 From San Francisco, it's theCUBE. Covering Sumo Logic Illuminate 2018. Now, here's Jeff Frick. Hey, welcome back, everybody. Jeff Frick here with theCUBE. We're at the Hyatt Regency San Francisco International Airport in Berlin game, but Sumo Logic Illuminate 2018, about 600 people. I think it's three times bigger than the conference last year. It's grown really fast. They got a really interesting thing going on with kind of the silent disco. All the sessions are in one room. Everybody's got different headphones on so you can listen to any session. I've never seen that before, but we're excited to have a partner of theirs on a big announcement today. He's Elden Spricker-Hoff, the founder of East Entire. Welcome. Jeff, great to be here. Absolutely. So you guys had a big announcement today. What was your big announcement? So we have formally partnered with Sumo Logic to work on, so extend our visibility into native applications, cloud, everything within hybrid security. Okay, so let's back up a little bit for folks that aren't familiar with East Entire. What are you guys all about? How long have you been around? What's your core business? So we're a managed detection and response firm. So basically we're looking at the attacks that made it through all the infrastructure that was currently in place. Firewalls and web application firewalls and everything that you put in place. And I used to call it embedded incident response, but the idea is to hunt for the attacks as they're going on. So time is a very, of the essence to detect these attacks and shoot them down. We've been in business for, it's almost 17 years. So it was in 2001. And this is, the biggest thing was at the time to have full visibility into attacks, to build playback attacks, to build our own threat intelligence and so on. This is, so over 15 years worth of this kind of practice and process put into place, it's something that was very revolutionary at the time in the market is just sort of catching up to it now. Now the other thing that of course changed significantly since 17 years ago was public cloud and the adoption of public cloud, private cloud, hybrid cloud. So how has that really changed your market? Was that a great new opportunity? I assume your original solution was on-prem. Suddenly now all these workloads are moving to the proud. So how did you, or cloud, how did you guys respond to that? So we know that, again, logging is a very important piece of getting a full visibility into attacks that are going on the network. The move into the cloud of course is inevitable. It's never going to be stopped. And it's something where we had a chance to sit back and we said, look, we recognize that there's a need for this kind of visibility. We don't want to build it ourselves. Some of our strength has come from building up the data analytics and so on from the various signals that we've got. Right. What we're going to end up doing, rather than building that ourselves, let's find the partner that can do it the best and see what is the most complimentary to our methodology and our process. And so we looked at about a dozen different firms that offered this kind of thing and went with Sumo Logic as a result. The, one of the biggest pieces was even, a lot of our clients are in the mid-size market. They're not as necessarily enthusiastic about moving to cloud, although pretty much everybody has some kind of hybrid piece there. Even our most anti-cloud client said, basically in five years, 70 plus percent of our apps and our workload will be in the cloud. But they're not in any necessary, in a rush to get there. Right, right. So again, this was a realization that it's not going to go away. We need to find a partner that, again, works best with our data analytics pipeline in the same kind of thought process behind that. And not being hampered by the necessary, necessarily being on-prem. And that was why we eventually, we went with Sumo Logic. So how has your business changed fundamentally in this kind of hybrid cloud world? We also have all this crazy API economy. Everything is connected to everything else. And then you've got this kind of interesting attribute of many cloud workloads, which is they don't last very long. Or they change very, very quickly. They blow up, they come down, they're turned on, they turn off. How has that impacted the way you guys get your work done? So we're very comfortable with ephemeral workloads and attacks. But the idea being, again, be able to respond very quickly to threats, even given servers that are, again, very short-lived, makes it even more important that the data that we pull from our existing clients and other vectors, such as indicators of compromise or indicators concerned, that we can move very quickly, that we don't have the luxury of the next day getting analysis or sort of a nine to five sort of analysis and response window. That shrinks the windows even down further. Right. So the other thing that's pretty interesting, you just said you got like 15, 18 years worth of data. How much of that can you use to build machine learning and AI to see kind of patterns, things you've seen before, and to build some of that intelligence behind? I always think of the poor guy that rips off a bank for the first time, right? It's his first time, he needed some cash, he got stupid and went in and grabbed. But the policeman has seen that thing. That was his time, he knows exactly where to look, he knows where the bodies are buried. So I would imagine you've got a tremendous amount of insight that you guys can leverage in your own kind of threat detection and threat analysis. Yeah, that's exactly so my role as the Chief Innovation Officer is to drive value out of the data that we've gathered. And again, when we have petabytes across our client base of stored data, whether it's attack data or metadata, I'd say there's a lot of gold in them to our heels. And part of it is, do we have the right tooling to build