>>Good afternoon everyone, and welcome back to Cuan where my cohost John Farer and I are broadcasting live, along with Lisa Martin from Cuan Detroit, Michigan. We are joined this afternoon by two very interesting gentlemen who also happen to be legends on the cube. John, how long have you known the next few? They've, >>They've made their mark on the cube with Jerry Chen from Greylock was one of our most attended cube guests. He's a VC partner at Greylock and an investor and this company that just launched their new cloud observability platform should be a great segment. >>Well, I'm excited. I are. Are you excited? Should I string this out just a little bit longer? No, I won't. I won't do that to you. Please welcome Martin and Jeff from Chronosphere Martin. Jeff, thank you so much for being >>Here. Thank you for having us. Thank you. >>I noticed right away that you have raised a mammoth series C. Yeah. 200 million if I'm not mistaken. >>That is correct. >>Where's the company at? >>Yeah, so we raised that series C a year ago. In fact, we were just talking about it a year ago at Cub Con. Since then, at the time we're about 80 employees or so. Since then, we've tripled the headcount, so we're over 200 people. Casual, triple casual, triple of the headcount. Yeah. Luckily it was the support of business, which is also tripled in the last year. So we're very lucky from that perspective as well. And a couple of other things we're pretty proud of last year. We've had a hundred percent customer retention, which is always a great thing to have as a SaaS platform there. >>Real metric if you've had a hundred percent. I'm >>Kidding. It's a good metric to, to put out there if you had a hundred percent. I would say for sure. It's an A for sure and exactly welcome to meet >>Anyone else who's had a hundred percent >>Customer attention here at coupon this week and 90% of our customers are using more of the service and, and you know, therefore paying more for the service as well. So those are great science for us and I think it shows that we're clearly doing something right on the product side. I would say. And >>Last and last time you're on the cube. We're talking about about the right data. Not so much a lot of data, if I remember correctly. Yeah, a hundred percent. And that was a unique approach. Yeah, it's a data world on relative observability. And you guys just launched a new release of your platform, cloud native platform. What's new in the platform? Can you share an update on what you guys release? >>Yeah, well we did and, and you, you bring up a great point. You know, like it's not just in observably but overall data is exploding. Alright, so three things there. It's like, hey, can your platform even handle the explosion of data? Can it control it over time and make sure that as your business grows, the data doesn't continue explode at the same time. And then for the end users, can they make sense of all this data? Cuz what's the point of having it if the end users can't make sense of it? So actually our product announcement this time is a pretty big refresh of, of a lot of features in our, in our platform. And it actually tackles all three of these particular components. And I'll let Jeff, our head of product, Doug, >>You, you run product, you get the keys to the kingdom, I do product roadmap. People saying, Hey this, take this out. You're under a lot of pressure. What makes the platform platform a great observability product? >>So the keystone of what we do that's different is helping you control the data, right? As we're talking about there's an infinite amount of data. These systems are getting more and more and more complicated. A lot of what we do is help you understand the utility of the telemetry so that you can optimize for keeping and storing and paying for the data that's actually helpful as opposed to the stuff that isn't. >>What's the benefit now with observability, with all the noise out in the marketplace, there's been a shift over the past couple years. Cloud native at scale, you're seeing a lot more automation, almost a set to support the growth for more application development. We had a Docker CEO on earlier today, he said there are more applications being deployed in the past year than in the history of open source. So more and more apps are being deployed, more data's being generated. What's the key to observability right now that's gonna separate the winners from the losers? >>Yeah, I think, you know, not only are there more applications being deployed, but there are smaller and small applications being deployed mostly on containers these days more than if they, hence this conference gets larger and larger every year. Right? So, you know, I think the key is a can your system handle this data explosion is, is the first thing. Not only can it handle the data explosion, but you know, APM solutions have been around for a very long time and those were really introspecting into an application. Whereas these days what's more important is, well how is your application interfacing with every other application in your distributed architecture there, right? So the use case is slightly different there. And then to what Jeff was saying is like once the data is there, not only making use of what is actually useful to you, but then having the end user make sense of it. >>Because we, we, we always think about the technology changes. We forget that the end users are different now we used to have IT operations team operating everything and the developers would write the application, just throw it over the wall. These days the developers have to actually