 Live from the Walt Disney World Swan and Dolphin Resort in Orlando, Florida. It's theCUBE. Covering Splunk.com 2016. Brought to you by Splunk. Now, here are your hosts. John Furrier and John Walsh. Okay, welcome back everyone. We are here live in Orlando for dot.com, which is Splunk's seventh annual user conference. This is SiliconANGLE Media's theCUBE. This is our flagship program. We go out to the events and extract the signal from the noise. I'm John Furrier with my co-host, John Walsh. This week, one year on day one, a lot of stuff going on. Big keynote tomorrow about adaptive response, big security announcements between Splunk. What a better time to have this next thing. And John, I couldn't have said it better myself. We've got a high in song with this, who is the SVP of security markets at Splunk. Also, Monzy Mercer, who's the head of cyber research. So thank you both for coming in. Appreciate the time here. Without, I know you can't let all the covers, you know, but give us an idea a little bit about, conceptually, what the adaptive response initiative has been about, how it's evolved, and maybe a little bit about where you think it might be going. Sure, we're going to try to get the announcement out. I know, go ahead. Be happy to. Adaptive response is an initiative that we announced at RSA this year. And it's really the first Splunk-led industry initiative. And the key tenets of that is around sharing, coordinating, automating. And so in a way that we want to harness the power of our ecosystem and harness the power of all the security technology working together. As we all know, we cannot fight the war or each of our own items. So. Oh, we're about to have a major announcement. This is part of the adaptive response concept. Daft when things change. Yeah, we're about in live in the moment. But that's where the action is. So let's get into the security thing, because again, we've been having conversations on theCUBE, I think we'll be over 100 events this year. It is the number one conversation on everyone's mind. It's not even as well, there's no second place you can't even see what's second place in terms of conversation. But now it's a boardroom conversation. It's not just an IT or operational conversation. It's a real business driver. And it's causing changes in the data management. So this adaptive initiative is interesting to me because it's kind of enabling a new paradigm in the industry. And I love it because it's so organically growing. Data sharing now is now one of the fastest growing trends we're seeing in terms of something that's coming out of the woodwork relative to Splunk. And in general, in use of data in real time, whether it's for autonomous vehicles or security, data sharing has contextual value for a lot of other environments. And this contextual aspect is a security paradigm. What is that conversation that you guys see with your customers? Why is all this coming together? And what are the CXOs and CIOs talking about? So adaptive response also came from customers wanting a security ecosystem to work together. Want a security solution that come integrated so they don't have to go and do all the hard work of putting them together and risk that they don't work well together. From a board level perspective, we totally see that, right? The CSOs, the CISOs, whatever name that they have. The CIOs. But it's all end up to how can you translate the security incidents and the possibilities of having those incidents to how it's going to impact my business, the reputation, the revenue, the customers. And that's why from our product perspective, along the way, with a risk-based approach, Mazie will talk more about that tomorrow as well. How do we blend in the business risk in a way that is right in front of the analyst's eyes? So when they take action, they're guided by the priority of how it's going to impact the business. It's a really interesting conversation because there's two theaters that are exploding in relevance. One is the Technology Theater, which is all about big data and spelunking. You guys, this is every day we cover the event. It's like all the goodness every year happens. Customers are happy. People smile. So much value is being created. But the business theater's also on fire. People's business model's around risk. So I want to get your guys' thoughts perspective on how you see the sharing. Is it growing fast? Can you share some examples? And how that's forcing companies to make a trade-off between old compliance, other risk management conversations that are so small in comparison to the consequences of a hack, a breach, fraud. Because that's a takedown move that hackers are going to do with customers. I mean, people, again, if you get the psychology of no one ever hiring the executives ever again, there's real business loss. The root of this is really when you look at the digital transformation that's been going on over the last couple of years now. It's a reality. People are running a lot of services, leveraging services on-prem and in the cloud. You look at how we consume things, whether it's ride sharing, whether it's getting a hotel room or whether it's buying something or getting a prescription medications. All of these things are becoming more and more central to how we live our daily lives, what that's causing. And I think that's the reason