Sumo Logic has been one of the pioneers in DevSecOps and log analysis for many years now. In this DevOps Chats, we speak with Founding VP of Product and Strategy, Bruno Kurtic, about the Sumo Continuous Intelligence Platform and how it is taking security into the next era.
Have a listen to this DevOps Chats as Bruno explains how Sumo is trying to meet the challenges of keeping up with the speed of business, today.
As usual, the streaming audio is immediately below, followed by the transcript of our conversation.
Transcript
Alan Shimel: Hi, everyone, itโs Alan Shimel, DevOps.com. You’re listening to another DevOps Chat. Todayโs DevOps Chat features Bruno Kurtic, Founding VP of Product Management and Strategy over at Sumo Logic. Bruno, welcome to DevOps Chat.
Bruno Kurtic: Thank you, Alan.
Shimel: Itโs a pleasure to have you here. Bruno, as we were talking off mic, I think our audience is plenty familiar with Sumo Logic, you know, they’ve been one of theโnot founding, but one of the building block vendors within the DevOps and DevSecOps kind of movements. But just in case, maybe there are some people who arenโt, do you wanna give us just a quick background?
Kurtic: Sure. So, Sumo Logic is a cloud based machine data analytics platform. We help customers collect data, telemetry, machine data, infrastructure data, application data from all of their mission critical applications and infrastructure. We process that data and provide them with a scalable and secure technology to deliver operational intelligence, use cases such as monitoring, troubleshooting, root cause analysis, security intelligence use cases such as SIM compliance, threat detection and resolution, and also business intelligence use cases for sort of understanding how their customers are using their digital services, how their products are being adopted and so on and so forth.
So, thatโs essentially what we do. We deliver this as a cloud based service, so itโs SaaS. Our customers essentially tap into our infrastructure, send us the data, and they then get to use their data and get the insights in real time.
Shimel: And you just joined the company last month?
Kurtic: No, I’mโ
Shimel: I’m kidding. [Laughter]
Kurtic: I’m a Founding VP. [Laughter] So, a little bit longer than a month, Iโd say maybe two months, maybe close to 10 yearsโhere we go, right?
Shimel: Close to 10 years. Ten years goes in the blink of an eye, doesnโt it?
Kurtic: It does, it really does. Itโs really astonishing. Sometimes, it feels like a really long time, and sometimes, itโs like it was yesterday, right? And so, it depends on the day.
Shimel: Unbelievable. Yep. I agree. I’ve been there and done that. The last startup I did before MediaOps, I did nine years, and it justโ
Kurtic: Oh, okay, there you go.
Shimel: I know how that goes. Anywayโso, Bruno, thank you for joining, thanks for the background. But letโs, I wanted to jump into continuous intelligence, which is, you know, kinda the phrase that Sumo Logic is gathering around. And of course, you know, in DevOps, we have continuous everything, right?
Kurtic: Yep.
Shimel: But continuous intelligenceโcontinuous intelligence, excuse me. What do we mean by it? What does it mean in the terms of the way Sumo uses it?
Kurtic: Thatโs a great question. And actually, sort of, this whole, the purpose of this platform that we’ve built, it really is to provide the continuous intelligence through a digital enterprise, right? And what we mean by continuous intelligence is the following.
As you just said a couple seconds ago, in DevOps, everything is continuous, right? You continuously push code to production, you do continuous testing, continuous integration, right? And you’ve got continuous feedback from your application services that you deliver and then you take that feedback into your product development cycle and you continue to improve, right?
When we talk about continuous intelligence, we recognize and see that in this world of high speed software development and digital economy that the data generated by production application, mission critical applications and services that serve customers and generate revenueโcollecting that data is important in real time, and this data is ubiquitously applicable, right? This is not just for DevOps teams to manage the applications, itโs not just for security teams to secure those applications. This data is relevant to the entire digital business, right? Itโs useful to product managers to understand how their products and services are being used. Itโs useful to sales and marketing teams to understand how the customers and prospects are leveraging their digital services. Itโs useful to finance teams to understand how theโwhatโs the cost, behavior, and other things related to those digital services.
So, continuous intelligence, it basically refers to this continuous need for data in the business to continue to improve how it operates, how it competes, how it delivers value to the customers, how secure, how to secure those properties and so on, right? So, itโs ubiquitously applying the data thatโs generated by the digital services across all those use cases.
Shimel: Fantastic. You know, an aspect to this and an aspect to a lot of DevOps as well as DevSecOps is automation.
Kurtic: Yep.
Shimel: But, you know, Bruno, my time in security, if I learned anything is, sometimes, people donโt embrace automation because they’re afraid of security run amok, right? I’m gonna block the CEOโs email or I’m gonna shut down a critical application or, you know, business process.
