 Live from the MGM Grand Convention Center in Las Vegas, Nevada, it's The Cube at splunk.conf2014. Brought to you by headline sponsor, Splunk. Here are your hosts, John Furrier and Jeff Kelly. Okay, welcome back everyone. This is The Cube, we are live in Las Vegas for Splunk's annual conference.conf2014. The hashtag is Splunk.conf, C-O-N-F. Now of course go to crowdchat.net at the Splunk conference, if you want to join the conversation. I'm John Furrier, the co-founder of SiliconANGLE Medium. Join with the number one big data analyst, Jeff Kelly at Wikibon. Our next guest is Gary McCoola, Senior Director of Information Security at FINRA. Welcome to The Cube. I'm glad to be here. So love the title, Information Security. Security is the hottest thing on the planet. But there's so much involved, I mean, detection and pattern recognition. It's data driven for sure. It is. What are you guys doing? Do you guys update on what you guys are doing with security, the company, the role of security and the role of data? So security in general is something that our company takes extremely seriously and that we put a lot of emphasis on. And what we found is, at least using Splunk, is it gives us the ability to do better analytics on pattern matching than we could ever do before. Plus traditional SIMs haven't allowed us in the past to be able to go back and look at mounds and mounds of historical data because their back ends were limited on how much data you could put there. What kind of examples on the patterns that you guys identified? I mean, because we've heard this before as a use case, killer use case for security, is hey, you know what, there's so much data, a lot of real time, whether it's credit card transactions here or there for e-commerce to just attacks or internal stuff. Yeah, not to get just into... I mean, you don't need to specify. Not to get into specifics. Yeah, I mean, not in terms of breaking any confidentiality. But here's what's missing on many of the tools is you have a zero day and then you get a data file for it that addresses that. And now I've stopped the bleeding. Anything new coming in, I can stop or I can detect. But what happens to this period here or prior to that? I don't know if I've actually been hacked by that zero day item. I need to be able to go back and do those analytics to see if that was addressed. And Splunk gives us that ability. And you've also got to store all the data because we're going to do all this analysis for your business. There's all kinds of analysis on data and you guys aren't new to data. So explain the transformation that you guys have seen because timing, real time, new data sets, new formats, can you share some highlights of this transformation? Yeah, so big data in general, FINRA is not a stranger to. We were big data way before big data was cool. So we have to take in- You're the big data granddaddies. We do, we have to take in all the data for every transaction that was made on every stock market that's done in the United States. So this became a real natural fit for us when we looked at it. So when we looked at what the shortcomings were for our traditional Sims, they were all addressed by what we saw at Splunk. I went to a Splunk conference, Splunk USA Washington DC conference and I was just mesmerized by the excitement and how thrilled everybody was about this product. And as I drilled down deeper into it, I could see why. You know, a lot of people and you guys, what you guys do just for the folks out there, I mean, looking at the capital markets and protecting investors is really a key thing. I mean, everyone thinks of that scene in Wall Street where, you know, Bud Fox is making the trades or, you know, Enron crisis, you know, people going, you know, all this stuff's happening. So you got to watch a lot of real fast data. So you got historical, you got real time. You guys are the perfect storm of like the people with the biggest need. And how do you do it? How do you keep up to date? Well, it's not easy. So trying to keep up with all the threats that are coming in is something that I don't think will ever, or at least right now, that we'll ever be able to keep up with. I was just telling Jeff the story that on 60 Minutes, the head of the FBI said that there were two types of companies, those that were hacked by China and those that don't know that they were hacked by China. So that tells us that we have to have a different paradigm. We can't put up these walls and feel that we're impenetrable and that we're untouchable. The idea is that you can't sit down and put an IPS or an IDS up and think that that means that you're safe. You've got to continually go back and continually monitor and continually monitor your old data to see if you were hacked. You could be hacked just for saying China's hacking. So watch out for your. That was a direct quote. You were quoting somebody else. No, but I love that quote. I mean, that is so true. There's a security issue at many levels, but also it's the data. I mean, for the folks out there trying to wrestle their arms around it, what does Splunk bring to the table? I mean, can they be that good that fast? I mean, how are you guys using Splunk? That's a good question. So we decided to leverage the Splunk cloud solution. And the reason we did that is we wanted to get the market really fast. The idea is that I have security engineers and I'm not really leveraging them to their full potential if we're worried about back end. So I let Splunk worry about the whole back end. So we started in February and within two months we had every Unix and every Windows server logging their data to Splunk. And we were immediately started to see dividends from that. So things will naturally bubble themselves up if you're just inquisitive enough to look for it. And that's what Splunk brings to the table. If you have people that are, where their job is to look for things, Splunk will actually bubble that up to the forefront. Obviously with such a fast moving environment in terms of security threats, you've got to be very nimble of yourselves. I wonder, does Splunk's ability to, we heard in the keynote about Splunk customers actually building applications of