>>Welcome to the Cubes Coverage of Splunk.com 2021. My name is Dave Atlanta and the Cube has been covering.com events since 2012 and I've personally hosted many of them. And since that time we've seen the evolution of Splunk as a company and also the maturation in the way customers analyzed, protect and secure their organizations, data and applications. But the forced march to digital over the past 19 months has brought more rapid changes to sec UP teams than we've ever seen before. The adversary is capable. They're motivated and they're deploying very sophisticated techniques that have pressured security pros like never before. And with me to talk about these challenges and how Splunk is helping customers respond as jane wang is the vice president of security products that Splunk jane. Great to have you on the cube. Thanks for coming on. >>Very nice to meet you. Thank you for having me. >>You're very welcome. So how d how can you think about or how do you think about the fact that the imperative to accelerate digital transformation has impacted security teams? How has it impacted sec ops teams in your view? >>Yeah. Well, just going back to our customers and what I've learned from all the customer conversations I have every every week many of our customers are under a massive digital transformation. They're moving to the cloud and the cloud opens up more attack surface, more attack work surface, there's more threats that come over cloud, new workspaces to attack services, new api is to manage secure and protect and our customers are really struggling to gain the visibility they need to really manage and secure across all that infrastructure. >>Yeah. And we've also seen the whole, obviously the work from home trend, the hybrid work movement, you know, people aren't set up for that. I mean, you remember people were ripping out literally ripping out desktops and bringing them home and you know, the home network had to be upgraded. So lots of changes there. And we've we've talked a lot in the cube jane about the fragmentation of tooling and the lack of qualified talent when we talked to see. So as you ask him, the number one problem, I can't get, I can't hire enough talent in the field of of cybersecurity. So I wonder if you can address how this has made it more difficult for security teams to maintain end to end visibility across their environments. What's the fundamental challenge there? >>Yeah, well you're really you're really nailing this. The fundamental challenges that many security products are not built to integrate seamlessly with one another. When I'm talking to customers, their frontline security operations teams often have 30 different consoles open on their monitor at one time and there really manual disjointed processes, the copying and pasting hash names and iP addresses from one consults the other. It slows them down. It really slows them down in protecting those threats. So because those products aren't assigned to integrate together and all that data from each of those security tools isn't brought into one place. It just exacerbates the challenge for security operations seems makes their job really, really hard to do. Which takes time. It takes time. It makes it harder to detect and respond to threats quickly and today more than ever we need to be able to detect and respond to threats quickly. >>Yeah, I do a weekly program called Breaking Analysis and once a quarter I look at the cyberspace and I use a chart to emphasize this complexity. It's it's a from a company called operative, I don't know if you've ever seen it but it's this eye chart, it's this taxonomy of the security landscape and it's mind blowing how much complexity there is. So how to Splunk help organization organizations address these challenges. >>Yeah, so I think bringing, we have one security operations platform cloud native cloud delivered. There are many parts of being able to streamline workflows for when you're first detect a threat or a potential threat right through to when teams close and immediate that threatened the changes in their environment to ensure they're protected. So the whole thing is helping security teams detects faster, investigate faster and respond faster to threat. There are four parts to that in our security operations, platform Splunk security cloud. The first one is advanced security analytics. So the nature of threats is evolving. They're becoming more sophisticated. We have very smart, well funded Attackers whose day job who spend all their time trying to break into organizations. So you need really advanced security analytics to detect those threats, then we need to automate security operations so that it's not so manual, so you don't have poor folks sitting in front of multiple consoles doing manual tasks to respond to those threats and make sure their organizations are protected. One key thing is that this year Splunk acquired true Star so that we can bring in d do rationalize multiple sources of threat intelligence and apply that threat intelligence both to our analytics and our operations so that you have broader insights from the security community outside Splunk and that intelligence can really help and speed both detection and response. And the last thing that's been true about Splunk since spunk became Splunk many many