 in San Francisco, Moscone Center at the RSA conference. It's one of the biggest conferences, I think after like Salesforce and Oracle, that they have at Moscone on the tech scene. Over 40,000 professionals here talking about security. I think it was 34,000 last year. It's so busy, they can't find a space for theCUBE, so we just have to work our way in. We're really excited by our next guest, Ted Julian from IBM Resistant. Resilient, excuse me. Thank you, it's all right. And you are the co-founder of VP Product Management. Welcome. That's right, thanks, good to be here Jeff, thanks. And you said IBM actually purchased the company a year ago, so happy anniversary. Yeah, thanks. So how's that going? It's great, business is really going well. It's been thrilling to get our product in place and a lot more customers and really see it, help make a difference for them. Yeah, Jesse Proudman is a many-time CUBE alumni. His company was Blue Box, also bought by IBM a little while ago, also had a really good experience of kind of bringing all that horsepower to what his situation was. So let's jump into it. Sure. Security, it's kind of a dark and ominous keynote this morning, the tax surface is growing with our homes and IoT, the bad guys are getting smarter, the governments are getting involved, it's not just necessarily bad guys. What's kind of your perspective as you sit here a year after your acquisition? 40,000 professionals here focused on this problem. We're not winning. We're not winning. Unfortunately, I mean, as a, I guess, a species. What is it? We saw a survey recently from the Poneman Institute, 70% of organizations acknowledged they didn't have an incident response plan. So you talk about that stuff in the keynote where sort of a breach is inevitable, what are you gonna do? Well, the thing you'd need to have is a response plan to deal with it and 70% don't. Costs of a breach also, according to the Poneman Institute, it's up to $4 million on average. Obviously, they can be a lot larger than that. Right. So there's a lot of work to be done to do better. And then you hook up a new device and they're on that new device as soon as it plugs into the internet. I think they said within an hour they ran a test today. So is the, I mean, where are we waiting? Where are we getting better? I mean, I've heard crazy stats that people don't even know they've been breached for like 245 days. Is that coming down? Are we getting better? Certainly the best in the business are. And really the challenge I think as an industry is to percolate that down through the rest of the marketplace. Everybody's going to be breached. So it's not whether or not you're breached. It's how you deal with it come the day that's really going to differentiate the good organizations from the bad ones. And that's where we've been able to help our customers quite a bit by using our platform to help them get a consistent and repeatable process for how they deal with that inevitable breach when it happens. That's interesting. So how much of it is kind of building a process for when these things happen versus just the cool, sexy technology that people like to talk about? Oh, it's everything. I mean, one of the hottest trends that you're going to be seeing all over this show is automation and orchestration, which is critically important as part of the sort of you get an alert and how do you enrich that to understand that? Once you understand that, how can you quickly come to sort of a course of action that you want to take? How can you implement that course of action very efficiently? Those things are all important. Computers can help with a lot of that. But at the end of the day, it's smart people making good decisions that are going to be the success factor that determines how well you do. Right, right. Another kind of theme that we're hearing over and over is really collaboration. Amongst the companies, amongst the competitors, sharing information about the threat profiles, about the threat that are coming in to kind of enable everybody to actually kind of be on the same team. That didn't always used to be the case, was it? Well, people have been working on this for a while, but I think what's been a challenge is getting people to feel comfortable contributing their data into that data set. Naturally, they're very sensitive about that. Right, right. Some of our most confidential information we've had a security issue. We're really not dying to give that out to the general public. And so I think it's been, the industry's been trying to figure out how can we show enough value back when that information's contributed to some kind of a form to make people feel more comfortable about doing that. So I think we've seen a little bit of progress over this last year, and there'll be more going forward, but this is a marathon, not a sprint. Right. I think to solve that problem. But it is crucial, because if we can get to that point, that's what ultimately allows us to turn the tables on the bad guys. Because they cooperate. Right. Big time. They're sharing vulnerabilities, they're sharing tactics, they're sharing information about targets, and it's only when the good guys similarly share what they're experiencing that we'll have that opportunity to turn the table on them. It's funny, we were at a Verizon thing the other night, and the guy said, you know, if you're from the investigator point of view, it's probably like a police investigator. They see the same pattern over and over and over and over. It's only when it's the first time it's happened to you that it's unique and different. So really the way to kind of short-circuit the whole response. How do you find out you've been breached? There's a short list. One, Brian Krebs, very famous reporter, happens to find out, he tells you. Number two, FBI. They tell you. Unfortunately, it's usually external sources like that, as opposed to organizations' internal systems that tip them off to a breach. Another example of how we are doing better, but we need to do a lot better. And then there's this whole thing coming up called IoT, right, and 5G. And all these connected devices in the home, our cars, our nests. So the attack surface gets giant. Like I said, they said in the keynote, you plug something into the internet, they're on it within an hour. How does that really change the way that you kind of think about the problem? It makes it a lot harder. The attack surface gets bigger. The potential risks go up quite a bit, right? I mean, you're talking about heart implants or things like that, which may have connectivity to some degree. Then obviously the stakes are severe. But the thing that makes those devices even trickier is so often they're embedded systems. And so unlike your Windows PC or your Mac, where, I mean, it's updating itself all the time, right, you barely even think about it. You turn it on one morning and there's a new update. A little harder to make those updates happen on IoT kinds of devices, either because they're harder to get to or the systems aren't as open or people aren't as used to allowing those updates to occur. So even though we may know about the vulnerabilities, patching them up is even harder in an IoT environment, typically than in a traditional. Crazy. All right, so give us a little update on resilient. What exactly do you guys do inside this crazy ecosystem of protecting us all? Sure, so five or six years ago, myself and my co-founder John started the company and it really was acknowledging that we've gone through the air of prevention to detection and now it's all about response. And at the end of the day, when organizations were trying to deal with that, we saw them using ticketing systems, spreadsheets, email, chat, I mean a mess. And so we built our platform, the Resilient IRP from the ground up specifically to help them tie together the people process and technology around incident response. And that's gone amazing. I mean, the growth that we've seen even before the IBM acquisition but after has been breathtaking. And more recently, we've been adding more and more intelligence and automation and orchestration into the platform to help not only advise people what to do, which we've done forever, but help them do it. And then we'll, you know, deploy that patch or we'll revoke that user's privileges or what have you. Right, yeah, a lot of conversation about kind of evolution in big data, evolution of things like Spark so that you know, you can react in real time as opposed to, you know, kind of looking back after the fact that they're trying to go. For sure. And for us, it's really empowering that human, right? It's either the enrichment activity where they'd normally go to 10 different screens to look up different data about a malware thread or about a vulnerability. We just spoon feed that to them right within the platform. So they don't have to have those 10 tabs open in the browser. And after they have that chance to evaluate that and they want to know what to do, again, they don't have to go to another tool and make that action happen. They can just click a button within resilient and we'll do that for them. All right, Ted Julien, we're rooting for you. Thanks, yeah. IBM, give them some more resources. He's Ted Julien, I'm Jeff Frick. You're watching theCUBE at RSA Conference 2017 from Moscone Center San Francisco. Thanks for watching.