 It's theCUBE covering HPE Big Data Conference 2016. Now, here are your hosts, Dave Vellante and Paul Gillins. Welcome back to Boston, everybody. This is theCUBE. We're here with a special presentation of HPE's Hewlett Packard Enterprises Big Data Conference, BDC hashtag sees the data. Marcus Brown is here. He's the Vice President of Corporate Development at Data Guardian. We're going to talk data security. Marcus, thanks for coming on theCUBE. Thank you, great to be here. So, hot topic of security. It's just, every year we look back, we spend tons of money, and it just keeps getting harder and harder, and it's got to be great for business. Serious problems you're trying to solve. You'll give us the update on Data Guardian, and we'll get into how things are changing and the future a little bit. Absolutely, yeah. So Digital Guardian is a Boston-based company. We're in Wolfham, Massachusetts, just down the road here. And we have 350 employees, and we're growing very fast in the current environment. It's true, the challenges are good for business, but we're trying to help our customers deal with what's going on. We're in the data protection business. A lot of people in the past have called it data loss prevention. There's a garden, a magic quarter, and it's a well-established market. We've been a technology leader for a number of years, and basically what we do is we help companies large and small organizations, governments, et cetera, protect their sensitive information, and that whole problem has been changing a lot in the last couple of years. I mean, the reality at the moment is we wake up every day and we read the newspaper, and there's some other horrible breach that every day it's getting worse and worse, and there are names like Sony, and Target, and government organizations, and the NSA, and many others. Fidelity. Who've been attacked. It's a very serious situation. Who hasn't been attacked, right? Pretty much everyone at the moment. What it goes back to is it's a very dangerous world we live in. There are a lot of very motivated and skilled people, well-resourced organizations, trying to get into these companies. That's a big part of the problem, and companies are struggling to keep up with that adversary. You've got nation states, you've got criminal organizations, you've got hacktivists, all sorts of people who are very good at what they do. That's one side of the problem. The threat vectors have grown and become broader. What we do, data loss prevention, 10 years ago, was very much about the insider, the employee in the company, maybe just making a mistake and accidentally emailing something out, or maybe it was about a bad guy. Industrial espionage has gotten a lot worse in the last couple of years, and there are very skilled people and organizations after data. That's one side of the equation where it's been moving more is the outside attacker. So it's not just someone in your organization who's maybe disgruntled or angry or whatever. There are people outside who are coming in via malware, who are coming in via hacking techniques, and the reality is antivirus and a lot of these traditional protections are not working very well anymore. So those guys get in. Bottom line is, what are they after? Why are they getting in the insider and the outsider? They're coming in to steal your data because they can monetize it. There's different types of data. There's personal information, credit card information, social security numbers, healthcare information, gets top dollar on the black market at the moment. So personal information, that's the customer data. And then on the other side, you've got your intellectual property, right? You can imagine a big manufacturer, a car company or an industrial company. They spend hundreds of millions creating products, pharmaceutical companies, chemical companies, et cetera. That intellectual property, if stolen, means that a competitor can get a huge advantage and the company could have wasted hundreds of millions of dollars potentially. So IP is a big target as well. So is it fair to say that sort of at the board level, if you will, the conversation has shifted, or the CIO has shifted the conversation from, I'm going to keep the bad guys out. We're going to protect the perimeter, do what we can, and we're going to keep you safe, to it's inevitable that we're going to get penetrated, but we are going to respond in a way that minimizes the damage. Is that a fair assessment of how the conversation has shifted at the board level? That's one part of it. Obviously the perimeter is dissolved and we live in this very dispersed world where everyone is everywhere and work and home and everything's mixed together. That makes the firewall not enough in an organization because people are outside of the firewall. So that's one part of it. The other part of the equation is that it's really very much about the data, right? So people are attacking your data. They want to steal your data. 99% of attacks are about stealing the data. So what we're trying to do is give people visibility of their data, understand their data, and protect it, not at the firewall or somewhere outside, it's actually at the data. Follow that data, classify that data, and protect it against exfiltration, whether it's a bit of malware, whether it's a hacker, or whether it's some internal guy who's got all the privilege and the rights to do it. We are just watching that data and make sure it doesn't go out. The game has switched very much from a perimeter-oriented to data-oriented data. And Digital Guardians, it sounds like it's ability to respond to that threat or that detected threat is part of what your differentiation is. Is that fair? Absolutely, yes. So the way we work, our technology, and the way we partner with HPE is a really important partner of ours in our ecosystem, is we have sensors in the enterprise on endpoint computers, because that's where people work and that's where they do insiders, could do something bad, or that's where malware will land and try and steal your data. Risk is distributed by nature, isn't it? Yeah, and a lot of the risk is on the endpoint, so it's Windows, desktops and servers, it's Linux, it's Macintosh. We run on all of those, and we also have network sensors to look at data moving around the enterprise and leaving the enterprise. So in those sensors, what we're trying to do, particularly on the endpoint, is classify