operate this thing in production. So the end users of these systems are very different as well. And you can imagine these are folks, your average developer as maybe not operated things for many years in production before. So they need to, that they need to pick up a new skill set, they need to use new tooling in order to, to do that. So yeah, it's, it's, >>And you got the developer persona, you got a developer that's building products for builders and developers that are building products to be consumed. So they're not, they're not really infrastructure builders, they're just app developers. >>Exactly. Exactly. That's right. And that's what a lot of the new functionality that we're introducing here at the show is all about is helping developers who build software by day and are on call by night, actually get in context. There's so much data chances of when that, when one of those pages goes off and your number comes up, that the problem happens to be in the part of the system that you know a lot about are pretty low, chances are you're gonna get bothered about something else. So we've built a feature, we call it collections that's about putting you in the right context and connecting you into the piece of the system where the problem is to orient you and to get you started. So instead of waiting through, through hundreds of millions of things, you're waiting through the stuff that's in the immediate neighborhood of where the >>Problem is. Yeah. To your point about data, you can't let it go unchecked. That's right. You gotta gotta understand that. And we were talking about containers again with, again with docker, you know, nuance point, but oh, scan your container. But not everyone's scanning the containers security nightmare, right? I mean, >>Well I think one of the things that I, I loved in reading the notes in preparation for you coming up is you've actually created cloud native observability with the goal of eliminating engineering burnout. And what you're talking about there is actually the cognitive burden of when things happen. Yeah, for sure. We we're, you know, we're not just designing for when everything goes right, You need to be prepared for when everything goes wrong and that poor lonely individual in the middle of the night has, it's >>A tough job. >>Has to navigate that >>And, and observability is just one thing you gotta mean like security is another thing. So, so many more things have been piled on top of the developer in addition to actually creating the application. Right? It is. There is a lot. And you know, observably is one of those key things you need to do your job. So as much as, as much as we can make that easier, that's a better bit. Like there are so many things being piled on right now. >>That's the holy grail right there. Because they don't want to be doing exactly >>The work. Exactly. They're not observability experts. >>Exactly. And automating that in. So where do you guys weigh in on the automation wave? Everything's automation. Yeah. Is that kind of a hand waving or what's going on? What's the reality? What's actually happening? >>Yeah, I think automation I think is key. You hear a lot of ai ml ops there. I, I don't know if I really believe in that or having a machine self heal itself or anything like that. But I think automation is key because there are a lot of repeatable tasks in a lot of what you're doing. So once you detect that something goes wrong, generally if you've seen it before, you know what the fix is. So I think automation plays a key on the sense that once it's detected again the second time, the third time, okay, I know what I did the previous time, let, let's make sure we can do that again. So automation I think is key. I think it helps a lot with the burnout. I dunno if I'd go as far as the >>Same burnout's a big deal. >>Well there's an example again in the, in the stuff we're releasing this week, a new feature we call query accelerator. That's a form of automation. Problem is you got all this data, mountain of data, put you in the right context so you're at least in the right neighborhood, but now you need to query it. You gotta get the data to actually inform the specific problem you're trying to solve. And the burden on the developer in that situation is really high. You have to know what you're looking for and you have to know how to efficiently ask for it. So you're not waiting for a long time and >>We >>Built a feature, you tell us what you want, we will figure out how to get it for you efficiently. That's the kind of automation that we're focused on. That's actually a good service. How can we, it >>Sounds >>Blissful. How can we accelerate and optimize what you were gonna do anyway, rather than trying to read your mind or predict the future. >>Yes, >>Savannah, some community forward. Yeah, I, I'm, so I'm curious, you, you clearly lead with a lot of empathy, both of you and, and putting your, well you probably have experience with this as well, but putting your mind or putting yourself in the mind to the developer are, what's that like for you from a product development standpoint? Are you doing a lot of community engagement? Are you talking to developers to try and anticipate what they're gonna be needing next in terms of, of your offering? Or how has that work >>For you? Oh, for sure. So, so I run product, I have a lot of product managers who work for me. Somebody that I used to work with, she was accusing me, but what she called, she called me an anthropologist of a product manager. I >>Get these kind of you, the very good design school vibes from you both of you, which >>Is, and