 from the MGM Grand Hotel in Las Vegas. Extracting the signal from the noise. It's theCUBE covering Splunk.com 2015. Brought to you by Splunk. Now, here's your host, John Furrier. Okay, welcome back, everyone. We are here live in Las Vegas for Splunk.com. This is theCUBE SiliconANGLES flagship program. We go out to the events and extract the synth from the noise. We're winding down day two of two days of live coverage. We have 20 plus blog posts on SiliconANGLES.com. And again, 17 interviews today, 17 yesterday, a lot of great content. Go to SiliconANGLES.com, SiliconANGLES.tv, and wikibon.com for research. Our next guest here to talk more about security is Hyansong, SBP of Security Markets, and Monzy Merza, Senior Director of Cyber Research. So we got an executive and we got in the trenches. So this is going to be fun conversation. Welcome to theCUBE again. Good to see you again. Welcome back. So my first question is, before we get into some of the tactical things happening in the trenches, a lot of stuff going on the front lines in security, that certainly it's all over the news. So it's not something that needs to validate, it's hot. As a business, Splunk has really got traction with the security aspect of it. I don't want to say they backed into the security business, but your platform is extensible in the sense we've talked about this for the past four years. It's a solid platform. It's the Google search for once log files, but now all data. So the ingestion is magic. There's some secret sauce going on in this Splunk platform, but security is a hard nut to crack. How are you guys doing it? What's the secret sauce of getting and winning the security business? The secret sauce is to actually have people like Monzy on the team. So we've been taking a very solution-centric approach. And I think having a very strong machine data platform is such a strong foundation, like you said. It got us into this business, but having a relentless focus on providing solutions or Splunk Enterprise Security product went through a major sort of revs along the way and four releases in the last 18 months and ascended in the Gardner MQ. And it's all testaments, what we've been doing, trying to make sure we meet the customer's needs. And the other thing I just want to give you some props and kudos for how you do the keynotes. Especially like electric keynotes, love the keynotes. But you have a customer example. It's not just the quote, vendor pitching. It's Splunk saying, hey, here's what we're doing. And by the way, here's some customers that have been using the product. So really, I'd love to see that. So I got to go back to last year and ask. Last year was kind of a seminal moment in Splunk history because you had security front and center. On the keynote, you had some big names up there. We talked on theCUBE. And that was pretty obvious. You guys were doing some business there, but what happened after Splunk 2014? Did you guys just saying double down? Let's nail this. You mentioned some stats about doing some stuff really fast. What came out of 2014? Just a massive resurgence to just double down the product and the solutions? Yeah, I think we definitely doubled down on getting more people onto the team. Double down, getting more expertise. And I really think it's last year, literally I look at .conf as the security market's coming out party. And since then we have coined the analytics-driven security as our brand and really went hard at adding a lot of capabilities into our ES product. Not only that, we went and acquired company in behavior analytics. So I think doubling down from that angle, maybe tripling 10X down in that. So really delivering on what we mean by adding analytics into our portfolio. So we'll look back next year, we'll do a little KPI analysis on, was this year the inflection point for solutions? So I think that's kind of what you're kind of seeing right now. Yeah, this is year not only for solutions, basically from a security market perspective, I'm providing multiple solutions. So we're not having a portfolio at a company level, we're having a portfolio at the security market level. Yeah, I mean, I want to get into some of the tactical things, but I like how you guys decoupled platform from the solution because you don't, you can do a lot more very highly cohesive things in the security lens into the platform. So I got to get into the trenches. So you're out on the front line talking to customers, what's going on with the solution? Obviously you're getting good thumbs up, but where's the action right now? If you had to kind of heat map kind of security and say, hey, the attacks, the threats and the challenges, the opportunities, malware, phishing, DDoS, all of the above, where's the action at? Where are the bombs dropping, so to speak? I think when you look at the news coverage, you see bombs dropping everywhere. There's challenges all across the board, but I think what we're observing really is when we look at the recent breaches and recent attacks, we're seeing that really the credential usage and credential really misuse and abuse is at the core of all of these different activities. So whether it's financial services, whether it's retailers or online banking and all of these different organizations, they're all seeing that at the core of it. And so the challenge that I think a lot of customers have is there's this ability to connect the dots and for the analysts to really exercise their intuition. So a lot of the customers that I speak with, they have problems that are falling into two buckets. They either are in the camp where they say, I really don't know what to do and I really want Splunk to help me understand what that is. And then the other camp is to say, my analysts know exactly what to do, but my current product or other technologies don't enable me to exercise my creativity. And so those are the two places that we're naming, just like I had mentioned, with bringing in machine learning and data science in the capability, we're really trying to level the game up for the folks that need that extra assistance and want us to deliver and prescribe a solution. And then on the other side, you see all these new capability that we announced this week with Enterprise Security and other technologies on really saying, we get it, analysts are the core. And we're going to enable those analysts to do the best that they can do and exercise their own capability and intuitions. So let me ask you a question. When you walk into a customer, and let's just say they're a Splunk customer, they've been using the ES for a while, they're doing all the machine data, then they say, oh, actually all this machine learning, all this new stuff happening, you get called in, we want to call Splunk into the security conversation. What