theCUBE Interviews Anomali at Splunk .conf19
At Splunk .conf19, theCUBE host John Furrier sat down with Jill Cagliostro, Product Strategist at Anomali, to discuss an array of topics related to cybersecurity. Splunk .conf is an educational and thought leadership event for thousands of IT, security and business professionals wanting to unleash the power of their data.
Highlights from the interview:
- Ms. Cagliostro’s journey to a career in cybersecurity and how she is helping other women learn about roles in the industry that go beyond coding
- An overview of how Anomali seamlessly integrates with Splunk, allowing an organization to manage their threat intelligence effectively
- Anomali enables customers to operationalize their threat intelligence
- Anomali Lens™ is the latest product from Anomali, which scans and converts unstructured data such as news stories and internal content sources like SIEM user interfaces, into actionable threat intelligence
- How to quickly and effectively answer the question, “Were we impacted?” by using Anomali Match™
- Why sharing threat intelligence is crucial and how threat intelligence platforms allow organizations to share information at a larger scale than ever before while staying anonymous
Get more information on these topics:
Anomali APP Store
Learn more about threat intelligence sharing.View Transcript
NARRATOR: Live from Las Vegas, it's the Cube.
Brought to you by Splunk.
Welcome back, everyone.
It's Cube's live coverage day three of our three days of coverage of .conf from Splunk.
This is their 10th anniversary.
And the Cube has been there along the way, riding the data wave with them, covering all the action.
Our next guest is Jill Cagliostro, who's a product strategist at Anomaly.
She also has a sister in cyber.
So she's got the cyber sister going on.
Jill, great to have you on.
Looking forward to hearing about your story.
I'm glad to be here.
I've been in the security industry for about seven years now.
I started when I was 19.
And my sister had started before me.
She's a few years older than me.
And she started out doing defense contracting on the cyber side.
And she just kind of ended up in the internship looking for a summer job, and she fell in love.
And as I got to learn about what she was doing and how it all worked together, I started to pursue it at Georgia Tech.
I joined our on-campus hackers club, Gray Hat.
I was the first female executive.
That was fun.
I ended up getting an internship from there with ConocoPhillips and Bishop Fox and moved on to the vendor side eventually with a brief stop in security operations.
And so you have a computer science degree from Georgia Tech.
Is that right?
I do, and I'm actually pursuing my masters in their online master's and cybersecurity program right now as well.
Georgia Tech, great school, one of the best computer science programs.
I've been following them for years.
Amazing graduates have come out of there.
We've got some pretty impressive graduates.
So you just jumped right into cyber?
More women are coming in, more than ever now because there's a big surface area security.
What attracted you to cyber?
So I love that it's evolving, and it allows you to think about problems in different ways, right?
It's a new problem.
There's new issues to solve.
And I'd been exposed to technology from a young age.
I went to an all-girls high school, which had a really strong focus on STEM.
So I took my first computer science class at 15.
And it was in an environment of all women that were incredibly supportive.
I've actually started a scholarship at our high school to get more women to look at technology longer-term as career options.
And I go back and speak and teach them that technology is more than coding.
There's product management.
There's customer success.
There's sales engineering.
There's so much more in the space than just coding.
So I really tried to help the younger generation to see that and explore their options.
That's a great point.
And when I was in the computer science back in the '80s, it was coding.
I got lucky with systems also.
A lot of operating systems and the Linux revolution was just coming on the scene.
But it's more than that.
There's a whole creative side of it.
There's a nerdy math side.
The user experience.
JOHN FURRIER: There's a huge area.
Workflows and processes is something that is so needed in the security industry, right?
It's how you do everything.
It's how you retain knowledge.
It's how you train your new staff.
And even just building processes is something that can be tedious, but it can be so powerful.
And if that's something you're used to doing, it can be a great skill to build.
Well, you're here.
It's our third day at .conf, our seventh year here.
What's your take of Splunk?
Because you're coming in.
