue, and that's a unique thing that Sumo provides unlike others here. >> Justin: Yeah, now I believe you've actually extended the Sumo support beyond CloudTrail and into some of the Kubernetes services that Amazon offers like AKS, and you also, I believe it's ESC FireLens support? >> Ramin: Yeah, so, and that's just a continuation of a lot of stuff we've done with respect to our analytics platform, and, you know, we introduced some things earlier this year at re:Inforce with AWS as well so, around VPC Flow Logs and the like, and this is a continuation now for CloudTrail. And really what it helps our customers and end users do is better better and more proactively be able to detect potential issues, respond to those security issues, and more importantly, automate the resolution process, and that's what's really key for our users, because they're inundated with false positives all the time whether it's on the ops side let alone the security side. So Sumo Logic is very unique back to our value prop, but providing a horizontal platform across all these different use cases. One being ops, two being cybersecurity and threat, and three being line-of-business users who are trying to understand what their own users on their digital apps are doing with their services and how to better deliver value. >> Justin: Now, automation is so important when you've got this scope and scale of cloud and the pace of innovation that's happening with all the technology that's around us here at the show, so the automation side of things I think is a little bit underappreciated this year. We're talking about transformation and we're talking about AI and ML. I think, with the automation piece, is one thing that's a little bit underestimated from this year's show. What do you think about that? >> Yeah, I mean, our philosophy all along has been, you can't automate without AI and ML, and it's proven fact that, you know, by next year the machine data growth is going to be 16 zettabytes. By 2025, it's going to be 75 zettabytes of data. Okay, while that's really impressive in terms of volume of data, the challenge is, the tsunami of data that's being generated, how to go decipher what's an important aspect and what's not an important aspect, so you first have to understand from the streaming data services, how to be able to dynamically and schema on read, be able to analyze that data, and then be able to put in context to those use cases I talked about, and then to drive automation remediation, so it's a multifaceted problem that we've been solving for nearly a decade. In a given day, we're analyzing several hundred petabytes of data, right? And we're trying to distill it down to the most important aspects for you, for your particular role and your responsibility. >> Stu: Yeah, um, we've talked a lot about transformation at this show, and one of the big challenges for customers is, they're going through that application modernization journey. I wonder if you could bring us inside some of your customers, you know, where are they having success, where are some of the bottlenecks slowing them down from moving along on this transformation journey? >> Yeah, so, it's interesting because, whether you're a cloud-native company like Sumo Logic or you're aspiring to be a cloud-native company or a cloud-first project going through migration, you have similar problems. It's now become a machine-scale problem, not a human-scale problem, back to the data growth, right? And so, some of our customers, regardless of their maturation, are really trying to understand, you know, as they embark on these digital transformations, how do they solve, what we call, the intelligence gap? And that is, because there's so much silos across the enterprise organizations today, across development, operations, IT, security, lines of business, in its context, in its completeness, it's creating more complexity for our customers. So, what Sumo tries to help solve, do, is, solve that intelligence gap in this new intelligence economy by providing an intelligence platform we call "continuous intelligence". So what do customers do? So, some of our customers use Sumo to monitor and troubleshoot their cloud workloads. So whether it's, you know, the Netflix team themselves, right, because they're born and bred in the cloud or it's Hudl, who's trying to provide, you know, analytics and intelligence for players and coaches, right, to insurance companies that are going through the migration journey to the cloud, Hartford Insurance, New York Life, to sports and media companies, Major League Baseball, with the whole cyber SOC, and what they're trying to do there on the backs of Sumo, to even trucking companies like Packard, who's trying to do driverless, autonomous cars. It doesn't matter what industry you're in, everyone is trying to do through the digital transformation or be disrupted. Everyone's trying to gain that intelligence or not just be left behind but be lapped, and so what Sumo really helps them do is provide one single intelligence platform across dev, sec, and ops, bringing these teams together to be able to collaborate much more efficiently and effectively through the true multi-tenant SaaS platform that we've optimized for 10 years on AWS. >> Justin: So we heard from Andy yesterday that one of the important ways to drive that transformational change is to actually have the top-down support for that. So you mentioned that you're able to provide that one layer across multiple different teams who traditionally haven't worked that well together, so what are you seeing with customers around, when they put in Sumo Logic, where does that transformational change come from? Are we seeing the top-down driven change? Is that were customers come from, or is it a little bit more bottom-up, were you have developers and operations and security all trying to work together, and then that bubbles up to the rest of the organization? >> Ramin: Well, it's interesting, it's both for us because a lot of times, it depends on the size of the organization, where the responsibilities