why it's becoming a boardroom conversation. This data now is becoming a strategic advantage in the business of trying to realize that. So as people start to share that, we're now getting beyond this notion of, we should talk about data governance before. It's now organizations are starting to have CDOs, for example, the chief data officer whose job is not necessarily to conceal and hide this information, but how to govern and share this information across multiple organizations. So now what's happening as a result of that is you have the same set of data and you have the security analyst looking at the data from their lens. You have the application developers and the administrators looking at it from another end and you have the IT operations folks looking at the same exact set of data to identify root cause analysis, to do better troubleshooting, to think and enable and move the business forward. So I think that's where all of this sharing and all of this intersection is coming from and now it becomes, to your point, a board level conversation because all of these different silos that used to be silos in the past are now all part of this one piece. And cloud accelerates that because the data sharing and the organic who are in the know see value and they just make it happen, the pioneers, if you will, the guys who take down the pioneer pull out of the fields for everyone else. But here's the issue, right? The data warehousing market was a fenced organization and the compliance built around that and freeing the data is causing value. So we're seeing this notion of data value come directly related to sharing of data. If you free the data and let it be flowing, but you don't manage it still some degree, but don't lock it down. So the question is, how, or the question is, have you had conversations with customers around data value as an asset? Because now you're getting into the conversation of this data set that we're extrapping out of Splunk easily is going to impact the bottom line from a cost perspective, possibly efficiency, et cetera. And also revenue top line for thwarting attacks and driving business. So you got two ends of the spectrum covered. Do you put it on the balance sheet? I mean, because the guys who are doing the work want more budget, right? They want to, they want to fund more developers. They want to fund more data scientists. How are people doing this in the business out there right now? Maybe I'll take a stab at this. So when I was hearing you talk about freeing the data, I love that concept, right? For us, it's the more you can put this in front of your users or users are super creative and insightful. And it's the more you can make it available for them to really look at this and gain valuable insights, the more they can think about how they can use that. So one of our themes is security should become an enabler for the business. And when you go to the board, when you go ask for investment, it's not about, well, you know, this is going to be bad if you don't invest. It's more about if I have this data, I have this visibility, I can enable others to do better. I can provide this service and this service would render revenue for the company. So I love the concept of free the data and let the data go and speak. And we have something called listen to the data. And I think if we free the data for other people to listen, that's great. Well, the Splunk audience and your customers are very much pioneers. They're also very smart and great community. And the threat detection teases us out. So as you get these new use cases, because what's happening is you guys are a new way to do things. So people have, and I think we're hitting a threshold here where they're rethinking how they do things, a little experimentation, but scales getting up. So now the challenge is how do I operationalize it? So the question for you guys is as you talk about freeing the data up, which is a architectural paradigm, okay? Make things open, Splunk is plugged into that. How do you operationalize it? How do you scale through the organization? And how does Splunk enable that specifically? I want to address that by way of the prior comment that Hian was making and how the freedom of the data and operationalizing I think goes to a very tightly intertwined. I was having a conversation with a customer who was probably about three weeks ago or so they brought a fairly large team to our offices on Renistry in San Francisco. And this customer is a very large industrial manufacturer. I think they're really, really big things. And they said, you know, we know that we can manufacture certain things that nobody else can manufacture. They don't have the resources, they can't get the raw material. But what concerns us is not our number one or number two competitor, but there's two people in the garage who have data analytics capability that can take the data from the things that we create and are able to find a real tangible value from the things that we create and that value from the data supersedes the value that we have from the actual physical thing. And so that's, so to your point about sharing is, Martin, it's not just about, it's not just about geeks in a workshop thinking when worrying about this data sharing. Data sharing is a direct initiative for these very large organizations we're concerned