years ago is that we are committed to partners and we deeply integrate with many other security tools uh in a very seamless way. So whatever investments customers have made within their security operations center, we will integrate and bring together those tools in one workspace. So there's the big advantages I think you get when, when you run your security operations said transplant security cloud, >>that's a nice little description. And having followed Splint for so many years, it's sort of, it tracks the progression of your ascendancy. You know, you started you you we we used to have log analytics that were just impossible. You sort of made that much easier took that to advanced kind of use big data techniques even though Splunk really never used that term. But but you were like the leader and big data um in terms of being able to analyze um uh data to help remediate issues. The automation key is p pieces key the acquisitions. You've made a very interesting um you mentioned around de doop threat intelligence but also you've done some cool stuff in the cloud and we always used to say jane watch for the ecosystem. We early too early, you know, last decade we saw you as a really hot company. We said one of the keys to your growth is going to be the ecosystem. And you've you've clearly made some progress there. I wonder if you could tell us more About the announcements that you're making here at.com. >>Yeah. Well we're going back everything that we do on the security team, every line of code every engineer writes is all around helping detect, investigate and respond faster to really secure organizations. So if I look at those intern I start with faster time to detect what have we done. So bringing in the threat intelligence that I mentioned again, that's really gonna help to take new threats and to take them really, really quickly. You don't have to spend time going and looking manually at external sources of threat intelligence. It will be brought right in to enterprise security at your fingertips. So that that's pretty huge. We're bringing other more advanced content right into our stem enterprise security. So that will help detect threats that our research team sees as emerging again. This is going to just bring bring that intelligence right to customers where they work every day, um faster time to investigate. So this is this is really exciting uh back in november we reduced and we are really something called risk based alerting. That is an amazing new capability that we've iterated on ever since. And we have more iterations that we're announcing um tomorrow actually. And so risk based alerting pulls together what may have been single atomic alerts that can often be overwhelming to a sock brings those together into one overarching alert that helps you see the whole pattern of an attack, the whole series of things that happened over time. That might be an attack on your organization. One customer told us that that reduced the time it took for them to do an investigation from eight hours down to 10 minutes to really helping faster time to investigate. And then the next one is faster time to respond. So we have a new visual playbook editor for our sore security orchestration and response to which is in the cloud but also available on prayer. But that new visual playbook editor really reduces the need for custom code. Makes playbooks more modular, so it can help anyone in the security operations team respond to threats really, really quickly. So faster time to detect, investigate and respond those are, those are really cool for us. And then there's some exciting partnerships that I want to talk about just to really focus on reducing the burden of all those disparate tools on consoles and bringing them down and and integrating them together. So we'll have some announcements. There are new integrations that we're releasing with Mandiant Aziz scalar and detects. I'm personally very excited about a fireside chat that Kevin Mandia, the Ceo and president of Mandiant, we'll be having tomorrow with our Ceo Doug merit. So those are some of the things we're announcing. It's a big year for security. Very excited >>to tell you that's, that's key. I want to just kind of go through and follow up on some of the faster time to detect with the threat intelligence. That's so important because we read about how long it takes sometimes for for organizations to even find out that somebody has infiltrated their environment. This risk based learning, it sounds like and you're so right, it's like paper cuts having a bottoms up analysis. It's almost overwhelming. You don't have a sense as to really where the focus should be. So if you can have more of a top down, hey start here and sort of bucket ties things. It's gonna, it's gonna accelerate and then the faster response time. The thing that strikes me jane with your visual playbook editor is as you well know, the the way in which bad guys get in now they're very stealthy, you almost have to be stealthy in your response. So if you have to write custom code that's going to alert the bad guys that they're they're seeing now seeing code that they've never seen before, they must have detected us and then they escalate, you know, they get you in a harder, tighter headlock. Uh and I love the partnerships, you know, we, we