 Live from the MGM Grand Convention Center in Las Vegas, Nevada, it's The Cube at splunk.conf 2014. Brought to you by headline sponsor Splunk. Here are your hosts, Jeff Kelly and Jeff Frick. Hey, welcome back everyone. I'm Jeff Frick, you're watching The Cube. We're at the splunk.conf user conference. Their fifth consecutive one is over 4,000 people here at the MGM Grand Las Vegas. Splunkers and partners and customers and soon to be customers learning all about Splunk, real world applications and we're here for our third year. We love coming to this show because we get more customers on than any other show. But for this segment, we're actually going to go back to a great Splunk executive and talk about a hot topic, security. So I'm joining this with my co-host, Jeff Kelly. I'm Jeff Kelly from Wikibon and joining us is Haiyan Song who's SVP of security market at Splunk. Welcome to The Cube. Thank you. Thanks for joining us. So yeah, security's been a big theme here at the show. A lot of the customers we've talked to, they're using Splunk to support their security operations. Tell us a little bit about your role at Splunk and the importance of security to your customers. All right. Well, I'm really excited to be at this conference. It's my first one and just the energy and the focus and the interest they have in security is just phenomenal. And so my role is I'm responsible for leading the mission of the security business at Splunk. As Goughry talked about along the way that we started forming the market group and that's really aimed to bring the focus, the leadership and the enablement for the company to go and help our customers to solve their security challenges. And so I'm basically the person who tried to bring a lot of this together and leverage the vast resources we have in our ecosystem and enabling really the whole ecosystem to help protect the enterprises in our nation. So we've heard Splunk's strategy around, Splunk is a platform building applications but also allowing the customers to build applications and it sounds like Splunk focuses on when you're going to build a suite of applications you focus on those core areas where you can really add value. It's not like security is one of those areas. Yeah, security is probably one of the leading solution areas in addition to what we have been doing for years in IT ops and application management. You talked about Splunk being a platform and people building applications. I think we're also at the stage that for the security world, Splunk also want to be a platform for people to build security applications on top of that. So we're really elevating the level of the platform and providing a specific set of framework and capabilities for people to start building things on top of that to solve compliance, to solve fraud issues and we're going to continue to focus on that but we want a whole ecosystem to build more and more of that solution. Well it's interesting that Splunk did not start out with a security focus per se but it's clearly become one of the killer applications. Can you talk about how that kind of evolved as your customers, did it start with your customers adapting Splunk to these use cases or did Splunk recognize maybe ahead of the curve but this is an area we need to focus on? I think we credit the early sort of entry into security to our customers. They basically, the power of a platform and the power of to be able to make the data accessible to the customers I think is a testament why our customers can get so creative and innovative. You got all the logs and you use for troubleshooting oh well we need compliance so let's just do that and once they do compliance they say well we got all logs and you can do alert how about we start alerting for some of the incidents. So I think they definitely pulled us into this but we also should give credit to the founders and they actually had worked with partners who initially start building solutions for security even though we were a little hesitating to be categorized as a security solution too early I think that was brilliant but we definitely have the eyes have set and we acquired some of the technology that's actually part of ES right now and in the last three years I think it's really a combination of where the company is saying we are established as a platform and we really need to elevate the value we deliver to the customer and security is a natural fit because the customer are using them and we're disrupting the market and we're doing in such a way that is really bringing more of the capabilities into the platform to drive the adoption as well. Well it's interesting because Godfrey mentioned in his keynote yesterday how it kind of going back and forth with Gartner please don't put us in your magic quadrant and I'm guessing the reason for that was that you didn't want to be pinch and hold as a point solution for security where you have a wider breadth of capabilities that said as we talked about it is you just explain security is one of those killer applications maybe could you articulate Splunk's approach to security versus some of the other more traditional methods we've seen in that SIM marketplace. How does Splunk do a difference purely around the analytics versus a more reporting style approach from the other? The quote Godfrey's quote was security should be an analytics problem not a monitoring challenge but you know that's clearly the philosophy you could dig into that a little bit that's a great line. Be very happy to do that. I think the end goal to think about that yesterday in my keynote I also