the data. You have to understand which data is sensitive in order to protect it, right? That's the key first step. And the second step is if we see that classified data moving out, we want to stop it. We let people work with it, we don't want to break the business process, we want to enable the business process, but as soon as someone starts doing something malicious, like taking the jet fighter design and putting it up on Dropbox, we want to stop that, right? And you can automate that classification, obviously, or how do you do that? We do, we have a couple of different methods. The first one is what we call content inspection, and that's where we actually OEM the HPE idle solution. That helps us scan documents and files for structured data, looking for regular expressions, looking for terms in 100 plus languages, and looking for proximity of terms and all that kind of stuff. And we use idle for that purpose on the endpoint to actually scan the data, classify it, and then we put a tag on it. Because once we recognize that the data is sensitive, we need to carry that information with it, and malicious people will do tricky things like they'll open the jet fighter design, and they'll do a screenshot, and then they'll put that in a PowerPoint, and then they'll compress it and encrypt the PowerPoint, and then they'll try and put it on the thumb drive and all that stuff. So all of that obfuscation that people would do, we see that, and once it's tagged, we just protect that information, we don't let it get out in any form. But idle is a key part of our value proposition there, and that's what we call content inspection. The other thing is because we're on the endpoint computer, we have a lot of context of understanding what's going on in the business process, so we see who is the user. Oh, it's an engineer working with the CAD system, or it's an executive working with the financials that haven't gone out to the public yet, et cetera. From that context, we're able to apply classifications as well. So we know what's top secret, and once we know it, we're in the right place on the network and on the endpoint to make sure it doesn't get out. In a nutshell as we do. Organizations are increasingly becoming permeable themselves now. They work with 1099 employees and contractors. Edward Snowden was a contractor. Absolutely. How do you guard against these kinds of threats from occasional employees who may be granted access to files without the knowledge of the IT organization? Right, well once either an employee or an outside third party consultant, that's a big part of our value proposition, is they need to come through some device or a virtual desktop session or whatever, and we're in there, wherever the user comes in, we're sitting there monitoring that user. We understand their behavior, we understand the data, and we're able to protect it. So even outsiders, like third party consultants, very common, or the outsourcer, the IT outsourcer, or someone, you know, a supply chain company or whatever, that's a very big part of what we do. How about analytics and security? Those two worlds seem to be coming together. Can you talk about that a little bit? Absolutely, yeah, no, a big part of detection in cybersecurity is about collecting data, correlating data, and making sense of many different sources of data. The key area in cybersecurity at the moment is the SIM, the security incident and event management systems. ArcSight being the market leader, we've worked with ArcSight for over five years, where an ArcSight partner will be at the HPE Protect event coming up in DC in a few weeks. And basically what we do, you know, the SIM is basically a single pane of glass, where you bring in hundreds of data sources from your environment, and we're one of those data sources. We provide visibility of the data, we provide visibility of the user, out of the endpoints, the servers, and desktops in the environment, and we bring all of that into ArcSight so it can be correlated with other events. And basically it's really, you have so much going on in an enterprise at the IT level, it's about correlating, using intelligence to correlate the right things. You see something coming in through the firewall, perhaps, and then you want to see where it landed and what it's doing, and is it attacking your data? And ultimately that's the big piece we provide into the analytics is, what's going on with your data? Who's accessing this and what are they trying to do with it? So Protect is a big show for you guys, you said it's in DC in a couple weeks, right? Yeah, 13th of September, we'll be there. 13th of September, obviously the heart of, the security world. Absolutely. And what do you got going on down there for the event? So we're gonna be showcasing our latest integration with ArcSight, and we're actually gonna be launching a new partnership with the data security products. So we're data protection from the side of data loss prevention, DLP, and HP has a lot of products on the side of encryption and protecting data around that. So I can't really say anything about it because we're going to announce it there, but we have something coming, yeah. We're looking forward to it. All right, your market is a very fragmented market. Security continues to be, did you see leaders emerging? Do you see any consolidation at some point or will this continue to be a landscape with a thousand solutions? Well, it is very fragmented. There are a lot of different areas. I mean, we see that the data piece is becoming more and more important. The data protection piece is actually the fastest growing segment of cybersecurity, but you definitely have the endpoint. We play in the endpoint security space as well. I mentioned antivirus kind of becoming ineffective, so there's a whole new market brewing there around the endpoint. ArcSight is the market leader in the correlation and that sim piece. So that's really the nerve center, if you like, of the security operations center is where all the products come together. That's a really important part of the ecosystem that HP controls a lot. All right, we have to leave it there. Marcus, Digital Guardian, great story. Thanks very much for coming to theCUBE. Appreciate it. Thank you, appreciate it too. All right, keep right there, everybody. Paul and I will be back with our next guest. This is theCUBE, we're live from the waterfront in Boston. We're right back.