 Live from San Francisco, it's theCUBE, covering RSA Conference 2020 San Francisco, brought to you by SiliconANGLE Media. Hey, welcome back, everybody. Jeff Frick here with theCUBE. We're at the RSA Conference in downtown San Francisco in Moscone. It's the fourth day of the show, 40,000 some-odd people here. It's all about security. It's the biggest security show in the world, despite the fact that there were some challenges with the coronavirus this year, and people were kind of wondering how that was going to shake out. There's been a lot of kind of weird stuff going on in the conference scene, but a lot of people got here, a lot of conversations around security, and we're really happy to have, really a seasoned vet, he's been through this cycle of security a couple of times. I think he said he's done four different startups, so we're happy to have him. It's Oliver Fredericks, the VP security products at Splunk. Good to see you, Oliver. Thank you, great to be here. Absolutely, so let's take a step back. You've been coming to the show for a little while. What's kind of your impression of the show? Well, it's really interesting this year. I'd say the energy level is somewhat flat, and I think it's a sign of our industry maturing and getting to the point where you used to see some pretty big disruption every few years when compute changes, the threat attack surface moves, and the threats change with it, but things have been relatively stable. The cloud is really the biggest, most recent innovation, and so there really hasn't been, I think, any massive disruption in our industry for a little bit, but a lot of just continuous iteration and improvement on existing technologies. Right, there's some big ones coming down the pike, though. One of the big ones that's going to have a huge impact is 5G and IoT. Suddenly, now, these things, people think 5G so you can talk to your mom faster on the phone. That's not what it's about at all. It's a speed of machines, and the speed in which these transactions are going to be happening, not to mention all those connected devices, all those new attack surfaces, very, very revolutionary, and yet the theme here is the human element. So when you think about speed of machines and increasing kind of frequency of bot attacks, this and that, and yet there's still people that got to be on the hook and responsible for this stuff, how do you think about it, and how does you actually use things like AI to help the people fight the machines? Yeah, no, it's a really good question. So typically, over the years, attackers have targeted compute operating systems, applications, servers, and so on, but we've done a really good job of starting to lock those down, finding those vulnerabilities, patching them, fixing them. You know, it hasn't been solved, right? It's an ongoing issue, but attackers have moved on to the weakest link, which is people, right? If I can convince you to send me your bank account information or get access to your account and wire money out of your account, right? It's a lot easier than having to find a vulnerability in Microsoft Windows these days, which used to be pretty easy. Back 20 years ago, they were there by the dozens. Right, but now they're getting better on the phishing too, and now spear phishing, right? I had a friend in commercial real estate who told me about this email that he got from his banker, talking about a transaction with a business associate, using vocabulary words that would normally be used in their exchange to the point where he called the guy and said, did you send this to me? So the bad English, bad grammar, and kind of funky word selection isn't necessarily that red flag that it used to be that don't click on here. We're still getting, you know, this attacking is happening. So how do people get more sophisticated in light of kind of these more sophisticated attacks on the people? Yeah, so I think there's two things. One is, you know, hidden in there in that type of an attack is typically wire instructions, right? So if I'm buying a house, my escrow company or title company is going to send me wire instructions to send the money for the down payment on that house, for example. That's been a very, very common attack where title companies may not be the most sophisticated like many of the organizations that are here today, so definitely fall victim. So that's definitely a growing problem and a growing attack surface. We also see the need for new technologies like natural language understanding, actually understanding the context of the data. For example, what's the intent behind it? What's the meaning? Sure, it's not going to be misspelled, but can I find other relevant factors or attributes of that email that point out a red flag or something that I need to be concerned about before I actually click on it or open it or act on it? Right, so the company that you led before Spunk acquired you phantom, you talked a lot about, you know, trying to help the Seesawks do a better job, help them kind of filter what they don't need to respond to, prioritize what they need to respond to and then respond quicker when they do. That's right. Tell