Kurtic: Yep.
Shimel: So, how do you reconcile, rightโand so, itโs one thing to gather intelligence, actionable intelligence, as we used to call it, right, and on a continuous basis make adjustments and stuff, but to really, to move at the speed of business today, you then have to, you almost are forced to automate, right, responses and so forth.
Kurtic: Right, absolutely. So, you know, you bring a very valid point. Like, you know, my entire career has always been in enterprise software and the last 12, 14 years has been in this specific area of sort of monitoring and troubleshooting security. And it has always been the case thatโnot just on the security side, that our remediation, you know, people are scared of, itโs also on the operation side, right?
Shimel: Yeah.
Kurtic: You know, should Iโwhen do I trigger auto scaling, when do I not and all this stuff, right? And, you know, we’re now getting much better at that, but you know, if you look at the history just this last decade, it has been a tricky area for enterprise to adopt.
And so, you knowโbut I don’t think itโs possible to not. Like, we, just like you said, the speed of business demands that we make automated actions based on data that we are observing, and there are some insights we get from that data.
The challenge has been, is how good are your insights, right? The tricky part is, I used to be in the SIM space, S-I-M space, so on the security side prior to Sumo Logic. And, you know, it was tricky to be able to sort of adopt full automation based on those security rules, because those security rules themselves were fragile, right?
Shimel: Yep.
Kurtic: They werenโt necessarily overly deterministic, you could get false positives, you could block CEOโs e-mail, you know, inadvertently and prevent something important from happening. And so, it was aโin those days, it was much harder to sort of bet on that automation, right?
As you fast forward to now, when you apply advanced analyticsโthis is why we call our platform an intelligence platform. When you apply advanced analytics, you know, more sophisticated technologies like machine learning and AI, when you start sort of looking across not at individual incidents and alerts, but you start looking across multiple incidents to really have a better understanding of whatโs the actual impact of these events that I’m observing, then you can start, you know, making those automated actions.
And of course, thereโs always gonna be things you will not know how to act on, right, which then goes into a wholly different pipeline that, where you enable people to understand whatโs actually happening and then decide, in the future, do I wanna make this an automated action or not. But basically, as we go through this cycle of, you know, capture a new unknown, learn what it is, route it to the right placeโwhen it becomes unknown, it gets added to that sort of automation engine, and eventually, you keep sort of reducing the number of manual steps you need to perform to run a good business, to run a secure business or whatever it might be at the use cases.
And so, we’re not done, right? Thereโs still plenty of situations where you’re not gonna wanna take an automated action. But I think at this point, we’ve achieved the level of intelligence to make that automation actually be useful without hurting you.
Shimel: It does my heart good, man. [Laughter] I gotta be honest. So, I think I mentioned to you off mic that my last startup was a security company I started in 2001, and thatโs when we were making the move from, like, IDS to IPS, right? Intrusion detection to prevention, which meant automated blocking of traffic.
Kurtic: Mm-hmm.
Shimel: And, you know, I always thought it was a no brainer, but it really wasnโt, because the state of the art at the time was, we didn’t have an intelligence platform.
Kurtic: Mm-hmm.
Shimel: Right?
Kurtic: Thatโs right.
Shimel: You know, we were constantly trying and striving, but, you know, it just wasnโt there. So, Bruno, what would youโand, you know, thereโs a tough oneโwhat would you point to that has really sort of moved the needle in this evolving intelligence platform that you could say, โHey, man, you can trust this now, right, because 99 out of 100 is making the right choices, or 999 out of 1,000.โ
What isโyou know, you alluded to it, but letโs get down into it. Whatโs providing, what do you think triggered it? What do you think was the breakthrough?
Kurtic: Yeah, so, I would say that itโs definitely not one thing, right? Itโs multiple things.
Shimel: Yeah. It never is, right?
Kurtic: Exactly. So, Iโd say itโs sort of, you know, thereโs a few sort of things that have occurred in the last decade at least that we have done internally to bridge this gap, right? At first, the old systems were siloed. They were not scalable enough to actually be able to ingest all of the telemetry required to make these decisions, right?
So, you have to compromise. Like, if you’re sort of familiar, since you’re familiar with IDS and IPS, you might be familiar somewhat with the old SIM systems, right?
Shimel: Sure.
Kurtic: The SIM systems of the old age were, you knowโyou have to compromise. You couldnโt scale them sufficiently to accept all the telemetry, and so, you have to continue to reduce the amount of data that you were sending into them. And when you have limited visibility, it is much harder to be able to make a deterministic decision on what you can act on automatically, right?
