>>Hi, everyone. Welcome to the Cube's presentation of the AWS startup showcase. This is season two, episode four of our ongoing series, where we're talking with exciting partners in the AWS ecosystem. This topic on this episode is cybersecurity detect and protect against threats. I have two guests here with me today from hunters, please. Welcome. Laal Asher Doan, the CMO and Oprah. Geier the VP of product management. Thank you both so much for joining us today. >>Thank you for having us, Lisa, >>Our pleasure. Laal let's go ahead and start with you. Give the audience an overview of hunters. What does it do? When was it founded? What's the vision, all that good stuff. >>So hunters was founded in 20 18 2. Co-founders coming out of unit 8,200 in the Israeli defense force, the founders and people in engineering and R and D are mostly coming from both offensive cybersecurity, as well as defensive threat hunting, advanced operations, or, or being able to see in response to advanced attack and with the knowledge that they came with. They wanted to enable security teams in organizations, not just those that are coming from, you know, military background, but those that actually need to defend day in and day out against the growing cyber attacks that are growing in sophistication in the numbers of attacks. And we all know that every organization nowaday is being targeted, is it run somewhere more sophisticated attacks. So this thing has become a real challenge and we all know those challenges that the industry is facing with talent scarcity, with lack of the knowledge and expertise needing to address this. >>So came in with this mindset of, we wanna bring our expertise into the field, build it into a platform into a tool that will actually serve security teams in organizations around the world to defend against cyber attacks. So born and raised in Tel Aviv became a global company. Recently raised a serious CEO of funding funded by the world's rated VCs from stripes, wild benches, supported by snowflake data breaks and Microsoft M 12 also as strategic partners. And we now have broad variety of customers from all industries around the world, from tech to retail, to eCommerce, to banks that we work closely with. So very exciting times, and we are very excited to share today how we work with AWS customers to support the environments. >>Yeah, we're gonna unpack that. So really solid foundation, the company was built on only a few years ago. Laal was there, why a new approach was there a compelling event? Obviously we've seen dramatic changes in the threat landscape in recent years, ransomware becoming a, when it happens to us, not if, but any sort of compelling event that really led the founders to go, ah, this new approach. We gotta go this direction. >>Absolutely. We've seen a tremendous shift of organizations from cloud adoption to adoption of more security tools, both create a scenario, which the tool sets that are currently being used by security organizations. The security teams are not sufficient anymore. They cannot deal with the plethora of the variety of data. They cannot deal with the scale that is needed. And the security teams are really under a tremendous burden of tweaking tools that they have in their environment without too much of automation with a lot of manual work processes. So we've seen a lot of points where the current technology is not supporting the people and the processes that need to support security operations. And with that offer and his product team kind of set a vision of what a new platform should come to replace and enhance what teams are using these days. >>Excellent. Oprah, that's a perfect segue to bring you into the conversation. Talk about that vision and some of those really key challenges and problems that hunters are solving for organizations across any industry. >>Yeah. So as Lial mentioned, and it was very rightful, the problem with the, with the SIM space, that's the, the space that we're disrupting is the well known secret around is it's a broken space. There's a lot of competitors. There's a lot of vendors out there. It's one of the most mature, presumably mature markets in cybersecurity. But it seems like that every single customer and organization we talk to, they don't really like their existing solution. It doesn't really fit what they need. It's a very painful process and it's painful all across their workflow from the time they ingest the data. Everybody knows if you ever had a SIM solution or a soft platform, just getting the data into your environment can take the most amount of your time. The, the, the lion share of whatever your engineers are working on will go to getting the data into the system. >>And then, then keeping it there. It's this black hole that you have to keep feeding with more and more resources as you go along. It's an endless task with a lot of moving pieces, and it's very, very painful before you even get a single moment of value of security use case from your product. That's a big, painful piece. What you then see is once they set it up, their detection engineering is so far behind the curve because of all the different times of things they need to take care of. It used to be limited attack surface. We all know the attack surface here today is enormous. Especially when you talk about something like AWS, there's new services, new things, all the time, more accounts, more things. It keeps moving a lot and keeping track of that. And having someone that can actually look into a new threat when it's released, look into a new attack service, analyze it, deploying the detections in time, test and tweaked and all those things. >>Most organizations don't, don't even how to start approaching this problem. And, and, and that's a big pain for them. When they finally get to investigating something, they lack the context and the knowledge of how to investigate. They have very limited information coming to them and they go on this hunting chase of not hunting the attackers, but hunting the data, looking for the bits and pieces they're missing to complete the picture. It's like this bad boss that gives you very little instructions or, or guidelines. And then you need to kind of try to figure out what is it that they asked, right? That's the same thing with trying to do triaging with very minimal context. You look at the IP and then you try to figure out, you look at the hash, you look at all these different artifacts and you try to figure out yourself, you have very limited insights. And the worst is when you're under the gun, when there's a new emerging threat, that happens like a log for shell. And now you're under the gun and the entire company's looking at you and saying, are we impacted? What's going on? What should we doing? So from, from start to finish, it's a very painful process that impacts everybody in the security organization. A lot of, a lot of cumbersome work with a lot of frustration >>And it's comp companies in any industry over don't have time. You talked about some of the, the time involved here in the lag, and there isn't time in the very dynamic threat landscape that customers are living in. Let's all question for you is your primary target audience, existing SIM customers, cause over mentioned the disruption of the SIM market. I'm just wanting to understand in terms of who you're targeting, what does that look like? >>Definitely looking for customers that have a SIM and don't like, it don't find that it helps them improve the security posture. We also have organizations that are young emerging, have a lot of data, a lot of tech companies that have grown in the last 10, 15 years, or even five years, we have snowflake as a customer. They're booming. They have so much data that going the direction of traditional tools to aggregate the logs, cross correlate them doesn't make any sense with the scale that they need. They need the cloud based approach, SaaS approach that is capable of taking care of the environment. So we both cater to those organizations that we're shifting from on-prem to cloud and need visibility into those two environments and into those cloud natives wanted the cloud don't want to even think of a traditional SIM. >>You mentioned snowflake. We were just at snowflake summit a couple of months ago. I think that was and tremendous company that massive growth, massive growth in data across the board though. So I'm curious, Oprah, if we go back to you, we can dig into some of these data challenges. Obviously data volume and variety is only gonna continue to grow and proliferate and expand data in silos is still a problem. What are some of those main data challenges that hunters helps customers to just eliminate? >>Definitely. So the data challenge starts with getting the right data in the fact that you have so many different products across so many different environments, and you need to try to get them in a, in some location to try to use them for running your queries, your rules, your, your correlation. It's a big prompt. There's no unified standard for anyone. Even if there was, you have a lot of legacy things on premises, as well as your AWS environment, you need to combine all these. You can keep things only OnPrem you can own. Mostly a lot of most organizations are still in hybrid mode. They have they're shifting most of the things to AWS. You still have a lot of things OnPrem that they're gonna shift in the next 3, 4, 5 years. So that hybrid approach is definitely