 Live from Las Vegas, it's theCUBE. Covering Splunk.conf 19, brought to you by Splunk. Welcome to theCUBE, everybody. We're here in Las Vegas for Splunks.conf. I'm John Furrier, host of theCUBE. Here with Lisa Martin for the next three days. Lisa will be here tomorrow and the next day. I'm going to be carrying it solo. It's our seventh year, dot com, Splunk's conference. Celebrating their 10th year. Our first guest is Melissa C. Coppola. Vice President of Management, she was a HRSEC group. Robert's been on before. Welcome to theCUBE. Thank you. Get that HRSEC group. HRSEC group. HRSEC group. Shark Tank. Happy to be here. Well-known for the Shark Tank, but what's really interesting about Robert and your company is that we've had multiple conversations and the Shark Tank is what he's known for in the celebrity world. Yes. But he's a nerd, he's a geek. He's one of us. He's absolutely a cybersecurity expert in the field, yes. So tell us what's going on this year at dot com. Obviously, security continues to be the focus. You guys have a booth here. What's the message you guys are sharing? What's the story from your standpoint? Yeah, so we do. Herjavec, we're focusing on managed security services. We're information securities, all we do. Focusing on 24 seven threat detection, security operations, and also threat management. So we want to be able to demo a lot of our capabilities. We're powered by Splunk or HG Analytics platform. Heavily uses Splunk on the back end. So we want to be able to showcase for our customers, our clients, our prospects, different types of use cases, different types of ways to detect malicious activity while leveraging the tool itself. And data as we've been covering since 2013, splunks.com, it's always been a data problem. But the data problem gets bigger and bigger. There's more volume than ever before, which shifts the terms to the adversaries because ransomware is at an all-time high. Data is where the value is, but that's also where the attack vectors are coming from. This isn't going away. Absolutely. Yeah, we want to focus on not just what type of data you're ingesting into your instance, but to also understand what types of log sources you're feeding into your SIM today. So we have experts to actually focus on evaluating the type of log sources we're bringing in. Everything from IPS to AV to firewall solutions into the SIM. So that way we can build use cases around those to be able to detect different types of activity. We leverage different types of methodologies. One of them is Mitre Framework, CIS Top 20, and being able to couple those two together is able to give you a better detection mechanism in place. I want to ask you some kind of clarification questions because we've talked to a lot of CISOs and CIOs and depending who CXOs in general, the roles are changing. But the acronyms of the providers out in the marketplace are specializing, some have unique focus, some have breadth, some have depth. You guys are an MSSPP. So MSSPP. Not to be confused with an MSP or ISV. This is a different acronym. What is the difference between an MSSPP which is an MSSP? Correct, so we are a MSSP which is a managed security service provider. And what we do is just we're focused on, we're very security centric. So information, security is all we do. Everything from threat detection, we even have a consulting advisory role where we're actually doing penetration exams. We're a PCI compliant. Obviously SOC operations are a butter of our service. Whereas other MSPs manage services, right providers, they can do anything from architecture, network operations in that purview. So we're focused on more of SIM solutions, endpoint, being able to manage any of your security technologies and also monitor them to take effect into the SOC. So you guys are very focused? Very focused, non-security, yeah. And what's the key decision point for a customer to go with you guys? And what's the supplier relationship to the buyer? Because they're buying everything these days. But they want to try to get it narrowed down so the right people are in the right place. Yeah, so one of the great things about HRGRA Group is we're vendor agnostic. We have tons of experts in expiry sources that monitor, manage different types of technologies. Whether it's Splunk and other technologies out there, we have a team of people that are very, very, you know, centric to actually monitor and manage them. How big is Splunk in relative with your services? How involved are they with the scope? Over 60% of our managed clients today utilize Splunk. They're heavy Splunk users. They also utilize Splunk ES, Splunk Core. And from a management side, they're implementing them into their service. All of the CISOs and CROs or CIOs are leveraging and using it not just for monitoring and security, but they're also using it in the development environments as well as their network operations. So one of the things I've been, I won't say preaching because I do tend to preach a lot, but I've been saying and amplifying is that there's been tools that have come along in the business and these platforms. And Splunk has always kind of been a platform provider, but also a good tool for folks. But they've been enabling value. You guys have built an app on Splunk, a proprietary solution. Could you tell me about that? Because this is really where value starts to shift, where domain expertise focused practices and services like you guys are building on someone else's platform with data. Talk about your proprietary app. Absolutely, so we discovered a few years ago was that customers needed help getting to the data faster. So we were able to build in, built in queries, literally