reside, so naturally, in a larger enterprise where there's a lot of forces of mass because of the different siloed organizations, you have to, often times, start with the CISO, and we make sure the CISO is a transformation agent, and if they are the transformation agent, then we partner with them to really help get a handle and control on their cybersecurity and threat, and then he or she typically sponsors us into other parts of the line of business, the DevOps teams, like, for example, we've seen with Hartford Insurance, right, or that we saw with F5 Networks and many more. But then, there's a flip side of that where we actually start in, let's use another example, uh, you know, with, for example, Hearst Media, right. They actually started because they were doing a lift-and-shift to the cloud and their DevOps team, in one line of business, started with Sumo, and expanded the usage and growth. They migrated 32 applications over to AWS, and then suddenly the security teams got wind of it and then we went top-down. Great example of starting, you know, bottom-up in the case of Hearst or top-down in the case of other examples. So, the trick here is, as we look at embarking upon these journeys with our customers, we try to figure out which technology partners are they using. It's not only in the cloud provider, but it's also which traditional on-premise tools versus potentially cloud-native services and SaaS applications they're adopting. Second is, which sort of organizational models are they adopting? So, a lot of people talk about DevOps. They don't practice DevOps, and then you can understand that very quickly by asking them, "What tools are you using?" "Are you using GitHub, Jenkins, Artifactory?" "Are you using all these other tools, "and how are you actually getting visibility "into your pipeline, and is that actually speeding "the delivery of services and digital applications, "yes or no?" It's a very binary answer, and if they can't answer that, you know they're aspiring to be. So therefore, it's a consultative sale for us in that mode. If they're already embarking upon that, however, then we use a different approach, where we're trying to understand how they're challenged, what they're challenged with, and show other customers, and then it's really more of a partnership. Does that makes sense? >> Justin: Yeah, makes perfect sense to me. >> So, one of the debates we had coming into this show is, a lot of discussion at multicloud around the industry. Of course, Amazon doesn't talk specifically about multicloud all that well. If you look historically, attempts to manage lots of different environments under a single pane of glass, we always say, "pane is spelled P-I-A-N", when you try to do that. There's been great success. If you look at VMware in the data center, VMware didn't cover the entire environment, but vCenter was the center of your, you know, admin's world, and you would edge cases to manage some of the other environments here. Feels that AWS is extending their footprint with thing like Outposts and the environments, but there are lots of things that won't be on Amazon, whether it be a second cloud provider, my legacy data center pieces, or anything else there. Sounds like you touch many of the pieces, so I'm curious if you, just, weigh in on what you hear from customers, how they get their arms around the heterogeneous mess that IT traditionally is, and what we need to do as an industry to make things better. >> You know, for a long time, many companies have been bi-modal, and now they're tri-modal, right, meaning that, you know, they have their traditional and their new aspects of IT. Now they're tri-modal in the sense of, now they have a third leg of that complexity in stool, which is public cloud, and so, it's a reality regardless of Amazon or GCP or Azure, that customers want flexibility and choice, and if fact, we see that with our own data. Every year, as you guys well know, we put out an intelligence report that actually shows year-over-year, the adoption of not only various technologies, but adoption of technologies used across one cloud provider versus multicloud providers, and earlier this year in September when we put the new release of the report out, we saw that year-over-year, there was more than 2x growth in the user of Kubernetes in production, and it was almost three times growth year-over-year in use of Kubernetes across multiple cloud providers. That tells you something. That tells you that they don't want lock-in. That tells you that they also want choice. That tells you that they're trying to abstract away from the IaaS layer, infrastructure-as-a-service layer, so they have portability, so to speak, across different types of providers for the different types of workload needs as well as the data sovereignty needs they have to constantly manage because of regulatory requirements, compliance requirements and the like. And so, this is actually it benefits someone like Sumo to provide that agnostic platform to customers so they can have the choice, but also most importantly, the value, and this is something that we announced also at this event where we introduced editions to our Cloud Flex licensing model that allows you to not only address multi-tiers of data, but also allows you to have choice of where you run those workloads and have choice for different types of data for different types of use cases at different cost models. So again, delivering on that need for customers to have flexibility and choice, as well as, you know, the promise of options to move workloads from provider to provider without having to worry about the headache of compliance and audit and security requirements, 'cause that's what Sumo uniquely does versus point tools. >> Well, Ramin, I think that's a perfect point to end on. Thank you so much for joining us again. >> Thanks for having me. >> Stu: And looking forward to catching up with Sumo in the future. >> Great to be here. >> All right, we're at the midway point of three days, wall-to-wall coverage here in Las Vegas. AWS re:Invent 2019. He's Justin Warren, I'm Stu Miniman, and you're watching theCUBE. (upbeat music)

