 Live from Atlanta, Georgia, it's theCUBE. Covering AnsibleFest 2019, brought to you by Red Hat. Okay, welcome back everyone. It's live CUBE coverage for two days here in Atlanta, Georgia for AnsibleFest. I'm John Furrier, my co-host. Student meeting with theCUBE, Ted Julian, Vice President, Product Management. Formerly the CEO, resilient, now part of an IBM company. Back to doing VP of Product Management again. Here, Wheelhouse. Welcome back to theCUBE. Good to see you. It's a pleasure to be here, thanks. So, obviously, Product Management holistic thinking is the big discussion here. The thing that's coming out of this event is configuration management, a siloed point activity, now more of a platform. You're seeing more of a systems architecture thinking going into some of these platform discussions. Security certainly has been there, they're here now. A lot of pressure. They have things built in with security, but maintaining the onslaught of threats and landscape changes going on, that's what you do. It's rough out there, yeah. What's going on? What are the key trends that customers should be aware of when thinking about configurations because automation can help, but it can't, maybe all use cases, but opportunity. We need to do something, and because customers definitely need help. The alerts that they're dealing with and both in the volume and the severity is like nothing we've ever seen before. At the same time, we were talking about earlier, the regulatory impact, also really big difference just in the last two or three years. Huge skills gap shortage, also a critical problem people can't find, enough people to do this work. They're very difficult to keep, so clearly we need to do something different and there's no doubt that orchestration and automation and configuration management as a component of that is we've barely scratched the surface of the potential there to help solve some of these problems. The open source is helping a lot of people now, seeing the light. First was cloud, the skeptics would say there's no security in cloud, now there is. Open source, security's there, but still proprietary systems have security, but there may or may not be talent to your point. So automation is an opportunity. How are companies dealing with the mishmash or the multi-platformed solutions that are out there? At it, you're right to ask the question, it is driving the problem in a big way. Years ago, we tried this security automation within security, like in the early days of firewalls and the web and stuff like that, and it didn't go well, unintended consequences, but two things have changed. The environment's changed, which has raised the stakes for the need to be able to do this stuff to a whole different level, but at the same time, the technology's matured enormously. There's been multiple platform shifts since then, and so security teams are both kind of desperate for a better solution, but also have better options now than they had before, and so it's for this reason that we're starting to see people adopt orchestration and automation now in a way that we didn't see in the last time around. But the thing that we're hearing here is that people are trying to automate the same things, and some of these holes in the infrastructure, whether it's an S3 bucket, this is basic stuff, this is not rocket science. So in these known use cases, this makes total sense that a playbook or automation could help kind of fill those holes. We talk about it as a journey, and I don't think any two organizations' journey is the same, nor does it really even need to be the same. So we've seen some customers, for example, take the approach of what's a high volume type of incident that we deal with, and if we could apply orchestration and automation, then we're going to get great ROI, right? We see 4,000 phishing attacks every month or what have you. And that's certainly one way to do it. You know, but there's other times where they say- Take one, though. That's true, too. And to that point, there's other people that are like, you know, gathering forensics on an endpoint right now, incredibly manual process. We need to be able to do that globally. Do we do it every day? No, we don't. But if we could automate that and get those results back in more like a couple hours, as opposed to two days, because the guy we need in Sweden is out of the office or whatever, that could mean the difference between a low-level incident we're able to contain and something that goes global. And so that's the use case we want to chase. So I don't think there's a right or a wrong answer. I think it's- Kind of depends on the environment. A whole host of factors, yeah. But this is the whole point about security. There's no general purpose software anymore. You have to really make it custom because every environment's custom. It's totally different. I mean, gosh, you guys are at RSA, right? It's nuts. There's thousands of vendors. I mean, there's hundreds of vendors that are really products, they're not. They're features that are masquerading as products that are masquerading as companies, but there's a reason why that's been the case. And it's because the risk is so high. And the desperation, too. Yes, exactly. Good word choice, yeah. So one of the things that reminded me of security is this morning hearing about, you know, J.P. Morgan going through the transformation from the ticketing system to wait to make a change. What a great case study. To, I need to be able to automate things. So, you know, we know that response time is so critically important in the security area. So tell us how that meshes together from security and automation to be able to response and, you know, whether it be patching or, you know, responding to an attack. There's huge opportunity gains there. And we've seen customers do some really remarkable things that start with what you're discussing, which is if we could automate that phishing process to a degree and we have 4,000 of those a month and we're able to maybe shrink our response time by 80-some or more percent, which is what we've seen, that's a lot of savings right there. And, you know, the meat and potatoes there is you already have a phishing alias, probably that employees report those phishing attacks to. Well, what if we just monitored that? We stripped those emails, stripped out the attachments, and we could automate all the manual grunt work that an analyst would otherwise do, right? Is that, and is there an executable? Is that executable a known bad? What command and control servers does it talk to? Are those known bads? Those are 10 tabs that an analyst could have open in their browser. If we can automate all of that, so when they go into the case, it's all just sitting there for them, huge time savers. Yeah, it's a great proof point of the people plus machines. How do you make sure that the people, that when they get the information, they're not having to do too much grunt work. They get really focused on the things where their expertise and skill sets are needed as opposed to just buried. You nailed it. I mean, automation is a great role to play, but it really is a subset of orchestration. It's when you can bring those two things together and really fuse the people, process, and technology via orchestration. That's when you get really game-changing improvements. Ted, talk about the relationship between you guys, resilient and ansible. Where's the fit? What are you guys doing together? Why are you here? Give a quick plug for what you're working on. Yeah, absolutely. So just by working with customers, we kind of discovered that there was this growing groundswell of ansible use within our customer base. It was largely in IT, whereas at IBM Resilient, we're selling mainly into security. And once we uncovered that, we're like, oh my gosh, there's all these integrations