talked about if you look at the stats about 229 days and two out of three are being reported by a third party it fundamentally tells us what's out there is not effective yet. 229 days you can do so much damage to your organization so we got to make them faster and what's happening in the industry I think is people realize that the threat is happening at a much faster speed than how we can respond. I think Mark Raff basically alluded to that in his keynote is the speed that they are innovating and attacking us versus how fast we can deliver solutions it's not in the same order of magnitude it's not in the same ballpark. So that really has given the rise of we call the analytics driven security it's not because I'm advocating you don't need monitoring anymore I think monitoring, alerting all of those is actually becoming more commoditized everybody have that capability that's table stakes and that's the foundation everybody should have it and to say analytics driven security is not to minimize the value of that it's more how you can actually be coming staying ahead of the game versus always responding to something you know you talked about being proactive and being predictive and all sort of coming out of the reactive mode so I think the state how Splunk is different is really fundamentally everybody can get to the data everybody can get threat intelligence everybody can find a way to enrich those things with context that's not new everybody can do alerting I think what we're really uniquely positioned and uniquely offering the customer is we design the software around people we think we give you the power of visualizing your data understanding the dynamic relationships of the data and using your expertise to make the best decisions once you're able to make that determination there's ways for you to automate that so it's not about doing everything by human but it's leveraging the best of human and the technology to do this I think that's really the secret sauce and that's why we're getting all this support and the love and you can probably feel the energy around this conference it really shows the commitment that Splunk has to security one by putting you in the position that you are dedicated to this topic the fact that you've got a keynote just on security which we weren't able to live stream last year we did live stream this year so I suggest if you haven't watched it watch it it's a little scary I got to say you know it's you don't necessarily always want to lift up the carpet and see what's under there but the reality is there's a lot of bad stuff going on and so you know Mark really highlighted on what's going on he highlighted that the the threat is continuing to grow it's continuing to get more sophisticated so I wonder if you could you know touch on some of the high points of your keynote and his keynote for the folks that weren't able to see it because again it was a little bit scary he closed with a a really powerful statement but I wonder if you can dig in a little deeper perfect I can't tell you how many people come up to me after Mark's keynote and said oh my god this is the best keynote I've heard about security and uh... there's actually a couple of different reactions to it you know you talked about just feeling scary and uh... you know when I finished that I said I feel really proud that how far we have come along and I get really inspired because he was able to really elevate that whole conversation to a totally different level right is a mission is a mission at this nation level is not just protecting our enterprise or protecting our lives is okay this is the challenge for our generation let's step up to it um... so I think there's a couple of things that uh... for the security team and for the security professionals even just the general public to take away your point is well it is scary it is getting scarier and is harder uh... but we shouldn't be scared in terms of because to us those are opportunities I think the takeaway for me is the adversaries have come a long way the technology has come a long way and we just need to close the gap because we're still short of behind because they're innovating faster than us and we need to get better at delivering better intelligence and counter intelligence and things I think ultimately what he's telling us is we got to rise to the challenge we got to think about this systematically remember his nice confluence of the architecture and I was very uh... proud that he basically put what we do at the center of that architecture how we can gather all the information how we can congregate and and really distill it at a higher level and then send it out so more actions can be taken so I thought that was very aspiring and and very sort of forward-looking as well uh... so the takeaway I think for us is understand the challenge let's rise to the challenge and uh... we have a good way and ecosystem and technology to do that together and we certainly love to be front and center and leading that for a for us we're getting the hook I can't believe we're getting the hook we can have you on all day watch the security keynote watch it to the end I'm not going to spoil it for you but it was it was very powerful I want to talk more about the reality of guys like we had on before that to actually implement this but but we got to go thank you so much for stopping by look forward to seeing you next year if not sooner maybe we'll sneak in for another segment so I'm Jeff Rick we're at the cube we're getting the hook we'll be right back with our next guest after this short break