>>Welcome to the Cubes Coverage of Splunk.com 2021. My name is Dave Atlanta and the Cube has been covering.com events since 2012 and I've personally hosted many of them. And since that time we've seen the evolution of Splunk as a company and also the maturation in the way customers analyzed, protect and secure their organizations, data and applications. But the forced march to digital over the past 19 months has brought more rapid changes to sec UP teams than we've ever seen before. The adversary is capable. They're motivated and they're deploying very sophisticated techniques that have pressured security pros like never before. And with me to talk about these challenges and how Splunk is helping customers respond as jane wang is the vice president of security products that Splunk jane. Great to have you on the cube. Thanks for coming on. >>Very nice to meet you. Thank you for having me. >>You're very welcome. So how d how can you think about or how do you think about the fact that the imperative to accelerate digital transformation has impacted security teams? How has it impacted sec ops teams in your view? >>Yeah. Well, just going back to our customers and what I've learned from all the customer conversations I have every every week many of our customers are under a massive digital transformation. They're moving to the cloud and the cloud opens up more attack surface, more attack work surface, there's more threats that come over cloud, new workspaces to attack services, new api is to manage secure and protect and our customers are really struggling to gain the visibility they need to really manage and secure across all that infrastructure. >>Yeah. And we've also seen the whole, obviously the work from home trend, the hybrid work movement, you know, people aren't set up for that. I mean, you remember people were ripping out literally ripping out desktops and bringing them home and you know, the home network had to be upgraded. So lots of changes there. And we've we've talked a lot in the cube jane about the fragmentation of tooling and the lack of qualified talent when we talked to see. So as you ask him, the number one problem, I can't get, I can't hire enough talent in the field of of cybersecurity. So I wonder if you can address how this has made it more difficult for security teams to maintain end to end visibility across their environments. What's the fundamental challenge there? >>Yeah, well you're really you're really nailing this. The fundamental challenges that many security products are not built to integrate seamlessly with one another. When I'm talking to customers, their frontline security operations teams often have 30 different consoles open on their monitor at one time and there really manual disjointed processes, the copying and pasting hash names and iP addresses from one consults the other. It slows them down. It really slows them down in protecting those threats. So because those products aren't assigned to integrate together and all that data from each of those security tools isn't brought into one place. It just exacerbates the challenge for security operations seems makes their job really, really hard to do. Which takes time. It takes time. It makes it harder to detect and respond to threats quickly and today more than ever we need to be able to detect and respond to threats quickly. >>Yeah, I do a weekly program called Breaking Analysis and once a quarter I look at the cyberspace and I use a chart to emphasize this complexity. It's it's a from a company called operative, I don't know if you've ever seen it but it's this eye chart, it's this taxonomy of the security landscape and it's mind blowing how much complexity there is. So how to Splunk help organization organizations address these challenges. >>Yeah, so I think bringing, we have one security operations platform cloud native cloud delivered. There are many parts of being able to streamline workflows for when you're first detect a threat or a potential threat right through to when teams close and immediate that threatened the changes in their environment to ensure they're protected. So the whole thing is helping security teams detects faster, investigate faster and respond faster to threat. There are four parts to that in our security operations, platform Splunk security cloud. The first one is advanced security analytics. So the nature of threats is evolving. They're becoming more sophisticated. We have very smart, well funded Attackers whose day job who spend all their time trying to break into organizations. So you need really advanced security analytics to detect those threats, then we need to automate security operations so that it's not so manual, so you don't have poor folks sitting in front of multiple consoles doing manual tasks to respond to those threats and make sure their organizations are protected. One key thing is that this year Splunk acquired true Star so that we can bring in d do rationalize multiple sources of threat intelligence and apply that threat intelligence both to our analytics and our operations so that you have broader insights from the security community outside Splunk and that intelligence can really help and speed both detection and response. And the last thing that's been true about Splunk since spunk became Splunk many many years ago is that we are committed to partners and we deeply integrate with many other security tools uh in a very seamless way. So whatever investments customers have made within their security operations center, we will integrate and bring together those tools in one workspace. So there's the big advantages I think you get when, when you run your security operations said transplant security cloud, >>that's a nice little description. And having followed Splint for so many years, it's sort of, it tracks the progression of your ascendancy. You know, you started you you we we used to have log analytics that were just impossible. You sort of made that much easier took that to advanced kind of use big data techniques even though Splunk really never used that term. But but you were like the leader and big data um in terms of being able to analyze um uh data to help remediate issues. The automation key is p pieces key the acquisitions. You've made a very interesting um you mentioned around de doop threat intelligence but also you've done some cool stuff in the cloud and we always used to say jane watch for the ecosystem. We early too early, you know, last decade we saw you as a really hot company. We said one of the keys to your growth is going to be the ecosystem. And you've you've clearly made some progress there. I wonder if you could tell us more About the announcements that you're making here at.com. >>Yeah. Well we're going back everything that we do on the security team, every line of code every engineer writes is all around helping detect, investigate and respond faster to really secure organizations. So if I look at those intern I start with faster time to detect what have we done. So bringing in the threat intelligence that I mentioned again, that's really gonna help to take new threats and to take them really, really quickly. You don't have to spend time going and looking manually at external sources of threat intelligence. It will be brought right in to enterprise security at your fingertips. So that that's pretty huge. We're bringing other more advanced content right into our stem enterprise security. So that will help detect threats that our research team sees as emerging again. This is going to just bring bring that intelligence right to customers where they work every day, um faster time to investigate. So this is this is really exciting uh back in november we reduced and we are really something called risk based alerting. That is an amazing new capability that we've iterated on ever since. And we have more iterations that we're announcing um tomorrow actually. And so risk based alerting pulls together what may have been single atomic alerts that can often be overwhelming to a sock brings those together into one overarching alert that helps you see the whole pattern of an attack, the whole series of things that happened over time. That might be an attack on your organization. One customer told us that that reduced the time it took for them to do an investigation from eight hours down to 10 minutes to really helping faster time to investigate. And then the next one is faster time to respond. So we have a new visual playbook editor for our sore security orchestration and response to which is in the cloud but also available on prayer. But that new visual playbook editor really reduces the need for custom code. Makes playbooks more modular, so it can help anyone in the security operations team respond to threats really, really quickly. So faster time to detect, investigate and respond those are, those are really cool for us. And then there's some exciting partnerships that I want to talk about just to really focus on reducing the burden of all those disparate tools on consoles and bringing them down and and integrating them together. So we'll have some announcements. There are new integrations that we're releasing with Mandiant Aziz scalar and detects. I'm personally very excited about a fireside chat that Kevin Mandia, the Ceo and president of Mandiant, we'll be having tomorrow with our Ceo Doug merit. So those are some of the things we're announcing. It's a big year for security. Very excited >>to tell you that's, that's key. I want to just kind of go through and follow up on some of the faster time to detect with the threat intelligence. That's so important because we read about how long it takes sometimes for for organizations to even find out that somebody has infiltrated their environment. This risk based learning, it sounds like and you're so right, it's like paper cuts having a bottoms up analysis. It's almost overwhelming. You don't have a sense as to really where the focus should be. So if you can have more of a top down, hey start here and sort of bucket ties things. It's gonna, it's gonna accelerate and then the faster response time. The thing that strikes me jane with your visual playbook editor is as you well know, the the way in which bad guys get in now they're very stealthy, you almost have to be stealthy in your response. So if you have to write custom code that's going to alert the bad guys that they're they're seeing now seeing code that they've never seen before, they must have detected us and then they escalate, you know, they get you in a harder, tighter headlock. Uh and I love the partnerships, you know, we, we followed the trend toward remote security. Cloud security, where's the scale is a big player, Amanda you mentioned. So that's that's great too. I mean it feels like the puzzle pieces are coming together. It's it's almost like a game of constant, you know, you're never there but you've got to stay vigilant. >>I really think so today. I mean it's been a great 12 months that's blank. We have done so much over the past year leading up to this.com. I'm very excited to talk to folks about it. I think one thing I didn't really mention that I kind of touched on earlier in the talk that we're having was around cloud security monitoring. So holistic cloud security monitoring. We've got some updates there as well with deeper integrations into G C P A W S Azure, one dr SharePoint box net G drive. Like customers are using many, many cloud services today and they don't have a holistic view across all those services I speak to see so every week that tell me they just really need one view. Not to go into each of those cloud service providers or cloud services, one at a time to look at the security posture, they need that all in a central location. So we normalize, we ingest and normalize data from each of those cloud services so you can see threats consistently across each of them. I think that's really, really something different that Splunk is doing um that other security offerings are not doing. >>I think that's a super important point and I do hear that a lot from CsoS where they say look we have so many different environments, so many different tools and they each have their own little framework so we have to go in and and investigate and then come back out and then our teams have to go into a new sort of view and come back out and and they just run out of time and they just don't again, lack of lack of skills to actually do this, can't hire half fast enough, can't train fast enough. So so that higher level view but still the ability to drill down and understand what those root causes. That's it's a it's a it's a top down bottoms up type of approach and and so as opposed to just throwing grains of sand at the second teams and then hoping, you know, they find the pearl, so jane, I'll give you the last word, Maybe some final thoughts. >>No, I just wanted to thank everyone for listening. I want to thank everyone for joining dot com 21. We're very excited to hear from you and speak with you. So thank you very much. >>Excellent. Great having you in the cube, keep it right there, everybody for more coverage of the cube. Splunk dot com 21. We'll be right back, >>Yeah.