(techno music) >> Live from Barcelona, Spain, it's theCUBE. Covering Cisco Live! Europe. Brought to you by Cisco and it's ecosystem partners. >> Welcome back to theCUBE's exclusive coverage here at Barcelona, Spain of Cisco LIVE! Europe 2019. I'm John Furrier. Stu Miniman, and Dave Vellante here this week covering all the action in cloud, data center, multi-cloud. Our next is Jim Frey who's the Vice President's alliances at Kentik Technologies. Groundbreaking report that came of the Amazon Reinvent Conference. A lot of customers. Part of the multi-cloud discussion. Jim, great to see you, welcome to theCUBE. >> Thanks. It's Frye by the way. >> Frye. I'm sorry. >> Okay. No worries. No worries. >> Multi-cloud, your report has some interesting data. Talk about the survey, the results. What is is telling us? >> Yeah, we've been working hard at Kentik on extending our solution to start covering the cloud, multi-cloud server hybrid environments. And so we were at the AWS re:Invent show and we decided to take the opportunity to talk to some of the attendees and just sort of get their view of what some of the challenges are. So we talked to a little over 300 of em and we asked them a few questions not a, you know, rigorous thing, you're doing it on the show floor, right? But we found some really interesting things out of that. So the first thing is is that it really is a multi-cloud world already. More so even in hybrid. And so we had nearly 60 percent. 58 percent of the people who we talked to had more than just one of the cloud in play. They almost all had AWS of course cause it was an AWS event, but not all, of which is really interesting. But, you know, they either had AWS plus Google or plus Azure or plus some other cloud. More so than even hybrid. And so we also asked, are you using AWS in conjunction with you know, your own private data center or a third party host to go low center. Only 33 percent were doing that. So, we were surprised. And the reason that that is really significant is monitoring in management of these environments is much more complex in a, well. It's complex in a hybrid environment. It's even more complex in a multi-cloud environment. So it sounds like there's some real need for some help there. >> What are the challenges and what are the some of the complexities? What are the challenges in the monitoring? >> Well, so that was the next question. What's the key challenge, ya know? And usually whenever you ask someone about the challenges, the number one answer is always, oh, security is my biggest concern. That did not turn out to be the case here. The biggest overriding concern across all the different sort of levels of people we talked to was actually cost management. And cost management is, it was a bit surprising. You know, but, usually, you hear security, security, security and then something else. This was cost management either number one or number two. And number one for most of the constituencies. And in some of the subgroups, like VP level, SVP level, architect level, it was overwhelmingly the first choice. 40 and 50 percent of them are saying yeah, cost control is their biggest issue. Even ahead of other things like performance, like visibility, like actual, you know, control of the environment. You know, its cost was really the biggest concern. That's the big issue. >> Jim, something we've been tracking especially at shows like this, at the Cisco show is the challenges I used to understand kind of the stuff I had in my data center. I could get my arms around it. I might not love the management tools that I have. I might complain about some of the cost. But, it's all very well understand. It's bought most of the cap and freight. When you get to the public cloud, like totally understand what you are saying. multi-cloud. Now I've got all these different pieces and how will I have them defined. There's different skill sets between them. >> Right >> And when it comes to cost, right, the big unknown is oh wait, am I getting surprised by what happens, in that environment and across all them, I mean, I've talked to plenty of companies that will dedicate an engineering resource just to manage cloud or >> Right. >> I have many friends in the industry that are helping you know, cost optimization is something that is, you know, software consulting, there's huge business in that because we're still early in this getting to the steady stage. Help us connect the dots. Where does Kentik play into this then. So you talk to all these customers. >> Thank you. Our viewpoint is network and we're trying to give a viewpoint of what's happening in this environment by watching the network. And that's always super valueable because it helps you localize where things are, you know, what activity's happening and it helps you see, you know, which workloads are talking to which workloads. And that reveals sometimes things you don't expect. And this is where the cost control come in because you know, the cloud environment, you have to pay for certain network traffic. Especially between availability zones or when you're shipping it out of the cloud back to your other, you know, your home environment. And we have talked to a lot of customers who have said, hey, end of the month comes around, I get my bill and there's this big number there for data, you know, transfer. I don't know what drove that. And why am I being surprised time and time again by this. Well then there were viewpoints really awesome for seeing that. And if you can do it with a monitoring system that's watching for that all the time, the good news is that you can catch it, figure it out if it's real or not, needed or not, and fix it before 20 days later you get a big, fat bill. >> What does fixing it mean, does it mean like keeping it contained in the cloud, or on frame, or managing what's moving around? >> Could be combination of things, one of the things that we've seen in some of our earlier deployments are someone moved a workload into