 Live from the MGM Grand Hotel in Las Vegas. Extracting the signal from the noise. It's theCUBE covering splunk.com 2015. Brought to you by Splunk. Now, here's your hose, George Gilbert. This is George Gilbert, we're at theCUBE. You're watching live. We're in Las Vegas at SplunkConf 2015. And we're proud to have us our next two, special guests. We're having Chad Kinselberg, Senior Vice President of Business and Corporate Development from Palo Alto Networks. And Gorka Sadovski, although spelled with a W, but a Polish extraction, who's Director of BizDev for Security at Splunk. So let's jump right in. We have two of you on the show together because there's a special relationship between the companies. Let's start for those who might have been watching this show earlier today who don't know Palo Alto Networks. What does Palo Alto Networks do? How does it complement Splunk? So Palo Alto Networks has really transformed the entire security industry by recognizing that there's been changes in the way that enterprises are using applications and the nature of the threats today. And as a result, what's happened is the old paradigm of security no longer is effective. And so what we've come up with is what we call a next generation firewall that really revolutionizes security and makes it so that you can safely enable the use of all the applications that people want to use, whether a SaaS or mobile or cloud, but yet protect your organization from some of these very fierce cyber criminals. Okay, Spork, tell us relative to that, Splunk's approach to security, and then let's explore how one reinforces the other. So Splunk has a very open approach to security and similar to Palo Alto Networks, we have leapfrogging a lot of the old legacy solution and we are looking at security with the current threats and evolution of what is happening today. Splunk is a big data analytics platform that is being positioned as the nerve center in the customer's enterprise and environment. It is important for Splunk to bring data from all over the enterprise and we are capable of giving full-stack visibility on everything that is happening in an enterprise and that is critical in solving the security equation. Palo Alto Networks is a very good partner of ours. They bring very rich set of data into Splunk and that is very important for us to solve the security equation. Okay, sounds like a perfect tie-in because Splunk is all about the data and analytics and visibility on that data. So tell us a little more Chad, what type of data are you adding into Splunk and how does that change the analysis that's possible around the threats or the breaches? Right, when we first started Palo Alto Networks, the big breakthrough was thinking about using applications and users and content as the basis for establishing and enforcing security policy. But it turns out that those same constructs, applications and users and content are really useful if you're trying to do any type of analytics. So when Borca talks about Splunk being the nerve center, ultimately the nervous system relies on that information kind of flowing into it and so by feeding in information around the applications, around the users and around content, it's a much richer set of data. So whether you're just trying to do dashboards or visualizations or predefined queries, you end up with a much better solution. You have more context, is that it? You absolutely have a lot more context and what we've been able to do over time in this Palo Alto Networks app for Splunk is continue to add richness to that data. So a couple of years ago, we started to incorporate our wildfire data and wildfire is just our solution for dealing with the nastiest attacks of what we commonly talk about is the APTs. So that got incorporated into Splunk and then just at .conf today, we announced the inclusion of some SaaS related data from our new SaaS security product called Aperture. So we continue to feed in richer data which just lends itself to a better analytics tool. So let's bump up to a higher level for a few moments for those who are sort of more familiar at the Splunk level. Take us sort of to the era of checkpoint and I guess Cisco's firewalls and tell us how those worked and I want to lead that into by having more context, contextual data in Splunk. How that enables Splunk to make better decisions. Sure, so the problem with the old paradigm of firewalls is the data that's being generated and ultimately fed into Splunk is predominantly port and protocol and IP address information. And so for a mere mortal who's trying to use Splunk to try to make some sense of those constructs, it's just very difficult. It's hard to piece together, well what applications were they using and what were the users and then what was the actual content that was traversing the network. And so that is the big- It was like one step away from what you were trying to get to. And difficult to decipher. So in other words, we can't necessarily associate the use of a port with a particular application. So can I say, oh, was this really somebody that was using Box or was this somebody that was using Skype? But we just present that data in a very natural form and if you just look at the Splunk interface with Palatino's, you're seeing that data so that again, just a mere mortal who's in and who's a security practitioner can start to very quickly make some good decisions about what they want to do. With your firewall though, it sounds like you would know when there is an attempted breach and would prevent that. Is that fair assessment? That's right, we're very focused on prevention. But Splunk by nature is a little more forensic, is it not? No, it's actually complimentary. And when I talk about the nerve center concept is to bring all the data into Splunk, to have high fidelity analytics and high fidelity insights on that. And also the ability that Splunk has to communicate back those information, those signals, and in the case of Palo Alto Networks, for example, we are able to communicate back to one or more firewalls and communicate to the Palo Alto Network solution insights and signals on what is happening