We’ve built a highly scalable, cloud based microservices multi-tenant back end that can basically accept literally almost an unlimited amount of data, right? And so, we get all the data and all the required telemetry to be able to make those decisions, which then creates a different problem, right? Now that you have all the data, how do you actually make sense of it all, right? And, you know, the data analytics techniques have dramatically improved over the last decade. You know, the old world used to be strictly rule based, and if you know this in sort of the IDS and IPS world, like, itโs basically signatures, right? In the SIM world, it was rules, right?
And now we’ve moved away from that, right? We donโt even require our customers to tell us what the schema of their data is, because in the new world of high speed software development and DevOps, there is no schema, right? Developers put whatever they want into their logs of whatever metrics are coming from that infrastructure. And so, you need to be able to deal with the fact that this data has no schema and you’re gonna have to deal with the schema on demand and still need to be able to derive intelligence from that.
So, we built a back end that then allows any data to be ingested, any data to be indexed and analyzed. And then, as you analyze that data, we realized very quickly that even if you have a very scalable back end and a very open ended sort of platform that can accept any data, giving a human a keyboard and a coding language is insufficient in empowering that human to actually construct what they actually want to derive out of this, right?
So, we invested heavily into a couple of things. One is, you know, from the very beginning, we invested into automated techniques for analysisโadvanced statistical analysis, machine learning, and things like that, that basically are special purpose built for these types of data systems where, you know, they detect anomalies, they detect outliers. They enable you to sort of remove 99.9% of stuff that is noise and sort of highlight and find all of those things that are real signals in that data.
And the second part that we talked about last year, which was one of the big innovations we delivered, was something that we called global intelligence service, which basically leverages all this telemetry that we see across sort of the global infrastructure that we run. And itโs able to sort of derive what I would call best in class behavior. What are you expecting to see to happen on this type of infrastructure, right? If I see 1,000 pieces of infrastructure that is common across hundreds of our customers, and I know that this is whatโs normalโwell, that can tell me whether your stuff is normal as well, right?
So, there are all these novel heuristics analysis techniques that can inform those decisions as you then run those automations on the back of them.
Shimel: Yeah. So, you mentioned, Bruno, you were workingโwas that on ArcSight before, or a different SIM?
Kurtic: No, actually, my other founding members were at ArcSight. I was at a company called SenSage, which was competing with ArcSight.
Shimel: Okay. Iโyeah, those were my days, those were my peeps.
Kurtic: Yep.
Shimel: But, you know, you’re 100% right. You know, they say you canโt make wine before itโs time. And as much money and effort and blood, sweat, and tears that we poured into SIMs back then, they were almost at some level doomed for failure, just because it was state of the art, right? It wasโ
Kurtic: Yeah.
Shimel: You were always trying to dumb down the amount of signal in there and reduce the signal to noise and what you can do and what people would trust with it. And, you know, in many ways, kinda that, that right there, the flip side of that is kind of the success story behind Sumo Logicโright platform at the right time.
Kurtic: Thatโs right. Thatโsโand we’ve learned those lessons, right? All of the founding teams, Sumo has seen how it worked before, right? And when we started the company, we wanted to build something different, take this to the next level, and that has been the task for the last 10 years.
Shimel: Yeah, 10 years in the making, another overnight success. [Laughter]
Kurtic: Right, yeah.
Shimel: Now, we’ve got this platform, we areโyou know, we’re in the right place at the right time. Letโs assume we are. Where do we go from here? Where do we go from here?
Kurtic: So, where do go from here? So, you know, where we go from here, I think, isโwe, as a company, sort of, we deliver on this vision of the continuous intelligence category and platform for our customers. Where we are moving into is, we’re moving into sort of fine tuning and shipping multiple products that are optimizing the outcomes for specific user personas and use cases.
So, I’ll give you some sort of examples of that. You know, on the DevOps side, right, we’ve spent a lot of time on the use cases around cloud, multi-cloud, packaging out of the box solutions for people running in AWS, GCP, in Azure. We recently introduced a, what we call a Kubernetes solution. So, as more and more of our customers move into solutions likeโinto platforms like Kubernetes and containers and serverless, they’re looking for out of the box insights that, as soon as you plug the data coming out of these platforms into a platform like Sumo Logic, they want to know whatโhow is my application, how is my platform doing, right?
So, we’re spending more and more delivering special purpose insights on top of these specific use cases and areas for specific personas. On the security side, we are sort of extending our product set into things like the cloud SIM, you know, tuning it for compliance, again, across specific domains. Like, if you are running on premise or in multi-cloud or in single cloud, we want to deliver more and more specialized packages that basically enable our customers to consume this without having to think too hard about it, right?