a different availability zone. Well, there was an application dependency they didn't recognize. And, you know, that workload was talking to, you know, home datacenter, or the another availability zone, and creating traffic across there and just running up the meter on the network costs. So if you can see that and it becomes very obvious to watch the traffic patterns. You can at least have someone go say, Hmm, okay, that's a surprise. They had a big rise to my zone to zone traffic or my, you know, cloud to home traffic. Let's just take a look to who's driving that and whether something that should be or shouldn't be. >> One of the interesting trends we've been watching on scene with cloud and hybrid cloud is kind of the consumption and deployments of cloud and hybrid's interesting because hybrid's with a cloud operation on premise. Which is been slowest to deploy. WikiBound's done a lot of research on private cloud and why that's happening. But it seems that clouds sprawl on the public side has been there. So yeah, I've got some Amazon, easy to stand up. I've got some Azure and now Google. So it's probably easier to get stuff in the clouds and then now they've got repurpose on premise to kind of have this seamless cloud native environment and Cisco's announcements, et cetera, et cetera. >> Yeah >> So as that's happened, what have you guys learned and scene in terms of the customer behavior. They wake up obviously, the bills are higher, so makes sense that the cloud is higher than hybrid and the cost containment is a concern. How did they get there? What are you seeing? And what's the psychology the customer just share some insight into the customer behavior. >> Well. >> Oh shoot, I got to unwind this, do I double down? What's going on? >> I think it really depends a lot on what the projects are, what the objectives are and what the skillset is. But one of the things that we found in this survey is that, network viewpoint that helps you understand what's really happening in the production environment is often being underutilized or underappreciated in the cloud environments, in the cloud, you know, deployments in cloud infrastructure. So one of the things we asked about was, how many of you folks at this event are actually taking advantage of, for instance, VPC Flow Logs, which can tell you exactly what's happening with an AWS, and between the availability zones. And it was surprising, they've been around, VPC Flow Logs have been around for years as a technology and as an additional service available. But, only about a third of the response were actually using them. So they weren't taking advantage of this important insight and viewpoint ceilometery set. About a third kind of knew about em, but wasn't using em yet. And then another third didn't even know what they were. >> Yeah. >> So I think there's still some maturity happening some maturation happening in terms of understanding what can I do about this? How can I get ahead of this? What's at my disposal? So part of the challenge of course then is that I have that piece covered, but as you said now, how do I cover my home, you know, home front? And where do I find, you know, some sort of tools that can be put these things together so I can see it all as one. >> That's where you guys fit in. >> That's where we fit in, yeah. >> So let me get some anecdotes from you. One it's clear that's a, there's a pain point. Take the aspirin. Understand what's going on, contain the bills. Is, give a scenario of what they're doing to contain the, you mentioned a few of them, but also to give an example of where they're using the data to be proactive, so there's the vitamin side of it. The vitamin, aspirin, whatever metaphor. So, you know, I've got contain my cost, I get that. How are people using the data to be more proactive in either architecting or deploying? >> So I think the, I don't know that anyone's being proactive yet. That is certainly the promise and the opportunity. Most organizations are simply want to be more aware of what happened. Or more affectively reactive and you start there. And once you start to realize, hey, I can do this then you can start turning toward being more proactive. So, for instance our solution was built to allow you to trigger corrective actions back to the environment. We don't take the actions, but we can trigger the systems that would change configurations or change policy and then form those systems of, you know, what's happening and what sort of parameters can we recognize that indicated and issue? So we believe that in especially watching the change in patterns of activity, noticing the anomalies. Anomaly detection often times used around security use cases. We do that. But also, it should be applied to operational use cases. When does a new workload pop up or a new, you know, volume of traffic show up that they didn't expect? And if it's something that I recognize happens at a regular basis and I know the answer, let's automate the corrective response. So that's kind of our theory of provide you the understanding of what's happening then with the tools to trigger and automatic corrective action. >> Alright, so Jim, we're talking a lot about multi-cloud this week with Cisco. Of course, you know, Cisco dominant in the networking space. Really feeling out where they live in multi-cloud, how networking plays across all of them. What's the relationship between Kentik and Cisco? How does that work? >> Thanks, so we're a member of CSPP Program. We are a partner. We joined because we manage a lot of Cisco gear. (laugh) So, a lot of our customers have Cisco. A lot of our use cases, historically, have been at the edge of the network, in particular the service providers. So, those that are delivering internet services or using the internet to reach their customers in some way. So, what's really different about us is we do a really deep and detailed approach of integrating a path, BGP path data, PGP rev data and correlating that with the traffic. As well with other enhancements, and augmentations of the data that give business