(upbeat music) >> Today's organizations are overwhelmed by the number of different assets connected to their networks, which now include not only IT devices and assets, but also a lot of unmanaged assets, like cloud, IoT, building management systems, industrial control systems, medical devices, and more. That's not just it, there's more. We're seeing massive volume of threats, and a surge of severe vulnerabilities that put these assets at risk. This is happening every day. And many, including me, think it's only going to get worse. The scale of the problem will accelerate. Security and IT teams are struggling to manage all these vulnerabilities at scale. With the time it takes to exploit a new vulnerability, combined with the lack of visibility into the asset attack surface area, companies are having a hard time addressing the vulnerabilities as quickly as they need. This is today's special CUBE program, where we're going to talk about these problems and how they're solved. Hello, everyone. I'm John Furrier, host of theCUBE. This is a special program called Managing Risk Across Your Extended Attack Surface Area with Armis, new asset intelligence platform. To start things off, let's bring in the co-founder and CTO of Armis, Nadir Izrael. Nadir, great to have you on the program. >> Yeah, thanks for having me. >> Great success with Armis. I want to just roll back and just zoom out and look at, what's the big picture? What are you guys focused on? What's the holy grail? What's the secret sauce? >> So Armis' mission, if you will, is to solve to your point literally one of the holy grails of security teams for the past decade or so, which is, what if you could actually have a complete, unified, authoritative asset inventory of everything, and stressing that word, everything. IT, OT, IoT, everything on kind of the physical space of things, data centers, virtualization, applications, cloud. What if you could have everything mapped out for you so that you can actually operate your organization on top of essentially a map? I like to equate this in a way to organizations and security teams everywhere seem to be running, basically running the battlefield, if you will, of their organization, without an actual map of what's going on, with charts and graphs. So we are here to provide that map in every aspect of the environment, and be able to build on top of that business processes, products, and features that would assist security teams in managing that battlefield. >> So this category, basically, is a cyber asset attack surface management kind of focus, but it really is defined by this extended asset attack surface area. What is that? Can you explain that? >> Yeah, it's a mouthful. I think the CAASM, for short, and Gartner do love their acronyms there, but CAASM, in short, is a way to describe a bit of what I mentioned before, or a slice out of it. It's the whole part around a unified view of the attack surface, where I think where we see things, and kind of where Armis extends to that is really with the extended attack surface. That basically means that idea of, what if you could have it all? What if you could have both a unified view of your environment, but also of every single thing that you have, with a strong emphasis on the completeness of that picture? If I take the map analogy slightly more to the extreme, a map of some of your environment isn't nearly as useful as a map of everything. If you had to, in your own kind of map application, you know, chart a path from New York to whichever your favorite surrounding city, but it only takes you so far, and then you sort of need to do the rest of it on your own, not nearly as effective, and in security terms, I think it really boils down into you can't secure what you can't see. And so from an Armis perspective, it's about seeing everything in order to protect everything. And not only do we discover every connected asset that you have, we provide a risk rating to every single one of them, we provide a criticality rating, and the ability to take action on top of these things. >> Having a map is huge. Everyone wants to know what's in their inventory, right, from a risk management standpoint, also from a vulnerability perspective. So I totally see that, and I can see that being the holy grail, but on the vulnerability side, you got to see everything, and you guys have new stuff around vulnerability management. What's this all about? What kind of gaps are you seeing that you're filling in the vulnerability side, because, okay, I can see everything. Now I got to watch out for threat vectors. >> Yeah, and I'd say a different way of asking this is, okay, vulnerability management has been around for a while. What the hell are you bringing into the mix that's so new and novel and great? So I would say that vulnerability scanners of different sorts have existed for over a decade. And I think that ultimately what Armis brings into the mix today is how do we fill in the gaps in a world where critical infrastructure is in danger of being attacked by nation states these days, where ransomware is an everyday occurrence, and where I think credible, up-to-the-minute, and contextualize vulnerability and risk information is essential. Scanners, or how we've been doing things for the last decade, just aren't enough. I think the three things that Armis