>>Hello, and welcome back to the cubes coverage of.com. Splunk's annual conference is virtual this year. I'm John furrier, host of the cube and a very special guest Sean vice president of product and technology cube, alumni, Sean, great to see you. Thanks for coming on the cube and chatting with us. Thanks. It's great to be here. It's been a while since we chatted, you were at AWS. Now it's Splunk heading up the entire products and technology group here, um, which we've been covering sponsors 2012. So we kinda know a lot about what's going on and, and followed your career. Um, your keynote, we kind of went into this cloud vision is hitting Splunk with the data because the cloud scale, which you know a lot about and data is now taking Splunk to a whole nother level. And that's the big theme you observability multi-cloud and security excuse has been for one there for a while. What's your, what's your assessment. >>Yeah, I mean, you know, uh, you and I have talked a number of times before, and what I found is that, you know, there's a lot of companies through this pandemic that, you know, some are thriving and some are not. And the ones that are really thriving, they have this strong data foundation. Like when you, when you talk to them, they're not stuck. Like they're there. When they talk about scaling or adding capacity or building new co uh, uh, customer experiences, they can, uh, their data platform allows that to happen. But the ones that are are stuck, you know, they just can't, they can't, they can't get to the data. They can't ask those questions that they otherwise, you know, love too. So that's, you know, I think Splunk is right in the middle of that. And that's the fun part of it. >>Yeah. You told me you have the strong foundation when thinking about Splunk is every inflection point in the industry. Over the past decade, you see Splunk do something new operationalized data, do something new, operationalize it. We saw security, I think around 2015, come on the radar at.com. And then since then a whole nother level of data, you've got edge. You have now cybersecurity, even, even more advanced than ever before. And then enterprise is just trying to develop modern applications. So you have this whole rapid scale of CICB pipeline, modern applications and the role of data. Isn't just storing it and managing it. It's like making it addressable. This is like, uh, the, the new current phenomenon of cloud. >>I mean, I liked the way you just put it, it, it really, you know, making data addressable, we put it in terms of like turn data into doing so, you know, if you have data that you're storing it, oh, that's one thing. If you don't, you don't want to leave data behind because you don't know what question you may want to ask. And when, but to your point making it addressable is if you and I decided, Hey, we want to build a new customer experience where we're thinking about doing this thing, and we're going to have a million questions to ask that data is going to help you be, uh, to know whether what you're trying to do for your customers is right or wrong. So it is a, it's remarkable to see how many customers are in pursuit of really turning data into >>Doing so. We've got to you, we had the formula one team on here, McLaren, um, Zach brown. I got a little selfie with, uh, the drivers that kind of cool. My son loved it, but that's an IOT application in my mind, first, the coolest of the sports. Awesome. But like the car going in real time, you know, driving that, driving an advantage with data. So it's an IOT IOT. Then you got just the blocking and tackling >>Data warehouse in the cloud. And then you got companies who are trying to transform a data. So I have to ask you as customers out there, look at Splunk and look at the next level of their architecture with multicloud coming around the corner. How should they be thinking about data? Get the foundation with Splunk. What's the next chapter in your mind? I mean, you know, a lot of customers that I meet they're in multiple clouds. They're not just in one. It means they've got data in Amazon or Google or Azure. A lot of them still have data on prem, you know, but when I talk to customers, they don't say things to me like, Hey, I'm in different clouds, I'm on prem. Can you make sure I have different observability and security experiences for each one? Like they don't, they really, at the end of the day, they're like, look, I need a consistent observability experience, consistent security, regardless of where my data is. >>So what that means to Splunk is, you know, wherever your data is, we're going to be Splunk will just work that that's kinda, as you know, it's how we think about it. And speaking that I had dinner with Lando the other night and it was, I hadn't met Lando before, but man, what an awesome, awesome person. We were just kind of hanging out, talking about data and I ask, this is the kind of stuff you wouldn't normally get. I asked him like, Hey, if you could, if technology could do anything to help you win formula one races, what would it be? A totally open-ended question. And I wasn't sure how he was going to answer it, but he didn't pause this guy. Like you talk about, you think of these scenarios. He's very quickly. He's like, oh man, if we had data, could help me do this and this and this and this because in his business, a millisecond can be the difference between winning or losing a race. And for some of you like, oh, that can't be, but for him, that's how his mind works. So it's crazy to see how excited he was to use tech, to get to data, ask questions that can ultimately help them. >>What was the number one thing pitting the right time or tires? What was he, what did he come up there? He is. >>You know, I can't, unfortunately >>I don't want to put you on the spot. I will be. >>This is like, you know, I, I wouldn't, uh, that would put him in a bad spot, but I will tell you though, I mean, this guy is, and that whole team is really about using data to win. >>Well, you know, I was joking. Um, but these guys can, they came on. Cause you know, I'm a big fan, obviously with the Netflix special driving two survives the name of the title. They become hugely popular to a new fan base, especially techies. Um, I said, Hey, you're driving the advantage with data kind of my little, little comeback to that, but that's really kind of a real encapsulates a real world scenario. I mean, well, there are 10,000 people working on McLaren. You have the driver in the car, you have the car itself with all this instrumentation that kind of encapsulates the enterprise experience right now. They don't have the right app doing the right thing with customers. It could be the difference between having a successful digital transformation or not. So it's kind of like parallel. I mean, I know that's kind of the tie in with the, with the sponsorship, but that's the real world now. >>Yeah, it is. And I mean, if you think about it, there's two drivers per car, 10 teams. There's so many races, there's a tremendous amount of money that they're all spending. But you know, when, when your season is really composed of a certain number of races and you got millions of people tuning in you're right. There's hundreds of people working behind the seat. Could you imagine if they didn't use data and you're trying to, you're, you're trying to race and formula one against the best drivers and the best engineers in the world. I just, you know, it goes to show you're right. It is, it's a perfect example of them transforming as any other enterprise, basically using data to get an advantage. >>And just before we move on to the next topic, the e-sports thing is fascinating as well, because now they're taking this memento verse kind of vibe where they're moving people on the e-sports, where they're having the shadow competition. It's a very interesting kind of bringing the fan base in, but there's probably gonna be a lot of data involved in that as well. Maybe identify the next driver who knows, hopefully, you know, good stuff. So Sean, you're in charge of process technology. I have to ask you, um, as customers look at all the different solutions out there, I'll say multicloud check, you guys have a good vision on that. Like that observability. I mean, that's the fashion right now. Let's talk about observability that there's so many companies out there doing quote observability. How should customers think about what that means in context to the decision of they make everyone's coming into the, the CSO or the CIO saying, um, your observability solution? >>Yeah, I mean first, um, you know, what is observability? I always like to just sort of map it back to things we might understand. So back in the day, monitoring really was connect to a machine. It has a monolith app, you know this and you just try to debug this one thing. That's not the world we live in today. Today when you're building apps in the cloud, you're you, you have hundreds of these services behind the scenes. Like no one person can actually comprehend all of it. So now all of a sudden tools become, they really matter. And what I would say is from a Splunk perspective, when we talk to customers, it's not like one person there, one team is quote, you know, working and making the whole system work. Oftentimes you have different teams like network teams, app teams, security teams, and they all kind of need to work together in one way shape or another. But this is why, you know, when rebuild our systems, it's off of shared data so that, you know, if I'm an operator, you're an app developer. And if I need to work with you, at least I can share something with you in context. So we, we, while there are individual tools to do certain things, our mental model is that they all do work together. That's super, super important for any observability thing you're looking at. You just want to make sure that you can see things end to end. Otherwise you get in trouble >>Quick. You know, I'd love to get your perspective being new to Splunk as you come in and new, the industry obviously has experienced that in the cloud has been well documented, certainly in the cube. What's it like there because as you come in, it's not a utility anymore. It's not a tool anymore. It's a platform and it's getting bigger and growing. So you have probably a lot of things going on. So you walk in and you, you say, okay, let me see the price of technology. Were you blown away? What was your reaction? What can you share some, uh, color around what's uh, what was it like when you open up the doors of the kingdom of the product? >>Yeah. Well, I mean, these t-shirts are real men and there's like ponies running around this. The Splunkers love to have fun. And you know, before I came to Splunk, the one thing I noticed, anytime I asked my thoughts long, they were fired up. Like they were really, really excited about the tech, but when I got into it, the truth is, you know, you don't know what you don't know until you see it, but I was just done to, to then sort of connect the dots like wow. Splunk is in the core data plane of tens of thousands of enterprises all over the world, like the data plane for all of their architecture and applications. So with that becomes a great responsibility, as you could imagine, but it is not just a tool. It is something that customers like. I dunno, the university of Illinois, you know, with COVID, they'll they'll track, uh, they'll track 3.2 million saliva tests just for contract tracing and behind the scenes, they're using Splunk for a real thing. Or we've talked about F1 or you think of slack, like we're all kind of using slack. These days, slack is using, um, uh, Splunk to make sure that their environment of slackers and everything's building it's all secure. So th it's those stories that go on and on are just incredible. When you learn that, >>I started at Teresa Carlson yesterday, and we were talking about the growth opportunity and I spent speculating that, you know, my opinion, my opinion, that's looking, hang on the cube is that Splunk's that this new inflection point that another elbow, another kickoff, the growth, the way it's positioned. If you look at kind of where it's been, kind of where it's going with security now as a platform with the enterprises, how do you describe that growth in your mind? Because obviously this market's changing an edge real time. All these things are happening. What's, what's the, where's the growth going to be? >>Yeah, I think it's in the cloud. I mean, if you think of Splunk, I think the company is about 18, 19 years old. So its history is an almost 20 years of on-premise software. In some sense, you might go, Hey, is that a liability? But Rio, the reality is it's a strength because we're already part of these enterprise infrastructures and application stacks. And then when you now move that group to the cloud, and then you got all others coming to the cloud, that's where they're, I mean, it is just the tip of what is happening. So, you know, if I'm a customer and I moved to the cloud in the cloud, it's like, I don't have to really scale or size anything. Like it just works. And it, to me, it's just an end point and I load data. So in that context, the number of new use cases that customers are able to get after is actually pretty awesome. But really at the end of the day it's cloud. >>Well, great to have you on, I know you've got to go. Thanks for coming on the queue. One final question. What's your vision for the next year or two, what's your to do items. What's the message to the marketplace. >>You know, I'm, I'm thrilled to be here, but at the end of the day, you know, my message to the marketplaces, we're all excited to work with our customers to really help them have that strong foundation so they can turn data into doing and actually pull off these digital transformation. >>One final final question for the companies that get the cloud scale combined with putting data into action for the, for the value what's the result going to be is they can put more competitive advantage. Is it more agility? What do you see happening when you combine the cloud scale with a great data plane? >>Yeah, I think at the end of the day, these companies would tell you that they can move faster than ever before. They're more competitive there. They have confidence that their environments secure, they can build new customer experiences. And when you put all of that together, honestly, that is what these digital transformations are all >>Great to be in the product and technology business these days. Isn't it a lot of fun, a lot of action. Thanks for coming on the cube. Really appreciate it. Yeah, you bet. Good to be here. It's the cube coverage here, here at the live studio for Splunk studios, for their virtual events, the cube bring you all the action. I'm John for a, your host. Thanks for watching.

