 Live from Washington, D.C., it's theCUBE. Covering.conf 2017, brought to you by Splunk. Welcome back to the Washington Conventions that are the Walter Washington Convention Center and our nation's capital as our coverage continues here of .conf 2017. We're here at Splunk along with Dave Vellante. I'm John Walls and I'm kind of coming down the home stretch, Dave, there's just something about the crowd's lingering still. Show floor still has that good vibe to it. Late second day hasn't let off yet. Well, no, remember the show goes on through tomorrow. Right, right. Some of the events tonight, I think. I don't know if the band's- Yeah, right, but hanging out, partying tonight. But you can tell the Splunkers are alive and well. We have Terry Ramos with us who's going to join us for the next 15 minutes or so, the VP of Business Development, Apollo Auto Networks. Terry, good to see you, sir. Good, really appreciate you having me here. You bet, you bet. Thanks for joining us. You've got a partnership now. You've synced up with Splunk, so tell us a little bit about that and then we'll get into the customer value after that. But first off, what's the partnership all about? Sure, so we've actually been partners for about five years, really helping to solve some customer needs. We've got about several thousand customers who are actually using both products together to solve the needs I'll talk about in a minute. The partnership is really key to us. We've invested a ton of time, money, effort into it. We have executive level sponsorship all the way down to sales. So in the field, we have reps working together to really position the solution of customers, both us and Splunk, and then how we tie together. We're the number one downloaded app for Splunk, by far, that's a third party. So they have a couple that are more downloaded than us, but for third party, we've done that. We develop it all in-house ourselves. For customers out there who think the app's great, I'll talk about the new version coming. I'd love any feedback on what should we do next. What are the next things we should do in the app? Because we're really developing this and making this investment for customers to get the value out of it. What about the business update for Palo Alto Networks? I mean, can you give us the sort of quick rundown on what's going on in your world? Sure, I think most people know Palo Alto Networks has done pretty well. We just finished our FY17, finished with about 42 and a half thousand customers. Revenue was, I think, 1.8 billion approximately. We're still a very high growth company and been growing the product set pretty well. From products next in firewall, all the attached subscriptions, and then we've got things like the endpoint traps now that's really doing well in the market, where customers need help on preventing exploits on the endpoint. So that's been a growing market for us. It's the hottest space in the data center right now and everybody wants to partner with you guys. Obviously, Splunk, we got all the big shows and they're touting their partnerships with Palo Alto. What do you attribute that sort of success to? Customers, truly. So I run the partnerships for the company. If we do not have a customer who will be invested in the integration and the partnership, we don't do it. So the number one thing we ask when somebody says I want to partner with you is, who's the customer, what's the use case, and why? And then if we can get good answers to that, then we go down the path of a partnership. And even then though, we're still pretty selective. We've got 150 partners today that are technology partnerships, but we've got a limited number of Splunk's, a big one that we really invest heavily far more than the others. Far more than just an API integration, the stuff of getting out to customers in the field, the development of apps and integration, those things. So talk about, we laugh about Barney deals sometime. I love you, you love me, let's do a press release. So what differentiates that Splunk level of partnership? Is it engineering resources? Is it deeper go to market? Maybe talk about that later. Yeah, I hate Barney partnerships completely. If I do those, fire me, truthfully. I think the value that we've done with Splunk that we've really drawn out is, we've built this app, so BD has a team of developers on our team that writes the app for Splunk. And we have spent four years developing this app. We were the first company to do adaptive response before it was called adaptive response. So you see something in Splunk, you can actually take action back to a firewall to actually block something, quarantine something, anything like that. The app today is really focused on our products, right? Threat, end point, wildfire, things like that, right? So it's very product focused. We're actually putting in a lot of time and effort into a brand new app that we're developing that we're showing off now that will ship in about month and a half, that's really focused on adversaries and incidents. So we have something called the adversary scorecard where it'll show you, this is what's actually happening on my network. How far is this threat penetrating my network and my end points? Is it being stopped? When's it being stopped? And then we've got an incident flow too that shows that level down to traps prevented this, and here's how it prevented it. And then if we go back to the adversary scorecard, it ties into what part of the kill chain did we actually stop it at? So for a CISO, when you come in and you say there's a new outbreak, there's a new worm, there's a new threat that's happening, how do I know that I'm protected? Well, Splunk gives you great access to that data. What we've done is a app on top of it that's a single click. A sock guy can say, here's where we're at. Here's where we've blocked it. Yeah, I guess I've been talking to a lot of folks over the last two days and we've got a vendor right over here. We're talking, they have a little scorecard up and they tell you about how certain intrusions are detected at certain interval, 190 days to 300 some odd days. And down here, talk about a scorecard that tells you, hey, you've got this risk threat and this is what's happened. I mean, so I guess I'm having a hard time squaring all that up with it sounds like a real time in examination, but it's really not because we're talking about maybe half a year or longer in some cases before a threat is detected. Yeah, so as a company, we've really focused on prevention. Prevent as much as you can. So we have a product called Wildfire where we have tens of thousands of customers who actually share data with us, files and other things, files, URLs, other things. And what we do is we run those through sandboxing, dynamic analysis, static analysis, all sorts of stuff to identify if it's malicious. And if it's malicious, we don't just start blocking that file. We also send down to the firewall all the things that it does. Does it connect to another website to download a different payload? Does it connect to a CNC site, command and control site? What's that malware actually doing? And we send that down to the customer, but we also send it to all of our customers. So it may hit a target, right? The zero day hit one customer. But then we start really, how do we prevent this along the way, both in the network and at the endpoint? And so yeah, there are a lot of people that talk about breaches long-term, all