and service context to the network traffic. Makes it more actionable. >> Yes, and what are you doing in the container space? You mentioned edge computing got some interesting use cases maybe explain a little bit where you play there? >> So when I say edge, I'm saying internet edge, not EDGE computing, although we're fascinated by what EDGE computing represents and the new challenges that's going to bring. Now when it comes to containers, actually we're very fascinated working in that area too, because, Jon, as you mentioned, moving and implementation of new cloud workloads is cloud native, using Kubernetes, using things like Gist T O, you know, that changes the environment once again. So, we've actually built a connector into Kubernetes so that we can use that to pull service information, you know, in terms of what workloads, what containers are out there. What are they doing? What's there purpose? So when we show you activity map of, you know, site to site communications we can say, here are the actual, you know, services that are being, participating in this activity. Its G was another place where we're really interested in to look at the service mesh, you know, that's being set up to run and operate communication between containers. Cause that's a new sort of virtual cloud network. It's a way that these containers are communicating. and again, the more you understand about the communication patterns, the better you can recognize problems, the better you can balance and plan, the better you really get a handle on what's really happening. >> Jim, I want to get your thoughts on since you brought up edge of the internet, multi-cloud and hybrid cloud, data moves around, certainly brings up the question of which routes the packets are moving around? There's always been debates but SL lays around, you know, direct connection versus go through the internet? Is China looking at it? So, there's a security kind of concern. >> Yep. >> What's the trend that you're seeing with respect to say either direct connects, cause I'm a company that I have multiple clouds. I have the connections in there. I'm concerned about latency, certainly cost, you know, whether it's cat videos or whatever, or application too. It still costs money. >> Yep. >> So latency's important so each cloud is its own kind of latency issues. What have you seen? >> Well, getting to the cloud and then within the cloud. >> Yeah, exactly. So it's complicated. So, this is a new dynamic, but it's similar concept. Is there standard latencies? Is it getting better? What's the trend look like? >> That's a great question, and I honestly don't have a good answer for you. But I recognize and agree that those are common concerns that we hear. And the best thing at least for what Kentik is doing is to provide the means to measure and understand that. So you can compare what's working. You can, you know, document a baseline, your different options and your different paths, and recognize when there's a real problem occurring. When you start to see latencies spike to any particular cloud service or location or zone so that you can try and get on top of it and figure it. >> That's a classic case of evolution. Get it instrumented. >> Yeah. >> Get the providers, get better what there services. That's the out of, really out of your hands. >> Yeah. >> That's not really. Okay, so, getting back to the survey kind of wrap things up. Interesting it said Amazon the biggest cloud show Azure pops up on the list as pretty high. >> It sure does. >> Makes sense Microsoft's got great performance. I mean Azure's kind of like, they move a lot of stuff into Azure preexisting Microsoft stuff plus they're investing. What's the bottom line summary as you kind of, you know, the aroma of the rapport. What's coming out of the rapport? What's the key insights that you can glean out of this? >> So I think it indicates normal pattern of adoption, and sort of we're growing into this marketplace. It's evolving as we go, you know. We saw big early-end option hopping in like lift and ship approaches to just move stuff into the cloud. Throw it in the cloud. It's going to be cheaper. It doesn't turn out to be cheaper. It can be. Then you've got another, you know, set of organizations that are born in the cloud, right? And they've started out from the beginning. So those two early approaches are merging into how do we really use this as a true, strategic approach to I.T.? What are the real world complexities we're going to deal with? And how are we going to deal with those? It's really no different from the way that technology has evolved within traditional data centers. And why, the way virtualization came in and changed the way we build and architect datacenters. It's awesome. It's great. It save you money in one area, but then it created huge blindspots, cause you couldn't tell what was going on in those virtualization layers, so we had to adapt our operational monitoring, and operational practices to accommodate the new technology. I think we're going through the same thing now with cloud. People recognize that they don't necessarily want to be holded to a single cloud provider. They want alternatives. They want, you know, cost competitiveness. They want redundancy. And so multi-cloud, I think, is becoming more and more real in part because people don't want to put all of their eggs in that one basket. >> And cost certainly looks good on paper at the beginning. >> Yeah. >> But then as you said, there's side effects. It's a system so there's consequences to the system. >> Yes, absolutely. >> When you start growing or whatever. And that's just where people have to work it better. Right? >> Yep. >> That's pretty much the operational. >> I mean, let's apply the same rigor that we used to apply to traditional data center environments. And let's start embracing the cloud, right? >> So, Jim, you've talked about the multi-cloud bid. Why don't you put a fine point on it. There's a reason why you jump from being an analyst into the vendor world. Some people on the outside will be like, well, you