>>Well, hello everybody. I'm John Walls here with the cube, and we're very happy to continue our coverage here of a splunk.com 21. And today we're going to talk about cyber security. Uh, obviously everybody is well aware of a number of, uh, breaches that have happened around the globe, but you might say there's been a surge in trying to prevent those from happening down the road. And I'm going to let our guests explain that Ryan Covar, who is the security strategist at Splunk. Ryan. Good to see you with, uh, with us here on the cube. Glad you could join us today. >>Thank you very much. I've wished we could have been doing this in person, but such as the time of life we live. >>Yeah. We have learned to live on zoom that's for sure. And, uh, it's the next best thing to being there. So, uh, again, thanks for that. Um, well, let's talk about surge, if you will. Um, uh, I know obviously Splunk and data security go hand in hand that is a high priority with the, with the company, but now you have a new initiative that you're just now rolling out to take that to an even higher level. Tell us about that. >>Yeah, something I'm extremely excited to announce. Uh, it's the first time we're really talking about it is that.com 21, which is wonderful. And it's kind of the culmination of my seven years here at Splunk. Uh, before I came to Splunk, I did about 20 years of cyber security research and defense and nation state hunting and threat intelligence and policy and compliance, and just about everything, uh, public sector in the U S and the UK private sector, a couple of different places. So I've kind of been around the block. And one of the things I've found that I'm really passionate about is just being a network defender or a blue teamer. And a lot of my time here at Splunk has been around that. It's been speaking at conferences, doing research, um, coming up with ways to basically defend organizations, but the tools they have at hand and something that we say Alon is, uh, we, we work on the problems of today and tomorrow, not the distant future, right? >>The really practical things. And we had an, you know, there was a little bit of a thing called solar winds. You might've heard of it. Um, that happened earlier in December and we were able to stand up kind of on an ad hoc ragtag group of Splunkers around the world, uh, in a matter of hours. And we worked about 24 hours for panning over to Australia, into a Mia, and then back over to America and able to publish really helpful work to, for our customers to detect or defend or mitigate against what we knew at the time around solar winds, the attack. And then as time went on, we were continuing to write and create material, but we didn't have a group that was focused on it. We were all kind of chipping in after hours or, you know, deep deprecating, other bits of work. >>And I said, you know, we really need to focus on this. This is a big deal. And how can we actually surge up to meet these needs if you will, uh, the play on the punter. So we created an idea of a small team, a dedicated to current events and also doing security research around the problems that are facing around the world insecurity who use Splunk and maybe even those who don't. And that's where the idea of this team was formed. And we've been working all summer. We're releasing our first research project, excuse me, uh, at.com, which is around supply chain, compromise using jaw three Zeke and Splunk, uh, author by myself and primarily Marcus law era. And we have other research projects coming out every quarter, along with doing this work around, just helping people with any sort of immediate cybersecurity threat that we're able to assist with. >>So what are you hoping that security teams can get out of this work? Obviously you're investing a lot of resources and doing the research, I assume, diversifying, you know, the areas and to which you're, um, exploring, um, ultimately what would be the takeaway if I was on the other end, if I was on the client and what would you hope that I would be, uh, extracting from this work? >>Sure. We want to get you promoted. I mean, that's kind of the, the joke of it, but we, we talk a lot. I want to make everyone in the world who use a Splunk or cybersecurity, looked into their bosses and defend their company as fast and quickly as possible. So one of the big, mandates for my team is creating consumable, actionable work and research. So we, you know, we joke a lot that, you know, I have a pretty thick beard here. One might even call it a neck beard and a lot of people in our community, we create things for what I would call wizards, cybersecurity wizards, and we go to conferences and we talk from wizard to wizard, and we kind of sit on our ivory tower on stage and kind of proclaim out how to do things. And I've sat on the other side and sometimes those sound great, but they're not actually helping people with their job today. And so the takeaway for me, what I hope people are able to take away is we're here for you. We're here for the little guys, the network defenders, we're creating things that we're hoping you can immediately take home and implement and do and make better detections and really find the things that are immediate threats to your network and not necessarily having to, you know, create a whole new environment or apply magic. So >>Is there a difference then in terms of say enterprise threats, as opposed to, if I'm a small business or of a medium sized business, maybe I have four or 500 employees as opposed to four or 5,000 or 40,000. Um, what about, you know, finding that ground where you can address both of those levels of, of business and of concern, >>You know, 20 years ago or 10 years ago? I would've answered that question very differently and I fully acknowledge I have a bias in nation state threats. That's what I'm primarily trained in, however, in the last five years, uh, thanks or not. Thanks to ransomware. What we're seeing is the same threats that are affecting and impacting fortune 100 fortune 10 companies. The entire federal government of the United States are the exact same threats that are actually impacting and causing havoc on smaller organizations and businesses. So the reality is in today's threat landscape. I do believe actually the threat is the same to each, but it is not the same level of capabilities for a 100% or 500 person company to a company, the size of Splunk or a fortune 100 company. Um, and that's something that we are actually focusing on is how do we create things to help every size of that business, >>Giving me the tools, right, exactly. >>Which is giving you the power to fight that battle yourself as much as possible, because you may never be able to have the head count of a fortune 100 company, but thanks to the power of software and tools and things like the cloud, you might have some force multipliers that we're hoping to create for you in a much more package consumable method. >>Yeah. Let's go back to the research that you mentioned. Um, how did you pick the first topic? I mean, because this is your, your splash and, and I'm sure there was a lot of thought put into where do we want to dive in >>First? You know, I'd love to say there was a lot of thought put into it because it would make me sound smarter, but it was something we all just immediately knew was a gap. Um, you know, solar winds, which was a supply chain, compromise attack really revealed to many of us something that, um, you know, reporters had been talking about for years, but we never really saw come to fruition was a real actionable threat. And when we started looking at our library of offerings and what we could actually help customers with, I talked over 175 federal and private sector companies around the world in a month and a half after solar winds. And a lot of times the answer was, yeah, we can't really help you with this specific part of the problem. We can help you around all sorts of other places, but like, gosh, how do you actually detect this? >>And there's not a great answer. And that really bothered me. And to be perfectly honest, that was part of the reason that we founded the team. So it was a very obvious next step was, well, this is why we're creating the team. Then our first product should probably be around this problem. And then you say, okay, supply chain, that's really big. That's a huge chunk of work. So the first question is like, well, what can we actually affect change on without talking about things like quantum computing, right? Which are all things that are, you know, blockchain, quantum computing, these are all solutions that are actually possible to solve or mitigate supply chain compromise, but it's not happening today. And it sure as heck isn't even happening tomorrow. So how do we create something that's digestible today? And so what Marcus did, and one of his true skillsets is really refining the problem down, down, down, down. >>And where can we get to the point of, Hey, this is data that we think most organizations have a chance of collecting. These are methodologies that we think people can do and how can they actually implement them with success in their network. And then we test that and then we kind of keep doing a huge fan of the concept of OODA loop, orient, orient, observe, decide, and act. And we do that through our hypothesizing. We kind of keep looking at that and iterating over and over and over again, until we're able to come up with a solution that seems to be applicable for the personas that we're trying to help. And that's where we got out with this research of, Hey, collect network data, use a tool like Splunk and some of our built-in statistical analysis functions and come out the other side. And I'll be honest, we're not solving the problem. >>We're helping you with the problem. And I think that's a key differentiator of what we're saying is there is no silver bullet and frankly, anyone that tells you they can solve supply chain, uh, let me know, cause I want to join that hot new startup. Um, the reality is we can help you go from a field of haystacks to a single haystack and inside that single haystack, there's a needle, right? And there's actually a lot of value in that because before the PR problem was unapproachable, and now we've gotten it down to saying like, Hey, use your traditional tools, use your traditional analytic craft on a much smaller set of data where we've pretty much verified that there's something here, but look right here. And that's where we kind of focused. >>You talked about, you know, and we all know about the importance and really the emphasis that's put on data protection, right? Um, at the same time, can you use data to help you protect? I mean, is there information or insight that could be gleaned from, from data that whether it's behavior or whatever the case might be, that, that not only, uh, is something that you can operationalize and it's a good thing for your business, but you could also put it into practice in terms of your security practices to >>A hundred percent. The, the undervalued aspect of cybersecurity in my opinion, is elbow grease. Um, you can buy a lot of tools, uh, but the reality is to get value immediately. Usually the easiest place to start is just doing the hard detail oriented work. And so when you ask, is there data that can help you immediately data analytics? Actually, I go to, um, knowing what you have in your network, knowing what you have, that you're actually trying to protect asset and inventory, CMDB, things like this, which is not attractive. It's not something people want to talk about, but it's actually the basis of all good security. How do you possibly defend something if you don't know what you're defending and where it is. And something that we found in our research was in order to detect and find anomalous behavior of systems communicating outbound, um, it's too much. >>So what you have to do is limit the scope down to those critical assets that you're most concerned about and a perfect example of critical asset. And there's no, no shame or victim blaming here, put on solar winds. Uh, it's just that, that is an example of an appliance server that has massive impact on the organization as we saw in 2020. And how can you actually find that if you don't know where it is? So really that first step is taking the data that you already have and saying, let's find all the systems that we're trying to protect. And what's often known as a crown jewels approach, and then applying these advanced analytics on top of those crown jewel approaches to limit the data scope and really get it to just what you're trying to protect. And once you're positive that you have that fairly well defended, then you go out to the next tier and the next tier in next year. And that's a great approach, take things you're already doing today and applying them and getting better results tomorrow. >>No, before I let you go, um, I I'd like to just have you put a, uh, a bow on surge, if you will, on that package, why is this a big deal to you? It's been a long time in the making. I know you're very happy about the rollout of this week. Um, you know, what's the impact you want to have? Why is it important? >>We did a lot of literature review. I have a very analytical background. My time working at DARPA taught me a lot about doing research and development and on laying out the value of failure, um, and how much sometimes even failing as long as you talk about it and talk about your approach and methodology and share that is important. And the other part of this is I see a lot of work done by many other wonderful organizations, uh, but they're really solving for a problem further down the road or they're creating solutions that not everyone can implement. And so what I think is so important and what's different about our team is we're not only thinking differently, we're hiring differently. You know, we have people who have a threat intelligence background from the white house. We have another researcher who did 10 years at DARPA insecurity, research and development. >>Uh, we've recently hired a, a former journalist who she's made a career pivot into cybersecurity, and she's helping us really review the data and what people are facing and come up with a real connection to make sure we are tackling the right problems. And so to me, what I'm most excited about is we're not only trying to solve different problems. And I think what most of the world is looking at for cybersecurity research, we've staffed it to be different, think different and come up with things that are probably a little less, um, normal than everyone's seen before. And I'm excited about that. >>Well, and, and rightly so, uh, Ryan, thanks for the time, a pleasure to have you here on the cube and, uh, the information again, the initiative is Serge, check it out, uh, spunk very much active in the cyber security protection business. And so we have certainly appreciate that effort. Thank you, Ryan. >>Well, thank you very much, John. You bet Ryan, >>Covar joining us here on our cube coverage. We continue our coverage of.com for 21.

