 Live from the MGM Grand Hotel in Las Vegas. Extracting the signal from the noise. It's theCUBE covering Splunk.com 2015. Brought to you by Splunk. Now, here are your hosts, John Furrier and Jeff Rick. Okay, welcome back everyone. We are here live in Las Vegas for dot-conference. Splunk's conference, Splunk conference, the hashtags, Silicon Angles flagship program. We go out to the events and expect the signal to noise. I'm John Furrier with my co-host, Jeff Rick. Our next guest is Atif Garri, Senior Vice President, Per Javak Group. I got it right? Okay, welcome to theCUBE. Glad to be here. So, obviously, global security is a huge issue. We see the headlines every day. China attacking the U.S. And cold war going on, hot war, whatever you want to call it. That's just one aspect of it. There's also a lot of other security threats out there. So give us a state of the security market right now. And we all know it's hot, but we're seeing it every day. What's really going on in the trenches? I mean, is it red alert all the time? Is the battle room set up? I mean, what's going on? Yeah, we're at climax right now. I mean, we've never seen this type level of activity ever, right? It's unprecedented in time. And in the market, companies are searching for products, services, anything to get through, right? The security teams, if they have them, are overwhelmed. So as far as talent goes, I had a higher interview request that came in, a resume that someone who took a security certification course a year ago claims he has 15 years of experience because he's been online trying to learn himself security because there's such a demand for security researchers. And so, what the state of the market is, is that it's in flux right now. They need a lot of help. They need a lot of great partners, like Splunk, to help fill that gap of tools and products. What are some of the skills that are needed for being in the security business? As a developer and or as an analyst or someone who's working on the data? Yeah, so analysis, right? So analysis skills. So problem solving analysis skills are what is most important in this role. So that comes from people with technical backgrounds, quantitative backgrounds, who are able to look at series of data and make decisions. That's probably the biggest skill set that we look for when we train and hire a SOC analyst that are investigating cases. So talk about what Splunk's doing there because last year security was big. This year, again, it's never going to go away. It's one of those things that's a 10 year run at minimum. Is there a light at the end of the tunnel? And as someone who's out there working with companies, how do you see in your mind's eye 10 years out? I mean, do you see a new architecture? I mean, what are some of the theories that are working and what's the end game? How do you guys see the light in the tunnel? It's going to be just continual brute force. Is there new architectures, there's new approaches? What's the vision? Yeah, yeah. So what we're seeing is the use, the proper use of big data platforms, right? So in the past, we have all this information about the attacks that are coming in from all parts of the network, all parts of the environment. No, not just technical, but also phone calls coming in, you know, social engineering happening. And there's really no way to think through the data that's coming in. And so companies like Splunk that are doing have a big data platform are able to analyze the questions. And a great way to put it is in the past, we didn't have the answers. Now we have all the answers in data form. We didn't know what the questions are, right? And so what these platforms are doing and will do in the future is to provide a base to navigate through all the different anomalies that are happening today. So you think in kind of this arms race, it's always going back and forth with security as both teams kind of ratchet it up. We're at a point now because of kind of the current state of the big data analysis tools that the good guys are, you know, kind of took a big leg up. Unfortunately, we're losing. The good guys are losing. The good guys are definitely losing. The best way to describe it, I heard it this morning was that most companies are like a little kid on a bike with a squirt gun ready to squirt their machine and they're penetrated. Like an organization is penetrated. There's not defense. There's not adequate defense available. I mean, yes, financial services, critical systems, they're putting heavy investment, they have some level of patrol, but you look at the mass market, right? The maturity of security programs is not where it needs to be. And so it's only going to, it's right now we're behind the arms race and the arms race will always be there. Right, but it just, what's amazing though is that you continue to get opportunities to open up new potential holes as more and more apps are pushed down to these phones, more and more payment systems that you don't even have to do anything, right? It just senses where you are. So is it just because that innovation also has to go so fast that the security is always going to be lagging or will the security ever catch up, do you think? The insight there is that when you look at security problems, really bad code. At the end of the day, it's bad code or it could be potentially bad hardware, but from the mass scale, it's bad code. So as engineers and software writers, developers, write better code, right? And having security controls embedded in the code and not after the fact, which is typically what happens. That's when the world will change, right? Because at the end of the day, it's bad code that leads to vulnerability, it leads to an exposure for software and for services. So talk a little bit about the changing world with ransomware. I went to your website before you came on doing some homework and right out the gate, big bold letters, ransomware. How has that kind of market changed in terms of the security world and that particular threat? It seems to really have been gaining traction in recent times. Yeah, I tell you what, so ransomware's scary, right? So in the past, you know, of a security, I'm in the security world, my friends and family would come to me and say, hey, you know, should I be concerned about my, someone breaking into my home PC or my home computer? And I would tell them, you know, what do you got? You got pictures, you got, you know, you got maybe some videos, but you don't have any financial records there. You're doing that all online. But now, with ransomware, you're in trouble, potentially, right? Because now, they could lock up, use a crypto locker and lock up all your