Jill Cagliostro, Anomali | Splunk .conf19


>>Announcer: Live from
Las Vegas, it’s theCUBE, covering Splunk .conf19 , brought to you by Splunk.>>Okay, welcome back, everyone. It’s theCUBE’s live coverage of, we’re on day three of our three days of coverage of .conf from Splunk. This is their 10th anniversary, and theCUBE has been there along the way, riding the data wave with
them, covering all the action. Our next guest is Jill Cagliostro, who’s a product strategist at Anomali, who also has a sister in cyber. So she’s got the cyber sisters going on. Jill, great to have you on. Looking forward to
hearing about your story.>>Great, thanks. I’m glad to be here. I’ve been in the security industry for about seven years now. I started when I was 19, and my sister had started before me. She’s a few years older than me, and she started out
doing defense contracting on the cyber side. And she just kind of ended up in the internship
looking for a summer job, and she fell in love. And as I got to kind of learn
about what she was doing and how it all worked together, I started to pursue it at Georgia Tech. And I joined our on campus
hacker’s group club, Grey Hat. I was the first female executive. That was fun. I ended up getting an
internship from there with ConocoPhillips and Bishop Fox, and moved on to the vendor side eventually with a brief stop in security operations.>>And so you have a
computer science degree from Georgia Tech, is that right?>>I do, and I’m actually
pursuing my master’s in their online master’s
in cyber security program right now as well.>>Awesome. Georgia Tech, great school. One of the best computer science programs. Been following it for years. Amazing graduates come out of there.>>Yeah, we’ve got some
pretty impressive graduates.>>So you just jumped
right into cyber, okay. Male-dominated field. More women are coming
in, more than ever now because there’s a big
surface area in security. What’s your– What attracted you to cyber? So, I love that it’s evolving, and it allows you to think about problems in different ways, right. It’s a new problem, there’s
new issues to solve, and I’ve been exposed to
technology from a young age. I went to an all girls high school which had a really strong focus on STEM. So, I took my first computer
science class at 15, and it was in an environment of all women that were incredibly supportive. I actually started a
scholarship at our high school to get more women to look
at technology longer term as career options, and I go back and speak and teach them that technology is more than coding. There’s product management,
there’s, you know, customer success, there’s
sales engineering, there’s marketing, there’s
so much more in the space than just coding. So, I really try to help the
younger generation see that and explore their options.>>You know that’s a great
point, and, you know, when I was in the computer
science back in the ’80s, it was coding. And then it was–well, I got
lucky it was systems also, a lot of operating systems, and Linux revolution was just
begun coming on the scene. But it’s more than that. There’s data, data analytics. There’s a whole creative side of it. There’s a nerdy math side.>>The user experience.>>John: There’s a huge area.>>Work flows and processes
is something that is so needed in the security industry, right. It’s how you do everything. It’s how you retain knowledge. It’s how you train your new staff. And even just building processes, is something that can be tedious, but it can be so powerful. And if that’s something
your used to doing, it can be a great field to build.>>Well, you’re here. It’s our third day at the .conf, our seventh year here. What’s your take of Splunk, because you’re coming in
guns blaring in the industry. You’ve got your cyber
sister; she’s at AWS. You see Splunk now. They’ve got a lot of capabilities. What’s the security conversations like? What are people talking about? What’s the top story in your mind here at .comf for security and Splunk?>>Yeah, so I’m actually a Splunk certified architect as well. Splunk was one of the first security tools that I really got to play with, so it’s near and dear to my heart. And I get to work with–
I’m over at Anomali, which is a threat intelligence
company, and I get to work with our own art, Splunk integration. So, what we do is we enable you to bring your intelligence into Splunk to search against all of the
logs that you’re bringing there to help you find the known
data in your environment. And so, that’s if you’re a
Splunk Enterprise customer or Splunk Core. But if you’re an Enterprise
Security customer, they have the threat intel
component of their product, which we integrate with seamlessly. So, the components are
really easy to work with, and we help you manage your intelligence a little bit more effectively, so you can significantly
reduce your false positive rate while working within the
framework you’re comfortable in. And one of the–
>>What’s the problem– What’s the problems statement
that you guys solve? Is there one specific thing?>>God, there’s–Yes there’s
quite a few issues, right. I would say the biggest
thing that we solve is enabling our customers to operationalize their intelligence. There’s so much information
out there about the known bad, and CCOs and CEOs are
sending emails every day, “Are we impacted? “Are we safe?” And we enable you to answer those questions very easily
and very effectively. One of the other big trends we see is there is an issue in
knowledge gaps, right. The industry is evolving so quickly. There’s so much to know.
Data on everything, right. So, we have another way
that we can work with Splunk that isn’t a direct integration, and it’s our product called Anomali Lens. And what it does is it uses
natural language processing to interpret the page that you’re on and bring the threat intelligence to you. So, if you’re looking at a
Splunk search page, you know, investigating an incident on brute force, and you have a seemingly random
list of IPs in front of you, and you need to know what does everyone else know about these, to make your job easier,
you can scan it with Lens, and it’ll bring the
information right there to you. You don’t have to go anywhere else. You can stay in the
Splunk UI that you love.>>What’s some exciting
things you’re working on now that you think people should know about that if maybe covered in the press or in the media or in general? What is some exciting
areas that are happening?>>Yeah, so Lens is
pretty exciting for us. We just launched that last month. We’re doing a lot. So, we also have a product
called Anomali Match, which is purpose built for threat intel because often what we see
is when a breach happens, the indicators that you need to know if they’re in your environment,
they don’t come to light until six months to a year later. And then being able to go
backwards in time to answer that question of were you impacted can be very difficult and
very expensive, right. Anomali Match is purpose built