Guns blaring in the industry.
You got your cyber sister.
She's at AWS.
You see Splunk now.
They've got a lot of capabilities.
What's the security conversations like?
What are people talking about?
What's the top story in your mind here at .conf for security in Splunk?
So I'm actually a Splunk certified architect as well.
Splunk was one of the first security tools that I really got to play with.
So it's near and dear to my heart.
And I get to work with-- I'm over at Anomaly, which is a threat intelligence company.
And I get to work with our Splunk integration.
So what we do is we enable you to bring your intelligence into Splunk to search against all of the logs that you're bringing there to help you find the known bad in your environment.
And so that's if you're a Splunk enterprise customer.
It's on core.
But if you're enterprise security customer, they have the threat Intel component of their product, which we integrate with seamlessly.
So the components are really easy to work with.
And we help you manage your intelligence a little bit more effectively so you can significantly reduce your false-positive rate while working within the framework you're comfortable in.
JOHN FURRIER: What's the problem statement you guys solved?
Are there one specific thing?
Yes, there's quite a few issues, right?
I would say the biggest thing that we solve is enabling our customers to operationalize their intelligence.
There's so much information out there about the known bad and CSOs and CEOs are sending emails every day.
Are we impacted?
Are we safe?
And we enable you to answer those questions very easily and very effectively.
One of the other big trends we see is there is an issue in knowledge gaps, right?
The industry is evolving so quickly.
There's so much to know, data on everything.
So we have another way that we can work with Splunk that isn't a direct integration.
And it's our product called Anomaly Lens.
And what it does is it uses natural language processing to interpret the page that you're on and bring the threat intelligence to you.
So if you're looking at a Splunk search page, investigating an incident on brute force, and you have a seemingly random list of IPs in front of you and you need to know what does everyone else know about these.
To make your job easier, you can scan it with Lens and it'll bring the information right there to you.
You don't have to go anywhere else.
You can stay in the Splunk UI that you love.
What are some exciting things you're working on now that you think people should know about?
That it may be covered in the press or in the media or in general, what are some exciting areas that are happening?
Yes, so Lens is pretty exciting for us.
We just launched that last month.
We're doing a lot.
So we also have a product called Anomaly Match, which is purpose-built for threat Intel.
Because often what we see is when a breach happens, the indicators that you need to know if they're in your environment, they don't come to light until six months to a year later.
And then being able to go backwards in time to answer that question of were you impacted, can be very difficult and very expensive.
Anomaly Match is purpose-built to answer those questions.
So as the indicators become available, you know immediately was I impacted on the order of seconds.
So it just enables you to answer your CEOs is a little faster and get better visibility into your environment.
So when you look at the data to everything, how do you see it evolving?
As more volume comes in, there's more threat surface area out there.
And can be used to increase and expand.
How should people be thinking about it?
As they zoom out and think architecturally.
I've got to layout my enterprise strategy.
I bought a few tools.
I tried a few platforms.
But I need a broader playbook.
I need something bigger to help me-- You got to take a step back and get a little altitude, JOHN FURRIER: Yeah.
Take a step back.
Yeah, so threat intelligence should really be driving your whole security practice.
We already know for the most part who is attacking who and what they're trying to do.
And so threat intelligence shouldn't just be an integration into Splunk.
Although that is a critical component of it.
It should be informing your security practices, where you stand up offices.
There may be locations that are a higher risk for you as a particular type of entity.
And all this information is available.
But you have to just get access to it.
You need one place to stop where you can Google the threat intel.
And that's what Anomaly Threat Stream, our flagship product, aims to do.
And Lens just makes it more accessible than ever.
Rather than having a go look it up yourself, it brings it to you.
And so we're trying to augment the knowledge base without having to memorize everything.
That's what we need to do.
Is we need to find ways to bring this information and make it more accessible so you don't have to look in three tools to find it.
I got to ask you to change topics.
