 Welcome to theCUBE's coverage of Splunk.conf 2021. My name is Dave Vellante and theCUBE has been covering.conf events since 2012 and I've personally hosted many of them. And since that time, we've seen the evolution of Splunk as a company and also the maturation in the way customers analyze, protect and secure their organization's data and applications. But the forced march to digital over the past 19 months has brought more rapid changes to SecOps teams than we've ever seen before. The adversary is capable, they're motivated and they're deploying very sophisticated techniques that have pressured security pros like never before. And with me to talk about these challenges and how Splunk is helping customers respond is Jane Wong who's the vice president of security products at Splunk. Jane, great to have you on theCUBE. Thanks for coming on. Ah, very nice to meet you. Thank you for having me. You're very welcome. So how can you think about or how do you think about the fact that the imperative to accelerate digital transformation has impacted security teams? How has it impacted SecOps teams in your view? Yeah, well, just going back to our customers and what I've learned from all the customer conversations I have every week, many of our customers are under a massive digital transformation. They're moving to the cloud and the cloud opens up more attack surface, more attack work surface. There's more threats that come over cloud, new workspaces, new attack surfaces, new APIs to manage, secure and protect. And our customers are really struggling to gain the visibility they need to really manage and secure across all that infrastructure. Yeah, and we've also seen the whole, I mean, obviously the work from home trend, the hybrid work movement. You know, people aren't set up for that. I mean, you remember people were ripping out, literally ripping out desktops and bringing them home and the home network had to be upgraded. So lots of changes there. And we've talked a lot on theCUBE, Jane, about the fragmentation of tooling and the lack of qualified talent. When we talk to CISOs, you ask them the number one problem to say, I can't get it, I can't hire enough talent in the field of cybersecurity. So I wonder if you can address how this has made it more difficult for security teams to maintain end-to-end visibility across their environments. What's the fundamental challenge there? Yeah, well, you're really nailing this. The fundamental challenge is that many security products are not built to integrate seamlessly with one another. When I'm talking to customers, their frontline security operations teams often have 30 different consoles open on their monitor at one time and they're really manual, disjointed processes, they're copying and pasting hash names and IP addresses from one console to the other. It slows them down. It really slows them down in protecting those threats. So because those products aren't assigned to integrate together and all that data from each of those security tools isn't brought into one place, it just exacerbates the challenge for security operations teams. Makes their job really, really hard to do, which takes time. It takes time. It makes it harder to detect and respond to threats quickly. And today, more than ever, we need to be able to detect and respond to threats quickly. Yeah, I do a weekly program called Breaking Analysis and once a quarter I look at the cyberspace and I use a chart to emphasize this complexity. It's from a company called Optive. I don't know if you've ever seen it, but it's this eye chart. It's this taxonomy of the security landscape and it's mind-blowing how much complexity there is. So how does Splunk help organizations address these challenges? Yeah, so I think bringing, we have one security operations platform, cloud-native, cloud-delivered. There are many parts to be able to streamline workloads for when your first detector threat or a potential threat, right through to when teams close and remediate that threat and make changes there in their environment to ensure they're protected. So the whole thing is helping security teams detect faster, investigate faster and respond faster to threats. So there are four parts to that in our security operations platform, Splunk Security Cloud. The first one is advanced security analytics. So the nature of threats is evolving. They're becoming more sophisticated. We have very smart, well-funded attackers whose day job, who spend all their time trying to break into organizations. So you need really advanced security analytics to detect those threats. Then we need to automate security operations so that it's not so manual so that you don't have poor folks sitting in front of multiple consoles doing manual tasks to respond to those threats and make sure their organizations are protected. One key thing is that this year, Splunk acquired TrueStar so that we can bring in dedupe, rationalize multiple sources of threat intelligence and apply that threat intelligence, both to our analytics and our operations so that you have broader insights from the security community outside Splunk and that intelligence can really help and speed both detection and response. And the last thing that's been true about Splunk since Splunk became Splunk many, many years ago is that we are committed to partners and we deeply integrate with many other security tools in a very seamless way. So whatever investments customers have made within their security operation center, we will integrate and bring together those tools in one workspace. So those are the big advantages I think you get when you run your security operations instead of Splunk security cloud. That's a nice little description and having followed Splunk for so many years, it sort of attracts the progression of your ascendancy. You started, we used to have log analytics that were just impossible. You sort of made that much easier, took that to advanced kind of use big data techniques even though Splunk really never used that term but you were like the leader in big data in terms of being able to analyze data to help remediate issues. The automation key is pieces key. The acquisitions you've made are very interesting. You mentioned around D-Duped Threat Intelligence but also you've done some cool stuff in the cloud and we always used to say, Jane, watch for the ecosystem. In the early last decade, we saw you as a really hot company. We said, one of the keys to your growth is going