that. What we're trying to make sure is we're preventing as much as we can and letting the sock guys really focus on the things that they need to. A simple piece of malware, they shouldn't be having to look at that. That should be automatically stopped prevented. But that advanced attack, they need to focus on that and what are they doing about it? Yeah, the payloads have really evolved in the last decade. I mean, you mentioned zero day. I mean, think about it. They don't even know what it was in the early 2000s. So I wonder if you could talk about how your business has evolved as the sophistication of the attackers has evolved from hacktivists to organized crime, the nation state. Yeah, so it has evolved a lot. And when you think about the company, 42 and a half thousand customers says a lot. We've been able to grow that out. When you talk about a product, something like Wildfire that does this payload analysis, when we launched a product that was free, you'd get an update about every 24 hours, right? We moved it down to, I think it was four hours, then it was an hour, 20 minutes, and now it's about five minutes. So in about five minutes, we do all that analysis and how do we stop it? So back to the question is, when you're talking about guys that are just using malware and running it over and over, that's one thing. But when you're talking about sophisticated nation states, that's where you've got to get this, prevent it as quickly as you possibly can. So if we're talking about customer value, you've kind of touched on it a little bit, but ultimately, you said you got some to deal with Splunk, some to deal with you, some are down to dealing with both. So into the day, what does that mean to me? I mean, that you're bringing this extra arsenal in. How am I going to leverage that into my operations? And then what can I do with it better, I guess, down the road? Yeah, I think it really comes down to that. How quickly can you react? How do you know what to react to? That's, I mean, it's as simple as that. I know it sounds super simple, but it is that. If I'm a sock guy sitting in a sock, looking at the threats that are happening on my network, what's happening on my endpoints, and being able to say, this one actually got through the firewall. It was a total zero day. We had never seen it before, but it landed at the endpoint and it tried to run and we prevented it there. Now you can go and take action down to that endpoint and say, let's get it off the endpoint. The firewall is going to be updated in a few minutes anyway, but let's go really focus on that. So it's the focus of what do you need to worry about? Do you know what a zero day is? You've kind of, yeah, I mean, it's the movie, right? Explain, no, no, it's the movie because of the concept. Because of the idea. Zero day means no, there's been zero days of protection, but you can explain it better than I can. Yeah, zero day means it's a brand new attack. Never seen before, whether it be... So unique characteristics and traits in a new way to infiltrate in something that's totally off from left field. And when you think about it, those are hard to create. They take a lot of time and effort to go find the bugs in programs, right? So if it's something in a Microsoft or an Oracle, that's a lot of effort, right? To go find that new way to do a buffer overflow or heat spray or whatever it is, that's a lot of work. That's a lot of money. And so one of the things we focus on is, if we can prevent it faster, that money, that investment those people are making is out the window. So we really, again, are going to focus on the high-end, high-fidelity stuff. So the documentary called Zero Days, but there was, I don't know, how many zero day viruses inside of Stuxnet, like four or five. And you may be used to see the antivirus guys would tell you, we maybe see one or two a year, and there were four or five inside of this code. And it's the threat from within. One of the threats, if I recall correctly, was actually they had to go in and steal some chip at some Taiwanese semiconductor manufacturer. So they had to have a guy infiltrate, who knows, with a mop or something, stick a, you know, hit a break in, basically. And so these are, when you see a payload like that, you know, it's a nation state, not just some hacktivist, right? Or even organized crime, doesn't necessarily have the resources for the most part, right? It's a big investment, it is. Zero days are big investments because you've got to figure it out. You may have to get hardware, you have to get the software. It's a lot of work to find that out. And there's a lot of money in the black market. Sure, I mean, you can sell those things. So that's why if we make them unusable fairly quickly, it stops that investment. So we were talking with Monty Mercer earlier, and he was talking about, and his comments this morning, keynotes about you could be successful defending, right? I mean, it's not all bets are off, we're hopeless here, but it still sounds as if in your world, there are these inherent frustrations because bad guys are really smart. And all of a sudden you've got a whole new way, a whole new world that you have to combat just when you thought you had enough prophylactic activity going on in one place, boom, here you are now. So can you successfully defend, do you feel like you have the tools to be that watch at the gate? I'd be a liar if I say you can prevent everything, right? But it's just not possible. But what you've got to be able to prevent is everything that's known, and then take the unknown, make it known as quickly as possible, and start preventing that. So that's the goal. If anybody out here is saying they prevent everything, it's just not true, it can't be true. But the faster you take that unknown and make it known and start preventing it, that's what you do. Well, and it's never just one thing in this world, right? And now there's much more emphasis being replaced on response and predicting the probability of the sense of severity and things of that nature. So it really is an ecosystem, right? Which is kind of back to what you do. So how do you see this ecosystem evolving? What are your objectives? Yeah, I think that from my standpoint, we'll continue to build out new partnerships for customers. We really focus on those ones that are important to customers. So we recently did a lot with authentication partners, because that's another level. If people are getting those credentials and using them, then what are they doing with them, right? So we did some new stuff in the product with a number of partners where we look at the credentials and if they're leaving the network going to an unknown site, that should never happen, right? Your corporate credentials should never go to some unknown site. So that's a good example of how we build out new things for customers that weren't seen before with a partner. We don't do authentication, so we rely on partners to do that with us. And as we continue to talk about partnership and BD, we're going to continue to focus on those things that really solve that need for a customer. Well, I don't know how you guys sleep at night, but I'm glad you do, and... No, they don't. That's how it is. What do you mean? I'm glad you don't. It is 24-7, that's for sure. Terry, thanks for being with us. Thank you very much. We appreciate the time. I'm glad to have you on theCUBE. theCUBE will continue. Live from Washington, D.C., work.conf 2017.