about. So then we translate that to say, okay, from a threat perspective then, what is it that we care about and what is it that organizations need to be concerned with? So they're no longer just concerned with who has access to the thing, who can walk into a door and who can turn something on or turn something off. Now they're more concerned with who can mix data together from disparate data sources. And from an operational perspective, Splunk is at the forefront of enabling our customers to operationalize this mingling and this contextualization of data. So two people can sit across the table and come from very different disciplines. Doug talked about this morning about our customers at Harvard University doing informatics on genetics. And so how do you take that and bring those two pieces together? So I think that's the key of operationalizing and that's what Eric and guys had it right. The free download model, anybody can do it and it's operationalized. I think you're right on the money. I think the old expression in the HR business was oh, you're human resources and your talent assets walk out the door every day, meaning the people. In this case, the data's flying out of the company every day and if they're not harnessing the data, they lose it. So that example's a great one because here you have, they're focused on the asset of the balance sheet, their core business. When in reality, what he's saying is the data is still part of the core business. I don't want to lose it. It's okay, now that brings up the data value question. Do we put data on the balance sheet? That's something that we're working on with Wikibon, but no one knows what that, how do you do that? How do you say this data's worth X? It's hard. Well, I don't know I can put a dollar amount but I can use an analogy. Through the different sort of revolutions the industry is going through and currently it's energy, it's oil but it's moving towards, I think data is going to be the new fuel for the economy. Let's talk about security. I want to take that to the next level. So I've been observing Splunk now for multiple years doing the CUBE and interview all the top executives, customers. And besides the community is so happy with Splunk Solutions, I'm seeing an emerging fabric developing around a social network because people are sharing not only the data, you're seeing personnel and this comes back to the initiative and some of the ecosystem moves, you guys made some investments and other things. The ecosystem's starting to self-form around some of these challenges, especially security. They're overmaned, over-checked out by the orchestrated hacks and attackers. It's becoming a social network for security people. And the second thing observations, you guys are compositely building solutions with the tooling but yet not restricting the customer's creativity to your point earlier. Was that part of the plan and is that going to be part of the plan going forward? Did I get that right? Am I seeing that? I mean, it's a little weird observation, social network but it's kind of happening is that? It's yes and yes. It's kind of by accident on purpose kind of thing? I think in a way that that's our DNA, right? You talked about it's in our genes. In our genes, the founder started with is we want to really make it available, make it accessible, valuable to our customers. And we're just carrying that and the customers are carrying us in a way of teaching us how valuable data can be. I think it's a, what's the right word to use? It's we help each other escalate or the value up. So do you see that kind of like standing on the shoulders of each other's customers kind of thing, open source kind of concept where solutions are going to come into this portfolio of security from the outside and inside? Is that how you guys? What I would say is we historically and speaking as an ex Splunk customer and is that Splunk has always been focused we just don't listen to our data, we do that, we do that really well, we listen to our data, we listen to our customers and customers are the ones who discovered these new use cases and they're the ones who come and push us forward to say, do more, do it like this, give me more capability here. And as you've been around Conf, you've seen.conf grow over the years and that in itself is really a demonstration of customer trust and customer commitment where more and more customers come every single year and say, you know, you're doing this really well, give me more of this. That thing I'm not quite sure. And so we, and we- They're building on top of it. They're not like context switching. They're building and we are continually focused on making sure that they're successful with the things that they want to do. And so we keep feeding that as the customers take chances and they explore more. So I mean, Hayan mentioned this earlier that, you know, all of these things are part of an ecosystem and security in particular is really an ecosystem problem and an ecosystem solution. And so we learn from our customers. We learn from our partners and we just keep building and moving forward together. So if I'm a customer, pretend I'm a customer for a minute. I'm just like, hey, you know, I have a big problem. And I want to solve it by sharing certain parts of my data. My data geeks mapped out what we could share. What's