us a little bit more about how that works and what's kind of the impact of having that technology on the front line. Yeah, so five years ago, automation and security really didn't exist. We created a new category called SOAR, Security Orchestration, Automation and Response, and it's a technology that allows you to automate what a SOC analyst would typically do by hand. So typically, you know, if an analyst is looking at an event, it would take them 10 minutes best case, 11 hours worst case to analyze that and do all the work that they need to do to triage it. By automating, we're able to reduce that down to a best case of one second, worst case of 10 minutes using automated playbooks. So we're able to get a massive performance improvement by automating, by creating a playbook of those route routine things that an analyst would do by hand, and that frees up the analyst to do more proactive, higher order activities, things that actually require human thought versus the repetitive work, which we're very happy about. And are most of those types of processes that you automated, just checking boxes, if you will, almost like a pre-flight to make sure that you kind of have the simple things covered? Or, you know, what are some of the activities that you've been able to automate? Yeah, so it's interesting, these platforms have become very flexible and multi-purpose. So today we integrate with over 300 different security vendors that are on the showroom floor here today to let you automate activities in those products. So the typical large enterprise has maybe 60, 70 security products that they're all managing from a browser tab or a different login. What SOAR platforms do is they tie those together and allow you to manage those products very rapidly in the case of an event. So for example, you know, if I have a phishing email, I can take the attachment detonated in a sandbox for many of the sandbox vendors here on the showroom floor, look it up in my reputation service, like my virus total or reversing labs, for example, look it up on my EDR product on the endpoint to see, do any of my endpoints actually have this file? And then I could take remediative action and actually block the user, take the endpoint off the network using a NAC product that's here, and so on, or block it on the firewall. So there's many different types of scenarios. Is that whole chain that you just described potentially would be something that you build into this playbook and have that happen automatically? Exactly, yes. Oh, that's a huge time saver, huge time saver. So as you look forward kind of at the power of AI, right? Good news, bad news, right? Good news, you're going to have a lot more horsepower and computational wizardry at your fingertips. Bad news is the bad guys are also going to have a lot more computational power and wizardry at the end of their fingertips. So how do you kind of see the battle continuing to play out? Where do you really see great opportunities with this evolving AI to do things that you just couldn't do before? Yeah, look, attackers have been using automation and AI against us for many years now. So we're just starting to catch up and use it effectively to defend ourselves. You know, it'll be very interesting to see where this goes. I don't know if I can predict, but imagine machines fighting machines just like in real life, in robotics, and so on, in real physical kinetic warfare. Imagine the same thing happening in cyber. It is entirely conceivable, but I don't think we're quite there yet. I mean, we obviously see botnets and other automated attacks that are already very rampant and then automated countermeasures that are there as well. So it'd be very interesting to even have, you know, maybe one year here we'll have, you know, robot wars for cyber and have, you know, technologies battle each other to see who wins. But what's crazy is as much as the bots are fighting the bots, you know, we have people on my Rachel Toback who's been doing that a couple times. She's, she does social hacking. And she's basically 100% successful in just calling people on the phone and giving them to provide her the details. So it's still going to keep the people in the loop. We're still going to have to, you know, make sure that they're not the weakest link. Absolutely. Yeah. All right, good. So final thoughts as you head into 2020, the year we're going to know everything with the benefit of hindsight. Well, look, I think one thing we're seeing, there's so many vendors here. Things are coming together, you know, customers are looking to consolidate, they're looking to reduce. And one thing that we're very heavily focused on at Splunk is creating a single work surface for analysts. So they don't have to deal with dozens of different consoles, right? We're very, very focused on that. Working 70 tabs to work process is not very efficient. It's not ideal. No. All right, Oliver. Well, thanks for taking a few minutes to stop and buy and continued success for you and Splunk. Thank you. All righty. He's Oliver, I'm Jeff. You're watching theCUBE. 2020 from downtown San Francisco. Thanks for watching. See you next time.