in the enterprise. So we actually participate in the prevention of some of these breaches. It is important today, we know that all the data is security relevant. Palo Alto Networks has portfolio around firewall and end point and thread intel. And all of that data is very important to be brought into Splunk. We complement that with application level visibility from HR application or from local devices, from mobile devices. And we are able to reconstruct the proposal and reach back and communicate that back to Palo Alto for action. So is it enriching the information that Palo Alto has to prevent a threat? And is it simultaneously enabling Splunk to do a better job identifying when there has been a breach? Or does it also proactively prevent a breach from the point of view of Splunk? So actually both. Palo Alto Networks gives us access to a lot of very rich data. And there's already a lot of things that can be derived from that particular piece of data. There are instances in which a customer may decide to bring other type of data. And that's also the beauty of Splunk as a platform is to be agnostic to all the data that you can bring in there. So the more data you have, the more you can reconstruct and know exactly what is happening where in the enterprise. Palo Alto participates in that. We do analytics and then we can signal things back into Palo Alto Networks for action. Oh, okay, so you have a data set that enriches the analytics that Splunk can do. Splunk can take those analytics and enrich the data set that you use for prevention. So not only does it enrich it from a prevention perspective, but actually being able to take action. I mean, one of the realities of the current threat landscape is there's so many threats that as much as possible you want to try to automate things. And so one of the clever things that Splunk has done is enable you to actually take action when you've identified some type of anomalous behavior, identified something that's malicious to actually push out a new rule or new policy to our firewall. And the more that can be done in this kind of automated fashion, the more time that the security practitioner has to really dig deep on the really nasty threats and the things that are most threatened. Okay, this is beginning to be really clear now. So bump this up to making a sales call on a chief information security officer or hire, now that we've seen CEOs lose their job for breaches. When you go in, how do you sell against the alternative solutions? So I think if you're a CIO and you're thinking broadly about the problem, you know that you need to have some type of next generation solution in order to deal with this security challenge. And I think the way that a lot of smart CIOs and CSOs are thinking about it is there's a whole set of things that I need to do in terms of control, prevention, and detection. And that's really where Powel to Network shines. And then there's a whole set of other things that you need to do around monitoring, analytics, and remediation. And that's where Splunk really shines. And the fact that we've been able to integrate our products in such a seamless fashion, such an automated fashion, I think gives them a great deal of confidence that this is really the path forward in order to mitigate these types of attacks. And so just in terms of sort of go to market, do reps from both companies make the sales call? And who do they make that sales call to? So we have worked very well with Powel to Networks field people. There's a number of activities around go to market, joint efforts on go to market from roadshows all the way to sales mapping. If I can sum it up in one bad mathematical equation, one plus one equal three, and that's really the value that we provide to our customers. One plus one equal three, when we talk about complementarity of the solutions, when we talk about seamless integration, when we talk about frictionless, cradle to grave movement, when we talk about diminishing the mean time to remediation, Palo Alto Networks and Splunk work very well in that regard. And together we can do some really cool stuff. If a customer is, or prospect is listening to this and they want to engage the two of you, how long would it typically take from, I guess a proof of concept to production? Say for a, you know, of Fortune 50 bank, something like that. So it really depends. I think one of the things that is very interesting about Palo Alto Networks is that their devices are very, very easy to configure, deploy, and operationalize. The same goes for Splunk. We put a lot of time and effort in the whole workflow and user experience. We have developed a lot of native integration points with any vendors. So in large banks that have notoriously heterogeneous environment, you can be up and running very quickly and bringing the value with Palo Alto Networks is instantaneous. There's an app that Palo Alto Networks have developed that instantly gives you access to dashboards and visualization and all kind of analytics and very cool functionality. Excuse me. And so the time to time to value is actually very, very short. So, okay, that was the question and I assume that means if the two are being deployed together for just a security solution as the first use case, then the time to value is, it sounds very short indeed. Yeah, because of the work that both companies have done in the app, it's immediate. I mean, we've thought through a lot of the common dashboards and visualization that people want to do. I mean, there's always going to be some tailoring to someone's particular environment, but that factor of out of the box being able to have something that gives you a lot of the reports and a lot of dashboards that you want, I would submit to you is there today. And we've had the benefit of several thousand customers giving us feedback that we've tried to respond to and incorporate more and more things over time. Okay, with that, Chad Kinzelberg from Palo Alto Networks and Porcas Sadowski from Splunk. Thanks very much for joining us today. This is George Gilbert. We're at the queue at Splunk Live Conference 2015. We'll be back in a few minutes.