Sumo Logic has been one of the pioneers in DevSecOps and log analysis for many years now. In this DevOps Chats, we speak with Founding VP of Product and Strategy, Bruno Kurtic, about the Sumo Continuous Intelligence Platform and how it is taking security into the next era.
Have a listen to this DevOps Chats as Bruno explains how Sumo is trying to meet the challenges of keeping up with the speed of business, today.
As usual, the streaming audio is immediately below, followed by the transcript of our conversation.
Alan Shimel: Hi, everyone, it’s Alan Shimel, DevOps.com. You’re listening to another DevOps Chat. Today’s DevOps Chat features Bruno Kurtic, Founding VP of Product Management and Strategy over at Sumo Logic. Bruno, welcome to DevOps Chat.
Bruno Kurtic: Thank you, Alan.
Shimel: It’s a pleasure to have you here. Bruno, as we were talking off mic, I think our audience is plenty familiar with Sumo Logic, you know, they’ve been one of the—not founding, but one of the building block vendors within the DevOps and DevSecOps kind of movements. But just in case, maybe there are some people who aren’t, do you wanna give us just a quick background?
Kurtic: Sure. So, Sumo Logic is a cloud based machine data analytics platform. We help customers collect data, telemetry, machine data, infrastructure data, application data from all of their mission critical applications and infrastructure. We process that data and provide them with a scalable and secure technology to deliver operational intelligence, use cases such as monitoring, troubleshooting, root cause analysis, security intelligence use cases such as SIM compliance, threat detection and resolution, and also business intelligence use cases for sort of understanding how their customers are using their digital services, how their products are being adopted and so on and so forth.
So, that’s essentially what we do. We deliver this as a cloud based service, so it’s SaaS. Our customers essentially tap into our infrastructure, send us the data, and they then get to use their data and get the insights in real time.
Shimel: And you just joined the company last month?
Kurtic: No, I’m—
Shimel: I’m kidding. [Laughter]
Kurtic: I’m a Founding VP. [Laughter] So, a little bit longer than a month, I’d say maybe two months, maybe close to 10 years—here we go, right?
Shimel: Close to 10 years. Ten years goes in the blink of an eye, doesn’t it?
Kurtic: It does, it really does. It’s really astonishing. Sometimes, it feels like a really long time, and sometimes, it’s like it was yesterday, right? And so, it depends on the day.
Shimel: Unbelievable. Yep. I agree. I’ve been there and done that. The last startup I did before MediaOps, I did nine years, and it just—
Kurtic: Oh, okay, there you go.
Shimel: I know how that goes. Anyway—so, Bruno, thank you for joining, thanks for the background. But let’s, I wanted to jump into continuous intelligence, which is, you know, kinda the phrase that Sumo Logic is gathering around. And of course, you know, in DevOps, we have continuous everything, right?
Shimel: But continuous intelligence—continuous intelligence, excuse me. What do we mean by it? What does it mean in the terms of the way Sumo uses it?
Kurtic: That’s a great question. And actually, sort of, this whole, the purpose of this platform that we’ve built, it really is to provide the continuous intelligence through a digital enterprise, right? And what we mean by continuous intelligence is the following.
As you just said a couple seconds ago, in DevOps, everything is continuous, right? You continuously push code to production, you do continuous testing, continuous integration, right? And you’ve got continuous feedback from your application services that you deliver and then you take that feedback into your product development cycle and you continue to improve, right?
When we talk about continuous intelligence, we recognize and see that in this world of high speed software development and digital economy that the data generated by production application, mission critical applications and services that serve customers and generate revenue—collecting that data is important in real time, and this data is ubiquitously applicable, right? This is not just for DevOps teams to manage the applications, it’s not just for security teams to secure those applications. This data is relevant to the entire digital business, right? It’s useful to product managers to understand how their products and services are being used. It’s useful to sales and marketing teams to understand how the customers and prospects are leveraging their digital services. It’s useful to finance teams to understand how the—what’s the cost, behavior, and other things related to those digital services.
So, continuous intelligence, it basically refers to this continuous need for data in the business to continue to improve how it operates, how it competes, how it delivers value to the customers, how secure, how to secure those properties and so on, right? So, it’s ubiquitously applying the data that’s generated by the digital services across all those use cases.
Shimel: Fantastic. You know, an aspect to this and an aspect to a lot of DevOps as well as DevSecOps is automation.