pictures. You can't see them anymore. Lock up all your access to your computer. You can't use it anymore, unless you pay $5,000 to some random email address using Bitcoin, big currency, right? So it's scary and it's happening. It's pervasive. I mean, not just with consumers, but also with organization-wide, right? We see that regularly with our security operation centers. And you talk about the big companies, right? Have some resources, but the mass market, it doesn't. How do you see that evolving over time? Because again, a lot of people here, a lot of smart people, a lot of big dollars being invested in security at banks, financial institutions, but like you say, middle America, how will that expertise, how will those services, how will that get distributed to a broader footprint? As you say, the bad guys are getting better and they're still riding around on their tricycles. That's right. That's right. And I judge the security market by the middle, right? And the middle is definitely not mature as it needs to be. How will that change really has come down to, I would say, it's a bit morbid to say this, but we're coming to a point where security vulnerability is going to lead to debt. Whether it's a car that crashes or whether it's a nuclear facility or a utility that is compromised. And then companies will start to see security as safety, right? And it's a safety concern, not a security, but a safety concern. And then the funding, the regulations, the certifications, all of that rigor will be added, which would require investment. And then the middle of the market will move out. So what you're talking about Splunk's approach here, share what you're learning here, what are they doing for security, obviously ingesting data, great way to start. But what are some of the practical things you're seeing coming out of the talks and in the hallway conversations and just in general best practices from the folks doing some security stuff with the Splunk? Yeah, Splunk is very well positioned in that they're offering a platform, right? So it's not just a product or a service, it's a platform of knowledge really to build on. And so what they're doing is really interesting is around user behavior analysis. So that's the new wave of security. It's not just looking at, hey, this machine, this IP address or this technical gadget is goofing up or doing something wrong. But no, it's a user, it's a person, it's Joe from Accountant that did this, right? And so tracking user behavior analysis and being able to track security vulnerabilities and exposures based on that analysis is something you that we're talking about here and I've seen many presentations that talks about. The other side of it is the alert framework and looking at the types of threats that are coming in from an anomaly detection standpoint versus looking at particular signatures in the past of what bad guys do bad. We're getting away from that and using Splunk platform, you could get into more of the anomaly detection of the behavior that has gone wrong over the period of time. So I was on a crowd chat this morning and we were talking with some IBM folks around big data and identities coming up, right? So the notion of identity, big topic, so two threads that kind of came out of the expert chat we had was identity and data silos. So the notion of open data is being kicked around. So you know, I mean, with IoT, you're sharing economy, all these things are trends, right? So okay, I'm sharing more data, but yet data silos exist because people want to hoard the data for competitive advantage. So that's a big issue. So how do you get access to the data as one and then identity across multiple platforms? How do you view that? What's your take on that? Is do you see any solutions out there? Is there any approaches? Is that legit? What's your comment on those two topics? Okay, great, great question. And you know, it's a simple answer though. In that with security, it's all about layers, right? And it's layers of security and then having, protecting your weakest link. So you may have a tower of knowledge in a platform or towers of knowledge in a platform, but analyzing what are your weakest links? What are your layers of controls that you can put in play? And then your weakest link. You cannot rely on one single technology or one single platform to do your security. It's going to take layers. And then it's not just technology, it's the people as well, right? The people side of it also has to be defended on. So the technology may get more complex and may get more sophisticated, but the tenets of security, the fundamentals of control, they're still the same, right? Talk about the partnerships that Splunk has and what other companies play well with Splunk with security. Can you give some examples of, could be startups, could be big companies? What are, who kind of, who's around the hoop, if you will, use the basketball analogy around Splunk? Because at the end of the day, it's all about finding that pattern. But what other technologies or complementary Splunk companies? Yeah, great, great point. So the one that comes to mind first, especially with our work at Hergivik Group is Palo Alto Networks, right? So Palo Alto provides firewalling and network type of typology to help with security, your security footprint. And Palo Alto's doing amazing things with in combination with Splunk, to use that big data platform to be able to do anomaly detection and event analysis. Another company comes to mind is Cisco, right? Cisco's doing amazing things with Splunk from a network standpoint, overall infrastructure standpoint, with their approach to virtualization, et cetera, as well. So, I mean what Splunk provides is really the plumbing, the platform to do investigation, to do triage. You know, to one of the earlier questions as to how do we do about all these attacks that are happening? How do we catch up to the bad guys? Well, first of all, we got to get to the root cause faster and that's what platforms like Splunk do. And to your point about the layers, in every layer there's potential opportunities with other companies. Yeah, and different partners play at different layers of the model, whether it's network, application, user side, et cetera. I do thank you so much for coming on theCUBE, sharing your insight, really appreciate it. Betta got a hard stop here, but really appreciate you taking the time sharing the insights and sharing the data here. We're not going to hold you ransom anymore. We're going to move on. Thanks for that great comment on ransomware. Great stuff. This is theCUBE bringing you the data here at .conf. We'll be right back with more for this short break.