 from the MGM Grand Hotel in Las Vegas, extracting the signal from the noise. It's theCUBE, covering splunk.com, 2015. Brought to you by Splunk. Now, here are your hosts, John Furrier and George Gilbert. Okay, welcome back everyone. We are live here in Las Vegas at the MGM Grand. This is Silicon Angles theCUBE, our flagship program. We go out to the events and extract the signal from the noise. I'm John Furrier, the founder of Silicon Angles. I'm John McCos, George Gilbert, big data analyst at our Wikibon research team. We're excited to come out to these events, want to talk to top executives of Splunk, but also talk to people who are practitioners in the field running businesses. And it's exciting to talk here with customers our next guest, Andrew Lin, SVP chief information security officer at Orstown Bank. Welcome to theCUBE. Great to see you. Thank you very much, I'm glad to be here. Thanks for spending the time because we'd love to get into the trenches because at the end of the day, the vendors will tell us one story and the reality is, how does those products render themselves in the marketplace? Splunk certainly has a great success. We're not super critical of Splunk, although we have some tidbits we kind of go after here and there. Understood. For the most part, you're a customer. So security at a bank, talk about the size of your bank and some of the challenges because what's happening is you see consolidation happening and how do you grow into the business? So that could be good or bad for the economy, but in general, we want to see more banks out there doing more business. So talk about the size of your bank, growth strategy, et cetera. So a little history on me first. I actually was with JPMorgan Chase for 15 years until about two years ago and made the switch to a much smaller community bank where the challenges are the same but the budgets are much smaller. So you certainly have to be creative. I think you'll find that if you talk to other community banks that there are a handful of providers that provide most of the core services for community banks. They run the core, they run their mobile banking apps, their online banking apps and they provide the first level cyber security support. So we outsource our SOC and all of the front line security monitoring and analytics to another company. The problem and challenge is that they're servicing thousands of community banks. You get a watered down one size fits all service and we couldn't look ourselves in the eye in the mirror and say, we were doing everything we could to detect and respond to cyber security events nor could we look our regulators in the eye and say the same thing which is why we wanted to explore products like Splunk where we thought we could add on additional layers of sophistication. It's like the movie in Jaws. I need a bigger boat. The sharks are getting bigger and bigger. That's exactly right. We need a bigger boat. You need a bigger boat. So you got to have one from a customer standpoint. You got to have a great product and you want to have syndication. You have all kinds of relationships in this. So fraud detection is one but then you got compliance. Sure. How do you balance that as a chief security officer? You got to one maintain the bad guys stay out and then obviously relationships are key. Yep. It's not easy. So how do you stand that up very quickly? Is it relations with Splunk? How do you manage all those third party relationships? But it's, take us through the day and the life of that. Yeah. So a couple of thoughts there. The Splunk was, as I said, kind of an add on to a security service that we already had. It gives us the ability to monitor beyond what the sock can monitor. And in many ways, actually learn our customer's behavior beyond just the security metrics so we can understand the way our users transact their business when they deposit, how often they deposit, what they deposit, when they withdraw from ATMs, how often they withdraw from ATMs, how much money we need to keep in the ATMs. So it certainly provides us the intelligence to build stronger relationships with our customers. Since we are also a small community bank, we have a lot of vendors. We don't want to be in the business. We're not good at writing a data center. We'd rather not run a data center. We'd rather do what we're good at, which is running a bank. So we love products like Splunk Cloud that allow us to move that stuff out of the data center. But it becomes then a big question of vendor management. Because we are entrusting a lot of data and processes to vendors. So we have to have a fairly sophisticated vendor management program that just makes sure that the, this is from the compliance angle that the vendors are financially robust and that they have controls that we would expect them to have if we were doing the service ourselves. Was Splunk serving as like a one layer across all these security services so that you could sort of have almost like horizontal visibility and then that was your customization layer to get views that you couldn't get from anyone? Yeah, well I think we originally brought Splunk in to answer that question of can we look ourselves in the eye and say we've got enough information to respond to a breach? And the time the answer was no. But since we've implemented Splunk, we figured out there's a myriad of other things we can use it for. It's great for operational analytics. If all of a sudden someone can't get out to the internet, the IT staff can look up and Splunk and find out if they're being dropped at the firewall or dropped on the proxy server. We also figured that if we could get customer, business transaction information going into Splunk, we can monitor for fraud. We can monitor for ATM usage. So we're kind of expanding from what started out as security centric to more business focused use cases. Yeah, and this is really the key value. You can use the software as a service model, integrate that into your security. As you've been at the big company, JPJs, you've seen a lot of stuff, but they're getting stronger and stronger. I want to come hold that, let's bookmark that question, but I want to weave in and tie in Eric Sammer, one of our audience members asked the question. He said, how does Splunk reconcile the increase in new sources and volumes of data with their message of only collect the important stuff? And ubiquity of data is a big thing. So George and I always talk about stream processing, how do you get the events, time series versus holistic network? So the question is, how do you get, as you get more and more data coming in, how do you guys reconcile that? How does Splunk reconcile that? Do you go to other parties or they have the product? What's your comment? Yeah, well luckily enough for us, we aren't big enough to probably have that problem at the level that the person asking the question is. We've got probably dozens of sources as opposed to I'm sure he's got hundreds, maybe thousands, maybe tens of thousands of sources. So from our perspective, it's not a big problem. I imagine that when you get to the point where it is a big problem, you're going to have to solicit help. Well Chase probably has that problem and we were at George and I were at the Facebook scale event last week in Silicon Valley, we were on the top, Dev Ops got to talk about how to scale up all these large hyperscale companies. And one of the big