to be the ecosystem and you've clearly made some progress there. I wonder if you could tell us more about the announcements that you're making here at .conf21. Yeah, well, we're going back, everything that we do on the security team, every line of code, every engineer rights is all around helping detect, investigate and respond faster to really secure organizations. So if I look at those in turn, I start with faster time to detect, what have we done? So bringing in the threat intelligence that I mentioned, again, that's really going to help detect new threats and to take them really, really quickly. You don't have to spend time going and looking manually at external sources of threat intelligence. It'll be brought right in to enterprise security at your fingertips. So that's pretty huge. We're bringing in other more advanced content right into our STEM enterprise security. So that will help detect threats that our research team sees as emerging. Again, this is going to just bring that intelligence right to customers where they work every day. Faster time to investigate. So this is really exciting. Back in November, we reduced, we released something called risk-based alerting. That is an amazing new capability that we've iterated on ever since and we have more iterations that we're announcing tomorrow, actually. So risk-based alerting pulls together what may have been single atomic alerts that can often be overwhelming to a sock, brings those together into one overarching alert that helps you see the whole pattern of an attack. So the whole series of things that happened over time that might be an attack on your organization. One customer told us that that reduced the time it took for them to do an investigation from eight hours down to 10 minutes. So really helping faster time to investigate. And then the next one is faster time to respond. So we have a new visual playbook editor for our SOAR, security orchestration and response tool, which is in the cloud, but also available on-prem. But that new visual playbook editor really reduces the need for custom code, makes playbooks more modular so it can help anyone in the security operations team respond to threats really, really quickly. So faster time to detect, investigate and respond. Those are really cool for us. And then there's some exciting partnerships that I wanna talk about just to really focus on reducing the burden of all those disparate tools and consoles and bringing them down and integrating them together. So we'll have some announcements there on new integrations that we're releasing with Mandiant, Aziz Scaler and DTEX. I'm personally very excited about a fireside chat that Kevin Mandia, the CEO and president of Mandiant will be having tomorrow with our CEO, Dag Merritt. So those are some of the things we're announcing. It's a big year for security, very excited. That's, I'll tell you, that's key. I wanna just kind of go through and follow up on some of that. So faster time to detect with the threat intelligence. That's so important because we read about how long it takes sometimes for organizations to even find out that somebody has infiltrated their environment. This risk-based alerting, it sounds like, and you're so right, it's like paper cuts. Having a bottoms-up analysis, it's almost overwhelming. You don't have a sense as to really where the focus should be. So if you can have more of a top-down, hey, start here and sort of bucketize things, it's gonna accelerate. And then the faster response time, the thing that strikes me, Jane, with your visual playbook editor is as you well know, the way in which bad guys get in now, they're very stealthy. You almost have to be stealthy in your response. So if you have to write custom code, that's going to alert the bad guys that they're seeing now, seeing code that they've never seen before, or they must have detected us, and then they escalate. They get you in a harder, tighter headlock. And I love the partnerships. We've followed the trend toward remote security, cloud security, where Zscaler's a big player, Amanda, you mentioned. So that's great too. I mean, it feels like the puzzle pieces are coming together. It's almost like a game of constant, you're never there, but you got to stay vigilant. I really think so, Dave. I mean, it's been a great 12 months as Blanc. We have done so much over the past year leading up to this.com. I'm very excited to talk to folks about it. I think one thing I didn't really mention that I kind of touched on earlier in the talk that we're having was around cloud security monitoring. So holistic cloud security monitoring. We've got some updates there as well with deeper integrations into GCP, AWS, Azure, OneDrive, SharePoint, BoxNet, GDrive. Like customers are using many, many cloud services today and they don't have a holistic view across all those services. I speak to CISOs every week that tell me they just really need one view not to go into each of those cloud service providers or cloud services one at a time to look at the security posture. They need that all in a central location. So we normalize, we ingest and normalize data from each of those cloud services. So you can see threats consistently across each of them. I think that's really, really something different that Splunk is doing that other security offerings are not doing. I think that's a super important point. And I do hear that a lot from CISOs where they say, look, we have so many different environments, so many different tools and they each have their own little framework. So we have to go in and investigate and then come back out. And then our teams have to go into a new sort of view and come back out and they just run out of time. They just don't, again, lack of skills to actually do this, can't hire fast enough, can't train fast enough. So that higher level view, but still the ability to drill down and understand what those root causes, that it's a top-down, bottoms-up type of approach. And so as opposed to just throwing grains of sand at the SecOps teams and then hoping they find the pearls. So, Jane, I'll give you the last word, maybe some final thoughts. Ah, no, I just wanted to thank everyone for listening. I want to thank everyone for joining.com. 21, we're very excited to hear from you and speak with you, so thank you very much. Excellent, Jane, great having you on theCUBE. Keep it right there, everybody, for more coverage of theCUBE on splunks.com, 21. We'll be right back.