 Live from Orlando, Florida, it's theCUBE, covering .conf18, brought to you by Splunk. Welcome back to .conf18, everybody. I'm Dave Vellante with Stu Miniman. You're watching theCUBE, the leader in live tech coverage. We love to go out to the events, extract the signal from the noise. A lot of focus today, Stu, on security, and Hyann is here. Hyann Song is the senior vice president and general manager of security at Splunk. Great to see you again. Thank you for having me. You're very welcome. Fifth time, I think, for you on theCUBE. So you're a super alum, and really always appreciate your deep knowledge. As I said, today was security day. A lot of customers talking about security. It's obviously a stronghold of Splunk. But give us the update. What's new this year with you? We talked a year ago in DC. What's happening with you guys? Well, this is the year that we really went out and shared our vision of what SOC looks like in 2020. And we call it the vision of SOC 2020. And on a very high level, we envision that in a couple of years, with the technology like analytics and operations, automation, orchestration, we envision that 90% of the tier one work that a SOC analyst would be doing will be automated. And with that automation, we're envisioning that most of the time, more than 50% of the time, the SOC analysts can actually focus on detection logic and really responding to things that requires the human skills and insights. And we're also envisioning that by that time, they will be a place, one place, where things for response gets orchestrated versus people have to go to 20 different places trying to figure out what's going on. So that's sort of from a business perspective, but to deliver that, there's really sort of 10, we shared the 10 big, we call it core capabilities, that capability roadmap to SOC 2020. And for us, we feel really fortunate that with the acquisition of Phantom, we're really able to bring that full stack together to deliver that capability. So we have data platform, you heard all the exciting news what we're doing with data fabric search and stream processing and to amplify the performance. Analytics, you heard all those things that we're putting into IT and security, ES, UBA. And then last but not least, is the ability to orchestrate, to automate, to collaborate. So I think we're really uniquely positioned because we can bring all three together. That's the full stack to deliver on that vision. So let's talk a little bit more about that vision. So I mean, my rudimentary understanding is, you really had a reactive mode in the past. It's kind of hurting cats, try to figure out, okay, I'm going to try to respond to an incident. Then you started to use data and analytics to try to prioritize, to focus on those things that aren't going to be a false positive or are of high value. What you're putting forth is a vision where a lot of that heavy lifting goes away. Machine intelligence is either augmenting or making decisions about which items to go after. Talk more about that world. What does it look like? What's the role of the security professional in that new world? Yeah, there's two parts, right? We do in the security operations center, detecting things and responding things and taking care of sort of the incidents. So a lot of the things you really touched on is how we have applied machine learning and analytics and really leveraging the business context, the feature we talked about, the data fabric search is a really powerful tool. Now we can reach out and get a lot more information and to help you make better decisions, reduce the ratio of noise to signal or signal to noise and whichever way you want to see it up and down. So that world, we expect more machine learning, more data modeling, more threat modeling so we can really sort of incorporate business sort of context so risks become one key things to help people prioritize. That's our product ES and UBA and you heard about the whole predictive capabilities in IT, I think all of those will be sort of that world. And the second part of what we do is if something does happen, now we really got the signal, what do you do about it? We envision in that world a lot of the initial demand in prep work, like, oh, I want to find out if this ID belongs to which organization, is this really a signature in the virus total, sort of database and what happened. So that whole prep, hopefully will be done for you before you even get started into an incident. And furthermore, if we have responded to those type of incidents before, we actually would like to give you a recommendation. Well, this is what happened before, this is what worked and why don't you think about this playbook and automate this part. So I think the world in 2020 is going to be a lot of augmentation. Yeah, one of the things we've heard from a number of your customers is security and DevOps and how they're using kind of the DevOps mentality to make security more pervasive and integrated in everything they do. Could you explain how Splunk fits into that discussion? Yeah, so DevSecOps, I think that's sort of the term you might be alluding to. And I think the cloud adoption, the acceleration and the new IT, right? It's really sort of bringing that into focus for us. Splunk plays to that in several ways. You know, we have a security business, we have an IT business and you may have heard we just acquired another company called VictorOps after Phantom. So they're really helping the DevOps world and try to coordinate and enable collaboration. And so we definitely expect that capability will show up in the security side to help the DevOps, DevSecOps world. And we're also, as a company, taking data security really seriously. So we are putting a lot of, you know, you saw the data stream processing and one of the capabilities to obfuscate credit card. And for GDPR and a lot of other things, there's that mandate. You got to give people the control of things. So there's a lot of that we're taking into consideration and putting sort of that into the product. And the other thing is really we ourselves operate probably one of the biggest sort of cloud capabilities on AWS. And we have infused a lot of best practices around how do you automate? How do you protect? How do you be compliant? And how do you ensure a customer have control? And there's a lot of work we're doing there and practicing DevSecOps ourselves. Hyan, in thinking about the Splunk portfolio and in the context of the vision that you guys laid out, how does Splunk's existing portfolio fit in to that vision? And where are the gaps? What has to evolve whether it's your capabilities or the industry's ML or machine learning capabilities? Where are the gaps? So I think in many ways, the 10 core capabilities were laid out. I'm going to try to go through them in my head. So ingest, detect, predict, and then automate, orchestrate, recommend, investigate, case management, collaborate, and reporting. So those are the 10. When we were sharing with our audience, we actually look at our ES, UBA, and Phantom. We are able to give them all those capabilities to get started on their path for SOC 2020. But we also realize and recognize that all those capabilities, I'll give you an example, case management. Now there's more and more requirements coming to the security side to say, I want you to bring all the different things together and I want you to take in the automated playbooks and how this plays into those. So there's always room for us to continue to enhance those capabilities. But