that already exist. They're already using them for IT use cases on that side of the house, but a lot of the same work needs to be done as part of a security workflow. And so we built our integration where literally you install that integration into resilient, and we have a visual workflow editor where you can define a sophisticated workflow. And once that integration is in place, all of your ansible integrations are there for you. You drag and drop them onto your workflow. You can string them all together. I mean, it's really, really powerful stuff. You know, it's interesting, Stu and I and David Lontane, a variety of other CUBE hosts. We go to hundreds of events. We see every conference. Everyone's going for the control plane layer. Got to control the data. I mean, it's aspirational, but you can't just say it, you got to earn it. What's happening here is interesting. This configuration management, a little sector is growing up because they control the plumbing. They control the hardware, the piece parts to the operating system. So the abstraction layer provides great value as it moves up the stack. And this is where the impact is and you guys are seeing it. So this dependency between, or the interdependence between, software glue that ties the core underpinnings together, whether it's observability, data. It's not a silo just context which they're integrating together. This is the collision course. What's the impact going to be here? What's your thesis on this? That's why there is such great synergy is because in our, really we're sort of the domain expert on the security point of view and our ability to leverage that automation set of functions that Ansible provides into this framework where you can define that workflow and all the rest that's specific to some security use cases is just very, very complimentary to one another. This is a new kind of a 2.0 kind of infrastructure dynamic where this enables programmability because if these are the control switches on the gear and the equipment and the network routes. Yeah, and where things get really interesting is when you do that in the context of a workflow and a case management system which is part of what we provide, then you get a lot of really valuable metrics that are otherwise lost if you're purely just in a point to point tool to tool automation realm and that allows you to look at organizational improvement because you're able to marry, well first of all, you can do things like better understand what kind of value those IT controls are providing you and the automation that you're able to deliver but you can relate that to your people and your process as well and so you can see for example that well we have two teams, they're doing the ones in the day shift, ones in the night shift, they have access to the same tool sets but one's more effective than the other. First of all, you know that but then having known that you can now drill into that and figure out okay why is the day shift better than the night shift and you can say oh well they're doing things a little bit differently maybe with how they're orchestrating than this other team is or maybe they're not orchestrating at all right and you're having that and then now you are able to knowledge share and improve that process to drive that continuous improvement. So this operational efficiency comes from breaking down these siloed mentality, data sets or staff. Yeah and pairing that with not just as I said the IT automation aspect we can now do that 80% faster but what about the people in the process aspect we can bring that into the mix as well you get that next layer of insight which kind of allows you to tap into another layer of productivity. So this is an alignment issue this brings that back to core cultural shift of DevOps. This is the beginning of what operationalizing DevOps looks like. Yes, the people are working together. It's really really well put I mean it gets back to how this question got started which is what is the synergy and to me the synergy really is that you have these siloed all too often siloed functions of IT operations and security operations and this integration between resilient and Ansible is the glue that starts to pull those two things together to unlock everything we just talked about. Awesome, that's great. Yeah well research has shown that DevOps embracing, delivering and shipping code more frequently actually can improve security not you know we have to go through this separate process and slow everything down so are you seeing what does that kind of end state organization look like? Oh I mean that's a huge transformation and it's something that on the security field we've been struggling with for the longest time because when we were in kind of a waterfall mode of sort of doing things I mean your timeframe of uncovering a security issue addressing it in code code getting deployed in a meaningful enough fashion and over a long enough time to get a benefit that could be years right but now that we're in this model I mean that can be so much more quickly obtained and obviously not only are there great just general ROI improvements that come from that but your ability to shrink the threat window as a result of this as well is huge and that is crucial because all the same things that us the good guys are doing to be able to automate our defenses the bad guys are doing the same thing in terms of how they're automating their attacks and so we really have to, we have no choice. So Ted, you were acquired by IBM IBM made a quite sizable acquisition with Red Hat tell us what you see IBM with Ansible how that should play out. There is just enormous potential and Ansible is a big, big piece of it without a doubt and I think we're just scratching the tip of the iceberg for the benefits there just from resilience point of view and we're going to have to stay in touch because we have some really interesting things coming down the pike in terms of next gen platforms and the role that Ansible can play in those two and how those stretch across the security portfolio with an IBM more broadly and then even beyond that. Well, we want to keep in touch we certainly have initiated cube coverage this year on security, cyber. Nice. A little bit going broader than the enterprise looking at the edge. I mean, edges, you know, you talk about the perimeter being just disabled by this new surface area just takes one penetration. Yep. You know, light bulb, IP address so again, organizing and configuring these policy based systems sounds like a configuration problem. Yeah, it is. This is where the software is going to do it. Ted, thanks for coming on to share in the insights. Any other updates on your front? What are you most interested in? Give us a quick update on what you're working on. Well, we're just getting started with the Ansible stuff so that's particularly notable here but also kind of modernizing our portfolio and that really gets to the whole open shift side of the equation and the Red Hat acquisition as well so not ready to announce anything yet but some interesting things going on there that kind of pull this all together and that serve as just one part of the foundation for the marriage between Red Hat and IBM and what is the value it can bring to customers. Any sneak peek at all on the new direction? Sorry, can't do that today. Another time. Liz, let's sink ships. Don't do it. Love to know. Can't blame you for asking. Okay, I got a feeling it has to do with automation and AI somewhere in there. Ted, thanks for sharing your insights. It's always great to see you. Cube coverage here at Ansible Fest. I'm John Furrier, Stu Miniman. Breaking out all the action as this new automation feeds AI. This is going to change the stack game as data is moving up the stack. This is Cube, bringing all the data. We'll be back up to the short break.