followed the trend toward remote security. Cloud security, where's the scale is a big player, Amanda you mentioned. So that's that's great too. I mean it feels like the puzzle pieces are coming together. It's it's almost like a game of constant, you know, you're never there but you've got to stay vigilant. >>I really think so today. I mean it's been a great 12 months that's blank. We have done so much over the past year leading up to this.com. I'm very excited to talk to folks about it. I think one thing I didn't really mention that I kind of touched on earlier in the talk that we're having was around cloud security monitoring. So holistic cloud security monitoring. We've got some updates there as well with deeper integrations into G C P A W S Azure, one dr SharePoint box net G drive. Like customers are using many, many cloud services today and they don't have a holistic view across all those services I speak to see so every week that tell me they just really need one view. Not to go into each of those cloud service providers or cloud services, one at a time to look at the security posture, they need that all in a central location. So we normalize, we ingest and normalize data from each of those cloud services so you can see threats consistently across each of them. I think that's really, really something different that Splunk is doing um that other security offerings are not doing. >>I think that's a super important point and I do hear that a lot from CsoS where they say look we have so many different environments, so many different tools and they each have their own little framework so we have to go in and and investigate and then come back out and then our teams have to go into a new sort of view and come back out and and they just run out of time and they just don't again, lack of lack of skills to actually do this, can't hire half fast enough, can't train fast enough. So so that higher level view but still the ability to drill down and understand what those root causes. That's it's a it's a it's a top down bottoms up type of approach and and so as opposed to just throwing grains of sand at the second teams and then hoping, you know, they find the pearl, so jane, I'll give you the last word, Maybe some final thoughts. >>No, I just wanted to thank everyone for listening. I want to thank everyone for joining dot com 21. We're very excited to hear from you and speak with you. So thank you very much. >>Excellent. Great having you in the cube, keep it right there, everybody for more coverage of the cube. Splunk dot com 21. We'll be right back, >>Yeah.

>>Live from Las Vegas. It's the cube covering splunk.com 19 brought to you by Splunk. >>Okay. Welcome back. Everyone live in Las Vegas. We're here for Splunk's dot com I'm John ferry with the Q, this our seventh year covering.com but.com 10th year of their end user conference, their customer conference. That's been exciting to watch the evolution of Splunk and how a lot of it's because of their great products. We have our next guest Pang, senior director of product line management for Splunk business flow. Welcome to the cube. Well I'm glad to have you. One of the successes of Splunk has been great products. They never deviate off the core, kept building on it a year in the senior director of product land for you know, business flows, analytics. All I see everywhere is dashboards and visualizations. It looks so easy. Tell us about what your products are doing. >>Yeah, definitely and you know, I think one of the places to start is just how we moved into this area and start the new product. A lot of people know us for it and security use cases, but a lot of our customers are also using it to address business needs. So what they really saw was the value of Splunk to pull data from across different silos. Um, so in a business sense it could be, I have different systems for maybe my leads sales and closing the books, right? Those are all disparate. It's really hard to pull it together. And so they came to us saying like, we'd love a way to stitch this together and be able to visualize it. And that was really where Splunk business flow was born from. So we actually simplify it by connecting all these disparate data points, creating a full journey view or a process view that you can graphically see what's happening and then point and click and drill in. So it's really opening up a whole new set of users for us with that. And a whole new set of use cases that way. Surely. Yes. So if you think about, we have tons of data, it's tens of events. If you know a common thread like a user and how they might go to the store and then do something online and really understand the customer experience. If you could actually thread that all together, who would knows so much more about their customer experience and that's what we're able to do and we do it seamlessly for them. >>Well the database guy in me from the old eighties college saying, I gotta write a schema for that. I got to store the data. I mean in the old way it was really hard to compare like the pain or even capability >>we're hitting. Exactly the pain point. Right. That's why it's been so hard to do that because it was so rigid. The beauty of Splunk is the scheme on raid aspect of it. So because we store all the data and then we can distract