know, cloud's been going on for ten years, seems we understand where this is going. But, tell us why, you know, now is so important for this multi-cloud environment and the opportunity that you see again. >> Sure. >> In this ecosystem. >> Kentik in particular what we're starting to hear, very loud and clear amongst the what. Our traditional an initial base of customers was facilities based, service providers and digital enterprise that managed big routed networks and needed to understand better control their relationship with the internet and delivery across the internet. There coming to us and saying, hey look. We're splitting. We're adding cloud workloads. So, we're moving our content that we're serving up into the cloud, you know, more and more of our systems are moving into the cloud and we rely on you for this visibility in our production environment. We need you to add this. So, we saw a demand from our customers to, you know, accommodate this and in parallel we're just really inspired by this next generation of cloud native application development. It seems to be starting to reach that point where's it's becoming reality and it's becoming mature, and it's becoming a reliable approach to I.T. That now's the time to really get serious about bringing these other best practices for the traditional world, and applying them there. >> And the survey data has created proved multi-cloud and hybrid all here, costs can run out of control. You've got to work. You've got to operationalize cloud. And same rigor. I love that. Great insights, Jim. Thanks for coming on theCUBE. Appreciate it. >> Sure. >> Live CUBE coverage here in Barcelona for Cisco Live! Europe 2019. It's theCUBE. Day three, or three days of coverage. We'll be back with more, after this short break. (techno music)

>> Live from Orlando, Florida, it's theCUBE, covering .conf 18. Brought to you by Splunk. >> We're back in Orlando, everybody, at Splunk .conf18, #splunkconf18. I'm Dave Vellante with my co-host Stu Miniman. You're watch theCUBE, the leader in live tech coverage. We like to go out to the events. We want to extract the signal from the noise. We've been documenting the ascendancy of Splunk for the last seven years, how Splunk really starts in IT operations and security, and now we hear today Splunk has aspirations to go into the line of business, but speaking of security, Gary Mikula is here. He's a senior director of cyber and information security at FINRA, and he's joined by Siddharta "Sid" Dadana, who's the director of information security engineering at FINRA. Gentlemen, welcome back to theCUBE, Gary, and Sid, first-timer, welcome on theCUBE. So, I want to start with FINRA. Why don't you explain, I mean, I think many people know what FINRA is, but explain what you guys do and, sort of, the importance of your mission. >> Sure, it's our main aspiration is to protect investors, and we do that in two ways. We actually monitor the brokers and dealers that do trades for people, but more importantly, and what precipitated our move to the Cloud was the enormous amount of data that we have to pull in daily. Every transaction on almost every US stock market has to be surveilled to ensure that people are acting properly, and we do that at the petabyte scale, and doing that with your own hardware became untenable, and so the ability to have elastic processing in the Cloud became very attractive. >> How much data are we talking about here? Is there any way you can, sort of, quantify that for us, or give us a mental picture? >> Yeah, so the example I use is, if you took every transaction that Visa has on a normal day, every Facebook like, every Facebook update, and if you took every Twitter tweet, you added them altogether, you multiplied it by 20, you would still not reach our peak on our peak day. >> (laughs) Hence, Splunk. And we'll talk about that but, Sid, what's your role, you got to architect all this stuff, the data pipeline, what do you... >> So, my role is basically to work with the webs teams, application teams to basically integrate security in the processes, how they roll out applications, how they look at data, how they use the same data that security uses for them to be able to leverage it for the webs and all the performances. >> So, your mission is to make sure security's not an afterthought, it's not a bolt-on, it's a fundamental part of the development process, so it's not thrown over the fence, "Hey, secure this application." It's built in, is that right? >> Yes. >> Okay. Gary, I wonder if you could talk about how security has changed over the last several years. You hear a lot that, well, all the spending historically has been on keeping the bad guys out the perimeter. As the perimeter disappears, things change, and the emphasis changes. Certainly, data is a bigger factor, analytics have come into play. From your perspective, what is the big change or the big changes in security? >> So, it's an interesting question. So I've been through several paradigm changes, and I don't think anyone has been as big as the move the Cloud, and... The Cloud offers so much opportunity from a cost perspective, from a processing perspective, but it also brings with it certain security concerns. And we're able to use tools like Splunk to be able to do surveillance on our AWS environments in order to give us the confidence to be able to use those services up there. And so, we now are actually looking at how we're going to secure individual AWS services before we use them, rather than looking to bring stovepipe solutions in, we're looking to leverage our AWS relationship to be able to leverage what they've built out of the box. >> Yeah, people oftentimes, Stu, talk about Cloud security like it's some binary thing. "Oh, I don't want to go the Cloud, because Cloud is dangerous" or "Cloud security is better". It's not that simple, is it? I mean, maybe the infrastructure. In fact, we heard the CIA, Stu and I were in D.C. in December, we heard the CIO of the CIA say, "The Cloud, its worse day is better than my client's server from