 from the Walt Disney World Swan and Dolphin Resort in Orlando, Florida. It's the Cube, covering splunk.com 2016. Brought to you by Splunk. Now, here are your hosts, John Furrier and John Walls. Hey, welcome back everyone. This is the Cube, live in Orlando for dot com. This is Splunk's seventh annual conference. It's bigger and bigger. Of course, as does the Cube, SiliconANGLE Media's flagship program. Go out to the events and expect to see the noise. I'm John Furrier, my co-host, John Walls, here in Orlando. We are more expansive, aren't we, John? Yeah, we're getting bigger, we're always smiling. Rolling every day. We're very data-driven. We share that data live. No on-demand, just straight live. You can't put comments back in the bottle. Once they're out there, they're out there. All right, a couple of guests from Gigamon are with us right now. Ford Briston, who's the director of alliances and business development for Gigamon. Phil, thank you for joining us. And Jay Bala of Supermonion, who is the director of security product management at Gigamon, and Jay, welcome to you. Jay B, for short. Thank you. Until, right? First off, I know you're into visibility, right, that you're providing, in essence, peeling back that digital onion for companies and giving them insights into what's happening on the networks and the traffic. Tell us a little more elegantly, if you will, what Gigamon does, what your core business is, and what your relationship is, but it's fun. Why are you here? Sure, thanks, John. So that was a very good, and then a description of what we do, but it is all about visibility. So we sit between the network and any tools that need to see traffic from a network. So whether they be security tools or application performance tools, whatever, we add an architectural layer to the network, but make it very easy to take traffic from the network and deliver the relevant traffic to those tools. So rather than putting a tap straight into a network link, and if you like taking a fire hose straight into a tool, which, yes, gives you visibility into that portion of the network, but also gives you all the traffic that you don't need and makes it hard to see traffic from other parts of a network. We provide a way of having a total single tap into the network, so we work, every important link will provide taps into that part of the network, whether they're physical links or virtual links, if it's an NSX environment, or even now we're running beta trials in AWS in the public cloud. You can give you access to that traffic, take it into our platform and feed it to the wide variety of tools that you have that are looking at network traffic. So the same with Splunk, for example, and why we're here, we'll take packet data, filter that packet data to what is of essential interest to your security analysts and feed it into the Splunk app for stream so you can get it into your Splunk environment very easily. Also with Splunk, we'll take any traffic stream that we monitor and generate metadata from that and the way we deliver that metadata is either as NetFlow records or as IPvx records and again feed it into enterprise security or into the Splunk app for IPvx. This is a great point I want to highlight because what you're talking about is what was usually called data exhaust coming off your metadata, which is important to you, needs to go someplace and turning that into goals that we've always said about Splunk. You know, they take the exhaust where there's log files or whatever data and they turn value into it, exhaust to gold, whatever you want to call it. But here's the issue. As you guys throw off network data, the impact is significant. I want you to take a minute to describe what the value is because everyone's looking at NSX for instance from VMware, which is at Oracle Local World last week and the same things going on. People are looking at the network, putting all of the data into the network to make the network more efficient. How does this help you guys and what's the impact of the customers? Because the goodness of the metadata is going to provide great visibility into things they might not have seen before. What are some of those things? Sure. Yeah, I could take that. So the whole idea of us, the metadata project is to increase the amount of signal and reduce the noise that you get from our network. So we think the network is a great source of user application and all kinds of interesting security information. So some things which we do with our network metadata, let's take a look at all the certificates floating in the network. It's possible to take that. And then a tool can, security tools such as Plunk can then look for all expired certificates or certificates that are self-signed or issued by questionable certificate authorities. And you can do more further analysis. Other great examples of metadata are things like DNS. You know, a bot, any self-respecting bot, the first thing that it's going to do is try to resolve the DNS for its bot master. Let's say it wants to go and connect to www.evil.com. It's going to start a DNS request and Gigamon being part of that network fabric, we actually collect what is called the original authoritative DNS request and response information. We take that out and feed it to the tools. Well, a lot of hacking's being done on the DNS side, big time, so that's a low hanging fruit I can imagine. But other intelligence is being forced down and the network is seeing that now with virtualization and even whether it's non-virtualized or in the network fabric, this is where the action is. Because everyone's complaining, the network's the problem. Because all this compute is everywhere. All the storage is everywhere with flash and all this going on. What do you guys see that? I mean, what is customers, what are they seeing? What's the impact on them? So a lot of what customers are seeing is turn your, the network is the problem but also the network is a source of truth, if you like. Whatever you find on end devices, it's there but you don't know how it's being used. But if you're looking at actually data in motion, so if you're looking at what's flowing across the network, you know what's really happening on your network. So, you know, Gingham- Really is a moment of truth for sure. Right, and Gingham is in a great position to collect that information and feed it to our partners like Splunk and Gingham. All right, so take this to a customer scenario because this is really, I think, really critically important to understand. There's a lot