a problem for gathering the data. And when they gather the data, a lot of the times their existing solutions are very cross prohibitive and scale prohibitive from pushing all the data and essential location. >>So they have these data silos. They'll put some of it there. Some of it here, some of them different location, hot storage called storage, long term storage. They don't really, they end up not knowing really where the data is, especially when they need it. The most becomes a huge problem for them. Now with analytics, it's very hard to know upfront what data I'll need, not tomorrow, but maybe in three months to look back and query making these decisions very hard. Changing them later is even harder. Keeping track of all these moving pieces. You know, you have a device, you have some vendor sending you some logs. They changed their APIs. Who's in charge of, of fixing it. Who's in charge of changing your schema. You move from one EDR vendor to the other. How are you making sure that you keep the same level of protection? All these data challenges are very problematic for most customers. The most important thing is to be able to gather as much data as possible, putting in a centralized location and having good monitoring in a continuous flow of, I know what data I'm getting in. I know how much I'm using, and I'm making sure that it's working and flowing. It's going to a central life central place where I can use it at any time that I want. >>We've seen. So sorry. Yes, please. We wanted to add on that. We've seen too much compromise on data that because of prohibitive costs, structure of tools, or because of, in inability to manage the scale teams are compromising or making choices and that paying a price of the latency of being able to then go search. If an incident happened, if you are impacted by something, it all means money and time at the end of the day, when you actually need to answer yourself, am I breached or not? We wanna break out from this compromise. We think that data is something that should not be compromised. It's a commodity today. Everything should be retained, kept and used as appropriately without the team needing to ration what they're gonna use versus what they're not gonna use. >>Correct. That's >>A great point. Go ahead. >>Yeah. And we've seen customers either having entire teams dedicated to just doing this and, or leveraging products and companies that actually build a business around helping you filter the data that you need to put in different data silos, which to me is, is shows how much problem pain and how much this space is broken with what it provides with customers that you have these makeshift solutions to go around the problem instead of facing it head on and saying, okay, let's, let's build something that you're put all your data as much as you want, not have to compromise insecurity. >>You guys both bring up such a great point where data and security is concerned. No business can afford to compromise. Usually compromise is a good thing, but in that case, it's really not companies can't afford that. We know with the, with the threat landscape, the risk, all of the incentives for bad actors that companies need to ensure that they're doing the right things in Aly manner. LA I'm curious, you mentioned the target markets that you're going after. Where are the customer conversations? Is this C conversation from a datasecurity perspective? I would, this is more than the, the CSO. >>It's a CSO conversation, as well as we, we talk on a daily basis with those that lead security operations, head of socks. Those that actually see how the analyst are being overworked are tired, have so many false positives that they need to deal with noise day in, day out, becoming enslaved with the tools that they need to work on and, and tweak. So we have seen that the ones that are most enlightened by a solution like hunters are actually the ones that have to stop reporting to them. They know the daily pain and how much the process is broken. And this is probably one of we, we all talk about, you know, job satisfaction or dissatisfaction, the greatest, the great resignation people are living. This is the real problem in security. And the, so is one of these places that we see this alert, fatigue, people are struggling. It's a stressful work. And if there is anything that we can do to offload the work that is less appealing and have them work on what they sign up for, which is dealing with real threat, solving them, instead of dealing with false positives, this is where we can actually help. >>Can you add a little bit on that? Laal and you mentioned the cybersecurity skills gap, which is massive. We talk about that a lot because it's a huge problem. How is hunters a facilitator of companies that might be experiencing that? >>Absolutely. So we come with approach of, we call it the 80 20 of detection and response. Basically there are about 80% probably. Whoa, it's actually something like 95% of the threats are shared across all organizations in the world. Also 80 to 90% of the environments are similar. People are using similar tools. They're on similar cloud services. We think that everything that goes around detection of threats around those common attacks, scenarios in common attack landscape should come out of the box from a vendor like hunters. So we automate, we write the rules, we cross correlate. We provide those services out of the box. Once you sign to use our solution, your data flows in, and we basically do the processing and the analysis of all the data so that your team can actually focus on the 20% or the, you know, the 5% that are very unique to your organization. >>If you are developing a specific app and you have the knowledge of about the dev SecOps that needs to take place to defend it. Great. Have your team focus on that? If you are a specific actor in a specific space and specific threats that are unique to you, you build your own detections into our tool. But the whole idea that we have, the knowledge, we see attacks across industries and across industries, we have the researchers and the capabilities to be on top of those things. So your team doesn't need to do it on a daily basis because new attacks come almost on a daily basis. Now we read them in the news, we see them. So we do it. So your team doesn't have to, >>And nobody wants to be that next headline where a breach is concerned. I'll close this out here with outcomes. I noticed some big stats on your website. I always gravitate towards that. What are some of the key outcomes that hunters customers are achieving and then specifically AWS customers? >>Absolutely. Well, we already talked a lot about data and being able to ingest it. So we give our customers the predictability, the ability to ingest the data, knowing what the cost is going to be in a very simple cost model. So basically you can ingest everything that you have across all it tools that you have in your environment. And that helped companies reduce up to 75% of the data cost. We we've seen with large customer how much it change when they moved from traditional Sims to using hunters specifically, AWS customers can actually use the AWS credits to buy hunters. If they're interested, just go to AWS marketplace, search for hunters and come to a website. You can use your credits for that. I think we talked also about the security burden. The time spent on writing rules plus correlating incidents. We have seen sometimes a change in, instead of investigating an incident for two days, it is being cut for 20 minutes because we give them the exact story of the entire attack. What are the involved assets? What are the users that are involved, that they can just go see what's happening and then immediately go and remediate it. So big shift in meantime, to detect meantime, to respond. And I'm sure often has a more kind of insights that he's seen with some of our customers around that. >>Yeah. So, so some, some great examples recently there. So there's two things that I've, I've been chatting to customers about. One thing they really get a benefit of is we talked, you talked about the, the, the prong with talent and where that really matters the most is that under the gun mode, we have a service that is, we see it as, as the, the natural progression of the service that we provide called team axon. What team axon does for you is when you are under the gun, when something like log for shell happens, and everybody's looking at you, and time is ticking. Instead of trying to figure out on yourself, team axon will come in, figure out the, the threat will devise a report for all the customers, run queries on your behalf, on your data and give it to you. Within 24 hours, you'll have something to show your CEO or your executive team, your board, even this is where we got impacted or not impacted. >>This is what we did. Here's the mitigation thing. Step that we need to take from world class experts that you might not get access to for every single attack out there that really helps customers kind of feel like they they're, they're safe. There's someone there to help them. There's a big broader there. I call it sometimes the bad signal when we need the most. The other thing is on the day to day, a lot of a lot of solution will, will, will kind of talk about out of the box security. Now, the problem with out of the box security is keeping an up to date. That's what a lot of people miss. You have to think that you installed