the little risk there? But it's worth sharing. How do I do it? Do I connect with other Splunk hubs? I mean, is Splunk becoming the exchange point? Do I start a threat connect? What do I do? What's the playbook? So one of our customers, they picked Splunk Cloud as the solution. One of the reasons they picked Splunk Cloud is they said, well, then you would just enable us. If we want to share the data, you can just open it up and we don't have to go through any extra steps. So that's certainly one revenue for us to do that. And cause once you put everything in the cloud, you can decide what access you grant to whom and to what level you want to share. It's easy to share. So we have customers who really just went to the cloud with that in mind to say they allow researchers to go and look at it. Is it easier for Splunk customers to share with other Splunk customers versus non-Splunk customers? Probably. I like to use the example of our large financial customer. There's actually a video of that on splunk.com where because the data is so valuable and you alluded to that earlier, there is less of a desire to share it outside of the business than it is to say I'm a large financial services organization. I have hundreds of thousand employees, perhaps thousands of data scientists and developers. So what this financial services customer did was they had a week long hackathon. They opened the different data silos within their own organization, brought that data into Splunk, brought people from different organizations and different teams and really let them hack at it. And they went from analyzing the data to developing applications on top of Splunk to actually deploying three of those applications that were developed. We're talking a week's window for a financial services organization. QA alone would be three months on any app under the normal process. So when we talk about democratizing it, getting eyes on it, operationalizing it so it's actually useful and then extracting real business value, I mean we go back to the question that we started with. Why is this a boardroom conversation? Why is Splunk and more boardrooms? That's the reason. Because you can go from getting the visibility to actually making use of it to get business value in a very, very small window of time. Okay, final question. Well, two parts. First, what are we going to hear tomorrow theme-wise in the announcements? I know that's kind of under wraps for the keynote. Tomorrow is a big announcement. And then your thoughts on just in general, what's going to happen in the industry to accelerate the defense and security? A lot of people were saying, it's still far behind, a lot more. It's like, we got more work to do, pedal faster. So how do you go faster? And what are some of the highlights we're going to hear tomorrow? I'll take the first part. You answer the second. So tomorrow's keynote is themed around transforming security. So transforming security is around what can we do together as an industry? Like Monzy was saying, solving security problem is an ecosystem problem. It's not a wet man sort of fighting on their own island type of situation. So we'll talk about in general, not only how security in the cyberspace is transforming itself and how overall in a bigger picture, right? Defense in general, at a national level, how that's transforming. And of course, what are some of the product capabilities and new solutions that's supporting that transformation? So love to have you guys come. We'll be streaming live on SiliconANGLE.tv on the YouTube. So transformation message, that a new way has to be built. And a new way to defend, I'm guessing team sport kind of concept, but we'll see. And so just how do we go faster? How do we level up, if you will, in the security world against the bad guys? So I would, just as a technologist, I would like to say that the things that we are looking at, you're going to hear someone about some of these things tomorrow is we're really going back to the drawing board with the research work that we're doing. And we're saying, it's not about peddling faster. What if you didn't have to pedal at all? What is the real problem and how do we address it? I think a lot of the reasons why we've done things, and by we, I just mean as a technology ecosystem in the industry, reasons why we've done things the way we've done them is because we were constrained, not necessarily by imagination, but by the capability that existed in the Lego block, so to speak. And so we build things the way we built them. I think we are no longer constrained by those or we can at least, or at a point, we can give ourselves the permission to think beyond what was capable before. And so those are some of the things that we're going to talk about tomorrow as well. It's like- Especially rethinking, it has to be rethought through. It has to be rethought, and it has to do high ends, but it has to be rethought together. One person's rethought is not going to get it done. Guys, thanks so much for sharing the security. Longer conversations, we can do a whole day on this one topic. Cyber is super important and obviously changing a new way, being operationalized in real time, hopefully faster and automatically. It's theCUBE broadcasting live here in Orlando. Day one coverage, we'll be right back with more coverage after this short break.