 Live from the MGM Grand Convention Center in Las Vegas, Nevada, it's The Cube at Splunk.com 2014. Brought to you by headline sponsor, Splunk. Here are your hosts, John Furrier and Jeff Kelly. Okay, welcome back everyone. We're live in Las Vegas. This is The Cube, our flagship program. We go out to the events and extract the students of noise. I'm John Furrier, the co-founder of SiliconANGLE Media with the number one big data analyst from Wikibon, Jeff Kelly. And we're psyched to be here, covering the Splunk conference live in Las Vegas. And our next guest is Mark Devney, principal engineer, DevOps, B Sky B, welcome to The Cube. Great, thank you. So we, before we came on with the intros, we were talking about DevOps, which we love, and security, which we've really been riffing on all day today. So I got to get your take on the following. The keynotes here are all about using data with security, actually security is the top issue on everyone's plate these days. And then you get the cloud, which is perimeter-less, it's no perimeter in the cloud. How do you make it all work? What's your take on all this? I mean, are we in early inning, we're scratching our heads? Is there some solutions coming to the table? Yeah, I mean, I think it's a really interesting field and we're kind of, we've really just started kind of looking at, we've developed a lot of our own tools and now we're kind of struggling with kind of capacity and kind of scaling those tools out because the security's becoming a harder and harder battle to fight. So we're looking at tools like Splunk to kind of allow us to scale up to- And you guys are building out a capacity, more capacity, more capacity, right? Yeah, so we've just gone into a couple of new data centers for our platform and along with that we've kind of implemented a new Splunk infrastructure to go along with that, yeah. Awesome, talk about the security angle because you and I were talking earlier about the patterns, big data surfaces up and you can see things. Tell us about how you look at the security attacks. I mean, is it one by one? Is it a global kind of threat? Is there individuals, what's the landscape look like? So we look at attacks on a kind of a long term basis. So there are lots of products out there that can, they can block the DDoS attacks, that sort of stuff, but we're looking at the attacks that are slow burn, they go on for hours or even days and it's about trying to track those and just the normal, they kind of hide really well under the normal traffic. So you start to kind of recognize these kind of individual attacks. You get like a bit of a personal relationship with these guys, you know, they're trying to get in. You can recognize their particular attacks and you can kind of. It's like dance moves, right? Like you can see their moves, you can get this. So you're saying, you can see their moves, you're saying, okay, I've seen that, I know that guy. He's going to do the head fake again. And they definitely, you counteract and then they do another counterattack. So, you know, you got to keep on how they. Sounds fun. I mean, it sounds like a, it sounds like my kids playing Call of Duty or Destiny. It sounds really good. It is a bit of a game, but it's a game that you can never stop playing. You've got to keep on going. So Mark, so how do you actually, how do you adapt? How do you handle the never ending onslaught of security threats coming at B Sky B? I mean, we've talked to a few guests today on theCUBE about, you know, the threats are nonstop. They are always changing. As you mentioned, you kind of get, I mean, a personal relationship, but they're always adapting as well. So how do you approach it? So we've got a really neat group of guys which are like a dedicated team and they sit within our identity platform. They work closely with the development teams that are building the identity platform. My DevOps team and the network engineers, they also participate in that security team. And that's basically what they do. They look for attacks and they counterattack them. So it's about having like a dedicated team. You're prepared to put the resources in and the time to actually fight them. So it's Godfrey Sullivan, the CEO of Splunk mentioned his keynote that security, fighting the bad guys, network security, is very much an analytic challenge versus a reporting problem. Yeah. Do you agree with that approach? I mean, how do you look at the challenge from a analytics perspective? It's, you know, it's such a, like a massive scale as well. So it's, you know, it's really difficult to say if you're winning the battle or not, because as soon as you find one attack vector, you know, you clear that off the board and then you find another couple more. So it's kind of a, you know, you can't say that you're necessarily winning. You can only say that you're kind of holding your grounds. So. Well, so let's take it a little bit in terms of specifically what is Splunk helping you do? I mean, how are you approaching this? So we've got a number of real-time rules that analyze the traffic that's coming in that looks over quite a long period of time and we can find those small little tweaks. So it's kind of looking for the impossible. So, you know, it's very unlikely that a user would sign in in one location and then half an hour sign in from a completely different country, say. So you kind of, that's a very simple example, but then you can kind of build on that and make really complicated rules to try and track down and narrow down whether or not this is, you know, maybe it is someone's just gotten a plane and, you know, the last thing they did was check their email and then check their email again as soon as they touched down. So you've got to kind of look across, you know, large amounts of data to kind of determine whether or not something to attack or whether it's, you know, just normal behavior that might look a bit odd to you. So when you're, so that was a really, you said simple but a good example, I think. It helps kind of illustrate the challenge. And so when you're looking at finding those kinds of patterns, is it a manually a manual effort where you have to basically use some