>>Welcome to the Cubes Coverage of Splunk.com 2021. My name is Dave Atlanta and the Cube has been covering.com events since 2012 and I've personally hosted many of them. And since that time we've seen the evolution of Splunk as a company and also the maturation in the way customers analyzed, protect and secure their organizations, data and applications. But the forced march to digital over the past 19 months has brought more rapid changes to sec UP teams than we've ever seen before. The adversary is capable. They're motivated and they're deploying very sophisticated techniques that have pressured security pros like never before. And with me to talk about these challenges and how Splunk is helping customers respond as jane wang is the vice president of security products that Splunk jane. Great to have you on the cube. Thanks for coming on. >>Very nice to meet you. Thank you for having me. >>You're very welcome. So how d how can you think about or how do you think about the fact that the imperative to accelerate digital transformation has impacted security teams? How has it impacted sec ops teams in your view? >>Yeah. Well, just going back to our customers and what I've learned from all the customer conversations I have every every week many of our customers are under a massive digital transformation. They're moving to the cloud and the cloud opens up more attack surface, more attack work surface, there's more threats that come over cloud, new workspaces to attack services, new api is to manage secure and protect and our customers are really struggling to gain the visibility they need to really manage and secure across all that infrastructure. >>Yeah. And we've also seen the whole, obviously the work from home trend, the hybrid work movement, you know, people aren't set up for that. I mean, you remember people were ripping out literally ripping out desktops and bringing them home and you know, the home network had to be upgraded. So lots of changes there. And we've we've talked a lot in the cube jane about the fragmentation of tooling and the lack of qualified talent when we talked to see. So as you ask him, the number one problem, I can't get, I can't hire enough talent in the field of of cybersecurity. So I wonder if you can address how this has made it more difficult for security teams to maintain end to end visibility across their environments. What's the fundamental challenge there? >>Yeah, well you're really you're really nailing this. The fundamental challenges that many security products are not built to integrate seamlessly with one another. When I'm talking to customers, their frontline security operations teams often have 30 different consoles open on their monitor at one time and there really manual disjointed processes, the copying and pasting hash names and iP addresses from one consults the other. It slows them down. It really slows them down in protecting those threats. So because those products aren't assigned to integrate together and all that data from each of those security tools isn't brought into one place. It just exacerbates the challenge for security operations seems makes their job really, really hard to do. Which takes time. It takes time. It makes it harder to detect and respond to threats quickly and today more than ever we need to be able to detect and respond to threats quickly. >>Yeah, I do a weekly program called Breaking Analysis and once a quarter I look at the cyberspace and I use a chart to emphasize this complexity. It's it's a from a company called operative, I don't know if you've ever seen it but it's this eye chart, it's this taxonomy of the security landscape and it's mind blowing how much complexity there is. So how to Splunk help organization organizations address these challenges. >>Yeah, so I think bringing, we have one security operations platform cloud native cloud delivered. There are many parts of being able to streamline workflows for when you're first detect a threat or a potential threat right through to when teams close and immediate that threatened the changes in their environment to ensure they're protected. So the whole thing is helping security teams detects faster, investigate faster and respond faster to threat. There are four parts to that in our security operations, platform Splunk security cloud. The first one is advanced security analytics. So the nature of threats is evolving. They're becoming more sophisticated. We have very smart, well funded Attackers whose day job who spend all their time trying to break into organizations. So you need really advanced security analytics to detect those threats, then we need to automate security operations so that it's not so manual, so you don't have poor folks sitting in front of multiple consoles doing manual tasks to respond to those threats and make sure their organizations are protected. One key thing is that this year Splunk acquired true Star so that we can bring in d do rationalize multiple sources of threat intelligence and apply that threat intelligence both to our analytics and our operations so that you have broader insights from the security community outside Splunk and that intelligence can really help and speed both detection and response. And the last thing that's been true about Splunk since spunk became Splunk many many years ago is that we are committed to partners and we deeply integrate with many other security tools uh in a very seamless way. So whatever investments customers have made within their security operations center, we will integrate and bring together those tools in one workspace. So there's the big advantages I think you get when, when you run your security operations said transplant security cloud, >>that's a nice little description. And having followed Splint for so many years, it's sort of, it tracks the progression of your ascendancy. You know, you started you you we we used to have log analytics that were just impossible. You sort of made that much easier took that to advanced kind of use big data techniques even though Splunk really never used that term. But but you were like the leader and big data um in terms of being able to analyze um uh data to help remediate issues. The automation key is p pieces key the acquisitions. You've made a very interesting um you mentioned around de doop threat intelligence but also you've done some cool stuff in the cloud and we always used to say jane watch for the ecosystem. We early too early, you know, last decade we saw you as a really hot company. We said one of the keys to your growth is going to be the ecosystem. And you've you've