the reason why she said the way you do this, you go and you live with them in order to figure out what a day in their life is really like, what the job is really like, what's easy, what's hard. And that's what we try to aim at and try to optimize for. So that's very much the way that we do all of >>Our work. And that's really also highlights the fact that we're in a market that requires acute realtime data from the customer. Cause it's, and it's all new data. Well >>Yeah, it's all changing. The tools change every day. I mean if we're not watching how, and >>So to your point, you need it in real time as well. The whole point of moving to cloud native is you have a reliable product or service there. And like if you need to wait a few minutes to even know that something's wrong, like you've already lost at that point, you've already lost a ton of customers, potentially. You've already lost a ton of business. You know, to your point about the, the community earlier, one other thing we're trying to do is also give back to the community a little bit. So actually two days ago we just announced the open source of a tool that we've been using in our product for a very long time. But of course our product is, is a paid product, right? But actually open source a part of that tool thus that the broader community can benefit as well. And that tool which, which tool is that? It's, it's called Prom lens. And it's actually the Prometheus project is the open sourced metrics project that everybody uses. So this is a query builder that helps developers understand how to create queries in a much more efficient way. We've had in our product for a long time, but we're like, let's give that back to the community so that the broader community of developers out there can have a much easier time creating these queries as well. What's >>Been the feedback? >>We only now it's two days ago so I'm not, I'm not exactly sure. I imagine >>It's great. They're probably playing with it right now. >>Exactly. Exactly. Exactly. For sure. I imagine. Great. >>Yeah, you guys mentioned burnout before and we heard this a lot now you mentioned in terms of data we've been hearing and reporting about Insta security world, which is also data specific observability ties right into security. Yep. How does a company figure out, first of all, burnout's a big problem. It's more and more data coming. It's like, it's like doesn't stop and the breaches are coming too. How does a company know when they need that their observability strategy is broken? Is there sig signs of you know, burnout? Is there signs of breaches? I mean, what are some of the tell signs that if I'm a CSO I go, you know what, maybe I should check out promisee. When do, when do you guys match in and go we're a perfect fit to solve that problem? >>Yeah, I, I would say, you know, because we're focused on the observability side, less so on the security side, some of those signals are like how many incidents do you have? How many outages do you have? What's the occurrence of these things and how long does it take to recover from from from these particular incidents? How >>Upsetting are we finding customers? >>Upsetting are >>Customer. Exactly. >>And and one trend was seeing >>Not churn happening. Exactly. >>And one trend we're seeing in the industry is that 68% of companies are saying that they're having more incidents over time. Right. And if you have more incidents, you can imagine more engineers are being paid, are being woken up and they're being put under more stress. And one thing you said that very interesting is, you know, I think generally in the observability world, you ideally actually don't want to figure out the problem when it goes wrong. Ideally what you want to do these days is figure out how do I remediate this and get the business back to a running state as quickly as I can. And then when the business isn't burning, let me go and figure out what the underlying root cause is. So the strategy there is changed as well from the APM days where like I don't want to figure out the problem in real time. I wanna make sure my business and my service is running as it should be. And then separately from that, once it is then I wanna go >>Under understand that assume it's gonna happen, be ready to close that isolate >>The >>Fire. Exactly. Exactly. And, and you know, you can imagine, you know the whole movement towards C I C D, like generally when you don't touch a system, nothing goes wrong. You deploy change, first thing you do is not figure out why you change break thing. Get that back like underplay that change roll that change back, get your business back to a estate and then take the time where you're not under pressure, you're not gonna be burnt out to figure out what was it about my change that that broke everything. So, yeah. Got >>It. >>Well it's not surprising that you've added some new exciting customers to the roster. We have. We have. You want to tell the audience who they might >>Be? Yes. It's been a few big names in the last year we're pretty excited about. One is Snapchat, I think everybody knows, knows that application And one is Robin Hood. So you know, you can imagine very large, I'll say tech forward companies that have completed their migrations to, to cloud native or a wallet on their way to Cloudnative and, and we like helping those customers for sure. We also like helping a lot of startups out there cause they start off in the cloud native world. Like if you're gonna build a business today, you're gonna use Kubernetes from day one. Right? But we're actually interestingly seeing more and more of is traditional