common sense and say, look, it's pretty unlikely that this person 30 minutes later is going to be in another country or does Splunk and some of the other tools you use help automate that process? We definitely try and automate it as much as possible. And I think once you've got a good rule set, you definitely need to go back and review them on a pretty regular basis, but you can automate large chunks of that, especially the easy kind of easy to spot ones. But there's also a need to have that kind of human interaction where if you kind of presented up and Splunk can say, this is an attack or potential attack and someone can eyeball it, confirm it is or not, or do it maybe modify the rule and then go from there. So obviously you must be taking in a lot of data. So talk a little bit about the data sources you've got, you're checking the logs from your applications. Where's all this data coming from? So the identity platform is basically the gateway to all of Sky's services. So that's, you know, there's some really good services in there like streaming media, so SkyGo, now TV, that kind of stuff, it's like really high profile traffic that people are really trying to get into. But there's also things like email and account management, which are also really key and real prime targets for attackers. So, but we've got devices coming in from the web, but also iPads and iPhones and Roku devices and Samsung TVs have now got apps and so it's coming from everywhere. And how does that diversity of data sources make your job harder? It makes it a lot harder because you've got to take into account where people are coming from to determine whether or not an attack. So if you're logging in on your phone, you're more likely to get your password wrong because it's so much more difficult to type it in. But so it's just another waiting onto the problems that you have. And compare this to what you were doing before or what the organization was doing before or maybe walk us through how this evolved. I imagine trying to do some of these things in a more manual approach just isn't sustainable and it's probably part of the reason you look to a company like Splunk, but take us back a little bit and kind of give us the before and after a little. So we've been looking at, we've been doing this for actually quite a long time and well before we had Splunk as well. And so that was using a lot of in-house development. So we created our own tools to do this and we had basically the security team was spending a lot of their time writing the application and making it scale to kind of cope with and keep up with the growth of the actual identity platform. And it became kind of, yes, we were coping and surviving but we were spending a lot more time scaling out than we were actually fighting the security attacks. And what role does outside data sources play in terms of helping you be a little more proactive? So you've got security threats around the world or hitting more than just a beast guy of E. Do you look to either your peers in other industries or do you look to outside sources to help you get a sense of what's going on at any given day, any given point in time? Yeah, we do. So we look at a number of kind of different appliances and things that are kind of giving us feeds on what the latest sort of attacks look like. But unfortunately a lot of the people that are doing what we're doing they keep their security rules as guarded as we do. Yeah, well I thought that would probably be the case I think there would be, there is an opportunity for industry if we can find a way to facilitate more data sharing to improve the collective security capabilities overall. But obviously if part of your value proposition or if your security capabilities are actually a value add for your company and is creating value for you a differentiation then you don't want to necessarily share that with competitors or even others that may not be directly competitive. You want to hold on to that. So that is a challenge. So talk about your DevOps journey because one of the things I wanted to talk about and now is this notion of infrastructure as code which is kind of a sexy term. We love it because it means it's adaptive, it's programmable, it's got virtualization. Certainly the cloud as a perimeter list market. Everyone who wants to move to the cloud it's not that easy. So you got trade-offs going on right now. The banks lock down their data. They're kind of taking it slower but people move it faster. What's your take on that cloud migration? Because developers are a key part of this new modern infrastructure. The apps are being required for user experience to be awesome, fast, iteration, but yet cloud economics work well but yet the security issue. So balancing. Yeah, it is, it's a real balancing act. I mean, if I could get a couple of devs to cross over and become DevOps then that would make my day. We've been doing DevOps for quite a while at Sky. Probably before it was even called DevOps. So I started out as a system administrator basically in a development team and kind of the need came from the development teams wanting to work in a more agile way and wanting their operations side to kind of join them in that path. So we were building our VMs and things in the same sort of model and style that the developers wanted to work at. Now we've kind of skies really taken that a lot more seriously and we've kind of got lots of DevOps across Sky working on lots of different projects and it's about kind of consolidating the skill sets and really working with the central operations teams and working with the development teams. So it's more focus on forward progress less about maintenance of what you're building. I mean, that's the trade-off, right? Yeah, absolutely. And there's some things that we allow the central operations team to kind of maintain and look after because, you know, I don't particularly mind that an ESX host goes down as long as the application stays up and the HA take care of it. You know, I'm more focused on spinning up VMs as fast as I possibly can. And it puts the emphasis on development. It does, yeah. So describe the folks out there, you mentioned