a year ago, but security doesn't stay put, you need to keep updating it. And you need to keep that updated pretty, pretty frequently to, to stay ahead of the curve. >>If you, if you're behind couple of months on your security updates, you know, what happens, same thing with your, your stock platform or your SIM rule base. What the reason that customers don't update is because if they usually do, then it might blow up the amount of alerts they're getting, cuz they need to tweak them with the approach that we take, that we tested on our customer's data transparently for them and make sure to release them without false positives. We're just allowing them to push the updates transparently directly to their account. They don't need to do anything. And one customer, one of our biggest accounts, they have dozens of subsidiaries and multiple songs. And, and one of the largest eCommerce companies in the world and the person running security. He said, if I had to do what hunters gives me out of the box myself, I have to hire 20 people and put them to work eight for 18 months for what you give me out of the box. So for me, it's a first, that's huge, kinda what we give customers and the kind of challenges that we're able to solve for them. >>Big challenges laal and over, thank you so much for joining us on the cube today. As part of this AWS startup showcase, talking about what hunters does, why the vision and the value in it for customers, we appreciate your time and your insights. Thank you so much for having us, my pleasure for my guests. I'm Lisa Martin. Thank you for watching this episode of the AWS startup showcase. We'll see us in.

(upbeat music) >> Hey everyone. And welcome to this CUBE Conversation which is part of the AWS startup showcase. Season two, episode four of our ongoing series. The theme of this episode is cybersecurity, detect and protect against threats. I'm your host, Lisa Martin, and I'm pleased to be joined by the founder and CEO of Hunters.AI, Uri May. Uri, welcome to theCUBE. It's great to have you here. >> Thank you, Lisa. It's great to be here. >> Tell me a little bit about your background and the founders story. This company was only founded in 2018, so you're quite young. But gimme that backstory about what you saw in the market that really determined, this is needed. >> Yeah, absolutely. So, I mean, I think the biggest thing for us was the understanding that significant things have happened in the cybersecurity landscape for customers and technology stayed the same. I mean, we tried on solving the same... We tried on solving a big problem with the same old tools when we actually noticed that the problem has changed significantly. And we saw that change happening in two different dimensions. The first is the types of attacks that we're defending against. A decade ago, we were mostly focused on these highly sophisticated nation state efforts that included unknown techniques and tactics and highly sophisticated kind of methods. Nowadays, we're talking a lot about cyber crime gangs, whoops of people that are financially motivated or using off the shelf tools, of the shelf malware, coordinating in the dark web, attacking for money and ransom basically, versus sophisticated intelligence kind of objectives. And in the same time of that happening, we also saw what we like to refer to as explosion of the securities stack. So some of our customers are using more than 60 or 70 different security tools that are generating sometimes tens of terabytes a day of flows. That explosion of data, together with a very persistent and consistent threat that is continuously affecting customers, create a very different environment, where you need to analyze a big variety of data and you need to constantly defend yourself against stuff that are happening all the time. And that was kind of like our wake moment when we understand that the tools that are out there now might have been the right tools a decade ago, they are probably not the right tools to solve the problem now. So yeah, I think that that was kind of what led us to Hunters. And in the same time, and I think that that's my personal kind of story behind it. We used to talk a lot about the fact that we want to solve a fundamental problem. And we, as part of the ideation around Hunters and us zooming in on exactly the areas that we want to focus on in security, we talked with a lot of CSOs, we talked with a lot of industry experts, everyone directed us to the security operation center. I mean the notion that there's a lot of tools and there's always going to be a lot of tools, but eventually decisions are being made by people that are running security operation center, that are actually acting as the first line of defense. And that's where you feel that the processes are woke. That's where you feel that that technology doesn't really meet the rabel, and the rabel doesn't really meet the hold. And for us, it was a very clear sign that this is where we need to focus on. And that set us on a journey to explore red hunting and then understand that we can solve something bigger than that. And then eventually get to where we are today, which is go to market around. So holistic a platform that can help SOC analysts doing the day to day job defending the organizations. >> So you saw back in 2018, probably even before that that the SIEM market was prime and right for disruption. And only in a four year time period, there's been some pretty significant milestones and accomplishment that the team at Hunters has made in that short timeframe. Talk to me about some of those big milestones that the company has reached in just four years. >> Yeah, I think that the biggest thing and I know that it's going to sound like a cliche, but we're actually believing that I think it's the team. I mean, we're able to go to an organization of around 150 employees. All over the world, the course, I think I mean the last time that I checked, like 15 countries. That's the most amazing feeling that you can have. That ability to attract people to a single mission from all over the world and to get them collaborate and do amazing things and achieve unbelievable accomplishment. I think that's the biggest thing. The other thing for us was customers. I mean, think about it like, SIEM it's such a central and critical system. So for us as a young startup from Tel Aviv to go out to Enterprise America and convince the biggest enterprise around the world to rip and replace the the existing solutions that are being built by the biggest software brands out there and install Hunters instead, that's a huge leap of trust, that we are very grateful for, and we're trying to handle with a lot of care and a lot of responsibility. And obviously, I think that other than that, is all of the investors that we were able to attract that basically enabled all of that customer acquisition and team building and product development. And we're very fortunate to work with the biggest names out there, both from a strategic perspective and also from tier one VCs from mainly from the U.S., but from all over the world, actually that are backing us. >> Great customers, solid foundation. Hunters is built for the clouds, is powered by Snowflake. This is AWS built. Talk to me about what's in it for me from an AWS customer perspective. What's that value in it for them? >> Yeah, so I think that the most important thing, in my opinion, at least, is the security value that you're getting from it. Other than the fact that Hunters is a multi-tenant SaaS application running in AWS, it's also a system that is highly tuned and specifically built to be very effective against detecting threats inside AWS environments. So we invested a lot of time in research, in analyzing the way attackers are operating inside cloud environments, specifically in AWS. And then we model these techniques and tactics and procedures into the system. We're leveraging data sets like AWS CloudRail and CloudWatch and VPC Flow Logs, obviously AWS GuardDuty which is an amazing detection system that AWS offer to its customer, and we're able to leverage it, correlate it with other signals. And at the same time, there's also the commercial aspect and the business aspect. I mean, we're allowing AWS customers to leverage the AWS credits to the marketplace to fund same projects like Hunters that comes with a lot of efficiencies also. And with a lot of additional capabilities like I mentioned earlier. >> So let's crack open Hunters.AI. What makes this approach different? You talked about the challenges that you guys saw in the market that were gaps there, and why technology needed to come in from a disruption standpoint. But describe the differentiators. When you're talking to perspective customers, what are those key differentiators that Hunters brings to the table? >> Yeah, absolutely. So we like to divide it into three main pillars. The first pillar is everything that we do with data, that is very different from our competitors. We believe that data should be completely liberated from the analytical layer. And that's why we're storing data in a dedicated data warehouse. Snowflake, as you mentioned earlier, is one of our go to data warehouses. And that give customers the ability to own their own data. So you as a customer can opt in into using Hunters on top of your Snowflake. It's not the only way. You can also get Snowflake bundled as part of that, your Hunter subscription, but for some customers that ability