do you tell them? Like when you say, what's the opening line for you? Say our platform, how do you describe the value proposition in a way that gets them excited to the next level? Is it just the effectiveness of getting the data fast and turning around the data visualization, the intelligence, the insight, or do you go into more of, this is a solution for the lens? I mean, how do you talk through that? So I talked to them the same way that I understood the solution many moons ago. I was a Splunk customer before I was a Splunk employee. So I bought and paid for Splunk. It tends to be the case, the new CTO was a customer too. It was in the keynote last week, we interviewed him today. He's a kid in the candy store, he said. Absolutely, and because I think that's, because that's truthful, right? That I know the pain, I know the burden, I know the product, I know the threat landscape. And so the conversation that I have with the customer is, let's talk about the problems. Let's talk about what you're challenged with. And really what it boils down to from an opening statement perspective is, we say, well, what is security data? All data is security data. So we, and we come to the conclusion. You go right to the data. Data conversations right up front. Yep. Absolutely, because it's about the threats that the customers are challenged with. It's about the data that they want to look at and it's really, it's their ability to understand what sort of things that they want to address and what's important to them, right? So as an example, you look at an Apache log and you say, well, who's property is that Apache log? Does it belong to the IT team? Does it belong to the retail team? Does it belong to finance? Does it belong to security? Well, it belongs to everybody because the finance guy might look at it and go, well, it's interesting. People are buying more flowers from somewhere right now. And the IT guy might look at it and go, well, my web server is doing this many transactions. The security guy looks at it and go, well, this is very peculiar. I have never seen anybody purchase anything from this geolocation before, right? So it's the same data set. You got to get access to the data. That's number one, right? That's absolutely. So how do you get through the data horrors? You know, the guys out there who hold the data and you know, the data cartels as your CTO has calling the term. You know, there are people who look at the data as a competitive advantage and don't want to give it up. They don't want to give access. Or they just are hoarding the data. How do you guys break through that? What do you mean? Just stop them around a little bit and say, hey, come on, you want to get hacked? Or, I mean, is it that easy? Or is it- So I think that's where the experience comes to play again, right? It's as having been a customer, having lived through those things and having, trying to democratize the access to information and especially for security purposes. It's about, it comes right back to people again. It's because it's every data hoarder is hoarding the data because they feel that there is some value in it that enables them to do their job or provide some job security or whatever that is. Or they feel sensitive about the information because they feel that nobody else should have it because they really seriously care about the stewardship of that information. And I think it's a matter of a conversation to help them see that this data helps them do things better or faster or helps them- So you have to provide some comforts so there's no cognitive dissonance for them to give up the data. So you have to address their concerns on privacy and security. Yes, absolutely. And you're comfortable with that right now and it's a different solution. Absolutely. Yes. And also delivering value. So they can see when their data is put together with other data, there's additional insights that they can gain that they wouldn't have if they didn't. I mean the ROI question is almost ridiculous in security because the ROI is so massive it's like you don't even have to, it's an order of magnitude. It's like the security analysis on earlier, I asked him if he sized the TAM for the security market and he goes, I haven't gotten to that. I go, well, you just say it's huge, it's big. You're off buying, it's just like, it's so big it's not like even to be tamed up. So the question comes back down to how does that ROI get to the customer? In the products that you guys have, does it come through the insights? Because again, one outlier of data, one insight could open up a whole nother window of analysis that could either protect or see breach. I mean that's just ROI right there. Just write the check, PO's in the system. It's also like you said, it's top of mind for everybody, right? It's top of mind for the board, for the CEO, for the employees, even for just our regular people because the breaches that we've seen this year touched everybody's lives. So it's not just the ROI, it's just are you solving the problem that's keeping me up at night? So Monza, what's the top three conversations at you? We'll do a little pattern recognition in the spirit of machine learning, you know. I like that. So what's the top three patterns that you're seeing in the conversation with your customers that keep coming up over and over again? I think customers are, most of our customers are ready to take the next step in their own maturity process for security operations. So if we draw some sort of a continuum, right? We look at how things have been done in the past where you use signatures or specific indicators for something and customers get it. They use that, signatures are important, but there's something more and what's more. So in recent couple of years with Splunk and with other technologies, say well it's around analytics and it's around being able to understand what that is. Now they're starting to get comfortable with that and they're saying okay I get it, I see the analytics, but now because of these analytics I'm stuck in this alert world. I'm just constantly, I get these alerts, these alerts are good, I get them, but now I got to work them. So what is, how do I get to that next level of solving those, the next set of problems because I can't put enough people even if every single one of my alerts was absolutely important. What's my next level? So I want to ask you guys kind of a philosophical topic, kind of end the segment on a kind of like relaxing note. How important is the concept of open data for building security solutions? Open data meaning sharing the day. We're in a sharing economy. Now APIs now are dominating the conversation because there's no perimeter anymore. So what's happening is you have a lot of things going on whether it's direct