>>Hi, everyone. Welcome back to the cubes coverage of splunk.com, virtual 2021. I'm John Ford, your host of the cube. We're here with Teresa Carlson, special guests cube alumni. Who's now the president and chief growth officer of Splunk. Teresa, welcome back to the queue. >>So glad you're here with us >>As the president of Splunk. Great to see you. Great to see you. So we've had many conversations in the queue. When you were the chief of public sector of Amazon web services, you grew that business significantly over the years. We've documented on the cube and we've talked about I've written about it. Um, now Splunk, it feels a lot like AWS was back in LA a couple of years ago, where you have this amazing product everyone's using. They don't lose customers. They're getting customers they're in the middle of the security thing, which you know a lot about, and they have this large enterprise base growing. It's just a minute. Grazer leaning in Splunk is, seems to be going to the next level. >>Totally. Well, you nailed it. I would say we're definitely in a scale mode at this point at Splunk. And also to your point, our customers are so loyal to us and we're seeing actually customers with more than a million dollars doubling their spend almost with us. Uh, it's pretty cool. And now we have this cloud portfolio, which is one of my jobs, as you know, I love, I've got my cloud shirt on. I've been believer in cloud. I'm a real believer. You know, I saw the transformational effects of cloud in real time, over 11 years and bringing that here even more to utilize that in our security and observability spaces is quite phenomenal. And then you see again in a much more, uh, set of segmented workloads, how customers take advantage of this. And of course today, like no other John security is just top of mind. It's always been you and I talked earlier about how security kind of evolved over the years and public sector led some of that over time. And then commercial industry say, you know, wow, that today it's, I mean, it's more than top of mind for not just every enterprise organization and government entity, but it's also every board out there. It's something that we think about internal threat, external threat. How do we manage it? How do we get the data around it to understand it? And then how do we take action on it? >>I seen you up on stage as a senior leader here at Splunk, um, at the virtual venue at a great keynote was a lot of news. And we'll get into that in a second, but I want to ask you, knowing you personally and covering you over the years of Amazon web services, you've been a fierce competitor. Okay. But you also have been a great people, person, people loved working for you, Splunk, is it the same? We've been covering them just as long as we cover an ADFS. The culture seemed to fit because Splunk is kind of competitive, but they're kind of quiet, competitive culture. Yeah. Interesting. Tell us about, tell us about your experience. >>Well, and I think we can, yeah, we can do it in our own Spanky way. I'm learning new it's six minutes today that I've been as blind quiches and believable that I've been here this long already, but, uh, Splunk has a very quirky culture, which I led. They have a lot of fan. They have a big following and I'm so sorry that everyone couldn't attend in person, but the virtual social media feeds are off the charts. I mean, I'm just, I'm having so much fencing high already. They come together. It's a real community, but, uh, yeah, on the competition front, here's what reminds me so much about my old world is that I always love that when somebody wakes up and realizes that it's a huge industry and they want to participate. And that's kind of what happened when I was at AWS and now it's blank. >>I'm like, Hey, all these companies are waking up and saying, data's this real thing. It's like a $90 billion plus industry and growing, and then data with security. Hello, are you kidding me? So I feel like really that's kind of what's happened. And Splunk has such a unique set of tools and solutions that just work, they work. And that's what customers, I have heard that statement from customers and partners so much that it just works. And the other thing that's pretty unique about us, I would say John is our ability to navigate between an on-prem world and a cloud world in a unique set of areas like IOT, edge computing. So wherever customer's data is multiple clouds, we're able to take advantage of that for the customer. So they make the choice of where that data comes from and they use the splint tooling then to be able to get those insights and information >>Well, great to have you on the Cuban grid, that's swung to have you, and they're going to be lucky to have you going to do a lot stuff, knowing you and knowing the Splunk community and the team here. A great team. Now talking about the announcements, look at what's going on. Obviously security is still in everything. Yep. A couple of things, rebranding of the partner versus sends a huge message of the ecosystem. You know, that movie you've seen that movie before, um, digital journey for customer success. Again, they have tons of customers that have been with them from beginning and new customers, but they've got to go government action going on here. Whereas you know, a lot about the government logging in monetization program. >>Yeah. Well, as you know, the government, uh, you got 11, but they do continually come up with N fended mandates. And my government customers always have said, oh my gosh, I've got another unfunded mandate. So we're really helping them at that because yes, while it's infested in this budget this year, as it states, they know how important it is. And I do think this initiative is something that is going to have a waterfall effect into the commercial industries. Also just like a lot of these things do and around security, uh, but it's important that we help our government customer made as best as they can. So we've come up with, I think, a very unique offering that they can take advantage of for Splunk and we're going to be out there helping them every way. And, and hopefully John L also helped them learn more about cross governmental, what they're doing and how they can understand from their logs and metrics even more about how to protect. Yes. >>One of the things that we've talked about before in the past, but how cloud-scale, and as creates ecosystems, Amazon VMware, you seeing all these ecosystems that have been thriving for, for decades, Splunk has an ecosystem developing very, very fast. Their partners are, are loyal and they're making money with them. And they're being delivered solutions as data becomes the new enablement. How do you see the role of the partners that growing? How do you see them evolving over time? >>Well, let me just tell you, I'm, I'm a real believer in the partner community. I mean, firsthand over the years, my time at Microsoft at AWS, I saw it as an unbelievable force multiplier to your business. And I mean that, and they do things that you don't even think of. I, you know, I'm always amazed at partners. I'm like, oh, you're using the tool for that. Wow. So while we are broadly good, we're, we're very good at what we do, but we cannot understand every horizontal or vertical industry out there. And the reason it's important to have partners, they can take you to places that you never dreamed. And for us, if you look at the categories, we need our CSP or cloud service providers to be able to really help us make sure that we take advantage of the cloud platforms that are out there and our primary, we AWS, and then Google cloud. >>Uh, and then after that we work, we work with both those a migration. You saw Steve Schmidt today. Good friend of mine love Steve. And the work we're doing. And you saw, we were one of the first migration partners with AWS. You'll see us continue that program. We'll work together to continue to look for security services jointly that we can offer. And we're a customer of theirs. They're a customer of ours. It makes a good partnership. And then additionally, you have, uh, you have your MSPs, right? Your managed service providers. And today we talked about blue buoyant who had multiples, and these are partners out there that have a unique offering for me, generally managed security or observability in the marketplace. They take the Splunk toolkit, they add to it and they have it off, offered out to their customers. Um, and then you have your largest size like Accenture. I'm so excited about that. First of all, led Julie Sweet. She's an amazing CEO and leader. Uh, and w in what they're doing with this, they've been a long-standing partner of ours, but now they've actually made us part of their, one of their 11 business groups. So it's Accenture plus Splunk, and now they'll take us into all of their industries together. So it's huge. And, you know, >>Does that mean cause, cause this is a business deal. This isn't just like a, you know, some sort of deal where you guys saying we're going together. This is a specific division. >>That's right. That's right. So they have a leaven partners that they work with. AWS is one of them. SAP's one of them. Uh, IBM's one of them, Salesforce, I believe is one of them. And they have, they have experts at Accenture that can go into customers to implement tools and services for customers at the enterprise level. And so they have selected. Splunk is one of those business partners that you heard Paul today talk about. We already have 400 customers together and growing, we will expand that, but it's a joint effort of both go-to-market selling and technical resources that will deliver. But for Splunk, again, it's back to that horizontal and vertical slicing where they can take us into security practice that they have chosen. Splunk is one of their security offerings and it's important that we really support them. But also in the splint, a partner verse, we're going to do some new things. >>John, if I just first take and talk about it, we've had a great partner program, but now we're going to Korea's credits, uh, technology, architecture, tooling support, uh, getting in, you know, to certify themselves, to be pro serve ready for those migrations and modernizations. But also really what we heard from a lot of them is they need more training and education remaster to understand our new cloud offerings. And that makes sense. So it's more digital and more cloud oriented with these partners. And then guess what they would love for us to talk about how great they are and we should. So when we get them out there that helps our customers really understand the offerings they have in the marketplace >>At Brooke honeymoon was saying she didn't do a lot more listening and they're working on this next level partner verse. I found that really interesting, all sorts of Katie beyond key. I talked with she's the SVP of customer success, something you're I know you're obsessed about. You always work backwards from the customers as the AWS way. How do you view customer stuff? Because you have a lot of different customers, you have diverse customers. What's important. What are you going to keep Katie's on top of this, but what's your view. >>We ha we do have a lot of different customers. However, we have a concentration of the largest, most important and influential customers in the world. So our customer base is very large enterprise oriented, multiple departments within that enterprise take advantage of Splunk. We work with 90 to the 100 fortune 100 companies, and we've worked with them for a long time. And like I said, we're continuing to see them use more of splice, not less as blank. And the way that that happens is, and I hear from him, I sit and talk to him and they're like, now we're using Splunk in these multiple departments and we need to bring it all together at the enterprise level for the C-suite to look at it. Now, I know it sounds a little strange John, but that's changed a bit over the years. And that is because, you know, if you look at big spenders at an enterprise, he spends a lot of money because they need to at dev, you know, uh, security, right. Security infrastructure, and they need to monitor all that. They need to understand it, but guess what they want, understand it now at the corporate level. And they need it at the CIO, they need at the Cisco level for threat analysis. And then now boards want more and more that information they want to roll up of what's happening. So we're seeing a trend where the C-suite, the senior executives really are much more interested in Splunk. It used to be very departmental. >>I'll throw another wrench in the equation. There is one developers want shifting left. They want real time data security policy in the development, CDC at pipelining. So another problem. Yeah. >>Yeah. And developers lever tools. And again, they're, they're another unique group I should totally talk about. That takes your tools to another level and really fears that ways within their customer set to take advantage of the tooling. >>He's a great to see you. Congratulations on a new opportunity here. And the leadership at Splunk, um, really perfectly poised to take the growth of the cloud. That's. So I have to ask you, what's your mission? What's your mission for the next year as you come on? You're six months in what's the, >>Well, for us, here's blankets, continuing to scale, really listening to our customers and partners. It sounds, I don't want it to sound like a cliche. We really are spending time listening and working back, Sean and I are working. He's their president of technology products and technology. He and I are working very closely to look at features and functionality that we need to be talking about. Uh, it is about taking advantage of the partner community in a way to support them, to help again, get us into new areas of the business. And then lastly, continue to make sure that we have the training and education for customers directly because our tools and technologies are evolving. And if I've learned anything over the last 11 years is cloud is a step change for a lot of customers and they're still hybrid. So it's important that we meet them where they are, but help them get over that bridge so that they have that full digital journey. So that's what you're going to see me focused on. I'm super excited. >>I was talking with Claire, the CMO just before you leave, I want to get your reaction. This event went virtual the last minute. It became a studio here in Silicon valley. You're a media company now Splunk. Yeah. >>It's like it. I mean, it is amazing what we accomplished today. Uh, I, you know, I don't want to pre give numbers, but we had way, way over 20,000 today, online and, uh, growing. So the numbers we're still looking at, but it was unbelievable. And we had, I think we had had like 22,000 registered and we even got more. So people joined in, they stay, they watched the keynote, there were out narrow specialty sessions. And I all agree, like it was pretty cool. It was a step change because we were thinking about doing it in person. We took a pulse and we said, you know, we think we can actually do a better job this year because of COVID steel. If we do it all virtually and it turned out and we have you, so look at this, you're like, we have you here. And I love your cool backdrop here, John. Yeah. >>Well, you guys do a great job. You guys are a media company. Now you're telling your own stories direct. There's a lot of stories to tell. Thank you for coming on the cube. Great to see you >>Again. John's great to see you because the >>Cubes coverage here at.com 2021 virtual I'm John for your host of the cube. Thanks for watching.