excels at and completes the security staff today on the vulnerability management side are scale, reach, and context. Scale, meaning ultimately, and I think this is of no news to any enterprise, environments are huge. They are beyond huge. When most of the solutions that enterprises use today were built, they were built for thousands, or tens of thousands of assets. These days, we measure enterprises in the billions, billions of different assets, especially if you include how applications are structured, containers, cloud, all that, billions and billions of different assets, and I think that, ultimately, when the latest and greatest in catastrophic new vulnerabilities come out, and sadly, that's a monthly occurrence these days. You can't just now wait around for things to kind of scan through the environment, and figure out what's going on there. Real time images of vulnerabilities, real time understanding of what the risk is across that entire massive footprint is essential to be able to do things, and if you don't, then lots and lots of teams of people are tasked with doing this day in, day out, in order to accomplish the task. The second thing, I think, is the reach. Scanners can't go everywhere. They don't really deal well with environments that are a mixed IT/OT, for instance, like some of our clients deal with. They can't really deal with areas that aren't classic IT. And in general, these days over 70% of assets are in fact of the unmanaged variety, if you will. So combining different approaches from an Armis standpoint of both passive and active, we reach a tremendous scale, I think, within the environment, and ability to provide or reach that is complete. What if you could have vulnerability management, cover a hundred percent of your environment, and in a very effective manner, and in a very scalable manner? And the last thing really is context. And that's a big deal here. I think that most vulnerability management programs hinge on asset context, on the ability to understand, what are the assets I'm dealing with? And more importantly, what is the criticality of these assets, so I can better prioritize and manage the entire process along the way? So with these things in mind, that's what Armis has basically pulled out is a vulnerability management process. What if we could collect all the vulnerability information from your entire environment, and give you a map of that, on top of that map of assets? Connect every single vulnerability and finding to the relevant assets, and give you a real way to manage that automatically, and in a way that prevents teams of people from having to do a lot of grunt work in the process. >> Yeah, it's like building a search engine, almost. You got the behavioral, contextual. You got to understand what's going on in the environment, and then you got to have the context to what it means relative to the environment. And this is the criticality piece you mentioned, this is a huge differentiator in my mind. I want to unpack that. Understanding what's going on, and then what to pay attention to, it's a data problem. You got that kind of search and cataloging of the assets, and then you got the contextualization of it, but then what alarms do I pay attention to? What is the vulnerability? This is the context. This is a huge deal, because your businesses, your operation's going to have some important pieces, but also it changes on agility. So how do you guys do that? That's, I think, a key piece. >> Yeah, that's a really good question. So asset criticality is a key piece in being able to prioritize the operation. The reason is really simple, and I'll take an example we're all very, very familiar with, and it's been beaten to death, but it's still a good example, which is Log4j, or Log4Shell. When that came out, hundreds of people in large organizations started mapping the entire environment on which applications have what aspect of Log4j. Now, one of the key things there is that when you're doing that exercise for the first time, there are literally millions of systems in a typical enterprise that have Log4j in them, but asset criticality and the application and business context are key here, because some of these different assets that have Log4j are part of your critical business function and your critical business applications, and they deserve immediate attention. Some of them, or some Git server of some developer somewhere, don't warrant quite the same attention or criticality as others. Armis helps by providing the underlying asset map as a built-in aspect of the process. It maps the relationships and dependencies for you. It pulls together and clusters together. What applications does each asset serve? So I might be looking at a server and saying, okay, this server, it supports my ERP system. It supports my production applications to be able to serve my customers. It serves maybe my .com website. Understanding what applications each asset serves and every dependency along the way, meaning that endpoint, that server, but also the load balancers are supported, and the firewalls, and every aspect along the way, that's the bread and butter of the relationship mapping that Armis puts into place to be able to do that, and we also allow users to tweak, add information, connect us with their CMDB or anywhere else where they put this in, but once