connect, peer-to-peer, anonymous networks, bypassing the internet from the DDoS all the way up to the edge of the point of edge-to-edge security. It kind of counterintuitive, well I'm going to open that up. So what's open data mean to you guys? How important is that concept? That's a great question. I think philosophically, we're in the security world where we're preaching to the industry that it takes a village and we need to collaborate and collaboration starts with information sharing. So we're very much on board to open that up so we can do things. However, we want to make sure the data is shared. It's accurate and the data shared is actually actionable. That's actually is our focus. And ensuring the privacy and security concerns of the person sharing it, right? And making sure that sharing does not cost them more liabilities. That's where we need the government and the legislation support. So big fan of that and we've been very much supporting a lot of the things that's going on. There's some policy stuff in there. How about on the product side? I think, and related to the same topic that Haiyan's talking about, data sharing is not just about indicator sharing or threat intelligence sharing. It's really about recognizing that security is an ecosystem problem and an ecosystem solution. And so what we are working on a lot of our partners is to say, how is it that we take all of these different disparate systems and allow them to communicate with each other? So that when you have a specialized system, for example, in security space, people talk about firewalls a lot. So if you have a firewall, how do I enable a firewall to speak with a Splunk? How do I enable a Splunk to speak with an endpoint system and so on, so forth, right? So that it's really up to the consumer at the end of the day, it's their data. So it's, and a lot of customers now are starting to react to that to say, I talked to vendor X, Y and Z and they said, well, this data is in a proprietary data store and I can't get into it, it's my data. I want it. And I understand that I paid the vendor to do something. And so I think that collaboration and, but then the ecosystem is really was going to drive a lot of these systems. Yeah, I think you guys are proven to the market, in my opinion, that more the data interacts with each other, even from different disparate sources, makes the overall insight more valuable. I mean, we see that some of the stuff we're doing at the SiliconANGLE and the CrowdChat side. So, but again, if the challenge is more of a politics or policy, open up the data and then the, can the products ensure kind of that SLA of the security? But I think we're making, I'm sorry. I was going to say one comment is we've been very much being used as a lot of customers at the nerve center for them and connecting all the different pieces together. And directionally, not only we want to be the nerve center for one customer, we want to create a connected set of nerve centers where everybody can benefit from the latest learnings. Well, that's a good point. The nerve center is really good. I think it's working. We had a lot of people on theCUBE this week, today and yesterday, FireEye. We had Independence, we had Analysts, we had Palo Alto Networks. So your ecosystem seems to be embracing this nerve center concept, so congratulations. And that's only going to make the solutions better. I mean, that's the whole idea is that customers are going to make choices. They need, to your point, we want to be able to connect all these pieces together and more data is going to bring more value and really provide the, what is it that we're trying to protect ourselves from? I just think it's phenomenal. I mean, you guys have 10,000 customers which is great accomplishment. You guys are growing up and how tall can you grow? That's what we said in the morning yesterday in the analysis segment, but Cisco's got 50,000 customers. They have five times more customers just on the UCS side and they're partnering with you. Palo Alto Networks, bulletproof security on the hardware side, that adds to your solution. So one plus one equals three in this. So you guys see that same thing out in the field? Absolutely. Okay, final question, what's next? What's going to happen this year? So when we do theCUBE next year, we say, okay, how do we do? What's your goals? What's your top three? No, I'm only kidding. Yeah, but what's your goals for the year? What do you want to do for this next year? I think one of the things that's really, really obvious and very distinctive this year is people are, you know, last year people moved from just thinking about prevention to detection. And this year I think we're moving from just thinking about detection to early detection and not only early detection, but detection in a way you can enable people to do rapid response. So next year I hope to come back and talk to you a lot more about how we can enable our customers to really take care of the issues that they have to deal with versus just get to know about them. Monsie, how about you? What's your goals besides not having gray hair because of all the bombs dropping but staying alive, what's your goals for the year? I think one of the things that we're seeing that's evolving, what I would like to see is more sharing from a customer perspective amongst how we do, and not just about an indicator, but about threat intelligence and what customers are doing with Splunk and make that very easy to share tactics and techniques to operationalize things. And really start to step up, we talked about the two basic pillars, right? Going from indicators to analytics and really going from analytics to have every customer have the ability so that they can develop their own threat intelligence so they can not, to Hian's point, not just understand this alert but understand the broader consequences of what happens when this particular activity is going on so they can drive mission and business better. Well, congratulations, this is our fourth year broadcasting live at thecube at Splunk.com so it's been fun to watch the evolution and certainly, you guys act like a startup still but you're not, you're a public company, you're a big company now. So keep acting like a startup, I think the culture will continue to thrive. Customers love Splunk, so it's been a lot of fun. So thank you. Customers, what made it successful? It's leading us into new places, we're forever grateful. You have customers and a fan base all in one. So congratulations, this is theCUBE, we are live here in Las Vegas and thanks for watching and this is the wrap up of day two, thanks for watching theCUBE and look for us at our next event, we got Big Data NYC, we got AWS ReInvent and a lot more, check out thecube at SiliconANGLE.tv. Thanks for watching.