>> From San Francisco, it's theCUBE covering Sumo Logic Illuminate 2018. (techy music) Now here's Jeff Frick. >> Hey, welcome back, everybody. Jeff Frick here with theCUBE. We're at the Hyatt Regency, San Francsico International Airport in Burlingame. It's Sumo Logic Illuminate 2018, about 600 people, I think it's three times bigger than the conference last year, it's growing really fast. They got a really interesting thing going on with kind of the silent disco. All the sessions are in one room, everybody's got different headphones on so you can listen to any session. I've never, never seen that before, but we're excited to have a partner of theirs on a big announcement today. He's Eldon Sprickerhoff, the founder of eSentire, welcome. >> Jeff, great to be here. >> Absolutely, so you guys had a big announcement today, what was your big announcement? >> So, we have formally partnered with Sumo Logic to work on, so extend our visibility into native applications, cloud, and everything within a hybrid security. >> Okay, so let's back up a little bit for folks-- >> Sure. >> That aren't familiar with eSentire, what are you guys all about, how long have you been around, what's your core business? >> Sure, so we're a manage, detection, and response firm. So, basically we're looking at the attacks that made it through all the infrastructure that was currently in place. You know, firewalls and web application firewalls, and everything that you put in place, and I used to call it embedded incident response, but the idea is to hunt for the attacks as they're going on, so time is a very, you know, of the essence to detect these attacks and shoot them down. We've been in business for, it's almost 17 years. So, it was in 2001, and this is, you know, the biggest thing was, at the time, to have full visibility into attacks, be able to play back attacks, to be able to build our own threat intelligence, and so on. This is, so you know, over 15 years worth of this kind of practice and process put into place, it's something that was very revolutionary at the time and the market is just sort of catching up to it now. >> Right, right, now the other thing that of course changed significantly since 17 years ago was public cloud and the adoption of public cloud, private cloud, hybrid cloud, so how has that really changed your market? Was that a great new opportunity? I assume your original solution was on-prem >> Yep. >> Suddenly now all these workloads are moving to the proud, so how did you, or cloud, how did you guys respond to that? >> You know, so we know that, again, logging is a very important piece of getting full visibility into attacks that are going on in the network. The move into the cloud, of course, it's inevitable. You know, it's never going to be stopped, and it's something where we had a chance to sit back and we said, "Look, we recognize "that there's a need for this kind of visibility. "We don't want to build it ourselves." Some of our strength has come from building up the data analytics, and so on, that you'll, from the various signals that we get-- >> Right. >> What we're going to end up doing, you know, rather than building it ourselves, let's find the partner that can do it the best and see what is the most complementary to our methodology and our process, and so we looked at about a dozen different firms that offered this kind of thing and went with Sumo Logic as a result. You know, one of the biggest pieces was even, you know, a lot of our clients are in the mid-size market. They're not as necessarily enthusiastic about moving to cloud, although pretty much everybody has some kind of hybrid piece there. Even our most, you know, anti-cloud clients said, you know, basically in five years 70% plus of our apps and our workload will be in the cloud, but they're not in any necessarily in a rush to get there. >> Right, right. >> So, again, this was a realization that it's not going to go away. We need to find a partner that, again, works best with our sort of data analytics pipeline and the same kind of thought process behind that, and you know, not being hampered by the... You know, necessarily being on-prem, and that was, again, that was why we eventually-- >> Right. >> We went with Sumo Logic. >> So, how's your business changed fundamentally in this kind of hybrid cloud world? We also have all this crazy, you know, API economy, everything is connected to everything else, and then you've got this kind of interesting attribute of many cloud workloads, which is they don't last very long, or they change very, very quickly. They blow up, they come down, they're turned on, they turn off. How has that impacted the way you guys get your work done? >> So, you know, we're very comfortable with ephemeral workloads and attacks, but the idea of being, again, being able to respond very quickly to threats, even, you know, given servers that are, again, very short-lived, makes it even more important that the data that we pull from our existing clients and other vectors, you know, such as, you know, indicators of compromise or indicators of concern, that we can move very quickly, that we don't have the luxury of, you know, the next day getting analysis-- >> Right. >> Or sort of a nine-to-five sort of analysis and response window. That shrinks the windows even down further. >> Right, so the other thing that's pretty interesting... You know, you just said you've got like 15, 18 years worth of data. How much of that can you use to build machine learning and AI to see, you know, kind of patterns, things you've seen before, and to build some of that intelligence behind... I always think of the poor guy that rips off a bank for the first time, right? >> Right. >> It's his first time, he needed some cash, he got stupid and went in and grabbed... >> Right. >> But the policeman has seen that thing, (chuckles) you know-- >> And methodology-- >> A thousand times, right? >> Right, right right, right, yeah. >> He knows exactly where to look. He knows right where the bodies are buried, so I would imagine you've got a tremendous amount of insight that you guys can leverage in your own kind of threat detection and threat analysis. >> Yeah, yeah, that's exactly... So, you know, my role as the chief innovation officer is to drive value out of the data that we've gathered, and we've, you know, again, when we have, you know, petabytes across our client base of stored data, whether it's attack data or metadata. I said, "There's a lot of gold in them "thar hills." >> Right, right. >> And you know, part of it is do we have the right tooling to be able to access and use