enterprises who are just early, pretty early on in their cloudnative migration then now starting to adopt cloud native at scale and now they're running to the same problems. As well >>Said, the Gartner data last year was something like 85% of companies had not made that transformation. Right. So, and that, I mean that's looking at larger scale companies, obviously >>A hundred, you're >>Right on the pulse. They >>Have finished it, but a lot of them are starting it now. So we're seeing pilot >>Projects, testing and cadence. And I imagine it's a bit of a different pace when you're working with some of those transforming companies versus those startups that are, are just getting rolling. I >>Love and you know, you have a lot of legacy use case you have to, like, if you're a startup, you can imagine there's no baggage, there's no legacy. You're just starting brand new, right? If you're a large enterprise, you have to really think about, okay, well how do I get my active business moved over? But yeah. >>Yeah. And how do you guys see the whole cloud native scale moving with the hyper scales? Like aws? You've got a lot of multi-cloud conversation. We call it super cloud in our narrative, but there's now this new, we're gonna get some of common services being identified. We're seeing a, we're seeing a lot more people recognize and with Kubernetes that hey, you know what, you could get some common services maybe across clouds with SOS doing storage. We got Min iOS doing some storage. Yeah. Cloud flare, I mean starting to see a lot more non-hyper scale systems. >>Yeah, I mean I, and I think that's the pattern there and I think it, it's, especially for enterprise at the top end, right? You see a, a lot of companies are trying to de-risk by saying, Hey, I, I don't want to bet maybe on one cloud provider, I sort of need to hedge my bets a little bit. And Kubernetes is a great tool to go do that. You can imagine some of these other tools you mentioned is a great way to do that. Observability is another great way to do that. Or the cloud providers have their observability or monitoring tooling, but it's really optimized just for that cloud provider, just for those services there. So if you're really trying to run either your custom applications or a multi-cloud approach, you really can't use one cloud providers solution to go solve that problem. Do you >>Guys see yourselves with that unifying >>Layer? We, we, we are a little bit as that lay because it's agnostic to each of the cloud providers. And the other thing is we actually like to understand where our customers run and then try to run their observability stack on a different cloud provider. Cuz we use the cloud ourselves. We're not running our own data centers of course, but it's an interesting thing where everybody has a common dependency on the cloud provider. So when us e one ofs hate to call them out, but when us E one ofs goes down, imagine half the internet goes down, right? And that's the time that you actually need observability. Right? Seriously. And every other tooling there. So we try to find out where do you run and then we try to actually run you elsewhere. But yeah, >>I like that. And nobody wants to see the ugly bits anyway. Exactly. And we all know who when we're all using someone when everything >>Exactly. Exactly, exactly. >>People off the internet. So it's very, I, I really love that. Martin, Jeff, thank you so much for being here with us. Thank you. What's next? What, how do people find out, how do they get one of the jobs since three Xing your >>Employee growth? We're hiring a lot. I think the best thing is to go check out our website chronosphere.io. You'll find out a lot about our, our, our careers, our job openings, the culture we're trying to build here. Find out a lot about the product as well. If you do have an observability problem, like that's the best place to go to find out about that as well. Right. >>Fantastic. Well if you want to join a quarter billion, a quarter of a billion dollar rocket ship over here and certainly a unicorn, get in touch with Martin and Jeff. John, thank you so much for joining me for this very special edition and thank all of you for tuning in to the Cube live here from Motor City. My name's Savannah Peterson and we'll see you in a little bit. >>Robert Herbeck. People obviously know you from Shark Tanks, but the Herbeck group has been really laser focused on cyber security. So I actually helped to bring my.

(upbeat music) >> Narrator: Live from Las Vegas, it's theCUBE, covering Splunk .Conf19. Brought to you by Splunk. >> Welcome to theCUBE everybody, we're here in Las Vegas for Splunk's .Conf, I'm John Furrier, host of theCUBE, here with Lisa Martin for the next three days. Lisa will be here tomorrow and the next day. I'm going to be carrying it solo, this is our seventh year .Conf, Splunk's conference celebrating their 10th year. Our first guest is Melissa Zicopula, vice president of managed services of Herjavec Group. Robert's been on before, welcome to theCUBE. >> Thank you. >> I always get that, Herjavec? >> Herjavec Group. >> Herjavec Group. >> Happy to be here. >> Well known for the Shark Tank, but what's really interesting about Robert and your company is that we had multiple conversations and the Shark Tanks is what he's known for in the celebrity world. >> Melissa: Yes. >> But he's a nerd, he's a geek, he's one of us! (laughing) >> He's absolutely a cyber-security expert in the field, yes. >> So tell us what's going on this year at .Conf obviously security continues to be focus you guys have a booth here, what's the message you guys