>>Hello. Welcome back to the cubes coverage of splunk.com virtual this year. I'm John ferry, host of the cube. And one of the great reasons of great reasons of being on site with the team here is we have to bring remote guests in real guests from all no stories, too small. We bring people into the cube to have the right conversations. We've got Brooke Cunningham area, VP of global partner marketing experience. Brooke, welcome to the cube. Thanks for coming on. >>Hey, thank you, John. This is my sixth dot conflict, but this is actually my first time being on the cube. So I'm delighted. >>Great to have you on these new hybrid events. We can bring people in. You don't have to be here. All the execs are here, the partners are here. Great news is happening all around the world. You guys just announced a new partner program for the cloud called partner verse program. This is kind of, you know, mostly partner news is okay. Okay. Partner news partner ecosystem. But I think this is an important story because Splunk is kind of going to the next level of scale. That's to me is my observations walking away from the keynote, a lot of the partners, great technology, great platform, a lot of growth with cloud. We had formula one on you guys have a growing ecosystem. What is the new announcement partner versus about? >>Yes. Thanks, John. And you are spot on. We are growing for scale and Splunk's partner ecosystem is 2200 strong and we were so delighted to have so much partner success highlighted today on the keynotes. And specifically we have announced an all new spunk Splunk partner program called the Splunk partner verse. So we're taking it to new frontiers for our partners, really built for the cloud to help our partners lean into those cloud transformations with their customer. >>Great. Fro can you walk me through some of the numbers inside the numbers for a second? How many partners do you have and what is this program about specifically? >>Yeah, so 2200 partners that we featured some amazing stories in the keynotes today, around some of the momentum we have with partners like AWS, a center blue buoyant, a partner that just recently rearchitected all of their managed services from Splunk enterprise to Splunk cloud, because as they put it, Splunk is the only solution that can truly offer that hybrid solution for their customers. So all new goodness for our partners to help them lean in, to get enabled around all of the Splunk products, as well as to differentiate, differentiate their offerings with a new badging system. And we're going to help our partners really take that to the market by extending and expanding our marketing and creating an all new solutions catalog for our partners to differentiate themselves to their customers. >>You mentioned a couple things I want to double down on this badging thing, get in some of the nuances, but I want to just point out that, you know, and get your reaction to this when you see growth. And I saw this early on with AWS early on, when they performing, when you start to see the ecosystem grow like this, you start to see more enablement. You see more, money-making going on more, more, um, custom solutions, more agility you. So you started to see these things develop around you guys. So what does all this badging mean? How what's in it for me as a partner? Like how do I win on this? >>Yeah, great question. So first of all, John partner listening is a big part of what we do here at Splunk. And it's specifically a major part of what I do in my role. So we create a lot of forums to get that real deal partner feedback. What do they need to be successful with their customers? Especially as Splunk continues to expand our portfolio. And we heard some really clear feedback from our partners. Number one, they need more enablement faster, especially all those new products. They really want to get enabled around new product areas like observability, their customers are asking for it. They secondly told us that being able to differentiate themselves to customers was key. And that showing that they had core expertise around specific solution areas, types of services, as well as specializations. For example, some of our partners that are authorized learning partners, they really want it to be able to showcase these skills and differentiate that to their customers in the market. And it's not a role for us at Splunk to really help them do that. And so we took that feedback and really incorporated it into this new program, badging specifically will help to address some of those things I mentioned. So for example, a lot of badging around those use case areas, security, observability, AOD migrations, as well as specializations. Like I mentioned, for things like, uh, partners that are doing, uh, learning specific partners that are really helping us extend our reach in, in different international markets and so on. >>Okay. Let me just ask a question on the badge if you don't mind. Um, so you mentioned, you mentioned almost like you were going through like verticals is badging to be much more about discovery from a client customer, uh, end user customer standpoint. Are you looking to create kind of much more categorical differentiation is what's the, what, what's the purpose of the badge? Cause I noticed it was like different verticals. I heard security and >>Yeah, so I would say it's think of it as both. So for example, our partners go to market with us in many different ways. Some of them are selling servicing building. So there'll be partner motion badges to really differentiate the different ways that they're supporting customers from a go-to-market approach and then additional badging to help really identify some of those specialization areas around whether that's clunky use cases, specializations and more, uh, for example, a specific badge that we're rolling out right here at.com is around cloud migrations and partners will be able to get started to get engaged on that badge in preparation for our full-scale launch in February, we'll, they'll start to be able to take advantage of learning pathways, get their teams skilled up, and that will then unlock some new incentives as well as, uh, benefits that they can take advantage of things like accessing or of the Splunk's I've experience and the proof of concept platform and really giving their teams more, uh, capability. And, >>You know, I such a recent cross in the hallway here at dot confidence. She was, she and I were talking about how AI and data is enabling a lot of people to create these solutions. So, you know, you got kind of this almost like Amazon web services dynamic, where it's growing really fast and we're hearing stories, how data is driving value. We had formula one on the cube, the keynotes were giving some examples as you start to see this momentum kind of scaling up to the next level, if you're enabling customers, which you are with data, the monetization or the economic shifts, right? So it's healthy ecosystems, the partners create solutions, they deal with the customer, they're making some money, right? So, so can you share your vision on the unit on the economic equation of how partners are tapping into this? Because I almost imagine, um, a thousand flowers are blooming and then you start to see more value being created and Splunk also gets a cut of it, but there's, there should be that kind of deck. And you can talk about that. >>Yeah, absolutely. In fact, one of the things that I have the opportunity to do with our partners is study our partners, success and profitability. And some of the things that we learned from those studies with our partners is that what's really helping our partners to grow their practices with Blanca and their profitability with that business is really the stickiness that they have with their customers, being able to deliver solutions and services and really be those subject matter experts for their customers. And we know that our most successful and profitable partners are servicing their customers across the Splunk cases. So for example, many of our partners came from a security background and they are super deep, super knowledgeable around security, and they are trusted by their customers as the, you know, subject matter experts around security. And so many of them are starting to lean in on some of the new, additional use cases. Observability is a hot topic with our partners right now it's a new and emerging use cases case for them to transition some of the same sets of data that they are addressing in their current appointments with our customers and bring new value with those new use cases. But that's where we're seeing partner profitability growth. >>I love the channel dynamic. There we go, indirect and real and value creation. I got to ask you about the day-to-day dynamic. Of course we all know about the mark injuries and story. Software's eating the world, okay. Software ate the world. Okay. Now that's done. Now we're data is continuing to drive the value proposition. And so that's going to have an impact on how customer your partners serve their customers, ultimately your customer at the end of the day. How, how is that happening? And from a success standpoint, how would you talk to, uh, where people are on the progress of bringing the most innovative solutions? What, where's the headroom, where do you see that going Brook >>There's? I would say there's just endless opportunity here. And we just see so much innovation in our partner ecosystem to create purpose built solutions for their customers business problems. And that's where I think the value of the data comes to life. Really turning that data into doing as is really the Matic for all the things that we're talking about here, uh, at.com 21, that our partners really see these opportunities and then can replicate some of those same solutions for other customers in the same spaces. So for example, you know, really specialized solutions for healthcare where they're, uh, providing, you know, access to all the data across the hospital, or, um, you heard in guard's keynote about unlocking the value of SAP data. This is just a huge opportunity accessing all that data and really turning that data into doing. And we'll be talking even more about the new SAP relationship and the value for the partner ecosystem to go address those FP data sets in their customers. We'll be talking more about that on our partner feature session, which is tomorrow in day two of dotcom. >>Well, you guys to have a nice mix of business in the partner ecosystem from, you know, small boutiques to high-end system integrators and everything in between, I noticed you're doing a lot with censure. Could you talk about how you guys are partnering with the large global system integrators because they're becoming their own clouds. So, you know, as Jerry Chen at Greylock says, are these castles being built in the cloud with real competitive advantage with data? Again, this is a new phenomenon in the past really two years, you're starting to see explosion of, of scale and refactoring business models with data. What's your, what's your reaction to that? >>Absolutely. In fact, we are really leading in with some of these global systems integrators, and you've heard this exciting news in Theresa Carlson's portion of the keynote earlier today, where we've announced a partner, a center partner business group together. And we're so excited about the center and Splunk partner business group. It's going to elevate the Splunk and essential partnership eCenter has invested in thousands and thousands of joint professionals that are skilled up on flunk. They are building a purpose patients. We have so many amazing examples where Splunk and essential work together to solve real life problems. For example, there's a joint solution that helps address anti-human trafficking. Uh, there's a joint solution that helped with vaccine tracking. I mean, just really powerful examples that are just really extending value to customers and solving real life, data problems. >>Well, you guys have a lot of momentum, bro. Congratulations on the success and partner versus we're going to follow it again. It was built for the cloud. I know it's in the headline. It says flunked launches, new partner program for the cloud. Was there a partner program for the on premises and what's different about on the cloud? Was it kind of new, everything is cloud what's that? What does that mean? That statement? Yeah, >>Absolutely. So we, you know, as we've all seen, customers are leaning into the class that growth to the movement, to the cloud, just accelerated during COVID. And so part of that feedback that I referenced earlier that we heard from our partners, they said, we need help. We need help moving faster. And so that's really the underpinning of the all-new Splunk partner vers program is to really that acceleration to skill up our partners and give them the tools to be successful. And so with that, we did want to rebrand and reinvigorate it to really signal this newness. And as it was mentioning earlier, when we were talking about the badges, it's really about making sure we're providing the partners the right enablement so that they can be ready and able to support their customers on this journey, to the cloud, as well as the access, the resources, the support and the marketing so that they can be successful and really featured their expertise and value in the market. >>Well, Brooke, I want to get one final question before we go. Cause I know you have a lot of experience in the partner ecosystems and over your career. And we just interviewed the formula one CEO, uh, Zach brown, and, and they've been very popular with the, with the Netflix series driving to survive. And I was joking with him driving value with data as channel partners and your partners look to the post pandemic survive and thrive trend that people are going through right now. What should they be thinking about when they look at partner versus, and how Splunk can help them drive an advantage, not only just survive, but to actually drive to an advantage. >>I, I just see this as an opportunity for partners that haven't already leaned into the cloud and helping their customers migrate to the cloud now is the time rapid five acceleration is just essential for organizations to reach their most critical missions and their outcomes. And this one partner versus program is a significant move forward for Splunk partners. And we want to pursue a massive market opportunity focused on the cloud with our partners, for our customers. So I just really encourage our partners to engage, participate and join us on this journey. >>Well, it's a lot of evidence to support this vision. Uh, with pandemic, we saw refab replatforming and refactoring the businesses in the cloud at speeds, that unprecedented deployments. So, uh, cloud can, can bring that scale and speed to the table. It's really incredible. So thank you very much for coming on the cube remotely. Thanks have you had, >>Thank you. This was a delight. Really appreciate the time, John and very excited to have my first opportunity to be a >>Okay. You're a cube alumni. We are here in the studios, Splunk studios for their virtual event here with all the top executives and partners bringing in guests remotely. It's a virtual event. So we'll be back in person. I'm Jennifer, the cube. Thanks for watching.