a security perspective." But he's really talking about the infrastructure. There's so much more to security, right? >> Absolutely, and, so I agree that the Cloud gives the opportunity to be better than you are on PRAM. I think the way FINRA's rolled out, we've shown that we are more secure in the Cloud than we have been on traditional data centers, and it's because of our ability to actually monitor our whole AWS environment. Everything is API-based. We know exactly what everybody's doing. There's no shadow IT anymore, and those are all big positives. >> Yeah, I'm wondering how you've, what KPIs you look at when you look at your Splunk environment. What we hear from Splunk, you know, it's scalability, cost, performance, and then that management, the monitoring of the environment. How are they doing? How does that make your job easier? >> So, I think we still look at the same KPIs that Splunk advertises all the time, but some of the reasons, from our perspective, we kind of look at it in terms of, how much value can we give it to not just one part of the company, but how can we make it much more enhanceable part for everyone in the organization. So, the more we do that, I think that makes it a much better ROI for any organization to use a product like this one. >> You guys talk about the "shift left" movement. What is "shift left" and what is the relevance to security? >> Yeah so, "shift left" is a concept where, instead of looking at security as a bolt-on, or an add-on, or a separate entity, we're looking to leverage what are traditional DevOp tools, what are traditional SDLC pipeline roles, and we're looking at how we integrate security into that, and we use Splunk to be able to integrate collection of data into our CDCI pipelines, and it's all hands-off. So, somebody hits a button to deploy a new VPC and AWS, automatically things are monitored and into our enterprise search, I'm sorry, enterprise security SIM, and automatically being monitored. There's no hands-on that needs to be done. >> So, on a scale of one to five, thinking of a maturity model in terms of, in a DevOps context, five being, you know, the gold standard and one being you're just getting started. Where would you put FINRA on that spectrum, I mean, just subjectively? >> So, I'll never say that we're a five because I think there's always, >> You're never done. >> You're never done and there's always room for improvement, but I think we're at least a strong four. We've embraced those concepts, and we've put them into action. >> And so, I thought so, and I want to ask you from a skill standpoint how you got there. So, you've been around a long time. You had a Dev team and an Ops team before the term DevOps even came around, right? And we talk about this a lot, Stu. What did you do with the Ops guys and the Dev guys? Is it OpsDev or DevOps? Did you retrain them? Did you fire them all and hire new people? How did you go through that transition? >> Yep, that's a fair thing. I went to my CISO John Brady a couple of years ago and I told him that we were going to need to get these new skill sets in, and that I thought I had the right person in Sid to be able to head that up, and we brought in some new talent, but we also retrained the existing talent because these were really bright people, and they still had the security skills. And what Sid's been able to do is to embrace that and create a working relationship with the traditional DevOps teams so that we can integrate into their tools. >> So, it does include a little bit work even on our end to do where you kind of learn how the DevOps forces work, so you've got to do it on your own to first figure out things and then you can actually relate to the problems which they will go through and then you work through problems with them, rather than you designing up a solution and then just say, "Hey, go and implement it out." So, I think that kind of relationship has helped us and in the long run, we hope to do a bit better work. >> Yes, Sid, can you bring us in a little bit, when you look at your Splunk deployment, FINRA'S got a lot of applications, how do you get all those various applications in there? You know, Splunk talks about, you can get access to your data your way, do you find that to be the reality? >> Yes, to a certain extent, so... Let's take a step back here. So our design is much more hybrid-oriented. So, we use Splunk Cloud, but that's primarily for our indexers whereas we host our own sort of class receptor. All the data basically goes in from servers from AWS components, from on-prem, basically it flows into our Splunk Cloud indexers, and we use a role-based access management to actually give everyone access to whatever data they need to be looking at. >> Alright. The number of enhancements from 702, updates, the Cloud, Gar-Gar, is there anything that's jumped out that's going to architecturally help your team? >> So, I think one of the interesting things is the new data pipeline, and to be able to actually mangle that data before I get it into my Splunk indexers is going to be really really life-changing for us. One of the hard parts is that developers write code and they don't necessarily create logs that are event-driven. They don't have date-time stamps, they do dumps. So, I'm going to be able to actually massage that before it hits the indexers, and it's going to speed up our ability to be able to provide quick searches because the indexers won't be working on mangling that data. >> And how big of a deal is it for you? They announced yesterday the ability to scale storage and compute separately in a more granular fashion, is that a big deal for you? >> So, I actually, I remember speaking to Doug Merritt probably three years ago. >> You started this! (laughing) >> And I said, "Doug", I said, "I really think that's the direction that you need to go. You're going to have to separate those two, eventually, because we're doing a petabyte scale, we realized very early that that'd need to be done. And so, it's really really refreshing to see, because it's going to be