DevOps. What does a DevOps person look like to you? When they walk in the door, how do you spot an ace, a diamond in the rough or, you know, pro athlete, if you will, if you're, you know, throwing touchdowns? What's the equivalent of throwing a touchdown, scoring the goal? I mean, what's the equivalent version of a DevOps star? It's really odd, but I actually look for someone that's really lazy. I want someone that will not want to do the same job twice. I want someone that will always be looking like... Smart and lazy. Smart and lazy. Always looking to automate... Automate my son. Yeah, automate everything that they can. Yeah. So it's definitely the pushes for more and more abilities to actually write good stuff. Oh, lazy. I'm joking about my son. He's super smart. He's got a great initiative. But lazy, you mean like they're not going to tolerate redundancy and like boredom. Like, okay, this is useless task. Let's automate that. So it's really around, okay, someone thinking like automate that. That's an easy thing we can replace. Checking out friction. Yeah, absolutely. And kind of joining steps together that would have been manual. Or like you've got automation here, automation there. Let's automate that bit in the middle and make it one single. So is DevOps people a unique breed? I mean, we always say DevOps guys are like they eat glasses, spit nails. You know, like they're tough and they're different today. But you're starting to see it become much more popular. Cloud ops, some say. Do you see DevOps becoming, I mean, obviously it's an engineering discipline. So it's not like they're just, you know, throwing code around like it's like a website, but here's some engineering involved. Right? What else do you see as DevOps becoming more stream? What does it look like? What's some of the general sentiment around DevOps? Do you think there's pigeonholing guys that be superheroes type role? Or do you see it becoming much more mainstream? I think it's going to become a lot more mainstream. It's really difficult though because you've got, you tend to be have to be very broad in your skill sets. So you've got to be great at automating, writing code. But you've also got to be able to, you know, pick up a new technology. You've always got to be looking forward at what's coming out there and be able to implement that and pick it up as fast as you can. You know, the devs are always going to drive you because they're also looking forward as well. They're looking at the latest version of Java, latest kind of key bits and they need you to kind of keep up. Okay, so I want to ask you a personal question or a personal industry question, not a personal, personal question. What is the craziest thing that you've seen either here or in your job where you went, wow, that I never would have thought that use case could be security, could be a hack, it could be an impact, it could be something awesome and elegant. I mean, what was like, what's the craziest thing you've seen? Crazy good, I mean, I'm like, not like, it could be like, you know, we had to eat two stuff from the IBM saying, yeah, we busted this drug operation because of big data and that was interesting and crazy. But what's crazy, what's crazy? We've got some really unusual traffic profiles. So, you know, when we start a football game or soccer over here, as you call it, we get massive spikes. So no one ever actually seems to want to sign in early and watch the pre-game commentary. They like to sign in right on tech off. So we get these massive spikes. So it's one of the things that we look at when we're looking at security is kind of taking into account these spikes. So we had an issue a while back where we got this massive spike and we couldn't figure out what on Earth was going on. And it was in sign-ups and it was coming out from all around the world. Lots of people were signing up. Had no idea what was going on. And it turns out that it was Harry Styles from One Direction tweeted something saying that he was going to be on a sky show. And all of a sudden, all of this traffic from around the world just started signing up and getting in there. And we took it a while to kind of track down so it really didn't have, it was the pattern that wasn't a pattern. Yeah, we were scratching our head. We were thinking, this is an attack. This is a really odd attack. We've got no idea what they're trying to do here. But they're, you know. Yeah, it's kind of like a new movie. Hey, we got a new guy and a new guy in the attack cycle. But it turns out it was actually legit. Yeah, yeah. So thankfully we didn't start blocking traffic. Well, Mark, I want to thank you for coming on theCUBE. Really appreciate your insight and candor and commentary. I'll give you the last word. I want to share with the folks out there what's going on at the event here. People who aren't here watching on the interview. What's the vibe? What's the show like? What's the themes? What are some things in the hallway you're hearing? Quick summarize. What's going on? Yeah, I mean, it's just been absolutely epic. I mean, the scale of it is just incredible. I mean, I was at the keynote this morning and it was just, the vibe was amazing. And some of the new features that are coming out, I just can't wait to get my hands on it, basically. It's like a playground for you, right? Yeah, it is, absolutely. So Splunk, as you like, you're happy with Splunk, obviously? Oh, very happy, yeah. What is the one thing that you can say it's changed your world in terms of being in the spirit of good lazy? What has it done for you in lazyness and also productive? For us, it's about giving visibility to teams outside of the density. In our density, we're very kind of closed about very protective of our data and that includes our logs, but we're now able to kind of surface dashboards and give visibility back to the business on what's exactly happening, what our capacity is, and how we're currently going. So that's really great. All right, Mark, thanks for coming on theCUBE. Really appreciate you. We are live in Las Vegas here for Splunk2014.com, Splunk Conference is the hashtag. This is theCUBE. We'll be right back after this short break.