of hacking going on, so in the bowels of the plumbing network, if you will, there's a lot of issues. You have intranetworks on the inside of the Kubernetes, you got to cross the internet, people looking at direct connects now, all kinds of stuff, but it used to be easy when you throw a circuit together between offices, you manage it end to end, but now it's more dynamic. What do customers do with you guys? What can they, how do they roll this out? How do they get the value? So this is where, right, we often bring in what is called the APT chain, which is, you know, there's the malware, it starts floating all around the network, looking for, you know, target hosts, et cetera, and finally, exfiltrating it. A lot of security practitioners are saying that it's too late to catch malware in the final stages when data is actually being stolen, and that's what we call the North-South patterns. You want to be catching malware early on, and it's actually noisy. When it's moving around. When it is moving around. If they're going through the host, once they get to the host, they're done, it's hard to get out. But the problem is to do that, you actually need to go deep into the network and see east-west traffic patterns. You need to see traffic between your VMs. You need to see traffic between your access switches, et cetera. And that's where Gigamon works. Also too, on the host thing, as they move from the host to penetrate further, they got to traverse some network. That's right. So all of a sudden, let's say there's peer-to-peer connections happening between my endpoint and yours, normally it shouldn't happen if we both are working in an organization. But we as Gigamon can provide those kind of feeds and give it to. So this is the moment of truth. I like that angle. So if you look at the network, it's like a car. You can sit in your driveway all day long, but the minute you get out of the road, you're moving. Yes. So that's where you guys take that approach. Exactly. And as soon as it moves, we can pick it up and package it and deliver it to a tool that's going to do the analysis. So this is where Splunk makes sense because what I hear you saying is network visibility has always been out there in some form. It's just catching it fast enough. Seems to be the issues. I think that is right. And we want to evolve this project to go further. We want our grand vision would be when we can actually get into user and application information and you can actually provide that. So you know which user is accessing which application. So you can actually do things like forensics, policy, et cetera. Just from a pure security standpoint, tools and then we have new apps and then we have evolving networks. And so it's a potential cycle, right? Trying to stay ahead of the game. So how do you help people, I guess, where their status quo is, you know, existing systems that they're going to grow and then you have new intrusions, new threats? I mean, how do you, Gigama, how do you philosophically approach that? So that's a great question because actually what you were saying about seeing things quickly. Yes, seeing things quickly is vitally important but also as technology changes, being able to expand your visibility and cover that new technology is also vitally important. So Gigamon spends a huge amount of effort making sure that partnership with VMware to be able to see into NSX environments. We do similarly with Cisco and ACI environments. As I said, we're just going into public cloud because yes, you can see the traffic that's going into the public cloud and coming out. How do you see that East-West traffic that you were talking about? Making sure that we have the ability to see that and to pull that out and speed as network technology. We can actually act as a buffer between that. Whether it's network speeds changing, our process fast enough for the new 40 gig lengths you've put in, you can share the load across. So as Jay mentioned, drop out the noise and just put the important stuff over to the tools. I just like to add that we have this middle layer between a fast network and tools that are the statistic we often quote in our company, 6.7 nanoseconds. That's the speed between two frames in 100 gigabit ethernet. And you've got to do a whole lot in that timeframe. Let's take a second to talk about the company you came on because you guys have an interesting culture for the folks that are watching might not know. This is a culture of a company that was a really big Silicon Valley success story rejected by 35 plus venture capitals in 2003. Founders bootstrap this company for gone salaries for multiple years. And I know how it is, I've done that too. I know how the life could be on your case. There's the cash. But they stayed the course. During that time, you guys bucked the trends against Gartner. You guys were disruptive outside the box thinkers, if you will. And there's other stuff going on. Y2K, post Y2K, bubble bursting, all that stuff. Now you're successful. Okay, so hats off to you guys. Congratulations to you, your company and the founders out there. This is a great example of some successful, large bootstrap Silicon Valley. This is the way it is, not like on HBO. But my question is this. One of the things that has made you different in the sense rejected by all the VCs in the early days was that you were counterculture to the Gartner current model of thinking. You weren't in a category at the time. So, question. What is that new disruptive mentality that you guys have now? What are you guys doing that's disruptive that no one's seeing? Because we're talking about the moment of truth. That's data driven. What is the one thing that's still in that culture today that's disruptive? I think from a product perspective and maybe Phil can talk from a cultural perspective but from a product perspective, we want to evolve what we call as a security delivery platform and make it a reference architecture for all tools. So, all of a sudden tools can take intelligent decisions and can program the Gigamon to say, I'm seeing something interesting happening here. I want to start a packet capture or I want to start metadata. So, Gigamon sort of serves as the central to analyze it further. Really the success. I look at the world right now and I've got all the hundreds of events this year. That's the magic quadrants down in Bitesilo. Getting great stuff and again, congratulation on the great success story. Jay said a couple of times, signal. Our job is to bring you the signal. Truth is here on theCUBE.