are sharing, what's the story from your standpoint? >> Yeah, so we do, Herjavec we're focusing on managed security services, where information security is all we do, focusing on 24/7 threat detection, security operations and also threat management. So, we want to be able to demo a lot of our capabilities, we're powered by Splunk, our HG analytics platform uses, heavily uses Splunk on the back end. So we want to be able to showcase for our customers, our clients, our prospects different types of use cases, different types of ways to detect malicious activity, while leveraging the tool itself. >> And data we're been covering since 2013, Splunk's .Conf, it's always been a data problem, but the data problem gets bigger and bigger, there's more volume than ever before which shifts the terms to the adversaries because ransomware is at an all time high. >> Melissa: Sure. >> Data is where the value is, but that's also where the attack vectors are coming from. This isn't going away. >> Absolutely, yeah, we want to focus on not just what type of data you're ingesting into your instance but to also understand what types of log sources you're feeding into your sim today. So we have experts actually focus on evaluating the type of log sources we're bringing in. Everything from IPS, to AV, to firewall you know, solutions into the sim so that way we can build use cases those, to be able to detect different types of activity. We leverage different types of methodologies, one of them is Mitre framework, CIS top 20. And being able to couple those two together it's able to give you a better detection mechanism in place. >> I want to some kind of, clarification questions because we talked to a lot of CSOs and CIOs and and CXOs in general. >> Melissa: Sure. >> The roles are changing, but the acronyms of the providers out in the market place are specializing, some have unique focuses, some have breadth, some have depth, you guys are an MSSPP. So, MSSPP, not to be confused with an MSP. Or ISV, there's different acronyms, what is the difference between an MSSPP versus an MSP? >> Melissa: Correct, so it's, we are a MSSP, which is a Managed Security Service Provider. And what we do is just, we're focused on we're very security-centric. So information, security is all we do everything from threat detection, we even have a consulting advisory role where we're actually doing penetration exams. We're PCI compliant, obviously SOC operations are the bread and butter of our service. Whereas, other MSPs, Managed Services Providers, they can do anything from architecture, network operations in that purview. So, we're focused on more of SIM solutions, endpoint, being able to manage any of your security technologies. And also, monitor them to take a fact into the SOC. >> So you guys are very focused? >> Melissa: Very focused on security. >> Then what's the key decision point for a customer to go with you guys, and what's the supplier relationship to the buyer because they're buying everything these days! >> Melissa: Sure. >> But they want to try and get it narrowed down so the right people are in the right place. >> Melissa: Yeah, so one of the great things about Herjavec Group is we are, you know, we're vendor agnostic, we have tons of experts in, you know, expertise resources that monitor, manage different types of technologies. Whether it's Splunk and other technologies out there, we have a team of people, that are very, very, you know, centric to actually monitor and manage them. >> How big is Splunk, in relative with your services? How involved are they with the scope? >> Melissa: Over 60% of our managed clients today, utilize Splunk, they're heavy Splunk users, they also utilize Splunk ES, Splunk Core, and from a management side, they're implementing them into their service. All of the CSOs and CROs or CIOs are leveraging and using it, not just for monitoring and security but they're also using it in development environments, as well as their network operations. >> So, one of the things I've been, I won't say preaching, because I do tend to preach a lot, but I've been saying and amplifying, is that tools that have come a long in the business and there's platforms and Splunk has always kind of been that, a platform provider, but also a good tool for folks. But, they've been enabling value, you guys have built an app on Splunk, the proprietary solutions. >> Absolutely. >> Could you tell me about that because this is really where the value starts to shift, where domain expertise focused practices and services, like you guys are doing, are building on someone else's platform with data, talk about your proprietary app. >> Absolutely, so we discovered, a few years ago, was that customers needed help getting to the data faster. So we were able to build in built-in queries, you know literally one click, say if you wanted to get to a statistical side of how many data sources are logging your SIM, is the data, you know, modeling complete, you know, is there anything missing in the environment or are there any gaps that we need to fill? You're able to do it by just clicking on a couple of different, you know, buttons within the tool itself. It gives you a holistic view of not just the alerts that are firing in your environment but all the data log sources that are coming into your SIM instance. It's a one stop shop. And also, what's great about it, is that it also powers Splunk ES, so Splunk ES also has similar tools and they are, literally, I mean that tool is so great you can go in, you can look at all the alerts, you can do an audit trail, you can actually do drill-down analysis, you