to reduce vendor lock risk on data on your own and also level security data for other kind of workflows is something that is really huge. So that's the first thing that is very different. The second thing is what we like to call security engineering as a service. So when you buy Hunters, you don't just buy a data platform. You actually buy a system, a SOC platform that is already populated with use cases. So what we are saying is that in today's world the threats that we're handling as a SOC, as security operations center professionals are actually shared by 80% of the customers out there. So 80% of the customers share around 80% of the threat. And what we're basically saying is let us as a vendor, solve the detection response around that 80%. So you as a customer could focus on the 20% that is unique to your environment. Then in a lot of cases generate 80% of the impact. So that means that you are getting a lot of rebuilt tools and detections, data modeling to your integrations, automatic investigations, scoring correlations. All of these things are being continuously deployed and delivered by us because we're multi tenant SaaS. And also allowing you again to get this effortless tail key kind of solution that is very different from your experience with your current SIEM tools that usually involves a lot of tuning, professional services, configuration, et cetera. And the last aspect of it, is everything that we're doing around automation. We're leveraging very unique graph technology and what we call automatic investigation enrichments that allows us to take all of these signals that we're extracting from all over the attacks, of say AWS included, but also the endpoint and the email and the network and IOT environments and whatever automatically investigate them, load them into a graph and then automatically correlate them to what we call stones, which are basically representation of incidents that are happening across your tax office. And that's a very unique capability that we bring into the table that demonstrates our focus on the analytical lens. So it's not just log aggregation, and querying and dashboarding kind of system. It's actually a security analytic system that is able to drive real insights on top of the data that you're plugging into it. >> So talk to me, Uri, when you're in customer conversations these days the market is there's so many dynamics and flux that customers are dealing with. Obviously, the threat landscape continues to expand and really become quite amorphous as that perimeter blends. What are some of the specific challenges that security operation center or SOC teams come to you saying, help us eliminate this. We have so many tools, we've probably got limited resources. What are those challenges and how does Hunters really wipe those off the plate? >> Yeah, so I think the first and foremost has to do with the second pillar that I mentioned earlier and that's security engineering. So for most security operations centers and most organizations around the world, the feeling is that they're kind of like stuck on this third wheel. They keep on buying tools and then implementing these tools and then writing rules and then generating noise and then fine tuning the rules. And then testing the rules and understanding that the fine tuning actually generated misdetections. And they're kind of like stuck on this vicious side. And no one can really help because a lot of the stuff that they're building, they're building it in their environment. And what we're saying is that, let us do it for you. Well, that 80% that we've mentioned earlier and allows you to really focus on the stuff that you're doing and even offset your talent. So, we're not talking about really a talent reduction. Because everyone needs more talent in cybersecurity nowadays but we're talking a lot about offset. I mean, if we had a team of five people investing efforts in building walls, building automation, and now three or four of these people can go and do advanced investigations, instant response, threat hunting interval, that's meaningful. For a lot of SOCs, in a lot of cases that means either identifying and analyzing a threat in time or missing it. So, I mean, I think that that's the biggest thing. And the other thing has to do with the first thing that I mentioned earlier, and these are the data challenges. Data challenges in terms of cost, performance, the ability to absorb data sets that today's tools can't really support. I mean, for example, one of the biggest data sets that we're loading that is tremendously helpful is raw data for EDR products. Raw data for EDR products in large enterprises can get to 10, 15, 20 terabytes a day. In today's SIEMs and SOC platforms that the customers are using, this thing is just as prohibited from SOC. They can't really analyze it because it's so costly. So what we're saying is a lot of what we're seeing is a lot of customers, either not analyzing it at all, or saving it for a very little amount of time, account of days. Because they can't support the retention around it. So the ability to store huge data sets for longer period of time makes it something that a lot of big enterprises need. And to be honest, I think that in the next couple of years they would also be forced to have these kind of capabilities, even from a compliance perspective. >> So in terms of outcomes, I'm hearing reduction in costs really helping security teams utilize their resources, the ability to analyze growing volumes of data. That's only going to continue to increase as we know. Is there a customer story, Uri that you have that really, where the value proposition of Hunters really shines through? >> Yeah, I think that one thing comes to mind from those hospitality vertical and actually it's a reference customer. I mean, we can share the name. His name is booking.com. It's also publicly shown on our website. And they think the coolest thing that we were able to do with booking is give them that capability to stay up to date with the threats that they're facing. So it's not just that we saved a lot of efforts from them because we came with a lot of out of the box capabilities that they can use. We also kept them up to date with everything that they were facing. And there was a couple of cases, where we were able to detect threats that were very recently from threat perspective. Based on our ability to invest research time and efforts in everything that is going on in the ecosystem and the feedback that we got from the customer, and it's not a single of feedback. Like we're getting it a lot, is that, without you guys we wouldn't be able to do the effective research and then the implementation of this and the threat modeling and the implementation of these things in time. And walking with you kind of like made the difference between analyzing it and reacting in time and potentially blocking like a very serious bridge versus maybe finding out when it's too late. >> Huge impact there. And I'm kind of thinking, Hunters aim, might be one of the reasons that booking.com's tagline it's booking.com, booking.yeah. Yeah, we're secure. We know if we can demonstrate that to everyone that uses our service. I noticed kind of wrapping things up here, Uri. I noticed that back in I think it was January of 2022, Hunters raised about 60 million in series C. You talked about kind of being in the GTM phase, where are some of those strategic investments? What have you been doing, focusing on this year and what's to come as we round out 22? >> Yeah, absolutely. So, I mean, there's a lot of building going on. Yeah. Still, right. I mean, we're getting into that scale mode and scale phase but we're very much also building our capabilities, building our infrastructure, building our teams, building our business processes. So there's a lot of efforts going into that, but in the same time, I mean, we've being able to vary, to depending our relationship with DataBlitz which is a very important partner of us. And we got some big news coming up on that. And they were a strategic investor that participated in our series C. And in the same time we're walking in the air market which is a very interesting market for us. And we get a lot of support from one other strategic investor that joined the series C, Deutsche Telekom. And they are a huge provider in IT and security in email, other than doing a lot of other things and including T-systems and T-Mobile and everything that has to do with that. So we're getting a lot of support from them. And regardless, I think, and that ties back to what we've mentioned earlier, the ability for us to come to really big customers with the quality of investors that we have is a very important external validation. It's basically saying like this company is here to stay. We're aiming at disrupting the market. We're building something big. You can count on us by replacing this critical system that we're talking about. And sometimes it makes a difference, like sometimes for some of the customers, it means that this is something that I can rely on. Like it's not a startup that is going to be sold two months after I'm deploying it. And it's not a founder that is going to disappear on me. And for a lot of customers, these things happen, especially in an ecosystem like cybersecurity, that is so big with such a huge variety of different systems. So, yeah, I think that we're getting ready for that scale mode and hopefully it'll happen sooner than what we think. >> A lot of growth already as we mentioned in the beginning of the program. Since just 2018 it sounds like from a foundation perspective, you guys are strong, you're rocking away and ready to really take things into 2023 with such force. Uri, thank you so much for joining me on the program, talking about what Hunters.AI is up to and how you're different and why you're disrupting the SIEM market. We appreciate your insights and your time. >> Absolutely. Lisa, the pleasure was all mine. Thank you for having me. >> Likewise. For Uri May, I'm Lisa Martin. Thank you for watching our CUBE Conversation as part of the AWS startup showcase. Keep it right here for more actions on theCUBE, your leader in tech coverage. (upbeat music)