Shimel: But, you know, Bruno, my time in security, if I learned anything is, sometimes, people don’t embrace automation because they’re afraid of security run amok, right? I’m gonna block the CEO’s email or I’m gonna shut down a critical application or, you know, business process.
Shimel: So, how do you reconcile, right—and so, it’s one thing to gather intelligence, actionable intelligence, as we used to call it, right, and on a continuous basis make adjustments and stuff, but to really, to move at the speed of business today, you then have to, you almost are forced to automate, right, responses and so forth.
Kurtic: Right, absolutely. So, you know, you bring a very valid point. Like, you know, my entire career has always been in enterprise software and the last 12, 14 years has been in this specific area of sort of monitoring and troubleshooting security. And it has always been the case that—not just on the security side, that our remediation, you know, people are scared of, it’s also on the operation side, right?
Kurtic: You know, should I—when do I trigger auto scaling, when do I not and all this stuff, right? And, you know, we’re now getting much better at that, but you know, if you look at the history just this last decade, it has been a tricky area for enterprise to adopt.
And so, you know—but I don’t think it’s possible to not. Like, we, just like you said, the speed of business demands that we make automated actions based on data that we are observing, and there are some insights we get from that data.
The challenge has been, is how good are your insights, right? The tricky part is, I used to be in the SIM space, S-I-M space, so on the security side prior to Sumo Logic. And, you know, it was tricky to be able to sort of adopt full automation based on those security rules, because those security rules themselves were fragile, right?
Kurtic: They weren’t necessarily overly deterministic, you could get false positives, you could block CEO’s e-mail, you know, inadvertently and prevent something important from happening. And so, it was a—in those days, it was much harder to sort of bet on that automation, right?
As you fast forward to now, when you apply advanced analytics—this is why we call our platform an intelligence platform. When you apply advanced analytics, you know, more sophisticated technologies like machine learning and AI, when you start sort of looking across not at individual incidents and alerts, but you start looking across multiple incidents to really have a better understanding of what’s the actual impact of these events that I’m observing, then you can start, you know, making those automated actions.
And of course, there’s always gonna be things you will not know how to act on, right, which then goes into a wholly different pipeline that, where you enable people to understand what’s actually happening and then decide, in the future, do I wanna make this an automated action or not. But basically, as we go through this cycle of, you know, capture a new unknown, learn what it is, route it to the right place—when it becomes unknown, it gets added to that sort of automation engine, and eventually, you keep sort of reducing the number of manual steps you need to perform to run a good business, to run a secure business or whatever it might be at the use cases.
And so, we’re not done, right? There’s still plenty of situations where you’re not gonna wanna take an automated action. But I think at this point, we’ve achieved the level of intelligence to make that automation actually be useful without hurting you.
Shimel: It does my heart good, man. [Laughter] I gotta be honest. So, I think I mentioned to you off mic that my last startup was a security company I started in 2001, and that’s when we were making the move from, like, IDS to IPS, right? Intrusion detection to prevention, which meant automated blocking of traffic.
Shimel: And, you know, I always thought it was a no brainer, but it really wasn’t, because the state of the art at the time was, we didn’t have an intelligence platform.
Kurtic: That’s right.
Shimel: You know, we were constantly trying and striving, but, you know, it just wasn’t there. So, Bruno, what would you—and, you know, there’s a tough one—what would you point to that has really sort of moved the needle in this evolving intelligence platform that you could say, “Hey, man, you can trust this now, right, because 99 out of 100 is making the right choices, or 999 out of 1,000.”
What is—you know, you alluded to it, but let’s get down into it. What’s providing, what do you think triggered it? What do you think was the breakthrough?
Kurtic: Yeah, so, I would say that it’s definitely not one thing, right? It’s multiple things.
Shimel: Yeah. It never is, right?
Kurtic: Exactly. So, I’d say it’s sort of, you know, there’s a few sort of things that have occurred in the last decade at least that we have done internally to bridge this gap, right? At first, the old systems were siloed. They were not scalable enough to actually be able to ingest all of the telemetry required to make these decisions, right?
So, you have to compromise. Like, if you’re sort of familiar, since you’re familiar with IDS and IPS, you might be familiar somewhat with the old SIM systems, right?
Kurtic: The SIM systems of the old age were, you know—you have to compromise. You couldn’t scale them sufficiently to accept all the telemetry, and so, you have to continue to reduce the amount of data that you were sending into them. And when you have limited visibility, it is much harder to be able to make a deterministic decision on what you can act on automatically, right?