one click. So if you wanted to get to a statistical side of how many data sources are logging your SIM, is the data modeling complete? Is there anything missing in the environment or the gaps that we need to fill? You're able to do it by just clicking on a couple of different buttons within the tool itself. It gives you a holistic view of not just the alerts that are firing your environment, but all the data log sources that are coming into your SIM instance. It's a one stop shop. And also what's great about it is that it also powers Splunk ES. So Splunk ES also has similar tools and that tool is so great, you can go in, you can look at all the alerts, you can do an audit trail, you can actually do drill down analysis, you can actually see the type of data like PCAP analysis to get to the type of activity you want to get to on a granular level. So both tools do it really well. So you have hooks into ES, Splunk ES? Yes, we can actually see, depending on the instance that it's deployed on, because our app is deployed on top of Splunk for every customer's instance. They're able to leverage and correlate the two together. What are some of the trends in the marketplace that you're seeing with your customers? Obviously, again, volumes are increasing, the surface area of the tax is coming in. It's more than log files now. Yeah, traces, you've got other metrics, other things to measure. It's almost too many alerts. Yeah, there's a lot of KPIs. The most important thing that any company, any entity wants to measure is the MTTD, the mean time to detection, and also mean time to resolve, right? You want to be able to ensure that your teams have everything at their fingertips to get to the answer fast. And even if there's an attack or some type of breach in their environment, to at least detect it and understand where it is so they can quarantine it from spreading. What's the biggest surprise that you've seen in the past two years? And because I look back at our interviews with you guys in 2013, not 2015, I mean, the narrative really hasn't changed global security. I mean, all the core top-line stories are there, but it just seems to be bigger. What's the big surprise for you in terms of the marketplace? Big surprise for me is that companies are now focusing more on cyber hygiene, really ensuring that their infrastructure is up to par, right? Because you can apply the best tools in-house, but if you're not cleaning up your backyard, it's going to get tough. So now we have a lot of entities really focusing and using tools like Splunk to actually analyze what's happening in their environment to clean up everything that needs to, clean up their back-of-house, I would say, and to put those tools in place so they could be effective. You know, that's a classic story. You have to clean up your own house before you can go clean up others, right? And what a trend we've been seeing in the marketplace on theCUBE and talking to a lot of practitioners is, and channel partners and suppliers is that they tend to serve their customers, but they don't clean up their own house and data's moving around. So now with the diversity of data, they've got the fabric search, they've got all kinds of new tools within Splunk's portfolio. It's a challenge and it could be lack of resources and just means that we have, they don't have the right expertise in house. So they use managed security providers to help them get there. For example, if we identify the network being flat, we can identify how to help them, how to be able to kind of look at the actual security landscape and what we need to do to have good visibility in their environment from places they didn't know existed. What's the one or two things that you see customers that need to do that they aren't doing yet? You mentioned hygiene is a trend. What are some other things that need to be addressed that are almost, well, it could be critical path, but super important and valuable? I think now a lot of, actually to be quite honest, a lot of our clients today, or anyone who's building security programs are getting very mature. They're adopting methodologies like Mitre Framework, CIS Top 20, and they're actually deploying and they're actually using specific use cases to identify the attacks happening in their environment. Not just from a security-centric standpoint, but also from an operations side. You can identify misconfigurations in your environment. You can identify things that are, just cleaning up the environment as well. So Splunk has this thing called SOAR, Security Automation. Orchestration Automation, Recovery, Resilience, whatever I think R stands for that. How does that fit into your market and your app and what you guys are doing? So it definitely fits into basically being able to automate the redundant mundane types of tasks that anyone can do, right? So if you think about it, if you have a security operations center with five or 10 analysts, it might take one analyst to do a task and they take them two or three hours where you can leverage a tool like Phantom, any type of SOAR platform to actually create a playbook to do that task within 30 seconds. So not only are you minimizing the amount of headcount to do that, you're also using your consistent tool to make that function more, I want to say enhanced. So you can build playbooks around it, you can basically use that on a daily basis, whether it's for security monitoring or network operations, reporting, all that becomes very streamlined. And the impact to the organization is those mundane tasks can be demotivating or there's a lot more problems to solve. So for productivity, creativity, can you give some examples of where you've seen