>>All we're back. We're wrapping up day two at Falcon 22 from the area in Las Vegas, CrowdStrike CrowdStrike. The action is crazy. Second day, a keynotes. Sean Henry is back. He's the chief security officer at CrowdStrike. He did a keynote today. Sean. Good to see you. Thanks for coming >>Back. Good. See you, Dave. Thanks for having me. >>So, unfortunately, I wasn't able to see your keynote cuz I had to come do cube interviews. You interviewed Kimbo Walden from, from, you know, white house, right? >>National cyber security >>Director. We're gonna talk about that. We're gonna talk about Overwatch, your threat hunting report. I want to share the results with our audience, but start with your, well actually start with the event. We're now in day two, you've had a good chance to talk to customers and partners. What are, what are your observations? Yeah, >>It's first of all, it's been an amazing event over 2200 attendees here. It's really taking top three floors at the area hotel and we've got partners and customers, employees, and to see the excitement and the level of collaboration here is absolutely phenomenal. All these different organizations that are each have a piece of cyber security to see them coming together, all in support of how do you stop breaches? How do you work together to do it? It's really been absolutely phenomenal. You're >>Gonna love the collaboration. We kind of talked about this on our earlier segment is the industry has to do a better job and has been doing a better job. You know, I think you and Kevin laid that out pretty well. So tell me about the interview with the fireside chat with Kimba. What was that like? What topics came up? >>Yeah. Kimba is the principal, deputy national cyber security advisor. She's been there for just four months. She spent over 10 years at DHS, but she most recently came from the private sector in cybersecurity. So she's got that the experience as a private sector expert, as well as a public sector expert and to see her come together in that position. It was great. We talked a lot about some of the strategies the white house is looking to put forth in their new cybersecurity strategy. There was recently an executive order, right? That the, the president put forth that talks about a lot of the things that we're doing here. So for example, the executive order talks about a lot of the legacy type of capabilities being put to pasture and about the government embracing cloud, embracing threat, hunting, embracing EDR, embracing zero trust and identity protection. Those are all the things that the private sector has been moving towards over the last year or two. That's what this is all about here. But to see the white house put that out, that all government agencies will now be embracing that I think it puts them on a much shorter footing and it allows the government to be able to identify vulnerabilities before they get exploited. It allows them to much more quickly identify, have visibility and respond to, to threats. So the government in infrastructure will be safer. And it was really nice to hear her talk about that and about how the private sector can work with the government. >>So you know how this works, you know, having been in the bureau. But so it's the, these executive orders. A lot of times people think, oh, it's just symbolic. And there are a couple of aspects of it. One is president Biden really impressed upon the private sector to, you know, amp it up to, to really focus and do a better job. But also as you pointed out that executive order can adjudicate what government agencies must do must prioritize. So it's more than symbolic. It's actually taking action. Isn't >>It? Yeah. I, I, I think it, I think it's both. I think it's important for the government to lead in this area because while a, a large portion of infrastructure, major companies, they understand this, there is still a whole section of private sector organizations that don't understand this and to see the white house, roll it out. I think that's good leadership and that is symbolic. But then to your second point to mandate that government agencies do this, it really pushes those. That might be a bit reluctant. It pushes them forward. And I think this is the, the, the type of action that as it starts to roll out and people become more comfortable and they start to see the successes. They understand that they're becoming safer, that they're reducing risk. It really is kind of a self-fulfilling prophecy and we see things become much safer. Did, >>Did you guys talk about Ukraine? Was that, was that off limits or did that come up at all? >>It wasn't, it wasn't off limits, but we didn't talk about it because there are so many other things we were discussing. We were talking about this, the cyber security workforce, for example, and the huge gap in the number of people who have the expertise, the capability and the, and the opportunities to them to come into cyber security technology broadly, but then cyber security as a sub sub component of that. And some of the programs, they just had a big cyber workforce strategy. They invited a lot of people from the private sector to have this conversation about how do you focus on stem? How do you get younger people? How do you get women involved? So getting maybe perhaps to the untapped individuals that would step forward and be an important stop gap and an important component to this dearth of talent and it's absolutely needed. So that was, was one thing. There were a number of other things. Yeah. >>So I mean, pre pandemic, I thought the number was 350,000 open cybersecurity jobs. I heard a number yesterday just in the us. And you might have even told me this 7, 7 50. So it's doubled in just free to post isolation economy. I don't know what the stats are, but too big. Well, as a, as a CSO, how much can automation do to, to close that gap? You know, we were talking earlier on the cube about, you gotta keep the humans in the loop, you, you, the, the, the, the Nirvana of the machines will just take care of everything is just probably not gonna happen anytime in the near term, even midterm or long term, but, but, but how can automation play and help close that gap? So >>The, the automation piece is, is what allows this to scale. You know, if we had one company with a hundred endpoints and we had a couple of folks there, you could do it with humans. A lot of it when you're talking about hundreds of millions of endpoints spread around the globe, you're talking about literally trillions of events every week that are being identified, evaluated and determined whether they're malicious or not. You have to have automation and to have using the cloud, using AI, using machine learning, to sort through, and really look for the malicious needle in a stack of needle. So you've gotta get that fidelity, that fine tune review. And you can only do that with automation. What you gotta remember, Dave, is that there's a human being at the end of every one of these attacks. So we've got the bad guys, have humans there, they're using the technology to scale. We're using the technology to scale to detect them. But then when you get down to the really malicious activity, having human beings involved is gonna take it to another level and allow you to eradicate the adversaries from the environment. >>Okay. So they'll use machines to knock on the door when that door gets opened and they're in, and they're saying, okay, where do we go from here? And they're directing strategy. Absolutely. I, I spent, I think gave me a sta I, I wonder if I wrote it down correctly, 2 trillion events per day. Yeah. That you guys see is that I write that down. Right? >>You did. It changes just like the number of jobs. It changes when I started talking about this just a, a year and a half ago, it was a billion a day. And when you look at how it's multiplied exponentially, and that will continue because of the number of applications, because of the number of devices as that gets bigger, the number of events gets bigger. And that's one of the problems that we have here is the spread of the network. The vulnerability, the environment is getting bigger and bigger and bigger as it gets bigger, more opportunities for bad guys to exploit vulnerabilities. >>Yeah. And we, we were talking earlier about IOT and extending, you know, that, that threats surface as well, talk about the Overwatch threat hunting report. What is that? How, how often have you run it? And I'd love to get into some of the results. Yeah. >>So Overwatch is a service that we offer where we have 24 by seven threat hunters that are operating in our customer environments. They're hunting, looking for, looking for malicious activity, malicious behavior. And to the