can actually see the type of data like PCAP analysis, to get to the, you know, the type of activity you want to get to on a granular level. So, both tools do it really well. >> So you have hooks into ES, Splunk ES? >> Yes, we can actually see, depending on the instance that it's deployed on, 'cause our app is deployed on top of Splunk for every customer's instance. They're ale to leverage and correlate the two together. >> What are some of the trends in the marketplace that you're seeing with your customers? Obviously, again, volumes are increasing, the surface area of attacks is coming in it's more than log files now, it's, you got traces, you got other metrics >> Melissa: Sure. >> Other things to measure, it's almost It's almost too many alerts, what do you-- >> Yeah, a lot of KPI's. The most important thing that any company, any entity wants to measure is the MTTD, the Mean Time To Detection, and also mean time to resolve, right? You want to be able to ensure that your teams are have everything at their fingertips to get to the answer fast. And even if there's an attack or some type of breach in their environment, to at least detect it and understand where it is so they can quarantine it from spreading. >> What's the biggest surprise that you've seen in the past two years? I mean, 'cause I look back at our interviews with you guys in 2013, no 2015. I mean, the narrative really hasn't changed global security, I mean, all the core, top line stories are there, but it just seems to be bigger. What's the big surprise for you in terms of the marketplace? >> The big surprise for me is that companies are now focusing more on cyber-hygiene. Really ensuring that their infrastructure is you know, up to par, right? Because you can apply the best tools in-house but if you're not cleaning up you know, your backyard (laughing) it's going to get tough. So now we have a lot of entities really focusing and using tools like Splunk you know, to actually analyze what's happening in their environment, to clean up their back of house, I would say and to put those tools in place so they could be effective. >> You know, that's a classic story clean up your own house before you can go clean up others, right? >> Right. >> And what a trend we've been seeing in the marketplace on theCUBE and talking to a lot of practitioners is, and channel partners and suppliers is that, they tend to serve their customers, but they don't clean up their own house and data's moving around so now with the diversity of data, they've got the fabric search, they got all kind of new tools within Splunk's portfolio. >> It's a challenge, and it could be you know, lack of resources, it just means that we have you know, they don't have the right expertise in-house so they used managed security providers to help them get there. For example, if a network, if we identify the network being flat, we can identify you know, how to help them how to be able to kind of, look at the actual security landscape and what we need to do to have good visibility in their environment from places they didn't know existed. >> What's the one, one or two things that you see customers that need to do that, they aren't doing yet? You mentioned hygiene is a trend, what are some other things that that need to be addressed, that are almost, well that could be critical and bad, but are super important and valuable? >> I think now a lot of, actually to be quite honest a lot of our clients today or anyone who's building programs, security programs are getting you know, very mature. They're adopting methodologies, like Mitre Framework, CIS Top 20, and they're actually deploying and they're actually using specific use cases to identify the attacks happening in their environment. Not just from a security-centric standpoint but also from an operations side you know, you could identify misconfigurations in your environment, you can identify things that are you know, just cleaning up the environment as well. >> So, Splunk has this thing called SOAR, Security-- >> Automation. >> Orchestration Automation Recovery, resilience whatever R, I think R stands for that. How does that fit in to your market, your app and what you guys are doing? >> So it definitely fits in basically, being able to automate the redundant, mundane types of tasks that anyone can do, right? So if you think about it, if you have a security operations center with five or 10 analysts, it might take one analyst to do a task, it might take them two or three hours, where you can leverage a tool like Phantom, any type of SOAR platform to actually create a playbook to do that task within 30 seconds. So, not only are you minimizing the amount of you know, head count to do that, you're also you know, using your consistent tool to make that function make that function you know, more, I want to say enhanced. So you can build play books around it, you can basically use that on a daily basis whether it's for security monitoring or network operations, reporting, all that becomes more streamlined. >> And the impact to the organization is those mundane tasks can be demotivating. Or, there's a lot more problems to solve so for productivity, creativity, can you give some examples of where you've seen that shift into the personnel, HR side the human resource side of it? >> Yeah, absolutely so you know, you want to be able to have something consistent in your environment, right? So you don't want others to get kind of, get bored or you know, when you're looking at a platform day in and day out and you're doing the same task everyday, you might miss something. Whereas, if you build