>> Welcome to today's session of theCUBE's presentation of the AWS Startup Showcase, The Next Big Thing in AI, Security and Life Sciences. Today featuring Lacework for the security track. I'm your host Natalie Erlich. Thank you for joining us. And we will discuss today how LendingTree automates AWS security for DevOps teams and stays compliant with Lacework. Now we're joined by Adam Leftik the VP of Product at Lacework as well as a Arun Sankaran, CISO of LendingTree. Thank you both very much for joining us today. >> Thank you for having us. >> Well, wonderful. Adam, let's start with you. Lacework positions itself as, "cloud security at the speed of cloud innovation." What does that mean to you and how are you helping your customers? >> Great question, Natalie. I think one of the things that's really important to understand about Lacework really comes back to essentially what's happening at cloud speed, which is customers are aggressively moving more and more of their applications to the cloud, but they're doing so with the same number of resources to secure that environment. And as the cloud continues to grow, both in terms of complexity, as well as overall ability to unlock new styles of applications that were never before even possible without this new technology landscape. Fundamentally, Lacework is designed to enable those builders to go faster without worrying about all the different intricacies and threats that they face out there on the internet. And so the core mission of Lacework is really about enabling builders to build those applications and leverage those cloud resources and new cloud technologies to move quicker and quicker. >> Natalie: Fascinating. >> Yeah, thanks. If you go back to the sort of foundation of the company there we took a very different approach to how we think about security. Often, you know, security approaches in the past have been a rules driven model where you try and think of all the different vectors that attacks can come at. And fundamentally, you end up writing a series of these rules that are impossible to maintain, they atrophy over time, and that you can't possibly think ahead of all these nefarious actors. So one of the things that Lacework did from the very beginning was take a very different approach which is leveraging security as a data problem. And the way we do this is through what we refer to as our polygraph. And the polygraph essentially looks at all the exhaust telemetry that we're able to ingest both from your cloud accounts as well as the underlying infrastructure. And we take that and we build a baseline and a behavioral model for how the application should behave when it's normal. And this baseline represents the state of normalcy. And so then we leverage modern data science techniques to essentially build a model that can identify potential threats without requiring our users to build rules and ultimately play catch up to all the different threats that they face. And this is a really, really powerful capability because it allows our customers both to identify misconfigurations and remediate them, monitor all the activity to reduce the overall overhead on their security organization, and of course help them build faster and identify threats as they come into the system. And we differentiate in lots of different ways as well. So one of the things we're looking to do as part of the overall cloud transformation is really meet the DevOps teams and the security teams where they are. And so all of the information that Lacework captures, synthesizes, and produce through our automation ultimately feed into the different channels that our users are really leveraging that skill today. Whether that's through their ChatOps windows or ultimately into their CICD pipeline so that we give broad coverage both at build time as well as run time and give them full visibility and insights and the ability to remediate those quickly. You know, one of the other things that we're really proud of and this is core to our product philosophy is building more and more partnerships with our customers and LendingTree is really at the forefront of that partnership and we're super excited to be partnering with them. And that's certainly something that we've done to differentiate our product offering and I'd love to hear from Arun, how have you been working with Lacework and how has that been going so far? >> Yeah, thank you, Adam. You know, frankly I think that's a huge differentiator for us. There's a lot of players that can solve technology problems but what we've really appreciated is that as a smaller shop and a smaller organization, the level of connectedness that we feel with the development teams at Lacework. We raise a opportunity. You know, this can make things more efficient for us or this can reduce our time to triage, or this visualization or this UI could be modified to support certain security operations center use cases, maybe that's not what it's designed for. And we've enjoyed just a lot of success in kind of shaping the product in order to meet all the different use cases. And as Adam mentioned, you know, as a CISO, my primary responsibility is security, but frankly there's a lot of DevOps and tech use cases within the polygraph visualization tool, and understanding our environment and troubleshooting has frankly it saved us quite a bit of time and we're looking forward to the partnership to continue to grow out the tool. As we, as a company, scale in today's world, it's very important that we're able to scale our capability 2-3X without a corresponding 2-3X in staff and resources. I think this is the kind of tool that's going to help us get there. >> Well, speaking to you Arun, Lacework has recently grown tremendously and gotten a lot of industry attention but you saw something before everyone else. Can you tell us what really caught your attention? What stood out to you and why you decided to become an early adopter? >> Yeah, great question. Honestly, I wish it was a super tricky kind of answer but the real honest answer is it was a very easy decision because we had a need. We knew that we needed robust monitoring capability and detection of threats within containerized environments. And, you know, there are other players in the space but we have a very diverse environment. We're a combination of multiple container technologies and multiple cloud platforms. And we needed something that had the greatest diversity of coverage across our environments. And this was really the only solution that would work for us. I'd love to be able to say that it was like an aggressive