point you just made earlier, where we use automation to sort out and filter what is clearly bad. When an adversary does get what we call fingers on the keyboard. So they're in the box and now a human being, they get a hit on their automated attack. They get a hit that, Hey, we're in, it's kind of the equivalent of looking at the Bober while you're fishing. Yeah. When you see the barber move, then the fisherman jumps up from his nap and starts to reel it in similar. They jump on the keyboard fingers on the keyboard. Our Overwatch team is detecting them very, very quickly. So we found 77,000 potential intrusions this past year in 2021, up to the end of June one, one every seven minutes from those detections. >>When we saw these detections, we were able to identify unusual adversary behavior that we'd not necessar necessarily seen before we call it indicators of attack. What does that mean? It means we're seeing an adversary, taking a new action, using a new tactic. Our Overwatch team can take that from watching it to human beings. They take it, they give it to our, our engineering team and they can write detections, which now become automated, right? So you have, you have all the automation that filters out all the bad stuff. One gets through a bad guy, jumps up, he's on the keyboard. And now he's starting to execute commands on the system. Our team sees that pulls those commands out. They're unusual. We've not seen 'em before we give it to our engineering team. They write detections that now all become automated. So because of that, we stopped over with the 77,000 attacks that we identified. We stopped over a million new attacks that would've come in and exploited a network. So it really is kind of a big circle where you've got human beings and intelligence and technology, all working together to make the system smarter, to make the people smarter and make the customers safer. And you're >>Seeing new IAS pop up all the time, and you're able to identify those and, and codify 'em. Now you've announced at reinforced, I, I, in July in Boston, you announced the threat hunting service, which is also, I think, part of your you're the president as well of that services division, right? So how's that going? What >>What's happening there? What we announced. So we've the Overwatch team has been involved working in customer environments and working on the back end in our cloud for many years. What we've announced is this cloud hunting, where, because of the adoption of the cloud and the movement to the cloud of so many organizations, they're pushing data to the cloud, but we're seeing adversaries really ramp up their attacks against the cloud. So we're hunting in Google cloud in Microsoft Azure cloud in AWS, looking for anomalous behavior, very similar to what we do in customer environments, looking for anomalous behavior, looking for credential exploitation, looking for lateral movement. And we are having a great success there because as that target space increases, there's a much greater need for customers to ensure that it's protected. So >>The cloud obviously is very secure. You got some of the best experts in the planet inside of hyperscale companies. So, and whether it's physical security or logical security, they're obviously, you know, doing a good job is the weakness, the seams between where the cloud provider leaves off and the customer has to take over that shared responsibility model, you know, misconfiguring and S3 bucket is the, you know, the common one, but I'm so there like a zillion others, where's that weakness. Yeah. >>That, that's exactly right. We see, we see oftentimes the it piece enabling the cloud piece and there's a connectivity there, and there is a seam there. Sometimes we also see misconfiguration, and these are some of the things that our, our cloud hunters will find. They'll identify again, the equivalent of, of walking down the hallway and seeing a door that's unlocked, making sure it's locked before it gets exploited. So they may see active exploitation, which they're negating, but they also are able to help identify vulnerabilities prior to them getting exploited. And, you know, the ability for organizations to successfully manage their infrastructure is a really critical part of this. It's not always malicious actors. It's identifying where the infrastructure can be shored up, make it more resilient so that you can prevent some of these attacks from happening. I >>Heard, heard this week earlier, something I hadn't heard before, but it makes a lot of sense, you know, patch Tuesday means hack Wednesday. And, and so I, I presume that the, the companies releasing patches is like a signal to the bad guys that Hey, you know, free for all go because people aren't necessarily gonna patch. And then the solar winds customers are now circumspect about patches. The very patches that are supposed to protect us with the solar winds hack were the cause of the malware getting in and, you know, reforming, et cetera. So that's a complicated equation. Yeah. >>It, it certainly is a couple, couple parts there to unwind. First, when you, you think about patch Tuesday, there are adversaries often, not always that are already exploiting some of those vulnerabilities in the wild. So it's a zero day. It's not yet been patched in some cases hasn't yet been identified. So you've got people who are actively exploiting. It we've found zero days in the course of our threat hunting. We report them in a, in a, in a responsible way. We've gone to Microsoft. We've told them a couple times in the last few months that we found a zero day and give them an opportunity to patch that before anybody goes public with it, because absolutely right when it does go public, those that didn't know about it before recognize that there will be millions of devices depending on the, the vulnerability that are out there and exploitable. And they will absolutely, it will tell everybody that you can now go to this particular place. And there's an opportunity to gain access, to exploit privileges, depending on the criticality of the patch. >>I, I don't, I, I don't, I'm sorry to generalize, but I wanna ask you about the hacker mindset. Let's say that what you just described a narrow set of hackers knows that there's an unpatched, you know, vulnerability, and they're making money off of that. Will they keep that to themselves? Will they share that with other folks in the net? Will they sell that information? Or is it, is it one of those? It depends. It, >>I was just gonna say, it depends you, you beat me to it. It absolutely depends. All of, all of the above would be the answer. We certainly see organ now a nation state for example, would absolutely keep that to themselves. Yeah. Right. Their goal is very different from an organized crime group, which might sell access. And we see them all the time in the underground selling access. That's how they make money nation states. They want to keep a zero day to themselves. It's something they're able to exploit in some cases for months or years, that that, that vulnerability goes undetected. But a nation state is aware of it and exploiting it. It's a, it's a dangerous game. And it just, I think, exemplifies the importance of ensuring that you're doing everything you can to patch in a timely matter. Well, >>Sean, we appreciate the work that you've done in your previous role and continuing to advance education, knowledge and protection in our industry. Thank you for coming on >>You. Thank you for having me. This is a fantastic event. Really appreciate you being here and helping to educate folks. Yeah. >>You guys do do a great job. Awesome. Set that you built and look forward to future events with you guys. My >>Friends. Thanks so much, Dave. Yeah. Thank >>You. Bye now. All right. Appreciate it. All right, keep it right there. We're gonna wrap up in a moment. Live from Falcon 22. You're watching the cube.

(upbeat music) >> Hi, everyone. Welcome to theCUBE's presentation of the AWS Startup Showcase. This is season two, episode four of our ongoing series, where we're talking with exciting partners in the AWS ecosystem. This topic on this episode is cybersecurity. Detect and protect against threats. I have two guests here with me today from Hunters. Please welcome Lital Asher-Dotan, the CMO. And Ofer Gayer, the VP of product management. Thank you both so much for joining us today. >> Thank you for having us, Lisa. >> Our pleasure. Lital, let's go ahead and start with you. Give the audience an overview of Hunters. What does it do, when was it founded, what's the vision? All that good stuff. >> So Hunters was founded in 2018. Two co-founders coming out of Unit 8200 in the Israeli Defense Force. The founders and our people in engineering and R&D are mostly coming from both offensive cybersecurity as well as defensive threat hunting, advanced operations, or being able to see and response to advance attack. And with the knowledge that they came with, they wanted to enable security teams in organizations, not just those that are coming from, you know, military background but those that actually need to defend day in and day out against the growing cyber-attacks that are growing in sophistication, in the numbers of attacks. And we all know that every organization nowaday is being targeted, is it ransomware, more sophisticated attacks. So this thing has become a real challenge. And we all know those challenges that the industry is facing with talent