that shift into the personnel HR side of human resource side of it? Yeah, absolutely. So you want to be able to have something consistent in your environment, right? So you don't want others to kind of get border, when you're looking at a platform day in and day out and you're doing the same task every day, you might miss something. Whereas if you build an automation tool that takes care of the low hanging fruit so to speak, you're able to use that human component to put your muscles somewhere else, to find some, the human element to actually look for any types of malicious anomalies in the environment. How much has teamwork become a big part of how successful companies manage the security threat landscape? Very, very important. I mean, you're talking about leveraging different teams on the engineering side, on the operation side, even, you know, coupling that with business stakeholders. You absolutely need to get the business involved so they have an understanding of what's critical to their environment, what's critical to their business and making sure that we're taking security obviously seriously, which a lot of companies know already, but not impeding on the operations. So doing it safely without having to minimize impact. I got to ask you this question around kind of doing the cutting edge, but not getting let out, bleeding edge and bleeding out and failing. Companies are trying to balance, you know, being cutting edge and balancing hardcore security. Signal FX is a company that's splunked while we've been following them from the beginning. Strong tracing, great in that cloud native environment. So cloud native and with microservices is super hot in areas people see with Kubernetes and so on happening. Kind of cutting edge though. But you don't want to be bleeding edge there's some risks there too. So how do you guys advise your clients to think about cloud native with Splunk and some of the things that there's some there there, but as the expression goes, there's a pony in there somewhere, but it's risky still, but certainly has got a lot of promise. Yeah, it's all about, you know, everyone's different. Every environment's different. It's really about explaining those options to them, what they have available, whether they go in the cloud, whether they stay on-prem, explaining them from a cost perspective, how they can implement that solution and what the risks are involved and how long that will take for them to implement it in their environment. You see a lot of clients kicking the tires on cloud native. A lot of customers are migrating to cloud. One, because they don't have to keep it in a data warehouse. They don't have to have somebody manage it. They don't have to worry about hardware, licenses, renewals, all that. So it's really easy to spin up a cloud instance where they can just keep a copy of it somewhere and then configure it and manage it and monitor it. Well, that's a great insight and love to have you on theCUBE. I got to ask you one final question on a personal note. Personal being and you're in the industry. I hear a lot of patterns out there. I hear a lot of conversations on theCUBE. One consistent theme is the word scale. Cloud brings scale to the table, data scaling. So data at scale, cloud at scale is becoming a reality for customers and they got to deal with it. And this also impacts the security piece of it. What are some of the things that you guys and customers are doing to kind of want, take advantage of that wave, but not get buried into it? Absolutely, so you just want to incorporate into the management life cycle. You don't want to just configure and then it's one and done, it's over. You want to be able to continually monitor what's happening quarter over quarter, making sure that you're doing some acid inventory, you're managing your log sources, you have a full team that's monitoring, keeping up with the process and procedures and making sure that you're also partnering with a company that can follow you year over year and build that roadmap to actually see what you're building your program. Here's the personal question now. So you're on this wave, security wave, it's pretty exciting, can be intoxicating, but at the same time it's pretty dynamic. What are you excited about these days in the industry? What's really cool that you're getting jazzed about? What's exciting you in the industry these days? Automation, absolutely. Automation being able to build as many playbooks and coupling that with different types of technologies and like Splunk, right? You can ingest and you can actually automate your tier one and maybe even a half of a tier two, right? Level two. And that to me is exciting because a lot of what we're seeing in the industry now is just automating as much as possible. And compare that to like five years ago, in terms of? Oh absolutely, you know, SOAR wasn't a big thing five years ago, right? So you had to literally sit there and train individuals to do a certain task, a certain function. And then you had to rely on them to be consistent across the board where now automation is just taking that to the next level. Yeah, it's super exciting, I agree with you. I think automation, I think machine learning and AI, data feeds machine learning. Machine learning is AI, AI is business value. Being able to get to the data faster, right? Yeah, awesome. Speed, productivity, creativity, scale. This is the new formula inside the security practice. I'm John Furrier with theCUBE. More live coverage here for the 10th anniversary of Splunk.com, our seventh year covering Splunk from a startup to going public to now one of the leaders in the industry. I'm John Furrier, we'll be right back.