 From Burlingame, California, it's theCUBE. Covering SumoLogic Illuminate 2019, brought to you by SumoLogic. Hey, welcome back everybody. Jeff Frick here with theCUBE. We're at the Hyatt Regency San Francisco Airport here at SumoLogic Illuminate 2019. It's our second year here, the third year of the show. Think it's about a thousand people. The keynote was packed. A lot of great energy, a lot of good community as we see a lot of these smaller shows, especially when they're getting started. It's all about community. There's a lot of sharing of information. It's a really cool time in the life of these companies. We're excited to have our next guest, slightly irreverent, cool cultural, we'll dig into it a little bit. With Justin Baiko, he is the co-founder of Expel, Justin Creek to see you. Likewise, thanks for having me. Absolutely, so give us the rundown on Expel. What are you guys all about? So in a nutshell, we're a 24-7, 365, transparent managed security provider. What that really means is on a 24 hours a day, seven day a week basis. We're looking for signs that are bad guys inside your environment. If they're there, we're going to tell you they're there. We're going to tell you what they're up to and help you get rid of them. Now the transparent word comes up time and time again, looking at some of your guys' materials. Is that transparent in terms of we can see inside the black box and how you're operating? Is it transparent like we're just going to tell you and show you? The transparency is obviously a really important piece of your messaging. Yeah, kind of all of the above. We try to take it to heart and try to really mean it. I think the easiest way to think about it is we want our customers to feel like we're just another part of their team, right? And the easiest way for us to do that is to let them be a part of what we do on a day in and day out basis. That means if they want to ride shotgun with us when we're working an incident, they can. They can watch everything that we do, watch the investigation unfold in real time. If they want to get in there and work with us, they certainly have the ability to do that. And then, we take transparency pretty far. We put our real actual prices on our website, which is not something you see a lot of security companies do. So we just try to be as upfront as we can be in the way that we approach dealing with our customers and working with them over time. So we cover our say, we've been covering our say forever. It's 40,000 people at Moscone. It's more vendors than you can count all talking about security. So you're in the business, and then Ramine and his keynote put up a security stack that had a whole bunch of companies. How do people sort this? I always think of the poor CIO on the other side as being told, you got to bake security in. Every place you've got to have BYOD, everyone's using their own iPhones, and now we've got IoT with all these connected devices, the threat surface is expanding geometrically. How should people think about security? How do you guys play in this kind of morass of complexity? Yeah, it's an interesting question, how people deal with it. I think that's why you're starting to see a lot of these really strong, in a lot of cases, sort of regional and local CISO groups start to form, right? Because they want to get together and actually talk about, hey, I'm dealing with this challenge, what are you doing? How are you handling this problem? And the only way to do that is to learn from your peers, right? Yeah, everybody's in this fight together. As for how we fit in, one of the things that we try to do is help customers who have made a lot of investments and a lot of different security technology make sense of it all, right? So you've got five, six, seven, eight, nine, 10, 20 pieces of security technology that are deployed, they're all blinking red lights of like, hey, this might be a threat, this might be an intruder inside your infrastructure, and you've got a handful of people that work Monday through Friday, eight to five-ish. Somebody's got to look at that all day long, and that's what we're there for. So our job is to make space for our customers to do the things they actually love about security, instead of just sitting there trying to keep up with a constant, you know, basically overflow of alerts. Right, and you guys are sought as a service. Is that a hard sell? Is that an easy sell? Do people understand they need kind of the augmentation? How does that go over with the customers? It has been, I think, it's over the years it's become, I think, an easier thing for people to wrap their head around, because at the end of the day, everybody's infrastructures are growing, right, their footprint of what they need to protect is growing, they can't, still, nobody can hire enough people that they need, that's a pervasive problem, it's a top five CISO problem, it has been for 10 years, it will never go away, right? It will be for a long time. So you've got all this security technology, you get the whole network instrument, and then suddenly the business moves to the cloud, you have to instrument that too, and you have to do it using the team that you've got, and that's not enough people. And so what choice do you really have? You need somebody to come in and help provide that 24-7 coverage, because there are certain things that your security team needs to do that can only be done from inside the business, right? Things that are going to move your program forward, let your team focus on that, and all the stuff around monitoring technology to look for signs that are bad guys in the environment, let a provider like Expel help you out. Right, so let's get your take on kind of the explosion of data, both the quantity of the data, as well as the sources of the data, as well as the structure of the data, or the lack of structure in a lot of this data, it's growing exponentially, right? And people, and we all have a hard time kind of wrapping our heads around exponential growth, one of the kind of the fundamental problems that we have. From your point of view, as you see this and you see your customers struggling with it, and then there's this other kind of dichotomy, is it an asset? Of course, there's a lot of good stuff in there, hopefully, but it's also liability, because it's expensive. It's expensive to hold, it's expensive to move, it's expensive to store. How do you help people deal with keeping it secure in this explosion of data environment that we are in? You know, if there were a silver bullet answer to that question, we'd probably be the only security company in existence, right? Not about the Caribbean or something. Something like that. You know, being able to apply the technology that we can bring to bear, which helps our analysts take all of these different disparate data sources, so we can take your IDS, we can take your EDR, we can take your cloud control platform, or your cloud control plane like an AWS, CloudWatch, CloudTrail, all that sort of stuff. Bringing it in one place, make sense of it, put it together in a way that contextualizes it against what we know about your business, that's a whole lot of the battle right there, is just being able to help somebody sort of understand what's going on, what does it mean to my business, what do I do about it, what do I do next? And if you can free up that chunk of time, you let the customer focus on those sort of more