access and use that data? What kind of inferences can we make from things we've seen before? So the broken windows methodology so that you expect that a certain neighborhood is more likely to be attacked and so on. So it's a very exciting time to be in this space. And again, given the almost 17 years' worth of data and knowledge and process, I think we have a headstart against our competitors, our would-be competitors, and having access to this data and the sort of the tooling to access this data that we're getting from Sumo Logic is going to be critical in our success. Right, so don't share any trade secrets, but I'm curious how the strategies for the bad guys have evolved when they know that a significant amount of what they're going after sits in a public cloud that's got a whole nother layer of security and infrastructure that's been put in place by Azure or AWS or GCP. How has that changed the way that they attack those opportunities and then how has that impacted your business and what you're doing about it? You know, so there's a lot of sort of interesting use edge cases that come out of this. Some of the things that we've seen that are, again, sort of challenges will be that there's attackers that have got quite a bit more sophisticated and rather going off into sort of edge cases like one by one attacks that they go up a level and they're attacking the infrastructure themselves. So, you know, we've seen cases where even this year we discovered an attack against a management of endpoint solutions. So it's a packaging of software that goes down to endpoints and they attack that vendor in the cloud themselves. So that was hosted, you know, a hosted solution that you would not necessarily have seen unless you were looking for some very unusual characteristics. And this is not, you're not going to get that from the public cloud, you know, given that that shared model in the cloud, you're responsible for a good portion of the infrastructure that you support. It means that you have to get past sort of things like well-known signatures and you really have to focus on more of the unusual behavior, build a baseline and then be able to dig deep into the attack vectors and every single part of the layer that, you know, whether it's not just sort of IP addresses that are bad, but it requires, again, more visibility in places that you may not necessarily have visibility. So every cloud vendor, especially the Big Three, they're ramping up the data that's available. So AWS still leads with a lot of things with Macy recently from the machine learning piece. So they're trying to give more visibility and what you do with that data is what's critical. Once they give you that visibility, what can you do with that data? Can you rapidly make decisions on it and be able to push that out across a complete client base? So I'd love to get your perspective again, you've been doing this for a long time on kind of the change of the landscape from the kid hacker who's going to go in and change his grade from a C to a B or he's playing games or he wants to put some splashy page up to now state-sponsored hackers, which are much more strategic, much better resource, much more sophisticated. How have you seen that kind of evolve and how are you and the industry been responding directly to that? So we've seen, again, some really incredible nation-state attack vectors, some of the most sophisticated tooling that you can imagine. We've seen from, and it's difficult often to be able to say that's absolutely nation-state. Attribution is always tough and I'm allowed to do this. There are cases that, across our client base, that we have seen attacks that were so sophisticated and with a purpose, like a very fine purpose, they only could have been from nation-state. It is the most, without having to go out on a limb at all, it's like, it just makes sense. And so it is incredible how determined and how well-tooled these attack vectors are. And this is not hyperbole, I'm a zero hyperbole guy. And I assume the safe assumption, probably the good working assumption, just like no trust networking, is you're going to get breached somehow, some way, some time. And it's really about identifying it, responding to it, shutting it off, and trying to keep that window closed for the next time around. You know, I even go so far as to say, it's not a question of when, like you are. Right, you are, they're already in, right? You just haven't found out if you're in. Somebody, whether it's an external vector or an insider, the odds are good if you are of any reasonable size, there's somebody who's doing something that should not. Right, all right, so last question, we were just at AT&T Sparks event earlier this week, talking about 5G, right? And 5G is coming, they did their first call, AT&T's rolling out to all these cities. So 5G, and IoT, and industrial IoT are suddenly going to multiply your threat. Attack base. Attack base by orders of magnitude. What are some of your thoughts as an industry veteran? How are you preparing for that? Do people really understand what's coming down the pike with 5G? I don't think they do. Not at all, not at all. You know, when we're talking about, again, the biggest things that we're working on right now are how do we deal with scale and visibility of a signal? So, you know, a lot of systems do a great job of generating signals, but they're not necessarily equipped to deal with the response piece. And that's, those are some of the challenges that we're dealing with. How do you deal with increase in scale, an increase of number of vectors, attackers, and the size of the attack space themselves? It's crazy, crazy stuff coming. It's great time to be in this industry. That's true. All right, Elton, well, congrats on the announcement, and thanks for taking a few minutes with us today. Thank you very much. All right, he's Elton. I'm Jeff, you're watching theCUBE, where it's Sumo Logic Illuminate 2018. Thanks for watching.