As the younger generation comes into the industry, one of the things that I'm seeing as a trend is more developers are coming in.
And it's not just so much DevOps.
As clouds [INAUDIBLE],, we love DevOps.
But network ops and security ops are also a big part of it.
People are building applications now.
You're seeing startups.
There's been tech for good startups coming out, where you're seeing great examples of people literally standing up applications with data.
What's the young generation?
Because there's a hacker culture out there that can move fast, solve a problem.
But they don't have to provision to a lot of stuff.
That's what cloud computing does.
But now Splunks of the world.
Data is becoming more accessible.
Data is the raw material to get that asset or that value.
What are the developers?
How do you see the developers programming with data?
So they're looking at their jobs and saying, what am I bored doing that I have to do over and over every day and how can I automate it?
So there's a lot of [INAUDIBLE] technology Splunk also has Phantom.
And that's enabling our developers, our younger generation who grew up around Python and coding to quickly plug a few pieces together and automate half their jobs, which gives them the time to do the really interesting stuff.
The stuff that requires human intervention and interpretation and analysis that can't be coded.
And it's just giving us more time and more resources What kind of things are they doing with that extra time?
Pet projects or critical problems?
So many pet projects.
What are you interested in?
I've seen things being done to mine bitcoin on the side to make a little extra cash.
That's always fun.
I've seen people automate their social media profiles.
I've seen threat researchers use scripting to help them find new information on the internet and reshare it to build their public brand.
That's a really big component of the younger generation that I don't think was as big in previous generations where your public brand matters more than ever.
And so we're bringing that into everything we do.
It's not just a job.
It's a lifestyle.
Sharing is a big ethos too.
How important is sharing data in the security code?
I mean, sharing data has been happening forever.
Company A has always been calling up their friend at company B.
Hey, we see this thing.
You might want to take a look.
But you didn't hear it from me.
But threat intel platforms, Not just Threat Stream, but all of them, allow you to share information at a larger scale than ever before.
But it also gives you the ability to remain anonymous.
Everyone's really scared to put into writing.
Hey, we saw this at our company.
Because there's the risk of attribution.
There's legal requirements.
But with automated sharing, you can be a little bit anonymous.
So you can help the others be protected without exposing yourself to additional risk.
Jill, you're awesome to have on the Cube.
Love to get the perspective of the young up and coming.
JILL CAGLIOSTRO: Thank you.
Computer science cyber.
JOHN FURRIER: Where did she work?
She's over at AWS now.
She just moved over a couple of weeks ago.
We actually used to work together AT Anomaly.
She did pre-sales and I did post-sales.
It was a lot of fun.
And she hooked you into security, isn't she?
For better or worse.
Although, I hope she's not watching.
She'll get a clip of this.
I'll make sure.
Jill, final question.
The Splunk this year, .conf, what's your takeaway?
What are you going take back to the office with you or share with our friends as they say, hey, what was the big story happening at Splunk this year?
What's going on here this year?
The big thing is the data.
The data is more accessible than ever before.
So we're being challenged by Splunk to find new ways to use it, to innovate new ways.
And I think that's kind of been their messaging the whole time.
Hey, we're giving you the power to do what you want.
What are you going to do with it?
This is my third Splunk conference in a row.
And every year, it just gets more and more exciting.
I can't wait to see what next year holds.
They allow people to deal with data.
Messy data to good data.
Clean it up.
JOHN FURRIER: Clean it up.
To make it easy to search across multiple data sources from one command line.
Their user experience is the most intuitive I've used in terms of log management solutions.
Jill, great to have you.
Thanks for sharing the data here on the Cube.
Thank you so much, John.
Sharing data on the Cube as we do.
We bring the data out of the guests.
We try to create it for you.
Of course, we're data-driven.
We're Cube driven.
I'm John Furrier here from .
The 10th anniversary, we've been here in the beginning.
Riding the data tsunami waves.
Waves plural, because as more waves coming.
I'm John Furrier.
Thanks for watching.