>>Hello, and welcome back to the cubes coverage of splunk.com here in the virtual studios in Silicon valley broadcasting around the world's a virtual event. Um, John four-year host of the queue. We've got a great guest, Zach brown, chief executive officer of McLaren racing, really looking forward to this interview, Zach, welcome to the queue. Well, thanks for coming on. Thanks for having me. So we have a huge fan base in the tech community. A lot of geeks love the neurons. They love the tech behind the sport. Uh, and Netflix is driving to survive. Series has absolutely catapulted the popularity of F1 in the tech community. So congratulations on all the success in that program and on, and then on the >>Thank you very much, it's been a, it's been a good run. We've won our first race in a while, but we still have a ways to go to get in that, uh, world championship that, uh, >>So for the techies out there and the folks in our audience that aren't familiar with, the specifics of the racing team and the dynamics, take a minute to explain what you guys do. >>Uh, so McLaren racing, uh, which has a variety of, uh, racing teams, uh, a formula one team in indie car team and extremely team and an e-sports team. Uh, we're the second most successful form of the one team in the history of sport. Now 183 wins 182, uh, when I joined 20 world championships and, uh, we're, we're close to a thousand people to, to run a couple of racing cars and, uh, currently third in the championship, uh, with Lando Norris and, uh, Daniel, Ricardo. >>So talk about the, um, the, the dynamics of the spore. Obviously data is big part of it. Uh, we see the, a lot of the coverage. You can see anything can happen overnight. It's very quick. Um, technology has been being, uh, playing a big role in sport. What's your vision on how that's evolving? Are you happy with where things are, uh, and where do you see it going? >>Yeah, it does some interesting stats. So, um, the car that qualifies first at the beginning of the year, if you didn't touch, it would be last by the end of the year. So that's the pace of a development of a, of a formula one car. We change a, uh, and develop a new part on the car every 14 minutes, 365 days, days a year. Um, and technology plays a huge role. Uh, it's, it's probably the most technical, um, evolved sport in the world. Uh, both safety data, uh, the innovation it's it's awesome. And what a lot of people don't know is a lot of what we develop in a formula. One car ends up in other parts of the world, whether it was a ventilators that we helped develop for the UK government, uh, to working with our, uh, various partners or safety and innovation in the automotive industry. >>You know, I love it. I always loved the IOT internet of things, story around cars, because sensors or instrumentation is a big part of it. Um, and it all comes together. So it's pretty, it's not simple. No, give it feel, give it a taste a little bit about what's it. How complicated is it, how you guys pay attention to the details? What's important. Take us through some of the, some of the inside the ropes around the IOT of the sensors and all the data. >>Yeah. So we have over 300 sensors on our race car. We collect the one and a half terabytes of data. Every race weekend, we have a thousand people, um, and the strong majority of those are working around data and technology, as opposed to physically touching the car out of those thousand people, you probably only have about 60 or 70. They're actually touch the race card at a race weekend. We've been doing connected cars for about 25 years. So that's kind of a new thing here to, to most people, but we've been communicating back and forth with our race car for, for decades all around the world. And what a lot of people don't realize is it all starts in our mission control back in our factory in Woking, England. So wherever we are around the world, the racing team actually starts in England. >>So I want to ask you about the personalities on the team. How big is the staff? What's the makeup of the personnel has to get the drivers. They're critical. They're a very dynamic personalities. We'll come to the side question on that later, but what's the staff look like on when you guys put this together. So you get, you get race day and you got back office support. >>What's the team look like? Yeah. So you've got about a thousand people that, that make up the collective team. You'll have about a hundred in marketing. Uh, you'll have about a hundred in finance, HR, and then you kind of get to the, the racing team. If you'd like 800 people, you have about a hundred people traveling to each race, uh, about 50 people back at the factory, working with data and communications that are grand Prix weekend. And then everybody else is designing manufacturing, production laminating. So we run 24, 7 shifts, uh, three shifts, uh, in certain parts. Uh, we develop, uh, 85% of the car changes of what's allowed to be changed start of the year to the, the end of the year. So the development is, is unbelievable. >>I know you're here in the U S for the U S grand Prix in Austin. Um, coming up, I'm just curious how cars get transported. >>Uh, w when we're traveling around the world, uh, they, they travel on 7 47 and are flown around the world. And then when we're in Europe, we have about 18 trucks that were communing around when we're kind of in the European part of the circuit is usually in the middle of the year. But when we're going to Australia or Singapore, Bahrain, those are, those are on planes form of the one actually does that. They give us an allocation of, of space, and then we have to write a check if we need more space than where >>Yeah. We're allowed. Yeah. And that brings up the security question, because honestly, there's a lot of fans, a lot of people are into it. Also, this potentially security risks. Have you guys thought about that obviously like physical moving the supply chain around from event event, but also technology risk. Um, how do you guys think about security? >>Yeah, it's, it's critically important. We've had, uh, fortunately we've not had any breach of our technology. We have had a breach in the late nineties of our radio communications and, uh, it was in Australia, Mika Hakkinen and a fan, uh, who I think was probably having some fun and were able to break into our radio channel and actually asked Mika to pit. He pitted team wasn't ready. And fortunately, we will run in one, two, but we actually had to reverse the drivers. So security is >>Critically important, probably Katie Scrivener, and they all look, I just hack the radio, was talking to the driver. That is a funny story, but it could be serious. I mean, now you have all kinds of >>The stuff going on and, and, you know, there's a lot of money at stake, you know, so, you know, we're fortunate in this particular instance, it didn't hurt us cause we were running one, two, so we could reverse the drivers and the right guide one. Um, but you know, that could decide, uh, a world championship and you have, you know, tens of millions of dollars online, but even besides the economics, we want to win races. >>You know, what's funny is that you guys have a lot of serious on the line stakes with these races, but you're known for having a lot of fun, the team team dynamic. I have to ask you, when you finish on the podium one and two, there's a Shui with the drivers. How'd that go down. It was pretty, pretty a big spectacle online and >>Yeah, it was, it was good, fun. That's something, obviously Daniel Ricardo is kind of developed as his thing when he, uh, when he wins. And, uh, when we were, uh, before we went on the podium, he said to me, you're going to do the shoe. Yes, of course. In the car show you got to do, we have to like a bunch of 12 year old kids, uh, on the podium, but that's where we're just big kids going, motor racing and >>The end of the day. Well, I gotta say you guys come across really strong as a team, and I love the fun and, you know, competitive side. So congratulations on that, I think is good on the competitive side, take me through the advantage, driving the advantage with data, because that's really the theme here at.com, which is Splunk, which they're a big partner, as well as your other sponsors. Data's big, you know, and it's striving an advantage. Where do you see that coming from? Take us through where you guys see the advantages. Yes. >>So, you know, everything we do is, is precision and, you know, every second, every 10th counts and, um, you know, you can get all this data in, but what do you do with this data? And the humans can, uh, real, uh, react as quickly as is, you know, people like Splunk who can help us, uh, not only collect data, but help us understand data. And, um, you know, typically there's one pit stop, which can be the difference between winning and losing. Um, you have all these different scenarios playing out with weather with tire wear competition. And so, you know, we live by data. We didn't, uh, when, in, in Russia, when we, uh, could have, and it was because we got a bit emotionally caught up in the excitement of trying to win the race instead of staying disciplined and focused on, on data. And so it's a very data-driven sport when I'm on the pit wall, there's a thing called racer instinct, which is my 30 years in the sport. And, uh, your experience and your kind of your gut to make decisions. And every time our team makes a decision that I'm sitting there going, I'm not sure that was the right decision. They're staring at data. I'm not, I'm trusting my 30 years of experience. They'd beat me nine out of 10. >>Yeah. I mean, you know, this is a huge topic too, in the industry, explainable AI is one of the hottest trends in computer science where there's so much algorithms involved. The gut instinct is now coming back. What algorithms are available, knowing when to deploy what algorithms or what data to pay attention to is a huge new gut factor. Yep. Can you explain how the young drivers and the experience folks in the industry are dealing with this new instinct full data-driven? >>Yeah. That's, you know, that's what we have 50 people back at the factory doing, and they're looking at all sorts of information coming in, and then they're taking that information and they're feeding it to our head of strategy. Who's then feeding it to our racing director. Who's getting all these data points in from tire to performance, to reliability, and then the human data from both drivers coming through their engineers. And then he gets all that information in. He has to process it immediately and make decisions, but it's, it's a data-driven sport. >>I saw Lando walking around, got a selfie with them. It's great. Everyone's loving it on Twitter. My family, like get an autograph, the future of the sport. He's a young young driver. So that instincts coming in the future sport comes up all the time. The tires are a big discussion point, but also you've got a lot of presets going on, a lot of data, a lot of going on and you see the future where there's remote, you know, kind of video game you're in the pit wall and you can make decisions and deploy on behalf of the drivers. Is that something that >>Well, that technology is there and we used to do that, but now it's been outlawed because there's a real push to make sure the drivers are driving the car. So that technology is here. It has been deployed in the past. We could do it, but we're trying to find as a sport, the balance between, you know, letting the driver do it. So he, or she might make a mistake and a little bit of excitement to it. So, um, we now there are certain protocols on what we communicate. Um, we can't, um, everything has to be driver fed into the car. So we can now you'll hear all sorts of codes that we're talking through, which there are, um, about 300 different adjustments the driver can make on the steering wheel, which is unbelievable. And so that's us seeing information, getting data in coming to conclusions that we're giving him or her information that we think will help make the car >>A lot of new dimensions for drivers to think about when they're being successful with the gut, that the track data everything's kind of coming together. >>Yeah. It's amazing. Um, when you listen to these drivers on the radio, you forget that they're going 200 plus miles an hour. Cause they sound quite relaxed in this very, you know, open and easy communication of here's what I'm feeling with. Again, we're talking all these codes and then we all, because we can hear each other, there's a lot of trickery that goes on. So for a driver to be going to turn a miles an hour, taking this information and then know what code we're talking, are we kind of throwing a code out there to put the competition off is pretty amazing that they can take this all in. >>You know, I wish I was younger again, like we're old school and the younger generation, I was having a few conversations with a lot of the young audience. They wanted me to ask you, when are you guys going to metaverse the tracks? When can I get involved and participate and maybe even make the team, or how do I become more active, engaged with the McLaren racing team? >>And that technology is almost, we're actually, um, that's in development. So I, I think it won't be long before, you know, Sunday you can log on, uh, and, and race Lando around Monaco and be in the race. So that, that technology is around the corner. >>That's the shadow thing to developing. I see that. E-sports just quick. I know you've got to go on, but last minute we have here, e-sports, what's the future of e-sports with the team, >>But e-sports been great for the sport. You know, it's gone from, you know, when I was growing up, it was video games and now it's real simulation. And, uh, so we've held, I think we're going four years into it. Now we were the first team to really develop any sports platform and we've had competitors go on to help us with our simulation. So it's, it's real racially developed the race car before it goes on the racetrack it's in simulation. And that's where e-sports, >>And this is the new advantage. This is a new normal, this is where you guys see the data driving. The >>Definitely. And I think the other thing it is, you know, somewhat stick and ball sports, you can play in school. And motor racing has historically been partying, which can cost hundreds of thousands of dollars. Now with e-sports you have a less expensive platform to let young men and women around the world, but a steering wheel in their hand and go motor racing. So I think it's also going to kind of bring that younger generation of fan and >>There's so much collective intelligence, potentially competitive advantage data. Again, data coming up final word to end the segment, Splunk, big partner on the data side, obviously helping you guys financially, as well as you do need some sponsorship support to make the team run. Um, what's the relationship with Splunk? Take a minute to talk about the plug. >>It's been a, it's been great, you know, they're, they're two big contributors. We need a lot of money to run the racing team. So they're a great partner in that respect, but more importantly, they're helping us with our whole data journey, making smarter, quicker decisions. So their contribution to being part of the race team. And, uh, we used our technology. Um, it has been great. And I think, um, you know, if I look at our technology partners, uh, we have many that all contribute to making a >>Yeah. I mean, it really is nice. It's data inaction, it's teamwork, it's competitive, it's fun. That's kind of a good, good, >>I think fun is the center of everything that we do. It's the center of everything spunk does. Cause I think if you have fun, people enjoy going to working a little bit harder. We're seven days a week. And uh, you know, a lot of teammates you've got to work well together. So I think if you're having fun, you enjoy what you're doing and it doesn't feel like work. >>Congratulations on climbing up in the rankings and everything on your team. Two great drivers. Thanks for coming on the cube. We appreciate it. Thank you. All right. We're here. The key. We like to have fun here and get all the action on the tech side. Honestly, F1 is technology enabled data, driving the advantage and driving to is a great Netflix series. Check it out. McLaren's featured heavily in there and got a great team. Zach brown Siegel. Thanks for coming on. Appreciate it. I'm sure for your host. Thank you for watching.