the information is in, that can serve vulnerability management. It can serve other security functions as well. But in the context of vulnerability management, it creates a much more streamlined process for being able to do the basics. Some critical applications, I want to know exactly what all the critical vulnerabilities that apply to them are. Some business applications, I just want to be able to put SLAs on, that this must be solved within a week, this must be solved within a month, and be able to actually automatically track all of these in a world that is very, very complex inside of an operation or an enterprise. >> We're going to hear from some of your customers later, but I want to just get your thoughts on, anecdotally, what do you hear from? You're the CTO, co-founder, you're actually going into the big accounts. When you roll this out, what are they saying to you? What are some of the comments? Oh my God, this is amazing. Thank you so much. >> Well, of course. Of course. >> Share some of the comments. >> Well, first of all, of course, that's what they're saying. They're saying we're great. Of course, always, but more specifically, I think this solves a huge gap for them. They are used to tools coming in and discovering vulnerabilities for them, but really close to nothing being able to streamline the truly complex and scalable process of being able to manage vulnerabilities within the environment. Not only that, the integration-led, designer-led deployment and the fact that we are a completely agent-less SaaS platform are extremely important for them. These are times where if something isn't easily deployable for an enterprise, its value is next to nothing. I think that enterprises have come to realize that if something isn't a one click deployment across the environment, it's almost not worth the effort these days, because environments are so complex that you can't fully realize the value any other way. So from an Armis standpoint, the fact that we can deploy with a few clicks, the fact that we immediately provide that value, the fact that we're agent-less, in the sense that we don't need to go around installing a footprint within the environment, and for clients who already have Armis, the fact that it's a flip of a switch, just turn it on, are extreme. I think that the fact, in particular, that Armis can be deployed. the vulnerability management can be deployed on top of the existing vulnerability scanner with a simple one-click integration is huge for them. And I think all of these together are what contribute to them saying how great this is. But yeah, that's it. >> The agent listing is huge. What's the alternative? What does it look like if they're going to go the other route, slow to deploy, have meetings, launch it in the environment? What's it look like? >> I think anything these days that touches an endpoint with an agent goes through a huge round of approvals before anything goes into an environment. Same goes, by the way, for additional scanners. No one wants to hear about additional scanners. They've already gone through the effort with some of the biggest tools out there to punch holes through firewalls, to install scanners in different ways. They don't want yet another scanner, or yet another agent. Armis rides on top of the existing infrastructure, the existing agents, the existing scanners. You don't need to do a thing. It just deploys on top of it, and that's really what makes this so easy and seamless. >> Talk about Armis research. Can you talk about, what's that about? What's going on there? What are you guys doing? How do you guys stay relevant for your customers? >> For sure. So one of the, I've made a lot of bold claims throughout, I think, the entire Q and A here, but one of the biggest magic components, if you will, to Armis that kind of help explain what all these magic components are, are really something that we call our collective asset knowledge base. And it's really the source of our power. Think of it as a giant collective intelligent that keeps learning from all of the different environments combined that Armis is deployed at. Essentially, if we see something in one environment, we can translate it immediately into all environments. So anyone who joins this or uses the product joins this collective intelligence in essence. What does that mean? It means that Armis learns about vulnerabilities from other environments. A new Log4j comes out, for instance. It's enough that, in some environments, Armis is able to see it from scanners, or from agents, or from SBOMs, or anything that basically provides information about Log4j, and Armis immediately infers or creates enrichment rules that act across the entire tenant base, or the entire client base of Armis. So very quick response to industry events, whenever something comes out, again, the results are immediate, very up to the minute, very up to the hour, but also I'd say that Armis does its own proactive asset research. We have a huge data set at our disposal, a lot of willing and able clients, and also a lot of partners within the industry that Armis leverages, but our own research is into interesting aspects within the environment. We do our own proactive research into things like TLStorm, which is kind of a bit of a bridging research and vulnerabilities between cyber physical aspect. So