We’ve built a highly scalable, cloud based microservices multi-tenant back end that can basically accept literally almost an unlimited amount of data, right? And so, we get all the data and all the required telemetry to be able to make those decisions, which then creates a different problem, right? Now that you have all the data, how do you actually make sense of it all, right? And, you know, the data analytics techniques have dramatically improved over the last decade. You know, the old world used to be strictly rule based, and if you know this in sort of the IDS and IPS world, like, it’s basically signatures, right? In the SIM world, it was rules, right?
And now we’ve moved away from that, right? We don’t even require our customers to tell us what the schema of their data is, because in the new world of high speed software development and DevOps, there is no schema, right? Developers put whatever they want into their logs of whatever metrics are coming from that infrastructure. And so, you need to be able to deal with the fact that this data has no schema and you’re gonna have to deal with the schema on demand and still need to be able to derive intelligence from that.
So, we built a back end that then allows any data to be ingested, any data to be indexed and analyzed. And then, as you analyze that data, we realized very quickly that even if you have a very scalable back end and a very open ended sort of platform that can accept any data, giving a human a keyboard and a coding language is insufficient in empowering that human to actually construct what they actually want to derive out of this, right?
So, we invested heavily into a couple of things. One is, you know, from the very beginning, we invested into automated techniques for analysis—advanced statistical analysis, machine learning, and things like that, that basically are special purpose built for these types of data systems where, you know, they detect anomalies, they detect outliers. They enable you to sort of remove 99.9% of stuff that is noise and sort of highlight and find all of those things that are real signals in that data.
And the second part that we talked about last year, which was one of the big innovations we delivered, was something that we called global intelligence service, which basically leverages all this telemetry that we see across sort of the global infrastructure that we run. And it’s able to sort of derive what I would call best in class behavior. What are you expecting to see to happen on this type of infrastructure, right? If I see 1,000 pieces of infrastructure that is common across hundreds of our customers, and I know that this is what’s normal—well, that can tell me whether your stuff is normal as well, right?
So, there are all these novel heuristics analysis techniques that can inform those decisions as you then run those automations on the back of them.
Shimel: Yeah. So, you mentioned, Bruno, you were working—was that on ArcSight before, or a different SIM?
Kurtic: No, actually, my other founding members were at ArcSight. I was at a company called SenSage, which was competing with ArcSight.
Shimel: Okay. I—yeah, those were my days, those were my peeps.
Shimel: But, you know, you’re 100% right. You know, they say you can’t make wine before it’s time. And as much money and effort and blood, sweat, and tears that we poured into SIMs back then, they were almost at some level doomed for failure, just because it was state of the art, right? It was—
Shimel: You were always trying to dumb down the amount of signal in there and reduce the signal to noise and what you can do and what people would trust with it. And, you know, in many ways, kinda that, that right there, the flip side of that is kind of the success story behind Sumo Logic—right platform at the right time.
Kurtic: That’s right. That’s—and we’ve learned those lessons, right? All of the founding teams, Sumo has seen how it worked before, right? And when we started the company, we wanted to build something different, take this to the next level, and that has been the task for the last 10 years.
Shimel: Yeah, 10 years in the making, another overnight success. [Laughter]
Kurtic: Right, yeah.
Shimel: Now, we’ve got this platform, we are—you know, we’re in the right place at the right time. Let’s assume we are. Where do we go from here? Where do we go from here?
Kurtic: So, where do go from here? So, you know, where we go from here, I think, is—we, as a company, sort of, we deliver on this vision of the continuous intelligence category and platform for our customers. Where we are moving into is, we’re moving into sort of fine tuning and shipping multiple products that are optimizing the outcomes for specific user personas and use cases.
So, I’ll give you some sort of examples of that. You know, on the DevOps side, right, we’ve spent a lot of time on the use cases around cloud, multi-cloud, packaging out of the box solutions for people running in AWS, GCP, in Azure. We recently introduced a, what we call a Kubernetes solution. So, as more and more of our customers move into solutions like—into platforms like Kubernetes and containers and serverless, they’re looking for out of the box insights that, as soon as you plug the data coming out of these platforms into a platform like Sumo Logic, they want to know what—how is my application, how is my platform doing, right?
So, we’re spending more and more delivering special purpose insights on top of these specific use cases and areas for specific personas. On the security side, we are sort of extending our product set into things like the cloud SIM, you know, tuning it for compliance, again, across specific domains. Like, if you are running on premise or in multi-cloud or in single cloud, we want to deliver more and more specialized packages that basically enable our customers to consume this without having to think too hard about it, right?