>>Live from Las Vegas. That's the Q covering splunk.com 19 brought to you by Splunk. >>You know, kind of leaning on that heavily. Automation, certainly very important. But what does enterprise and what does enterprise security 6.0 bring to the table. So can you take us through the evolution of where you guys are at with, with Splunk, if you want to handle that enterprise security? So yeah, generally enterprise security has traditionally had really, really good use cases for like the external threats that we're talking about. But like you said, it's very difficult to crack the insider threat part. And so we leveraging machine learning toolkit has started to build that into Splunk to make sure that you know, you can protect your data. And, uh, you know, Tyler and I specifically did this because we saw that there was immaturity in the cybersecurity market for insider threat. And so one of the things that we're actually doing in this top, in addition to talking about what we've done, we're actually giving examples of actionable use cases that people can take home and do themselves. >>Like we're giving them an exact sample code of how to find some outliers. They give me an example of what, so the use case that we go over in the talk is a user logs in at a weird time of day outside of their baseline and they exfiltrate a large amount of data in a low and slow fashion. Um, but they're doing this obviously outside of the scope of their normal behavior. So we give some good searches that you can take home and look at how could I make a baseline, how could I establish that there's deviations from that baseline from a statistical standpoint, and identify this in the future and find the needle in the haystack using the machine learning toolkit. And then if I have a sock that I want to send notables to or some sort of some notification to how do we make that happen, how do we make the transition from machine learning toolkit over to enterprise security or however your SOC operates? >>How do you do that? Do you guys write your own code for that? Or you guys use Splunk? So Splunk has a lot of internal tools and there's a couple of things that need to be pointed out of how to make this happen because we're aggregating large amounts of data. We go through a lot of those finer points in the talk, but sending those through to make sure that they're high confidence is the, is the channel you guys are codifying the cross connect from the machine, learning to the other systems. All right, so I've got to ask, this is basically pattern recognition. You want to look at baselining, how do people, can people hide in that baseline data? So like I'll give you, if I'm saying I'm an evil genius, I say, Hey, I knew these guys looking for Romans anomalies in my baseline, so I'm going to go low and slow in my baseline. >>Can you look for that too? Yeah, there are. There absolutely are ways of, fortunately, uh, there's a lot of different people who are doing research in that space on the defensive side. And so there's a ton of use cases to look at and if you aggregate over a long enough period of time, it becomes incredibly hard to hide. And so the baselines that we recommend building generally look at your 90 day or 120 day out. Um, I guess viewpoint. So you really want to be able to measure that. And most insider threat that happen occur within that 30 to 90 day window. And so the research seems to indicate that those timelines will actually work. Now if you were in there and you read all the code and you did all of the work to see how all of the things come through and you really understood the machine learning minded, I'm sure there's absolutely a way to get in if you're that sophisticated. >>But most of the times they just trying to steal stuff and get out or compromise a system. Um, so is there other patterns that you guys have seen in terms of the that are kind of low hanging fruit priorities that people aren't paying attention to and what's the levels of importance to I guess get ahold of or have some sort of mechanism for managing insider threats? I passwords I've seen one but I mean like there's been a lot of recent papers that have come out in lateral movement and privilege escalation. I think it's an area where a lot of people haven't spent enough time doing research. We've looked into models around PowerShell, um, so that we can identify when a user's maliciously executing PowerShell scripts. I think there's stuff that's getting attention now that when it really needs to, but it is a little bit too late. >>Uh, the community is a bit behind the curve on it and see sharks becoming more of a pattern to seeing a lot more C sharp power shells kind of in hunted down kind of crippled or like identified. You can't operate that way, what we're seeing but, but is that an insider and do that. And do insiders come in with the knowledge of doing C sharp? Those are gonna come from the outside. So I mean, what's the sophistic I guess my question is what's the sophistication levels of an insider threat? Depends on the level a, so the cert inside of dread Institute has aggregated about 15,000 different events. And it could be something as simple as a user who goes in with the intent to do something bad. It could be a person who converted from the inside at any level of the enterprise for some reason. >>Or it could be someone who gets, you know, really upset after a bad review. That might be the one person who has access and he's being socially engineered as well as all kinds of different vectors coming in there. And so, you know, in addition to somebody malicious like that, that you know, there's the accidental, you're phishing campaigns here, somebody's important clicks on an email that they think is from somebody else important or something like that. And you know, we're looking fair for that as well. And that's definitely spear fishing's been very successful. That's a hard one to crack. It is. They have that malware and they're looking at, you can say HR data's out of this guy, just got a bad review, good tennis cinema, a resume or a job opening for, and that's got the hidden code built in. We've seen that move many times. >>Yeah, and natural language processing and more importantly, natural language understanding can be used to get a lot of those cases out. If you're ingesting the text of the email data, well you guys are at a very professional high end from Sai C I mean the history of storied history goes way back and a lot of government contracts do. They do a lot of heavy lifting from anywhere from development to running full big time OSS networks. So there's a lot of history there. What does sustain of the yard? What do you guys look at as state of the art right now in security? Given the fact that you have some visibility into some of the bigger contracts relative to endpoint protection or general cyber, what's the current state of the art? What's, what should people be thinking about or what are you guys excited about? What are some of the areas that is state of the art relative to cyber, cyber security around data usage. >>So, I mean, one of the things, and I saw that there were some talks about it, but not natural language processing and sentiment analysis has gotten, has come a long way. It is much easier to understand, you know, or to have machines understand what, what people are trying to say or what they're doing. And especially, for example, if somebody's like web searching history, you know, and you might think of somebody might do a search for how do I hide downloading a file or something like that. And, and that's something that, well, we know immediately as people, but you know, we have, our customer for example, has 1000000001.2 billion events a day. So you know, if the billion, a billion seconds, that's 30 years. Yeah. So like that's, it's, it's a big number. You know, we, we, we hear those numbers thrown around a lot, but it's a big number to put it in perspective. >>So we're getting that a day and so how do we pick out, it's hard to step of that problem. The eight staff, you can't put stamp on that. Most cutting edge papers that have come out recently have been trying to understand the logs. They're having them machine learning to understand the actual logs that are coming in to identify those anomalies. But that's a massive computation problem. It's a huge undertaking to kind of set that up. Uh, so I really have seen a lot of stuff actually at concierge, some of the innovations that they're doing to optimize that because finding the needle in the haystack is obviously difficult. That's the whole challenge. But there's a lot of work that's being done in Splunk to make that happen a lot faster. And there's some work that's being done at the edge. It's not a lot, but the cutting edge is actually logging and looking at every single log that comes in and understanding it and having a robot say, boom, check that one out. >>Yeah. And also the sentiment, it gets better with the data because we all crushed those billions of events. And you can get a, you know, smiley face or that'd be face depending upon what's happening. It could be, Oh this is bad. But this, this comes back down to the data points you mentioned logs is now beyond logs. I've got tracing other, other signals coming in across the networks. So that's not, that's a massive problem. You need automation, you've got to feed the beast by the machines and you got to do it within whatever computation capabilities you have. And I always say it's a moving train hard. The Target's moving all the time. You guys are standing on top of it. Um, what do you guys think of the event? What's the, what's the most important thing happening here@splunk.com this year? I'd love to have both of you guys take away in on that. >>There's a ton of innovation in the machine learning space. All of the pipelines really that I've, I've been working on in the last year are being augmented and improved by the staff. That's developing content in the machine learning and deep learning space that's belongs. So to me that's by far the most important thing. Your, your take on this, um, between the automation. I know in the last year or so, Splunk has just bought a lot of different companies that do a lot of things that now we can, instead of having to build it ourselves or having to go to three or four different people on top to build a complete solution for the federal government or for whoever your customer is, you can, you know, Splunk is becoming more of a one stop shop. And I think just upgrading all of these things to have all the capabilities working together so that, for example, Phantom, Phantom, you know, giving you that orchestration and automation after. >>For example, if we have an EMS notable events saying, Hey, possible insider threat, maybe they automate the first thing of checking, you know, pull immediately pulling those logs and emailing them or putting them in front of the SOC analyst immediately. So that in, in addition to, Hey, you need to check this person out, it's, you need to check this person out here is the first five pages of what you need to look at. Oh, talking about the impact of that because without that soar feature. Okay. The automation orchestration piece of it, security, orchestration and automation piece of it without where are you know, speed. What's the impact? What's the alternative? Yes. So when we're, right now, when we're giving information to our EES or analysts through yes, they look at it and then they have to click five, six, seven times to get up the tabs that they need to make it done. >>And if we can have those tabs pre populated or just have them, you know, either one click or just come up on their screen for once they open it up. I mean their time is important. Especially when we're talking about an insider threat whom might turn to, yeah, the alternative is five X increase in timespan by the SOC analyst and no one wants that. They want to be called vented with the data ready to go. Ready, alert on it. All right, so final few guys are awesome insights. Walking data upsets right here. Love the inside. Love the love the insights. So final question for the folks watching that are Splunk customers who are not as on the cutting edge, as you guys pioneering this field, what advice would you give them? Like if you had to, you know, shake your friend egg, you know, get off your button, do this, do that. What is the, what do people need to pay attention to that's super urgent that you would implore on them? What would you, what would your advice be once you start that one? >>One of the things that I would actually say is, you know, we can code really cool things. We can do really cool things, but one of the most important things that he and I do as part of our processes before we go to the machine and code, the really cool things. We sometimes just step back and talk for a half an hour talk for an hour of, Hey, what are you thinking about? Hey, what is a thing that you know or what are we reading? What and what are we? And you know, formulating a plan because instead of just jumping into it, if you formulate a plan, then you can come up with you know, better things and augmented and implemented versus a smash and grab on the other side of just, all right, here's the thing, let's let's dump it in there. So you're saying is just for you jump in the data pool and start swimming around, take a step back, collaborate with your peers or get some kind of a game thinking plan. >>We spent a lot of hours, white boarding, but I would to to add to that, it's augment that we spent a lot of time reading the scientific research that's being done by a lot of the teams that are out solving these types of problems. And sometimes they come back and say, Hey, we tried this solution and it didn't work. But you can learn from those failures just like you can learn from the successes. So I recommend getting out and reading. There's a ton of literature in that space around cyber. So always be moving. Always be learning. Always be collaborating. Yeah, it's moving training guys, thanks for the insights Epic session here. Thanks for coming on and sharing your knowledge on the cube, the cube. We're already one big data source here for you. All the knowledge here at.com our seventh year, their 10th year is the cubes coverage. I'm John furry with back after this short break.