impactful things that they need to do inside their business, which is, what's the next big evolution of security inside our company? Right, and then where does SumoLogic fit in for you guys? We're here obviously at the SumoLogic event, and the scale and the complexity of this stuff is getting beyond the ability of a human to keep track of quite frankly, so there's got to be some automation, there's got to be tools, even though you guys are transparent, there's just some things I can't look into. So how are you using SumoLogic, how's it helping you do your business? You know our partnership with SumoLogic came about actually from our first two customers who are actually SumoLogic customers, and so they're sending all of their infrastructure data, they're sending all their security data into SumoLogic and they came to us and they said, all the data's there, if you want to monitor our infrastructure, start there, right? And our ability, because it lives in the cloud, there's no sort of management for the customer to do, our ability to just plug right into that and immediately like within an hour or two, start getting security value out of what the customer has inside SumoLogic is pretty substantial to be able to just start immediately telling him, giving him visibility into what's going on. So that's kind of how the relationship came about and how we work with them today is, we find that again a lot of our customers have just a ton of data, security or otherwise that they need to store, they need to do it in a place that's going to scale with them. So your traditional on-prem, like a more old school sim, where you just got to keep buying drives and buying drives and buying more and more places to store things, it's a tough life, right? So cloud hosted platform like SumoLogic lets you continue to scale, let you quickly and easily search that data and do it in a reasonably cost-effective way. It's a great way for us to work with a customer so you don't have any visibility today. We know the folks over at SumoLogic really well. It's super easy to get up and running and get it up really quickly. It's easy for us to plug into. We can get you visibility in your environment really, really fast if you don't have any today. So has it enabled you to bring a different scale of data to bear on your analytics as to, we know there's bad guys in there, how fast you can find them and shut them down and take action? I think so because of the way the technology with SumoLogic scales, it lets customers send more data than they may have otherwise ordinarily sent to like a more traditional sim or something like that. And what that does is that gives us more data to look at. When we have more data to look at, we have more visibility into what's going on in the customer environment. We can start delivering more value to them, tell you, hey, did you know this is going on over here? That's something you weren't previously looking at because it scales reasonably well. That's something that we can start doing for our customers. Just because you have a good kind of macro point of view on multiple customers and the market. I just love to get your take on, you know, we used to hear all the time that the time between a breach and the knowledge of a breach was like 260 days, whatever. And we keep hearing whatever show you're at is coming down, it's coming down, it's coming down. But at the same time, pretty much every day, you know, you hear about a new breach and it's, I think everybody is going to be breached, it seems like, and it's really more of a function of how fast can you find out, you know, how quickly can you cut down on the damage and take the action. And I wonder if you could share your thoughts of kind of, you know, I still think some people think there's a moat strategy that you can just keep people out and it's just not. Yeah, you know, somebody who is an attacker that's determined enough, they're well funded, you know, they've got enough funding, they're going to get in. Think about it like your house, right? Like, put all the doors, put all the locks on as many doors as you want, as many bars on as many windows as you want. If somebody wants in badly enough and they have enough time, they have enough planning, they have enough money, they're getting in your house, right? And so what you want to do, is you want to know when they get in there so that you can react pretty quickly. And so, sure, that like, you know, dwell time of how long before, you know, from the time the intruder got in the environment until the time they were actually discovered, you obviously don't want that to be hundreds and hundreds of days. So it is important to figure out when they're there, what have they accessed when they're in there so you understand what risk your data's at, where are they in your environment? And that's the kind of thing you want to make sure that you have instrumentation to be able to see quick. Because you can't, there is no silver bullet, you can't just keep the attackers out, you can't say, I've prevented, all these prevention mechanisms in, nobody's going to get in, so I don't need to worry about trying to find them once they're inside. It's just not the case, it's not realistic. Right. And have you guys built a technological answer to social manipulation for penetration? I mean, my favorite examples are the, you know, somebody calling, you know, I can't get into the company softball game. Can you please click on this? Or another one, I heard of Vegas. A Vegas casino was breached via the thermometer in the fish tank in the lobby. That was a connected thermometer so the fish wouldn't die. I mean, are we thinking about, you know, kind of social engineering as still a really effective way to get into these places and tools to break those, you know, kind of that access? Yeah, so social engineering, absolutely. If you look at across our customer base, the incidents that our customers deal with, the number one by a long shot vector for how these companies are actually getting compromised in the first place, it's fishing, right? It's, I'm going to send you an email and I'm going to convince you to click on this link or I'm going to convince you to open this file or I'm going to convince you to give me a password or something like that because at the end of the day, some of these things are pretty good and it's hard to spot a fake. It's just really difficult to spot a fake if it's well tailored enough. A lot of the security companies, and I'll give credit to a lot of the infrastructure providers like Google, have done a really good job at trying to flash warning signs. You've never received an email like this from this person before. You've never received an email from this person with an attachment. You've never received an email from this person with, you know, from this domain or anything like that. So they're starting to get more and more sophisticated around some of those mechanisms but at the end of the day, you know, social engineering fishing, that is the number one vector. It's a really hard problem to solve and the security industry hasn't solved it yet. Yeah, all right. Well, it's good, it's job security for you. Well, Justin, thanks for taking a few minutes and really enjoyed the conversation. Yeah, thanks for having me. All right, he's Justin, I'm Jeff. You're watching theCUBE. We're at Sumo Logic Illuminate in San Francisco, Hyatt Regency. Thanks for watching.