it as needed, we do the search on demand and that's how we're able to actually stitch it together. Yeah. Yeah. And I think like one of the things has been the struggle of, well people have made a lot of probably more conservative decisions earlier on in their data and that's why they weren't able to get the information. And so part the main pain point we always heard was I got one piece of data, but now that I look into it, crap, I need to know what else there is. And then you have, it's another three week cycle, right, to pull that data in, bring it all in. Well now that's all in Splunk. You can just pull it as you need it on. >>It's a use case. Then from an operations standpoint, they're pretty comfortable with handling slug. They know what it means to Splunk, the data. >>Exactly. And we really see it as a partnership between the Splunk admin as well as the business users. The Splunk admin helps to get it all set up and then the business user can actually investigate on their own and they don't need to know SPL or anything like that to be able to use the product. Exactly. That's a great question. So it's a premium solution. So you do need Splunk enterprise or Splunk cloud. And then this is stacks essentially on top of it. Um, and so it uses the underlying Splunk data, but then it's also doing the additional work of doing the correlation across it, stitching it together, providing the visualizations. And then from there you can do things like AB comparison mode. You can see conversion rates, you can drag it, you can drill down all the way into the actual event. So the beauty of it is being able to see the holistic picture but then go down into the individual Avenger. >>It's definitely the business analyst and I think there is some crossover with it and security as well. So we actually had a session here where our own it internal it use focus flow to monitor their ticketing system and look for black hole tickets. So have you, I don't know if you've ever, you know, submit an it ticket. You never hear anything back because it's gotten lost. But yeah, exactly. But what are those, what are those? Zachary, you're very fortunate, but it was one of those problems where you hear a lot of it departments, you know, you might've, because you're outsourcing certain portions, you lose some of those tickets. You don't know what happened. So they were actually able to use the product to see that. But it also applies to people within. Um, one example we have, sorry, I'm thinking of some public customers that we have. So Domino's is a public customer. Um, that was a beta customer that used it for payment processing on, on, um, Superbowl. So like that's another great, >>yeah, the obviously scale is huge there. The data. So I gotta ask the cloud question. Since we brought up cloud, is this service cloud enabled in the sense of, is it on an on premise thing or is it, does the workflow kicked into the analytics? How's the cloud play? >>Yes. So it sits on top of both. Um, so it works either with the Splunk enterprise or Splunk cloud enterprise license essentially. And then the actual architecture of it is a hybrid environment. So we have a hybrid component that's in our own host of cloud that feeds the UI. And the great thing about that is that we're able to update the product very quickly and push out updates to the customers very easily though. So, um, we first announced it back in may of this year and have added additional functionality as part of COF and it did come out of customers and then seeing the opportunity with the machine data. So, um, there are a lot of great stories that we've had historically. I think Dubai airports, you can see some different stories of for pupil piece, the journey together. And so out of those conversations bore was the idea was >>every product line has a list that didn't make the cut on the product is called the roadmap is also new things. What are some of the things that you see big picture areas that you're going to focus in on to extend out the capabilities and value of the product? >>You really see the product evolving the same way that you see a lot of the portfolio for all. So Doug has talked a lot about investigate, monitoring and analyzing and act, right. And so those same concepts apply into how you think about a process as well. So right now we're really helping the investigation and monitoring, but we'll also continue to extend across that spectrum of time. Yeah, definitely in how we've built the product. But also, um, I think it can sit alongside some of the other things that you're also seeing in that realm. >>Final question for you. For people that are watching that couldn't make the conference, what's the biggest, biggest story here for dotcom this year? How would you, >>I mean overall I really think it is our data to everything message that we're discussing. Um, I think today you can really see how we apply in all of these vast areas and really the power of being able to have access and make that data actionable and do something with it. Thank you so much. It's so nice to be with you today. >>John Barry here in the cube coverage here in Las Vegas with dotcom Splunk's annual conference. It's their 10th year, March 7th year covering them. We'll be right back with more day to coverage after this show. >>Right.