an automation tool that takes care of the low hanging fruit, so to speak, you're able to use a human component to put your muscles somewhere else, to find some you know, the human element to actually look for any types of malicious anomalies in the environment. >> How much has teamwork become a big part of how successful companies manage a security threat landscape? >> Very, very important. I mean, you're talking about leveraging different teams on the engineering side, on the operations side, even you know, coupling that with business stakeholders. You absolutely need to get the business involved so they have an understanding of what's critical to their environment, what's critical to their business, and making sure that we're taking security, obviously seriously, which a lot of companies know already, but not impeding on the operation. So doing it safely without having to minimize impact. >> Well let's just, I got to ask you this question around kind of, doing the cutting edge but not getting bled out, bleeding edge, bleeding out and failing. Companies are trying to balance you know, being cutting edge and balancing hardcore security Signal FX is a company that Splunk bought, we've been following them from the beginning. Strong tracing, great in that cloud native environment. So cloud native with micro services is super hot in areas you know, people see with Kubernetes and so on happening, kind of cutting edge though! >> Melissa: Right. >> You don't want to be bleeding edge 'cause there's some risks there too so, how do you guys advise your clients to think about cloud native with Splunk and some of the things that they're there but as the expression goes "there's a pony in there somewhere" but it's risky still, but certainly it's got a lot of promise. >> Yeah, you know, it's all about you know, everyone's different, every environment's different. It's really about explaining those options to them what they have available, whether they go on the cloud, whether they stay on-prem, explaining them from a cost perspective, how they can implement that solution, and what the risks are involved if they had and how long that will take for them to implement it in their environment. >> Do you see a lot of clients kicking the tires in cloud native? >> A lot of customers are migrating to cloud. One, because they don't have to keep it in a data warehouse, they don't have to have somebody manage it, they don't have to worry about hardware or licenses, renewals, all that. So, it's really easy to spin up a you know, a cloud instance where they can just keep a copy of it somewhere and then configure it and manage it and monitor it. >> Melissa, great insight, and love to have you on theCUBE, I got to ask you one final question >> Melissa: Sure. >> As a, on a personal note well, personal being you're in the industry you know, I hear a lot of patterns out there, see a lot of conversations on theCUBE. One consistent theme is the word scale. Cloud brings scale to the table, data scaling, so data at scale, cloud at scale, is becoming a reality for customers, and they got to deal with it. And this also impacts the security piece of it. What are some of the things that you guys and customers are doing to kind of one, take advantage of that wave but not get buried into it? >> Absolutely, so you just want to incorporate into the management life cycle, you know you don't want to just configure then it's one and done, it's over. You want to be able to continually monitor what's happening quarter over quarter you know, making sure that you're doing some asset inventory, you're managing your log sources, you have a full team that's monitoring, keeping up with the processes and procedures, and making sure that you know, you're also partnering with a company that can can follow you you know, year over year and build that road map to actually see what you're building your program, you know. >> So here's the personal question now, so, you're on this wave, security wave. >> Melissa: Sure. >> It's pretty exciting, can be intoxicating but at the same time, it's pretty dynamic. What are you excited about these days in the industry? What's really cool that you're getting jazzed about? What's exciting you in the industry these days? >> Automation, absolutely. Automation, being able to build as many playbooks and coupling that with different types of technologies, and you know, like Splunk, right? You can ingest and you can actually, automate your tier one and maybe even a half of a tier two, right, a level two. And that to me is exciting because a lot of what we're seeing in the industry now is automating as much as possible. >> And compare that to like, five years ago in terms of-- >> Oh absolutely, you know, SOAR wasn't a big thing five years ago, right? So, you had to literally sit there and train individuals to do a certain task, their certain function. And then you had to rely on them to be consistent across the board where now, automation is just taken that to the next level. >> Yeah it's super exciting, I agree with you. I think automation, I think machine learning and AI data feeds, machine learning. >> Michelle: Right. >> Machine learning is AI, AI is business value. >> Being able to get to the data faster, right? >> Awesome, speed, productivity, creativity, scale. This is the new formula inside the security practice I'm John Furrier with theCUBE. More live coverage here for the 10th anniversary of Splunk .Conf, our seventh year covering Splunk from a start-up, to going public, to now. One of the leaders in the industry. I'm John Furrier, we'll be right back. (techno music)