that data? What kind of inferences can we make from things we've seen before? So, you know, sort of like the broken windows methodology so that you expect that a certain neighborhood will be, is more likely to be attacked, and so on. So, it's a very exciting time to be in this space, right? >> Right. >> And again, given the, you know, almost 17 years worth of data and knowledge and process, I think we have a headstart against our competitors, our, you know, would-be competitors, and having access to this data and sort of the tooling to access this data that we're getting from Sumo Logic, is going to be critical in our success. >> Right, so don't share any trade secrets, but I'm curious how the strategies for the bad guys have evolved when they know that a significant amount of what they're going after sits in a public cloud that's got a whole nother layer of security and infrastructure that's been put in place by Azure or AWS or GCP. >> Yep. >> How has that changed the way that they attack those opportunities, and then how has that impacted your business and what you're doing about it? >> You know, so there's a lot of sort of interesting use cases, edge cases, that come out of this. Some of the things that we've seen that are, again, sort of challenges will be that there's attackers that have gotten quite a bit more sophisticated, and rather than going off into sort of edge cases, like one by one attacks that they go up a level and they're attacking the infrastructure themselves. So, you know, we're seeing cases where... Even this year we discovered an attack against a management of endpoint solutions, so it's of packaging of software that goes out into endpoints, and they attacked that vendor in the cloud themselves, so that was hosted, you know, a hosted solution that you would not necessarily have seen unless you were looking for some very unusual characteristics, and this is not your, you're not going to get that from the public cloud. You know, given that shared model in a cloud, you're responsible for a good portion of the infrastructure that you support. >> Right. >> It requires, it means that you have to get past sort of things like well known signatures and you really have to focus on more of the unusual behavior, build up a baseline, and then be able to dig deep into the attack vectors, and you know, every single part of the layer that, you know, whether it, not just sort of IP addresses that are bad, but it's... It requires, again, as more visibility in places that you may not necessarily have visibility. You know, so every cloud vendor that, you know, that is, especially the big three, they're ramping up their, the data that's available. >> Right. >> So, I think AWS still leads with, you know, a lot of things with Macy recently from the machine learning piece, so they're trying to give more visibility, and what you do with that data is what's critical. >> Right. >> Once you, you know, once they give you that visibility, what can you do with that data? Can you rapidly make decisions on it and be able to push that out across a complete client base? >> Right, so I'd love to get your perspective again, you've been doing this for a long time, on kind of the change of the landscape from the kid hacker who's going to go in and change his grade from a C to a B-- >> Yep, yep. >> Or he's playing games or he wants to put some splashy page up. >> Right. >> So, now, you know, state sponsored hackers, which you know are much more strategic, much better resourced, much more sophisticated. You know, how have you seen that kind of evolve and how has, are you and the industry been responding directly to that? >> Yeah, so we've seen, again, some really incredible nation state attack vectors. You know, some of the most sophisticated tooling that you can imagine we've seen from... And it's difficult, often, to be able to say that's absolutely nation state, right? Attribution is always tough-- >> Right. >> And I'm loathe to do this. There are cases that, you know, across our client base, that we have seen attacks that were so sophisticated and with a purpose, like a very fine purpose. They only could've been from nation state. It is the most, you know, without having to go out on a limb at all. >> Right. >> It just makes sense, and so it is incredible how determined and how well-tooled these attack vectors are. >> Right. >> And this is, this is not hyperbole, I'm a zero hyperbole guy. >> Right, right. And I assume the safe assumption, probably the good working assumption just like no-trust networking, is you're going to get breached somehow, some way, sometime. >> Yep, yep. >> And it's really about identifying it, responding to it, shutting it off, and trying to keep that window closed for the next time around. >> You know, I even go so far as to say it's not a question of when, like you are. >> Right, you are, they're already in, right? You just haven't found them yet. (laughs) >> Somebody, yeah, somebody, whether it's an external vector, you know, or an insider, there's, you know... The odds are good if you are of any reasonable size, there's somebody who's doing something they should not. >> Right, right, all right, so last question. >> Yeah. >> We were just at AT&T Spark's event earlier this week talking about 5G, right, and 5G is coming. They did their first call, AT&T's rolling out to all these cities. >> Right. >> So, 5G and IoT and industrial IoT are suddenly going to multiply your threat-- >> Attack base, yep. >> Attack base by orders of magnitude. What are, you know, kind of what are some of your thoughts as an industry veteran, how are you preparing for that? Do people really understand what's coming down the pike with 5G? I don't think they do. >> Not at all, not at all. (laughs) You know, when we're talking about, again, the biggest things that we're working on right now are how do we deal with scale and visibility of signals, so you know, a lot of systems do a great job of generating signals, but they're not necessarily equipped to deal with the response piece, and that's, those are some of the challenges that we're dealing with. How do you deal with the increased in scale and increase of vector, of number of vectors, attackers, and the size of the attack space themselves. >> Crazy, crazy stuff coming. (laughs) >> It's a great time to be in this industry. >> That's true, all right, Eldon, well, congrats on the announcement and thanks for taking a few minutes with us today. >> Thank you very much. >> All right, he's Eldon, I'm Jeff, you're watching theCUBE. We're at Sumo Logic Illuminate 2018, thanks for watching. (techy music)