scarcity, with lack of the knowledge and expertise needed to address this. So came in with this mindset of we want to bring our expertise into the field, build it into a platform, into a tool that will actually serve security teams in organizations around the world to defend against cyber attacks. So born and raised in Tel Aviv, became a global company. Recently raised a serious CO funding. Funded by the world's greatest VCs, from Stripes, Wild Ventures, supported by Snowflake data breaks and Microsoft M12, also as strategic partners. And we now have broad variety of customers from all industries around the world, from tech to retail to e-commerce to banks that we work closely with. So very exciting times. And we're very excited to share today how we work with AWS customers to support the environments. >> Yeah, we're going to unpack that. So really solid foundation the company was built on, only a few years ago. Lital was there, why a new approach? Was there a compelling event? Obviously, we've seen dramatic changes in the threat landscape in recent years. Ransomware becoming a, when it happens to us, not if. But any sort of compelling event that really led the founders to go, "Ah! This new approach, we got to go this direction." >> Absolutely. We've seen a tremendous shift of organizations from cloud adoption to adoption of more security tools. Both create a scenario which the toolsets that are currently being used by security organizations, the security teams are not efficient anymore. They cannot deal with the plethora of a variety of data. They cannot deal with the scale that is needed. And the security teams are really under a tremendous burden of tweaking tools that they have in their environment without too much of automation, with a lot of manual work processes. So we've seen a lot of points where the current technology is not supporting the people and the processes that need to support security operations. And with that, Ofer, and his product team kind of set a vision of what a new platform should come to replace and enhance what teams are using these days. >> Excellent. Ofer, that's a perfect segue to bring you into the conversation. Talk about that vision and some of those really key challenges and problems that Hunters is solving for organizations across any industry. >> Yeah. So as Lital mentioned, it was very rightful. The problem with the SIM space, that the space that we're disrupting is the well-known secret around is it's a broken space. There's a lot of competitors. There's a lot of vendors out there. It's one of the most mature, presumably mature markets in cybersecurity. But it seems like that every single customer and organization we talk to, they don't really like their existing solution. It doesn't really fit what they need. It's a very painful process and it's painful all across their workflow from the time they ingest the data. Everybody knows if you ever had a SIM solution or a SOC platform, just getting the data into your environment can take the most amount of your time, the lion's share of whatever your engineers are working on will go to getting the data into the system, and then keeping it there. It's this black hole that you have to keep feeding with more and more resources as you go along. It's an endless task with a lot of moving pieces, and it's very very painful before you even get a single moment of value of security use case from your product. That's a big, painful piece. What you then see is, once they set it up, their detection engineering is so far behind the curve because of all the different times of things they need to take care of. It used to be a limited attack surface. We all know the attack surface here today is enormous, especially when you talk about something like AWS, there's new services, new things all the time, more accounts, more things. It keeps moving a lot, and keeping track of that and having someone that can actually look into a new threat when it's released, look into a new attack surface, analyze it, deploying the detections in time, test and tweak, and all those things. Most organizations don't even how to start approaching this problem, and that's a big pain for them. When they finally get to investigating something, there lacks the context and the knowledge of how to investigate. They have very limited information coming to them and they go on this hunting chase of not hunting the attackers but hunting the data, looking for the bits and pieces they're missing to complete the picture. It's like this bad boss that gives you very little instructions or guidelines, and then you need to kind of try to figure out what is it that they asked, right? That's the same thing with trying to do triaging with very minimal context. You look at the IP and then you try to figure out, you look at the Hash, you look at all these different artifacts and you try to figure out yourself. You have very limited insights. And the worst is when you're under the gun, when there's a new emerging threat that happens like a Log4Shell, and now you're under the gun and the entire company's looking at you and saying, "Are we impacted? What's going on? What should we doing?" So from start to finish, it's a very painful process that impacts everybody in the security organization. A lot of cumbersome work with a lot of frustration. >> And it's companies in any industry, Ofer, don't have time. You talked about some of the time involved here in the lag. And there isn't time in the very dynamic threat landscape that customers are living in. Lital, question for you, is your primary target audience existing SIM customers? 'Cause Ofer mentioned the disruption of the SIM market. I'm just wanting to understand in terms of who you're targeting, what does that look like? >> Definitely looking for customers that have a SIM and don't like it, don't find that it helps them improve the security posture. We also have organizations that are young, emerging, have a lot of data, a lot of tech companies that have grown in the last 10, 15 years, or even five years. With Snowflake as a customer, they're booming. They have so much data that going the direction of traditional tools to aggregate the logs, cross-correlate them doesn't make any sense with the scale that they need. They need the cloud-based approach, SaaS approach that is capable of taking care of the environment. So we both cater to those organizations that we're shifting from on-prem to cloud and need visibility into those two environments and into those cloud natives. Born to the cloud don't want to even think of a traditional SIM. >> You mentioned Snowflake. We were just at Snowflake Summit a couple of months ago, I think that was. And tremendous company that massive growth, massive growth in data across the board though. So I'm curious, Ofer, if we go back to you, if we can dig into some of these data challenges. Obviously, data volume and variety, it's only going to continue to grow and proliferate and expand. Data in silos is still a problem. What are some of those main data challenges that Hunters helps customers to just eliminate? >> Definitely. So the data challenge starts with getting the right data in. The fact that you have so many different products across so many different environments and you need to try to get them in some location to try to use them for running your queries, your rules, your correlation. It's a big prompt. There's no unified standard for anyone, even if there was, you would have a lot of legacy things on-premises, as well as your AWS environment. You need to combine all these. You can keep things only on-prem. You can own... Mostly a lot of, most organizations are still in hybrid mode. They have, they're shifting most of their things to AWS. You still have a lot of things on-prem that they're going to shift in the next 3, 4, 5 years. So that hybrid approach is definitely a problem for gathering the data. And when they gather the data, a lot of the times their existing solutions are very cost prohibitive and scale prohibitive from pushing all the data in essential location. So they have these data silos. They'll put some of it there, some of it here, some of that in a different location, hot storage, cold storage, long-term storage. They don't really, they end up not knowing really where the data is especially when they need it the most becomes a huge problem for them. Now with analytics, it's very hard to know upfront what data I'll need not tomorrow, but maybe in three months to look back and query. Making these decisions is very hard. Changing them later is even harder. Keeping track of all these moving pieces. You know, you have a device, you have some vendor sending you some logs, they changed their APIs. Who's in charge of fixing it? Who's in charge of changing your schema? You move from one EDR vendor to the other. How are you making sure that you keep the same level of protection? All these data challenges are very problematic for most customers. The most important thing is to be able to gather as much data as possible, putting it in a centralized location, and having good monitoring in a continuous flow of, I know what data I'm getting in. I know how much I'm using, and I'm making sure that it's working and flowing. It's going to a central place where I can use it at any time that I want. >> We've seen, if I can add- >> So, Lital- >> Sorry. >> Yes, please. >> You wanted to add on that? We've seen too much compromise on data that because of