things was the underlying technology at the big companies, server, storage, networking, really hasn't changed in 20 years. And so, but yet virtualization's out there and the streams of processing, how do you, you're going to miss stuff. So you need mathematics, you need machine learning. How is those two things changing your business? Math and machine learning. So one of the things I've learned over the years is if you spew out a big report on a screen and you ask a human to pour through tens of thousands of lines of something, it's going to be about 10 seconds before they delete it, they throw it in the trash or they just realize they can't keep up. I've always been a big proponent of pick the five, 10 things that you know you want to go after. Use cases that represent bad or suspicious behavior, very specific use cases. Focus on those 10 things. Perhaps at day one at the expense of missing the 11th or the 12th or the 13th, I'd rather be good at 10 than halfway good at 20 and really bad at 100. And you prioritize that really on the customer experience and cost. Cost, for sure. Can you give an example? Customer experience. I think the credit and debit card fraud, which is rampant for not just community banks but all banks, that's real dollars that hit the bottom line. It's real easy to make a business case to invest in computer learning or other automation tools to help detect and prevent that stuff. So what's the state of the art in fraud right now for the bad guys? Is it, we were talking in the road before he came on, just take us through that use case of what's some of the behavior because everyone has experience either directly felt it or the fear of it's going to happen anytime soon. So take us through how do you guys look at that? What are some of the patterns and what are you seeing and how are you jumping on that? Give you a couple of perspectives. The recent rash of merchant breaches, Target, Home Depot, PF Changs, you name it, there's hundreds of them, have certainly contributed to a large volume of stolen card numbers out on the black market. We have seen in our experience that generally card present transactions, so that someone who's actually purchased a stolen card created a physical copy of it. When they go out, they will first test it at a merchant and if it works, then they're going to hit you hard for five, 10, 15, 20 transactions, all for a reasonable dollar amount, nothing for $10,000 that's going to set off alarms anywhere, but hoping to get those transactions quickly enough before you figure it out and generally figure it out. So it beats the clock kind of mentality. Sure, figure it out for a lot of community banks means your customer opened their statement and they realized there's charges that they didn't make and they call you. So that's a month later. The smarter criminals are for those who have fraud detection techniques that can see when cars are usually used in Pennsylvania, all of a sudden there's a charge in California that's pretty anomalous, that's something to look into. Some of the criminals are becoming sophisticated enough to sell the cards back into the local market where they were stolen. So when they shop at the local grocery store and they buy a gift card for $400, it looks like a transaction for someone who would normally shop for groceries there. They sell geolocations. Exactly. They're big data savvy crooks. So this is, we were talking earlier about how security is part of overall IT operations. Yeah. As Splunk has grown, it's footprint, what is the bigger job it's responsible for now beyond the layer that you had over different services? Is it your sort of primary console for operations? It is one of the consoles that's used for operations. I think it depends on what operations you're talking about. So tell us what's the sweet spot for the different ones? I don't know that we've discovered the sweet spot yet. We've got a number of consoles. We've got monitoring, Locnaugios monitoring has consoles that tell you when servers are up or down or CPU usage has exceeded certain amounts. We've got consoles for monitoring ATM fraud which we use in Splunk. We've got consoles that folks will use to troubleshoot if there are connectivity problems that's in Splunk. We're a bit dysfunctional in the fact that we have so many consoles. I don't know that you will ever find that there's one console that solves everything. Certainly we see a lot of opportunity in Splunk to eliminate or consolidate a number of those into a single console. Instead, if you look at operations and security as part of operations, what percent of your budget goes towards that and do you see vendors coming along who are trying to really take a leap in terms of productivity and taking labor out of that? So the portion of our IT budget that is spent on security operations, is that the question? Security as part of overall operations. The overall sort of apex of maintaining your landscape. Yeah, I think we are somewhat unique among community banks that most would probably tell you it's five percent or less. For security. For security. Hello! Is there something... Is there something where you can go beyond just monitoring security, like you were saying you have ATM fraud, connectivity, servers, do you see a growing footprint for one or more operational management products where you can get away from very fine slices? Yeah. I'm sure they're out there. We aren't mature enough to start looking at it at that high of a level. I think we've partnered with pre-alert to do some machine learning and anomaly detection in the fraud space. That's one of the levels that we know there's just so much of it, it's so rampant, there's so many transactions that a human couldn't possibly pick up these patterns. So we're certainly looking at automation in that space. Andrew, we got a break here, but I want to just get your final thoughts. Sure. I'm looking forward to grow your business, knowing what's out there and what you need to do. What's going on with Splunk? How do you see those guys intersect? Do you see new products you like? What's your feeling about Splunk right now, what they're coming out with? I think that we've learned that Splunk can be an integral part of our business, not just from IT operations, not just from security operations, but from making business analytics and business decisions. If we can get more data flowing into Splunk, we can certainly learn a lot more about our customer's behavior, and that's information that our business leaders need in order to decide what's next, what products and services do we offer, which ones are people using, which ones are most profitable? So that's kind of where we see the future. So the hanging fruit is obviously that the dollars cost you, but this outliers that you can turn into an opportunity. Outliers, data points. Absolutely, yeah. If we see a customer who uses the same ATM every Friday, and it's not one of our customers, but maybe they work near, it's an opportunity to market on that ATM. Hey, if you join Orestown, we can save you the $4 you're paying every Friday when you take out money for the weekend. All right, Andrew, thanks so much for joining us. Hitting the security perspective. Senior Vice President of Security at Orestown Bank. We'll be right back with more from theCUBE. Live coverage day one of Splunk. We'll be right back after this short break. Thanks, appreciate it, guys.