we also see the opportunity for us to bring all those things in a more seamless way into sort of one full stack. The full stack that give you, I don't know if you heard the term powering the UDA loop, right? The observe, orient, decide, and act. And that was really sort of military strategy for the fighter pilots to say, the whole premise is whoever can power that loop and execute the fastest wins. It's like ready aim fire, but more data focused. More data, I like that. So for us it's really how do we bring the portfolio together so they can really power that loop in a very iterative way and in a very open way. I want to make sure that I iterate that reiterate our commitment to be open. There's data layer, there's analytics layer, there's operational layer. We want to be that company can bring the full stack, make them work really well, but in the meantime work well with other data, with other analytics, detection engines, and other ways to operate. So being open is very important. And you'll automate as many of those or all of those 10 that you mentioned. Do you automate the Runbook? Automated Runbook is what Phantom is all about and the Runbook gets more and more sophisticated and I think we give people the way to say, you found day one, you don't want to automate everything especially shutting down his email and then you have the choice. But it's as you learn, as you become more confident, you have to enter your control how much you want to automate and hopefully as more automated actions are taken, we get to analyze those and start making recommendations so you become more comfortable with that. So I understand New York Presbyterian was in your session and you were talking about going beyond security. I often like to say that security and privacy are two different sides of the same coin. But when they talked about going, well share with us what you learned from them. Yeah, you have really the best phrase to say, they're both sides and as a security professional in the digitized world, I don't think you have a boundary to say, my job starts with, you know, sock ends with the sock, it goes way beyond, right? Goes into data privacy, goes into even fraud and Linux because a lot of things are happening online and it also goes into compliance and it's interesting that we thought years ago, compliance was driving investment. I think that was GDPR was some of the data privacy challenges we've seen that's impacting the masses. The criticalness of compliance is actually coming back. So the story that I was super impressed that our customer New York Presbyterian shared with us is they had a challenge of really managing all the sort of patients records and try to understand the staff's activities because the auditors have certain set of things, you know, you shouldn't be snooping around the patient's record if it's your neighbor or your buddy and so they used Splunk and they powered sort of us with a lot of the data from various applications. They have probably 20 data sources that's very healthcare centric and we partnered up, we had our product expert and fraud experts on that and we built a privacy platform, our early version of that and they showed it to their privacy officers and they basically said we have not seen anything like this to give us the flexibility and ease of use to be able to bring everything together and they did even more than that. If you have time, I'll share with you on the opiate diversion capabilities they started building with. Oh, yeah, talk about that. Yeah, please. So we were thinking we're just going to help them with compliance that makes their organization more compliant and better and but they didn't stop there. They said, well, based on the power we were able to really leverage from the Splunk platform we see the data we have for our pharmacies there's a lot of prescription sort of information and with the world that's battling the opiate sort of epidemic, we think we can actually analyze the data and give us early patterns and earnings, warnings what might be happening. So that's the next project we're partnering up and for us we have technology and customer have domain knowledge of data. I think that's a great partnership and they're willing, they're wanting us to go evangelize because they want the whole industry to benefit they want the nation to benefit. Well, we saw this week on 60 Minutes, that's, did you see that story? The one pharmaceutical company who got in big trouble and a doctor went to jail, the pharmaceutical company was shipping 500 million Oxycontin pills into Florida. This is a state with a population of 20 million. Something was wrong, obviously those were hitting the streets and this individual, this doctor went to jail for life. So data, you know, analysis could identify that. Data was there, I think it's the insight to look for the ways to look for those things and having that insight drive decisions is really the partnership we have with our customers. We're seeing, go ahead, Stu. Yeah, I was just, you know, we were right, you spoke on a panel at the Grace Hopper event. Last week. We've been hearing, you know, great messages of diversity at the show, you had the, you know, Carnival Crew's CEO up on stage, you know, giving some great discussion points yesterday. Maybe you can share a little bit of your experience at the show and the panel that you were on. Yeah, the Grace Hopper is just such an amazing event and we see so many, I would say college grads and people in sort of starting their career and that is like the go-to place. And I see all the big companies, big or small actually, putting so much effort, try to really evangelize to that audience because California just passed, just, you know, the governor just sent into law, they require a woman on the board as part of the requirements because diversity is being proven to bring better decision-making into the board. And I myself can tell you that my security leadership team over the years become more and more diverse. I don't say diversity, it's just, okay, gender diversity. I think the diversity needs to go beyond gender, it's background, right, where people who are from the private sector, from the government, where people from different geos of the world, that sort of richness of perspective always give us the best sort of angles to think about and validating and debating on or sort of strategies. And going back to Grace Hopper, the panel that I was on was really sharing with the people who are there, what are some of the things that you should be prepared for if you want a cybersecurity career? And the part is not try to, oh, here's a high bar. We really try to encourage everyone, whether you're technical or you're just having great analytical skills and just, I think one of my fellow panelists, she made a comment I thought was super funny. She was a CEO of a company and she said, sometimes women just have to have enough confidence and to go and take the risk, grab the opportunity she used or sometimes you have to fake it until you prove it and until you make it. And she's really just encouraging the attendees, just step up, take the opportunity. I am in total agreement with that. Lean in, baby. Lean in, that's another way to do it. Thanks so much for coming back in theCUBE. Really great to see you again. Thank you for having me. You're very welcome. All right, keep it right there, everybody, Stu and I will be back with our next guest. Right after this short break, we're live from Orlando, Splunk Conf 18. We'll be watching theCUBE.