prohibitive costs, structure of tools, or because of inability to manage the scale, teams are compromising or making choices and are paying a price of the latency of being able to then go search if an incident happened, that if you are impacted by something. It all means money and time at the end of the day when you actually need to answer yourself, am I breached or not? We want to break out from this compromise. We think that data is something that should not be compromised. It's a commodity today. Everything should be retained, kept, and used as appropriately without the team needing to ration what they're going to use versus what they're not going to use. >> Correct (faintly speaking). >> That's a great point. >> Go ahead. >> Yeah. And we've seen customers either having entire teams dedicated to just doing this and, or leveraging products and companies that actually build a business around helping you filter the data that you need to put in different data silos, which to me is, shows how much problem, pain, and how much this space is broken with what it provides with customers that you have these makeshift solutions to go around the problem instead of facing it head on and saying, "Okay, let's build something that you're put all your data as much as you want, not have to compromise on security." >> You both bring up such a great point where data and security is concerned. No business can afford to compromise. Usually compromise is a good thing, but in that case, it's really not. Companies can't afford that. We know with the threat landscape, the risk, all of the incentives for bad actors that companies need to ensure that they're doing the right things in a timely manner. Lital, I'm curious, you mentioned the target markets that you're going after. Where were customer conversations? Is this a C-suite conversation from a data security perspective? I would this is more than the CISO. >> It's a CISO conversation, as well as we talk on a daily basis with those that lead security operations, head of SOCs. Those that actually see how the analyst are being overworked, are tired, have so many false positives that they need to deal with, noise day in, day out, becoming enslaved with the tools that they need to work on and tweak. So we have seen that the ones that are most enlightened by a solution like Hunters are actually the ones that have the SOC reporting to them. They know the daily pain and how much the process is broken. And this is probably one of the... We all talk about, you know, job satisfaction or dissatisfaction, the greatest, the great resignation, people are living. This is the real problem in security. And the SOC is one of these places that we see this alert, fatigue, people are struggling. It's a stressful work. And if there is anything that we can do to offload the work that is less appealing and have them work on what they sign up for, which is dealing with real threat, solving them, instead of dealing with false positives. This is where we can actually help. >> Can you add a little bit on that, Lital? And you mentioned the cybersecurity skills gap, which is massive. We talked about that a lot because it's a huge problem. How is Hunters a facilitator of companies that might be experiencing that? >> Absolutely. So we come with approach of, we call it the 80/20 of detection and response. Basically, there are about 80%, probably more, it's actually something like 95% of the threats are shared across all organizations in the world. Also, 80 to 90% of the environments are similar. People are using similar tools. They're on similar cloud services. We think that everything that goes around detection of threats, around those common attacks, scenarios in common attack landscape should come out of the box from the vendor like Hunters. So we automate, we write the rules, we cross-correlate. We provide those services out of the box once you sign in to use our solution. Your data flows in and we basically do the processing and the analysis of all the data, so that your team can actually focus on the 20%, or the 15, or the 5% that are very unique to your organization. If you are developing a specific app and you have the knowledge about the DevSecOps that needs to take place to defend it. Great, have your team focus on that. If you are a specific actor in a specific space and specific threats that are unique to you, you build your own detections into our tool. But the whole idea that we have the knowledge, we see attacks across industries and across industries we have the researchers and the capabilities to be on top of those things, so your team doesn't need to do it on a daily basis because new attacks come almost on a daily basis. Now, we read them in the news, we see them. So we do it, so your team doesn't have to. >> And nobody wants to be that next headline where a breach is concerned. Lital, close this out here with outcomes. I noticed some big stats on your website. I always gravitate towards that. What are some of the key outcomes that Hunters customers are achieving and then specifically AWS customers? >> Absolutely. Well, we already talked a lot about data and being able to ingest it. So we give our customers the predictability, the ability to ingest the data knowing what the cost is going to be in a very simple cost model. So basically you can ingest everything that you have across all IT tools that you have in your environment. And that helped companies reduce up to 75% of the data cost. We've seen with large customer, how much it change when they moved from traditional SIMs to using Hunters. Specifically, AWS customers can actually use the AWS Credits to buy Hunters if they're interested. Just go to AWS Marketplace, search for Hunters and come to a website, you can use your credits for that. I think we talked also about the security burden, the time spent on writing rules plus correlating incidents. We have seen sometimes a change in, instead of investigating an incident for two days, it is being cut for 20 minutes because we give them the exact story of the entire attack. What are the involved assets? What are the users that are involved, that they can just go see what's happening and then immediately go and remediate it. So big shift in meantime to detect meantime to respond. And I'm sure Ofer has a more kind of insights that he's seen with some of our customers around that. >> Yeah. So some great examples recently there. So there's two things that I've been chatting to customers about. One thing they really get a benefit of is we talked about the problem with talent. And where that really matters the most is that under the gun mode, we have a service that is, we see it as the natural progression of the service that we provide called Team Axon. What Team Axon does for you is when you're under the gun, when something like Log4Shell happens and everybody's looking at you, and time is ticking, instead of trying to figure out on yourself, Team Axon will come in, figure out the threat, will devise a report for all the customers, run queries on your behalf on your data, and give it to you within 24 hours. You'll have something to show your CEO or your executive team, your board even, this is where we got impacted or not impacted. This is what we did. Here's the mitigation thing, step that we need to take from world-class experts that you might not get access to for every single attack out there. That really helps customers kind of feel like they're safe. There's someone there to help them. There's a big brother there. I call it sometimes the Bat-Signal when we need it the most. The other thing is on the day-to-day, a lot of solution, we'll kind of talk about out-of-the-box security. Now, the problem with out-of-the-box security is keeping it up to date, that's what a lot of people miss. You have to think that you installed a year ago, but security doesn't stay put, you need to keep updating it. And you need to keep the updated pretty pretty frequently to stay ahead of the curve. If you're behind couple of months on your security updates, you know what happens. Same thing with your SOC platform on your SIM rule base. The reason that customers don't update is because if they usually do, then it might blow up the amount of alerts they're getting 'cause they need to tweak them. With the approach that we take that we tested on our customer's data transparently for them, and make sure to release them without false positives. We're just allowing them to push the updates transparently directly to their account. They don't need to do anything. And one customer, one of our biggest accounts, they have dozens of subsidiaries and multiple SOCs and one of the largest e-commerce companies in the world. And the person running security, he said, "If I had to do what Hunters gives me out of the box myself, I have to hire 20 people and put them to work for 18 months for what you give me out of the box." So for me, it's a very- >> That's huge. >> What we give customers and the kind of challenges that we're able to solve for them. >> Big challenges. Lital and Ofer, thank you so much for joining us on theCUBE today as part of this AWS Startup Showcase, talking about what Hunters does, why the vision and the value in it for customers. We appreciate your time and your insights. >> Thank you so much. >> For having us. >> My pleasure. For my guests, I'm Lisa Martin. Thank you for watching this episode of the AWS Startup Showcase. We'll see you soon. (cheerful music)