Kurtic: The old SIMs were difficult, because you had to write all this stuff yourself, right?
Shimel: Agreed, agreed.
Shimel: And I think, you know, it’s almost continuous automated intelligence for DevSecOps.
Shimel: Right? And I’m not saying that’s the end of the road or the end of history as we know it, right, because we’re in a constant cat and mouse game and as things change, but it really is such a different place than we were 10 years ago, or even five to seven years ago, for that matter, right?
Kurtic: That’s right, yep.
Shimel: Bruno, let me ask you personally, right? Ten years in here, you are, you know, the key person developing this, you’ve got this to where it is—what gets you juiced in the morning, man?
I know I love doing what I do now, right? I got out of the software game, I’m a media person, I love building my company and doing it. What gets you excited in the morning about coming to Sumo and doing this?
Kurtic: Thanks for the question. It’s actually, you know, if I kind of, when I look at what’s happening, what are the undercurrents here of this market that we’re in, right? We talked about use cases and all this, but the undercurrent here is that there is a massive transformation that’s happening in the technology landscape, right? And the transformation is driven by the business transformation occurring in all industries today, right? Everybody’s—every company is getting remade from inside to go from a traditional business model to a digital business model.
And these digital business models are then meaning that every single company is becoming, essentially, a software company. And they’re competing not on manufacturing or whatever business they were in, they’re competing on delivering products and services—digital products and services to their customers.
So, essentially, the entire GDP is gonna be based on software, right? And in order for all of these enterprises and government organizations, you name it, to do this effectively, they’re all going through basically modernizing of how they do their technology, how they build their applications, how they develop them, how they understand them, how they improve them, how they optimize them.
And we are just at the very, very beginnings of what this market is going to need, right? And I think our goal from the very beginning has been that we kind of want to be that platform for the digital business that’s leveraging all this new stuff, and to enable those users to actually do this effectively. And the challenge that those users have today are sort of, they seem insurmountable today. There’s so much data, right? There’s so much digital exhaust that they have to contend with. The skill sets available to them to actually adopt these technologies are very, very scarce, right? But everybody is going there because there is no other way.
And so, to me, this is really exciting. We are sort of at this crossroads, this sort of fork and every 18 months today there’s a massive paradigm shift in technology. And, you know, every 18 months, we have to think really hard about how do we now do this and help our customers do that? You know, it’s no longer like two decades ago when it was like, you know, your three tier applications and that trend is going on for 20 years, right? Now, we’ve gone from on-prem, three tier, to cloud, to microservices, to Kubernetes, to containers, to serverless, and God knows what’s gonna happen in six months, right?
And that’s just really exciting, and having to build—building a company that can respond to that and support our customer base as they go there so they can compete better is extremely exciting for me. And so, that’s what keeps bringing me back and keeps me smiling when I wake up in the morning.
Shimel: Great answer, man. You know what? It’s a great time to be alive and in this industry, it really is. There’s so much happening.
Kurtic: It really is.
Shimel: We’re on the precipice of so much more, though. Because it’s like—you know, the more we accomplish, the more we can accomplish. And that, I think it keeps a lot of us in this, right?
Anyway, Bruno, I told you we were gonna do this for 15 minutes, and we’re closer to a half hour now, I apologize. [Laughter]
Kurtic: No problem.
Shimel: But it was a great conversation, I’m really happy we got caught up on Sumo, you know, and the continuous intelligence platform. You guys are gonna be at RSA, yeah?
Kurtic: We will.
Shimel: Yep. So, I’m gonna try my best to have this up for our audience listening to this, RSA is the week of February 24th in San Francisco, and if you’re attending RSA Conference, go check out the Sumo Logic booth.
Also, we’re gonna be putting on a whole DevSecOps event conference within a conference at RSA on Monday, February 24th at Moscone—I think we’re in Moscone West this year. So, if you have an RSA bench and you want to talk DevSecOps, come join us there. We have a great lineup of speakers. We also can visit the Sumo booth at RSA Conference, which is, I think it starts Monday night the 24th, the expo floor opens and it runs through Friday. So, check that out—shout out to our friends at RSA.
Bruno, thanks very much, man. Say hello to all of our Sumo Logic people. Keep up the great work.
Kurtic: Will do. Thank you, Alan. Appreciate it.
Shimel: Alright. This is Alan Shimel for DevOps.com. You just listened to another DevOps Chat.