Splunk. Being able to, one of the key note, one of the customers that spoke in the keynote talked about Splunk being a very hackable platform. And you meant that in a good way in the sense that we can go in there and actually create new applications. We can iterate on old applications and to adjust to new changes in business conditions. In your case, finding and adapting the new security threats. Do you actually use some of those capabilities? What's your use of Splunk in terms of the application development side? So let's talk about the cloud in general. So we do leverage cloud, the ability to take roles and to apply permissions to those roles to ensure that people who we use our cloud service can only use those services. So the issue is not really of putting a piece of firewall there to say whether this API was called or not called or allowed to be called or not to be called. The big heart of the problem is to ensure that the permissions that you've defined are exactly what are applied into the permissions in the cloud. And that was something that we did not find in the marketplace to be able to do. And we built an application to do that, leveraging Splunk CloudTrail and we now have real-time continuous monitoring of our permissions in the cloud and we get notification if anything ever happens that to change that security posture. So the ability to do those kind of, to make those adjustments and to build your own applications, that part of the value that you see Splunk providing and we're here at the show there's a lot of excited customers here. How much does the Splunk community benefit of customers to yourself? It's tremendous. You can usually find answers to whatever you want just by Googling it. And so that is a big thing. The other thing that we talked about on the opening addresses was that Splunk was an all-in-one box. And what we've seen is we're able to quickly get these apps up that we need very, very quickly because the whole computing environment is there. So one of the things that we're looking at is to be able to look at our entitlement data. So when people go to our websites and everything we want to be able to log all the positive connections. It's going to address marketing. It's going to address security. There's a number of areas to do that and the ability to put these applications up in weeks or months compared to very long lead times is just a tremendous big win for Splunk in Fenmerer's environment. So as John mentioned, you've been in big data before it was called big data. We did. So you've got a historical perspective you can potentially share on the evolution of kind of the underlying technology used to support quote unquote big data. So Splunk is certainly part of that but we've also seen kind of from the 90s, the evolution from the EW and the Torch Racial BI and now we're seeing new systems and new approaches like Hadoop and other things that are potentially more scalable, leverage open source and commodity hardware that kind of thing. What's your take on the evolution of those kind of technologies and the relationship between for lack of a better term kind of the old model of more structured EW and BI versus some of the new or flexible models that we're seeing now. Do you see them, is there a tension between the two? How do you see the two living? Are they going to live side by side? Is the new way pushing out the old way? What's your take? Well, the structured data in general just, the word structured in general defines some sort of boundary points and unstructured data actually takes that away. So that's a big positive but what the biggest advantage that unstructured brings is it allows us to ingest anything into Splunk. So traditional SIMs, big database, they have to understand exactly every single piece of data that comes in beforehand. So a piece of data comes in, he matches it. If he can't match it, he throws it to the bit bucket, which is something you never want to do. But many people deal with small vendors, it's not profitable for some of these SIM vendors to create parsers for all of these different tools. So unstructured was for us definitely the way we wanted to go. Plus we wanted to bring in application data that is done by application teams that don't necessarily follow a format that we would be able to parse. We're able to bring that in really, really quickly. So the advantage Splunk has is it's specifically geared for engineered or architect for time series data and for small bits of time series data. It works really, really well. Hadoop has usually really big block sizes that make it either it has to wait before it can buffer that data to it fills that buffer up or you get a lot of empty buffers. They're working to address those kind of shortcomings, maybe to deal with Splunk. But right now, nobody actually handles that type of data feeds the way Splunk does. And what's your take just generally taking a step back? We've got a lot of, you know, our audience are thinking about new approaches to not just data management, but analytics and actually becoming more data driven. What in your opinion, what are some of the key characteristics of a company or an organization that successfully leverages data? What are some of the, both either technology or also culturally mindset wise, what are some of the key characteristics that you think are important for a data practitioner to have to really be successful? Yeah, that's a good question. And I think part of it is culture. And we spoke about it at the opening meeting. Somebody used the quote that if your opinion isn't based on data, then you're just another guy with an opinion. And it really comes as a culture that whether the culture of your organization is based on numbers or it's based on gut. And when you go to meetings and you're able to bring this data with you to show exactly the reasoning behind your story that the data tells your story, I think that that gets much more well received than to say, I think it's better this way. And I think Splunk is an excellent tool to provide that. And we're seeing that through all layers of our organization. And so let's talk about Splunk a little more in terms of the company and your take on