bake-off and there's all these different options. But really, from a capability, and scope, and coverage, it was a fairly easy decision for us. >> And how has your threat detection and investigation process changed since you brought on Lacework? >> Yeah, it certainly has. Our environment within 24 hour period, it might generate 300, 400 million events and that's process level data from hosts and network data access. It's just a very noisy amount of alerts. With the Lacework's platform, those 300, 400 million get reduced to about a hundred alerts a day that we see and of those, five are critical and those tend to all be very actionable. So from an alert fatigue perspective, we really rely on this to give us actionable data, actionable alerts that teams can really focus on and reduces that noise. So I would say that's probably the number one way that our detection process has changed and frankly, a lot of it is what Adam mentioned as far as the underlying self-learning, self-tuning engine. There's not a whole lot of active rules that we had to create or configuration that we had to do. It's kind of a learning system and I think it's really, probably, I would estimate maybe 50-60% reduction in triage and response time for alerts as well. >> And Adam, now going to you, while 2020 was a really rough year for a lot of people, a lot of businesses, Lacework realized 300% revenue growth. So now that the economy is bouncing back and seemingly so in full force, what are your expectations for Lacework in the next year? >> Great question. I think one of the things we're seeing broadly across the industry is an acceleration, a realization that companies that are going through digital transformations have accelerated their pace and so we anticipate even faster growth. Additionally, you know, the companies that may have not been on that trajectory are now realizing that they need to move to the cloud. There's not a lot of folks right now thinking that they're going to be racking and stacking in physical data centers going forward. So we fully expect a continuation of massive growth. And increasingly as customers are moving into the cloud, they're looking for tools to help them build a secure footprint but also enable them to go faster. So, we have a point of view that we're going to continue to see this massive growth and if not, how to accelerate from here. >> Well, you're also the man behind the product. So could you go behind some of the key features that it offers? >> Sure. So, if you think about our overall product portfolio, we really have both breadth and depth. So, first and foremost, most customers who are moving to the cloud or have a large cloud footprint, the first concern they have is, do I have a series of misconfigurations? We really help our customers both identify best practices with those configurations in the cloud, and then also help them move quickly towards potential compliance standards that they need to adhere to. Everyone's operating in a regulated environment these days. And then of course, once you've got that footprint to a place where it's healthy, you really, really want to be able to monitor and track the changes to the configurations over time to ensure you're continuing to maintain that footprint. And so we provide a polygraph based model that essentially identifies potential behavioral risks that we're observing through our data clustering algorithms to help you identify potential holes that you may have created over time and help you remediate those things. And then of course, you know, every customer faces a significant challenge when it comes to just keeping up with the overall landscape changes in terms of overall vulnerability footprint in their environments. And so we have a great capability with what we call vulnerability discovery, which enables our customers to understand where they're vulnerable and not simply tell them how many vulnerabilities they have, but help them isolate, leveraging all the run time and bill time contexts we have so that they can really prioritize what's important to them and what represents the highest risk. And then of course, lastly, you know, where the company really got started is in helping customers protect their cloud workloads. And we do this by identifying threats that we're able to leverage our machine learning and data clustering algorithms so that once we have those baseline behaviors identified and modeled, we can leverage all of our threat intelligence to identify anomalies in that system and help customers really identify those risks as they're coming into the system and deal with those in a really timely manner. So those are kind of the overall key capabilities that they really help teams scale and drive their overall cloud security programs. >> And Arun, really quickly from your perspective, what is a key feature that is really beneficial to LendingTree? >> It's kind of what Adam mentioned with the kind of the self-tuning capability, the reduction of alerts and data based on behavioral-based detection versus rule-based. A lot of people have, you have fancy words, they call AI and machine learning, this and that, but I've rarely seen it work effectively. I think this is a situation where it does work really effectively and does free up time and resources on our side that we can apply to other problems we're trying to solve so I think that's the number one. >> Okay, terrific. Well, I'm really curious Adam. Got to ask you this question. I mean, we saw a really big software IPO last year. What do you think is in store for Lacework? >> Yeah, well, you know, the IPO is just a point in time as opposed to it's part of the journey. Lacework's continuing to invest and really focus on fundamentally changing the security landscape. One of the reasons why I joined Lacework and continue to be really excited about the opportunity comes back to the fundamental challenge that all security tools have. We do not want to create a platform that drives wet blanket behavior, but really fundamentally enables teams like Arun's to move faster and enable the builders to build the applications that fundamentally drive great business outcomes for our customers. And so that's what gets me out of bed. And I think everyone at Lacework is really focused on helping drive great outcomes for our customers. >> Fascinating to hear how Lacework is securing cloud around the world. Lovely to have you on the show. Adam Leftik, the VP of Lacework, as well Arun Sankaran, the CISO of LendingTree. I'm your host for the AWS Startup Network here on theCUBE. Thank you very much for watching.