>>Live from Las Vegas. That's the Q covering splunk.com 19 brought to you by Splunk. >>Hey, welcome back. Every once the Q's live coverage here in Las Vegas for Splunk's dot com 2019 it's Splunk's 10th year having the events, the cubes coverage seven years, the cube independent media company breaking down, extracting the signal from the noise dot on the top people, top experts, tell them the stories that matter. We're here with Mike EG, director of applied research for coming red Canary. Mike, thanks for coming on. I appreciate it. Thank you. So red Canary is a company doing here. What's the focus? What does it company do? Take a minute to explain red County area and why you're here at.com. Sure, thank you. So we are a managed endpoint detection and response organization. We partner with organizations of all sizes to help them eradicate evil, for instance. So we help them with monitoring their environment. We investigate, respond and act on threats or so on the notes here, you guys have a topic session finding titled finding evil is never an accident, how to hunt in bots. >>So using bots, hunting down evil, you guys are out there doing this as a business. What does it mean? What does he, what if, first of all, what is evil and how do you hunt it down? Take us through that Sarah. So the talk is based around the boss of the SOC data set that was released by Splunk. They have version two, version one and version three will be coming out soon and they just released version four here. And so the talks all focused on how to find evil within bots. The three are actually V forum, sorry, the one that just came out. And so what we do as an organization is we help businesses get through their data, kind of like your guys' mission as well. Like get through them all the haystack, find the bad things and present that to our customers in a really fast way. >>So that's kind of where we are today. Archives to find the good content. Great experts like yourself tell about your role. You're like a researcher, but it's not like you're sitting back there applied research we applied means it's not like just making it up, you know the next moonshot, you guys are applied specifically to hunting down evil. That's your role. What does that entail? You guys have to sit back, zoom back, look at the data that the Splunk's providing some benefits with their, they're exposing their data. What does it mean to hunt down? What's, what's the requirements? How do you set that up? What are you looking at you going through day? Those are the dashboards. What are the what? What, what do you deal with and your job? >> Yeah, so like a day to day or like kind of what our team does is we focus on like what's going on previously, what are we seeing in the wild? >>Like what campaigns are happening and then my role within my team is focused on what's coming. So what are, what are red team's working on? What are pen testers looking into? Take that information, begin testing and begin building proof of concepts. Put that back into our products so that whether it's two weeks, six months, two years, we have coverage for it, no matter what. So a of us, a lot of our time is generating proof of concepts on what may be coming. So there's a lot of very unique things that may be in the wild today. And then there's some things that we may never see that are just very novel and kind of once, once, once a time kind of thing. Right? >> So you know, we love talking about data that we've been covering data since 2010 the thing that's interesting and I want to get your thoughts on this because you know, eval has arbitrage built into it. >>They know where to hide. And so the question is, is that what are you looking at matters, right? So the so, so, so there's a lot of exposure. But the question I have for you is, what is the problem that you're solving? Why do you guys exist? Was it because evil was better to adversaries? Were better at hiding? Is it automation can solve patterns they haven't seen yet? Because if you automate something you haven't seen yet, so is it new things? So why, what's the problem statement that you guys are attacking? Yeah. So hit it. It's a lot. There's a lot, there's a lot to inbox. Um, so like in particular in this instance, seeing something that happened yesterday and then what's happening today is actors are working to break process lineage within what's happening on the employee. Because actors know that everything's happening on an employment. >>Yes, there's traffic coming in, but there's execution going on in a single place on that box. So their whole tactic now is to try to break that lineage. So it's not Microsoft word spawning something. It's now Microsoft word opens and as spawns over there off another process, right? So we're here to monitor those types of behaviors. And that's pretty much like the core of red Canary. We've always focused on the end points. We only do emblem implant based products. We don't like monitor networks. We don't monitor firewalls or anything like that. We're very focused, uh, hyper focus on employee behaviors. And so, and that, that's the cool part about our job is we get to see all the really new things that are happening. And if you look at it, these breaches in the past, it's happening on the endpoint and that's probably where we are. >>And actually day the Canary in the coal mines all expression, everyone knows that or if older might know that. But you know, identifying and being that early warning detection system really kind of was the whole purpose of the Canary in the coal mine, red Canary red teams. I'm kind of putting it together. What are some of the things that you've seen that, that as an example of why you exist? Because it, is it new things, is it that, you know, Hey, our known thing or balls, what are some of the examples that you can point to that, that point of why you guys exist? Yeah, sure. Um, a good example is kind of like the looking forward stuff where red team's going, where actor's going. So a lot of them are moving to C sharp and.net Tradecraft, which is very native to the operating system. >>And windows. Um, so if they're doing that, they're moving away from what they're always, what they've been used to the last few years, which is PowerShell. So our sales kind of dead then now we're going to C sharp and.net. So a lot of our focus today is how can we better detect those? And vendors are moving that way too. They're, they're starting to see that they have to evolve their products to the next level order to detect these behaviors. Cause I mean that's, that's the whole reason why a lot of these EDR vendors are here. Right? And, and it's all data like you said. And so feeding it into a Sam or with a Splunk in particular, you're able to correlate those behaviors and look at very specific things and find it real well know. One of the things that a lot of security practitioners and experts and advisors have been looking at over years is data. >>So it's not, it's no secret data and critical. But one of the things that's interesting is that data availability has always been an issue. Sharing data. And then the message here@splunk.com for the 19 is interesting. You've got data diversity now exposure to the fabric search concept there they got accelerated and realtime times too. We've always had that. But as it kind of comes together, they're looking to get more diverse aperture to data. Yup. Is that still an ongoing challenge and what are, cause if you have a blind spot, you only, this is where the potential danger. How do you guys talk about that? What's the narrative around diverse data sets? How to deal with them effectively and then if blind spots exist, what do they look like or how do you figure that out? Yeah, we, so I, I've been with red Canary for over three years, about three years now. >>And one of the things I started at was a technical account manager incident handler. And so I helped a lot of our customers go from, we bought you red Canary to monitor points, but what should we do next? And so we, our incident handling team will come in and assist a customer with, you guys should start going down this road. Like, how are you bringing everything together? How are you analyzing your data down to just operationalizing like some use cases and playbooks within their data. Like you got EDR. Now let's look at your firewalls. How, how rich of that data can be helped enrich what the EDR information like here's the IP address and carbon black response. Where's it going this way on your firewall or your appliance is going out and you know, and things like that. So we have a whole team dedicated to it and that's like the focus of the. >>We took a poll in our, we have a, you know, this acumen operate for 10 years. It's our seventh year squad, Dave and I took a poll of our cube community, um, but 5,000 alumni and we asked them about cloud security, which vendors are the best and Splunk is clearly number one in third party data management. I got him out, he's got a category but cloud security. How should the cloud vendors provide security, Google, AWS and Azure. But outside of the core cloud providers, Splunk's number one, clearly across the board. How is Splunk doing in your mind? How do you guys work with Splunk? What's the dynamic? What's your relationship with Splunk and where Splunk position in your mind? Because as cloud becomes more prevalent with cloud native, born in the cloud and with hybrid there's a unification, not just with data. They have infrastructure operations. >>Yup. So Splunk role and then their future prospects share. Um, so red Canary uses Splunk too. So we, we process I think like 30 terabytes plus of data a day coming to our engine that we built. And that's the kind of like proprietary piece of red Canary. 30 terabytes of data flows through. We use a like a DSL, like a language that sits on top of it, that queries they're looking for those behaviors. We send those tip offs as we call to Splunk and we actually track a lot of the efficiencies of our detectors that way. So we look for how low detectors doing, is it triggering, is that false positives? How many false positives over time. And then also how much time our analysts are spending on those detectors. You know, they get a detector or a in event and they review that event and they're spending 2030 minutes on it and well what's wrong with it? >>Is there something going on here? Do we need to cut something back and fix it? So we use Splunk a lot of, for like the analytics piece of just how our operation works. It's awesome. It's really neat to see >> him for, one of the things that I've been proud of with covering Splunk is we showed them early when they were just started, then they went public. Yeah. Just watching how they've grown. That did a lot of great things. But now the theme is applications on top of Splunk. They're an enabling platform. They had a couple of key pillars. I want you to talk about where you guys fit and where you see the upside. So swamp has the developer area, which is, they have all these deck, new developers, security and compliance and fraud, um, foundations and platform stuff. And then the it ops does this analytics, AI ops, they've got signal FX, cloud native. >>So those are the kind of the four key areas around their apps, their app strategy. Do you guys cut across all those? You are you guys developing? Are you doing all, what's the, what's the red Canary fit into that? Yeah, it seems like you've probably our cross section. Yeah, probably most likely fitting into a few areas within Ed's. My team has developed a couple apps for Splunk, so we've published those. We have like a app that we pushed out. We have a carbon black response app, which we co-developed many years ago. Those things are all out there. We've helped other people with their apps and, but yeah, it's, it's a little mix of everything. And I think the big core thing that we're all looking to today is like how can we use more of the machine learning toolkit with Splunk, um, for our customers and for us internally. >>Like how can we predict things better with it? So there's, there's a lot of little bit of focus of that same thing. In your opinion, B2B out in the field, you mean the front lines, now you're in research, you got that holistic view, you're looking down at the, on the field, the battlefield, if you will, the adversaries will evil out there. What do you look for? I mean, what's the, what's the triggering event for you? How do you know when you need to jump in and get full ready, alert and really kind of sound off that, you know, that Canary alarm saying, Hey, you know, let's take action here or let's kind of like look at that and take us through some of those priorities. What's the, some of the workflow you go through? Yeah, so um, we'll end up either sending a detection to a customer and either they'll trigger like, Hey, can you give us more context around this event that happened? >>Or it will be, we had a pen test, red team, bad thing happen. Can someone else investigate further? And so I'll come in might from my perspective, I'll come in kind of like a, almost like a tier three in a way. We'll come in, we'll do the additional research beyond what our detectors already caught looking for. Many things, you know, did, was there something we missed that we can do better at detecting next time? Is there any new behaviors involved with something drop that you know, that the actor had left within the environment that may have gone by antivirus prevention controls, anything like that. Um, and then also just understanding their trade craft. Right? So we track a lot of teams and disturbed behaviors and we're able to kind of explore and you know, build those you gotta you gotta be on everything. Basically you gotta survey the entire landscape. >>Yep. You come in post event. Yeah. Do the collateral damage analysis and the dead map. That's a really cool thing about like the Splunk boss's a sock data set. Right. And that's where my talks a lot about is it's a very like, basic talk, but it focuses on how to go from beginning to end investigating this big incident that happened. You know, cause when you get an a detection from like in organization you might just find that it was delivered to a word doc, a couple of things executed. But was there something else that happened? Right? And there's like your Canadian Nicole mind piece, right. You know, finding other things that occurred within the organization and helping ideally your data essentially is the foundation for essentially preventative side. So it's, yes, it's kind of a closed loop kind of life cycle of yep. Leverage operating leverage data standpoint. >>Yeah, it's a solid point. We, I coined the term like three years ago called driving, driving prevention with detection. So take all your detection logic and understanding and things you see with products, even EDR Avi, and use that to drive your prevention. So it's just a way that if you're just alerting on everything, take that data and put it into your preventative preventative controls. So Michael got asked you, how is cloud, how is cloud changing the security formulas? Because obviously scale and data are big themes we hear all the time. I mean has been around is not a new thing. But the constant theme that I see in all my cube interviews we've done over the years and this year is the Nord scale comes up, is unprecedented scale, both in data volume, surface area needs for things like red Canary teams to be in there. What do you see with the impact the cloud is it really should change the game in any way? >>He has it's speed as new cloud. It's the speed of new cloud technology that seems to constantly be coming out. Like one day it's Docker, next day it's Coobernetti's and then there's going to be something tomorrow. Right? Like it just constantly changes. So how can vendors keep up with logging, making sure it's the right type of logging and being able to write detection on it or even detect anything out of it. Right. One, the diversity too is a great point. I want to know. Firstly, blogs are great. Yeah, you got tracing. So you have, so there's now different signaling. Yeah. So this app now a new thing that you got to stay on top. Oh, totally. Like look at any, any MSSP, they have thousands of data sources coming in. And now I want you to monitor my Coubernetties cluster that scales horizontally from 100 to 5,000 all day, every day like Netflix or something. >>Right? And I want you to find the bad things in that. It's a lot going on. And this is where machine learning and automation come into play because the observability you need the machine learning. They've got to categorize this. Okay. Again, humans do all this. No, yeah, it takes a machine. I'm using machines with human intelligence in a way, right? So have a human driving the machine to pull out those indicators, those notables. Michael, thanks for coming on. Great insight. Great signal from the noise. You're still distracting there. Great stuff. Final question for that to end the segment. In your opinion, what's the top story in the security industry that needs to be continually told and covered and reported on? >> Ooh, that's, that's a good one. Um, you hear any threats, platform development, new stacks developing. Is there like a one area that you think deep that's the high order bit in terms of like impact? Yeah. I think focus on, I'm going to say point cause that's where everything's executing and everything's happening. Um, and that's the biggest thing that it's only gonna get more challenging with IOT edge and industrial IOT. Yes. The edge is the end point. End points are changing. The definition is changing at exact right stuff coming on from red Canary here in the queue, the Canary in the coal mine. That's the cube. Brand-new. The signal here from.com 19. I'm John furrier back with more after this short break.