how they're developing. So they've come a long way over the last several years. They're growing like gangbusters and look at their corollary filings. But they're investing a lot of that revenue back into the business. What's your take on their strategy? We heard Godfrey Sullivan talk about some of the things they're investing in going forward. Talk about Mobile First, talked about cloud automation and really a very ambitious agenda, analytics for everybody. What's your take on how they're developing and where they're putting their resources? I think he's definitely on point. Those are the main, he actually came to our organization and talked to us. Just like he did with many, many other organizations, he heard what we were saying. I think that's really important. He heard and he made those the priorities. So I see our priorities reflected in what his R&D priorities are. And that makes me comfortable as a customer that they'll be able to meet our needs in the foreseeable future. Do you have any concern, and certainly as a company like Splunk grows and they're known for their customer support, their listening to customers, just as you mentioned, is there any concern that as they grow they're going to potentially lose some of that customer focus? Do you have any concerns? I mean, what is top of mind for you in terms of, if you're talking to Splunk, these are the things that are most important to us. We need you to keep your eye on the ball when it comes to these customer issues as you grow. Well, I think he talked about, Godfrey talked about addressing the TCO model. That is a little barrier to take. I think in general, there's a dichotomy of Splunk can ingest anything, so we just throw everything at it. I think it's really important for administrators, our owners of Splunk, to ensure that we put our data on a diet, that we actually do our analytics on the data, and actually that we manage our own costs. So I think that he's going to help us out a little bit in that area, but by providing applications that help us manage that. I think that's what they're saying. If you just throw everything indiscriminately at it, you have no one to blame for the high cost, but yourself. Gary, I got to ask you, I know we got a break on the segment, but I want to get one final comment out for you, let you get out, but also I want to ask you, what is the culture of your view of the cloud? I see the cloud's great, it helps you get started quick, but if you could talk to the Splunk guys maybe on the product team, or as you see your future as a user of cloud, what are you looking for? What's the preferred experience that you need to see to have a really great, amazing cloud product? Okay, so first of all, FINRA in general is moving towards the cloud. That is our CIO's direction, and that's the way that we're moving. So in one point, a lot of resources for on-prem won't be there to support that. So we move full board to go ahead, but what do I expect? I expect them to take care of that back end just like it was my back end, and I need them to be able to treat my data with the same feeling or the same care that I would take it. And I also am expecting the 100% non-down time that Praveen spoke of, that's a very lofty goal, but just like the movie Social Network, Facebook never ever goes down. That's exactly what I'm going to expect. It has little outages here and there, some features like mine. I know when the Hadoop cluster is not working because I can't see the comments on my mobile app, but that's a different story. Babe, okay, good downtime. Anything else? Obviously pricing, variable pricing, consumption? Pricing is always going to be a concern for everybody. Well said, very political answer, yeah, of course. But it's a consumption pattern for you, right? This is about consumption. It is. And pay by the drink can be paid by the drink all year long, but then adding services in and out, right? Right, but you know what the cloud service does? It allows you to put an exact dollar amount on the data that you're ingesting. So there's all kind of hidden costs when we talk about an on-prem solution. I don't know about your data center, but mineware is on electricity, but we rarely then put those costs onto our boxes. But with Splunk Cloud, I can now put an exact dollar amount of what it's going to cost me to ingest the data fee. And then we can make an informed business decision if that's a good, if we need to go there. You know, you should get involved in the Wikibon community, because Jeff's actually doing some reporting on this right now from research. It's all free, by the way, for the wikibon.org. You can afford that. It's free, it's good. Free is shared too, as it gets viral and it helps people. But the thing about what you're talking about is there's a lot of cost structures on how accounting was done with IT. That, you know, has got to be modernized. Because the consumption's different and the relationship and contracts are also changing. So you brought up a really interesting point that not a lot of people are quantifying in the scheme of the big picture. So awesome data point there, I want to expand on that a little later. Maybe we can talk offline about that, but love your experiences. And again, this is the world of everybody in IT right now. There's a massive transformation. And the benefits are there. So that's the beautiful thing. You get the leadership from the vendors out there making good products, the tech is working, the software is scalable, so well, in some cases. But for the most part, the significant benefits and flexibility. Absolutely. Gary, thanks so much. Love talking with you. I think what you guys are doing is really the big challenge. And with data is that it's real, it's out there, it's fast, it's everywhere. And you guys are harnessing it and bringing that in really at a really big clip. So congratulations. Thank you very much. The success there at Splunk is awesome. So we are here inside theCUBE live in Las Vegas breaking down the big data world with Splunk's user conference, but also looking at the trends and trying to extract that for you. I'm John Furrier with Jeff Kelly. We'll be right back after this short break.