Shimel: Yep.
Kurtic: The old SIMs were difficult, because you had to write all this stuff yourself, right?
Shimel: Agreed, agreed.
Kurtic: Right?
Shimel: And I think, you know, itโs almost continuous automated intelligence for DevSecOps.
Kurtic: Mm-hmm.
Shimel: Right? And I’m not saying thatโs the end of the road or the end of history as we know it, right, because we’re in a constant cat and mouse game and as things change, but it really is such a different place than we were 10 years ago, or even five to seven years ago, for that matter, right?
Kurtic: Thatโs right, yep.
Shimel: Bruno, let me ask you personally, right? Ten years in here, you are, you know, the key person developing this, you’ve got this to where it isโwhat gets you juiced in the morning, man?
I know I love doing what I do now, right? I got out of the software game, I’m a media person, I love building my company and doing it. What gets you excited in the morning about coming to Sumo and doing this?
Kurtic: Thanks for the question. Itโs actually, you know, if I kind of, when I look at whatโs happening, what are the undercurrents here of this market that we’re in, right? We talked about use cases and all this, but the undercurrent here is that there is a massive transformation thatโs happening in the technology landscape, right? And the transformation is driven by the business transformation occurring in all industries today, right? Everybodyโsโevery company is getting remade from inside to go from a traditional business model to a digital business model.
And these digital business models are then meaning that every single company is becoming, essentially, a software company. And they’re competing not on manufacturing or whatever business they were in, they’re competing on delivering products and servicesโdigital products and services to their customers.
So, essentially, the entire GDP is gonna be based on software, right? And in order for all of these enterprises and government organizations, you name it, to do this effectively, they’re all going through basically modernizing of how they do their technology, how they build their applications, how they develop them, how they understand them, how they improve them, how they optimize them.
And we are just at the very, very beginnings of what this market is going to need, right? And I think our goal from the very beginning has been that we kind of want to be that platform for the digital business thatโs leveraging all this new stuff, and to enable those users to actually do this effectively. And the challenge that those users have today are sort of, they seem insurmountable today. Thereโs so much data, right? Thereโs so much digital exhaust that they have to contend with. The skill sets available to them to actually adopt these technologies are very, very scarce, right? But everybody is going there because there is no other way.
And so, to me, this is really exciting. We are sort of at this crossroads, this sort of fork and every 18 months today thereโs a massive paradigm shift in technology. And, you know, every 18 months, we have to think really hard about how do we now do this and help our customers do that? You know, itโs no longer like two decades ago when it was like, you know, your three tier applications and that trend is going on for 20 years, right? Now, we’ve gone from on-prem, three tier, to cloud, to microservices, to Kubernetes, to containers, to serverless, and God knows whatโs gonna happen in six months, right?
And thatโs just really exciting, and having to buildโbuilding a company that can respond to that and support our customer base as they go there so they can compete better is extremely exciting for me. And so, thatโs what keeps bringing me back and keeps me smiling when I wake up in the morning.
Shimel: Great answer, man. You know what? Itโs a great time to be alive and in this industry, it really is. Thereโs so much happening.
Kurtic: It really is.
Shimel: We’re on the precipice of so much more, though. Because itโs likeโyou know, the more we accomplish, the more we can accomplish. And that, I think it keeps a lot of us in this, right?
Anyway, Bruno, I told you we were gonna do this for 15 minutes, and we’re closer to a half hour now, I apologize. [Laughter]
Kurtic: No problem.
Shimel: But it was a great conversation, I’m really happy we got caught up on Sumo, you know, and the continuous intelligence platform. You guys are gonna be at RSA, yeah?
Kurtic: We will.
Shimel: Yep. So, I’m gonna try my best to have this up for our audience listening to this, RSA is the week of February 24th in San Francisco, and if you’re attending RSA Conference, go check out the Sumo Logic booth.
Also, we’re gonna be putting on a whole DevSecOps event conference within a conference at RSA on Monday, February 24th at MosconeโI think we’re in Moscone West this year. So, if you have an RSA bench and you want to talk DevSecOps, come join us there. We have a great lineup of speakers. We also can visit the Sumo booth at RSA Conference, which is, I think it starts Monday night the 24th, the expo floor opens and it runs through Friday. So, check that outโshout out to our friends at RSA.
Bruno, thanks very much, man. Say hello to all of our Sumo Logic people. Keep up the great work.
Kurtic: Will do. Thank you, Alan. Appreciate it.
Shimel: Alright. This is Alan Shimel for DevOps.com. You just listened to another DevOps Chat.
โ Alan Shimel