to answer those questions. So, as the indicators become available, you know immediately was I
impacted on the order of seconds. So, it just enables you to
answer your CEOs a little faster, right, and get better visibility
into your environment.>>So when you look at data to everything, how do you see it evolving
as more volume comes in? There’s more threat
surface area out there.>>Right, and continues
to increase it’s bounds.>>How should people be thinking about it as they zoom out and
think architecturally, “I got to lay out my enterprise strategy. “I bought a few tools
that try to be platforms, “but I need a broader playbook. “I need something bigger to help me.”>>You’ve got to take a step back and get a little altitude, right?>>John: Yeah, take a
little step back, yeah.>>Yeah, so threat intelligence
should really be driving your whole security practice. We already know, for the most part, who’s attacking who and
what they’re trying to do. And so, threat intelligence
shouldn’t just be an integration into Splunk, although that is a
critical component of it. It should be informing, you
know, your security practices where you stand up offices. There may be locations that
are higher risk for you as a particular type of entity. And all this information is available, but you have to just get access to it. You need one place to stop where you can google the threat intel, and that’s what Anomali ThreatStream, our flagship product, aims to do. And Lens just makes it
more accessible than ever. Rather than having to
go look it up yourself, it brings it to you. And so, we’re trying to
augment the knowledge base without having to memorize everything. That’s what we need to do
is we need to find ways to bring this information
and make it more accessible so you don’t have to look
in three tools to find it.>>So, I got to ask you and change topics. As the younger generation
comes into the industry, one of the things that I’m seeing as a trend is more
developers are coming in. And it’s not just so much
devops, whose clouds gray, we love devops, but ops,
network ops and security ops, are also a big part of it. People are building applications now. So, like, you’re seeing startups that have been tech for
good startups coming out, where you’re seeing a great examples of people literally standing
up applications with data. What’s the young generation– because there’s a hacker culture out there that can move fast, solve a problem, but they don’t have to
provision a lot of stuff. That’s what cloud computing does. But now Splunk’s the world. Data’s becoming more accessible. Data’s the raw materials to
get that asset or that value. What are developers– how do you see the developers
programming with data?>>So, they’re looking
at their jobs and saying, “What am I bored doing “that I have to do over
and over every day, “and how can I automate it?” So, there’s a lot of store technology. Splunk also has Phantom, and
that’s enabling our developers, our younger generation who grew
up around Python and coding, to quickly plug a few pieces together and automate half their jobs, which gives them the time to do the really interesting stuff, the stuff that requires human intervention and interpretation, and
analysis that can’t be coded. And it’s just giving us more time and more resources to put–>>What kind of things are they
doing with that extra time? Creative things, pet projects,
or critical problems?>>Oh, God, so many pet projects. God, what are you interested in? I’ve seen things being done to like mine bit coin on the side, right, to make a little extra cash. That’s always fun. I’ve seen people automate
their social media profile. I’ve seen threat researchers use scripting to help them find new
information on the internet and reshare it to build
their public brand. That’s a really big component
of the younger generation that I don’t think was as
big in previous generations, where your public brand
matters more than ever. And so, we’re bringing
that into everything we do. It’s not just a job, it’s a lifestyle.>>Sharing’s a big
ethos, too, sharing data. How important is sharing
data in the security culture?>>Oh, it’s critical. So, I mean, sharing data’s been happening for forever, right. Company A has always been calling up their friend at company B, “Hey, we see this thing. “You might want to take a look, “but you didn’t hear it from me,” right. But through intel platforms, not just ThreatStream but all of them, allow you to share information at a larger scale ever than ever before. But it also, it gives you the
ability to remain anonymous. Everyone’s really scared
to put into writing, “Hey, we saw this at our company,” ’cause there’s the risk of attribution, there’s legal requirements, right. But with automated sharing you
can retain a little bit of– you can be a little bit anonymous. So, you can help the others be protected without exposing yourself
to additional risk.>>Jill, you’re awesome
to have on theCUBE. Love to get the perspective of the young, up and coming, computer
science, cyber, cyber sister.>>Cyber sister.>>John: You can just,
other–where does she work? Amazon?>>She’s over at AWS now. She just moved over a couple of weeks ago. We actually used to work
together at Anomali. She did presales, and I did post sales. It was a lot of fun.>>And she hooked you
into security, didn’t she?>>Oh, she did, for better or worse, although I hope she’s not watching.>>She will. She’ll get a clip of this, I’ll make sure. Jill, final question. The
Splunk this year .conf, what’s your takeaway? What are you going to
take back to the office with you or share with
your friends if they say, “Hey, what was the big story
happening at Splunk this year?” What’s going on here this year?>>The big thing is the data. The data is more accessible
than ever before, so we’re being challenged by Splunk to find new ways to use it, to innovate new ways. And I think that’s kind of been their messaging the whole time, “Hey, we’re giving you the
power to do what you want. “What are you going to do with it?” This is my third Splunk
conference in a row, and every year it just gets
more and more exciting. I can’t wait to see what next year holds.>>They allow people to deal with data, messy data to good data.>>Clean it up.>>John: Clean it up>>Make it easy to search
across multiple data sources from one command line. Their user experience is
the most intuitive I’ve used in terms of the log management solutions.>>Jill, great to have
you, great insights. Thanks for sharing the data
>>Thanks so much, John.>>John: here on theCUBE. Sharing data on theCUBE,
that’s what we do. We bring the data, the guests,
we try to create it for you. Of course, we’re data-driven,
we’re a CUBE-driven. I’m John Furrier, here from
.conf, the 10th anniversary. We’ve been here from the beginning, riding the data tsunami waves. Waves plural ’cause
there’s more waves coming. I’m John Furrier. Thanks for watching. (upbeat music)

Leave a Reply

Your email address will not be published. Required fields are marked *