transformative to be able to do compute-on-demand after that. Because now we can start looking at API brokers, and we can start looking at containers, and all those other things can be integrated into Splunk. >> Love having customers on like you guys, so knowledgeable. I have to ask, switch gears a little bit, I want to ask you about your security regime. We had a customer on yesterday, and it was the CISO who reported to him. He was the EVP, and he reported to the CIO. A lot of organizations say, "You know what? We want the CISO to be separate from the CIO. Cause it's like the, you know, the fox in the henhouse kind of thing. And we want that a little bit of tension in there." How do you guys approach it? What's the regime you have for... >> That is a fair question, and I've heard that from many other CISOs that have that same sort of complaint. And I think it's really organization-based. And I think, do you have the checks and balances in place? First of all, our CIO, Steve Randich, is extremely, he cares a lot about security, and he is very good at getting funding for us for initiatives to help secure the environment. But more importantly, our board of directors bring up security at every board event. They care about it, they know about it, and that permeates through the organization. So there's a checks and balances to make sure that we have the right security in place. And it's a working relationship, not adversarial at all, so, having our CISO John Brady report to Steve Randich, the CIO, has not been a hindrance. >> And I think that's a change in the last several years, because that regime that I described, which was, there was sort of a wave there, where that became common, and I think you just hit on it. When security became a board-level issue, and for every Fortune 1000, Global 2000 company, it's a board-level issue. They talk about it every board meeting. When that occurred, I think there was an epiphany of, "We need the CIO to actually be on this." And you want the CIO to be responsible for that. And the change was, it used to be, "Hey, if I fail, I get fired." And I think boards now realize that "failure" in security doesn't mean you got breached. >> Sure. >> You know. Breaches are going to happen. It's how you respond to them and, you know, how you react to them that is becoming more important. So there's much more transparency around security in our view. I wonder if you agree with that. >> I think there's transparency. And the other thing is is that you have to put the decision-making where it makes the most sense. Most of the security breaches that we're talking about are highly technical in nature, where a CIO is better able to evaluate some of those decisions, not all companies have a CEO that came from a technology train in order to be able to make those decisions. So, I think it makes more sense to have the CISO report to somebody in the technology world. >> Great, thank you for that. Now, the other question I have for you is, in terms of FINRA's experience with Splunk, did it start with SecOps and security, or was it, sort of, IT operations, or...? >> It did, it started with security. We were disenfranchised with traditional SIMs that were out there, and we decided to go with Splunk, and we made the decision that security was going to own it, but we wanted it to be a corporate asset from day one. And we worked our tails off to integrate, through brown bags, through training. So we permeated through the organization. And, on any given week, we pull about 35-40% of all of technology is using Splunk at FINRA. >> So, I'm curious as to, we heard some announcements today, I don't know if you saw them, about, you know, Splunk Next, building on that, Splunk for the line of business, the business flow, they did a nice demo there. Do you see, because security sort of was the starting point, and your mission was always to permeate the organization, do you see that continuing to other parts of the organization more aggressively now given this sort of democratization of data for the business lines, and... Will you guys be a part of that, directly? >> We hope so. We hope we are part of that change, too. I mean, the more we can use the same data for even business users that will help them, that would relieve a lot of, and they made this point again and again in the keynote, too, that, the It Ops and SecOps are already burdened enough. So, how do we make life easy for business users who actually leverage the same data? So we hope to be able to put these tools up and see if it can make any difference to business users. >> So, you guys have put a lot of emphasis on integrating with Splunk and AWS Cloud. You have a presentation later on today at .conf18 around the AWS Firehose that you have with Splunk. What's that all about? What's the AWS Firehose? How are you integrating it? Why is it important? >> So, it is streaming and it allows me to get information from AWS that's typically in something called the CloudWatch Logs, that is really difficult to be able to talk to. And I want to get it into the Splunk so I can get more value from it. And what I'm able to do is put something called a subscription filter on it, and flow that data directly into Splunk. So, Splunk worked with AWS to create this integration between the two tools, and we think we've taken it to a high level. We use it for Lambda, to grab those logs, we use it for VPC Flow Logs, we're using it for SaaS Providers, provide APIs into their data, we use it for that, and finally, we're going to be doing database activity monitoring, all leveraging this same technology. >> Love it, I mean, you guys are on the forefront of Cloud and Splunk integration, Cloud adoption, DevOps, you guys have always been great about sharing your knowledge, you know, with others, and we really appreciate you guys coming on theCUBE. Thank you. >> Thanks for having us. >> You're welcome. Alright, keep it right there, everybody. Stu and I will be back. You're watching theCUBE from .conf18, Splunk's big user conference. We'll be right back. (electronic music)