clearly made some progress there. I wonder if you could tell us more About the announcements that you're making here at.com. >>Yeah. Well we're going back everything that we do on the security team, every line of code every engineer writes is all around helping detect, investigate and respond faster to really secure organizations. So if I look at those intern I start with faster time to detect what have we done. So bringing in the threat intelligence that I mentioned again, that's really gonna help to take new threats and to take them really, really quickly. You don't have to spend time going and looking manually at external sources of threat intelligence. It will be brought right in to enterprise security at your fingertips. So that that's pretty huge. We're bringing other more advanced content right into our stem enterprise security. So that will help detect threats that our research team sees as emerging again. This is going to just bring bring that intelligence right to customers where they work every day, um faster time to investigate. So this is this is really exciting uh back in november we reduced and we are really something called risk based alerting. That is an amazing new capability that we've iterated on ever since. And we have more iterations that we're announcing um tomorrow actually. And so risk based alerting pulls together what may have been single atomic alerts that can often be overwhelming to a sock brings those together into one overarching alert that helps you see the whole pattern of an attack, the whole series of things that happened over time. That might be an attack on your organization. One customer told us that that reduced the time it took for them to do an investigation from eight hours down to 10 minutes to really helping faster time to investigate. And then the next one is faster time to respond. So we have a new visual playbook editor for our sore security orchestration and response to which is in the cloud but also available on prayer. But that new visual playbook editor really reduces the need for custom code. Makes playbooks more modular, so it can help anyone in the security operations team respond to threats really, really quickly. So faster time to detect, investigate and respond those are, those are really cool for us. And then there's some exciting partnerships that I want to talk about just to really focus on reducing the burden of all those disparate tools on consoles and bringing them down and and integrating them together. So we'll have some announcements. There are new integrations that we're releasing with Mandiant Aziz scalar and detects. I'm personally very excited about a fireside chat that Kevin Mandia, the Ceo and president of Mandiant, we'll be having tomorrow with our Ceo Doug merit. So those are some of the things we're announcing. It's a big year for security. Very excited >>to tell you that's, that's key. I want to just kind of go through and follow up on some of the faster time to detect with the threat intelligence. That's so important because we read about how long it takes sometimes for for organizations to even find out that somebody has infiltrated their environment. This risk based learning, it sounds like and you're so right, it's like paper cuts having a bottoms up analysis. It's almost overwhelming. You don't have a sense as to really where the focus should be. So if you can have more of a top down, hey start here and sort of bucket ties things. It's gonna, it's gonna accelerate and then the faster response time. The thing that strikes me jane with your visual playbook editor is as you well know, the the way in which bad guys get in now they're very stealthy, you almost have to be stealthy in your response. So if you have to write custom code that's going to alert the bad guys that they're they're seeing now seeing code that they've never seen before, they must have detected us and then they escalate, you know, they get you in a harder, tighter headlock. Uh and I love the partnerships, you know, we, we followed the trend toward remote security. Cloud security, where's the scale is a big player, Amanda you mentioned. So that's that's great too. I mean it feels like the puzzle pieces are coming together. It's it's almost like a game of constant, you know, you're never there but you've got to stay vigilant. >>I really think so today. I mean it's been a great 12 months that's blank. We have done so much over the past year leading up to this.com. I'm very excited to talk to folks about it. I think one thing I didn't really mention that I kind of touched on earlier in the talk that we're having was around cloud security monitoring. So holistic cloud security monitoring. We've got some updates there as well with deeper integrations into G C P A W S Azure, one dr SharePoint box net G drive. Like customers are using many, many cloud services today and they don't have a holistic view across all those services I speak to see so every week that tell me they just really need one view. Not to go into each of those cloud service providers or cloud services, one at a time to look at the security posture, they need that all in a central location. So we normalize, we ingest and normalize data from each of those cloud services so you can see threats consistently across each of them. I think that's really, really something different that Splunk is doing um that other security offerings are not doing. >>I think that's a super important point and I do hear that a lot from CsoS where they say look we have so many different environments, so many different tools and they each have their own little framework so we have to go in and and investigate and then come back out and then our teams have to go into a new sort of view and come back out and and they just run out of time and they just don't again, lack of lack of skills to actually do this, can't hire half fast enough, can't train fast enough. So so that higher level view but still the ability to drill down and understand what those root causes. That's it's a it's a it's a top down bottoms up type of approach and and so as opposed to just throwing grains of sand at the second teams and then hoping, you know, they find the pearl, so jane, I'll give you the last word, Maybe some final thoughts. >>No, I just wanted to thank everyone for listening. I want to thank everyone for joining dot com 21. We're very excited to hear from you and speak with you. So thank you very much. >>Excellent. Great having you in the cube, keep it right there, everybody for more coverage of the cube. Splunk dot com 21. We'll be right back, >>Yeah.