on the one hand, the cyber space and kind of virtual environments, but on the other hand, the actual physical space, vulnerabilities, and things like UPSs, or industrial equipment, or things like that. But I will say that also, Armis targets its research along different paths that we feel are underserved. We started a few years back research into firmwares, different types of real time operating systems. We came out with things like URGENT/11, which was research into, on the one hand, operating systems that run on two billion different devices worldwide, on the other hand, in the 40 years it existed, only 13 vulnerabilities were ever exposed or revealed about that operating system. Either it's the most secure operating system in the world, or it's just not gone through enough rigor and enough research in doing this. The type of active research we do is to complement a lot of the research going on in the industry, serve our clients better, but also provide kind of inroads, I think, for the industry to be better at what they do. >> Awesome, Nadir, thanks for sharing the insights. Great to see the research. You got to be at the cutting edge. You got to investigate, be ready for a moment's notice on all aspects of the operating environment, down to the hardware, down to the packet level, down to the any vulnerability, be ready for it. Great job. Thanks for sharing. Appreciate it. >> Absolutely. >> In a moment, Tim Everson's going to join us. He's the CSO of Kalahari Resorts and Conventions. He'll be joining me next. You're watching theCUBE, the leader in high tech coverage. I'm John Furrier. Thanks for watching. (upbeat music)

(upbeat music) >> Today's organizations are overwhelmed by the number of different assets connected to their networks, which now include not only IT devices and assets, but also a lot of unmanaged assets, like cloud, IoT, building management systems, industrial control systems, medical devices, and more. That's not just it, there's more. We're seeing massive volume of threats, and a surge of severe vulnerabilities that put these assets at risk. This is happening every day. And many, including me, think it's only going to get worse. The scale of the problem will accelerate. Security and IT teams are struggling to manage all these vulnerabilities at scale. With the time it takes to exploit a new vulnerability, combined with the lack of visibility into the asset attack surface area, companies are having a hard time addressing the vulnerabilities as quickly as they need. This is today's special CUBE program, where we're going to talk about these problems and how they're solved. Hello, everyone. I'm John Furrier, host of theCUBE. This is a special program called Managing Risk Across Your Extended Attack Surface Area with Armis, new asset intelligence platform. To start things off, let's bring in the co-founder and CTO of Armis, Nadir Izrael. Nadir, great to have you on the program. >> Yeah, thanks for having me. >> Great success with Armis. I want to just roll back and just zoom out and look at, what's the big picture? What are you guys focused on? What's the holy grail? What's the secret sauce? >> So Armis' mission, if you will, is to solve to your point literally one of the holy grails of security teams for the past decade or so, which is, what if you could actually have a complete, unified, authoritative asset inventory of everything, and stressing that word, everything. IT, OT, IoT, everything on kind of the physical space of things, data centers, virtualization, applications, cloud. What if you could have everything mapped out for you so that you can actually operate your organization on top of essentially a map? I like to equate this in a way to organizations and security teams everywhere seem to be running, basically running the battlefield, if you will, of their organization, without an actual map of what's going on, with charts and graphs. So we are here to provide that map in every aspect of the environment, and be able to build on top of that business processes, products, and features that would assist security teams in managing that battlefield. >> So this category, basically, is a cyber asset attack surface management kind of focus, but it really is defined by this extended asset attack surface area. What is that? Can you explain that? >> Yeah, it's a mouthful. I think the CAASM, for short, and Gartner do love their acronyms there, but CAASM, in short, is a way to describe a bit of what I mentioned before, or a slice out of it. It's the whole part around a unified view of the attack surface, where I think where we see things, and kind of where Armis extends to that is really with the extended attack surface. That basically means that idea of, what if you could have it all? What if you could have both a unified view of your environment, but also of every single thing that you have, with a strong emphasis on the completeness of that picture? If I take the map analogy slightly more to the extreme, a map of some of your environment isn't nearly as useful as a map of everything. If you had to, in your own kind of map application, you know, chart a path from New York to whichever your favorite surrounding city, but it only takes you so far, and then you sort of need to do the rest of it on your own, not nearly as effective, and in security terms, I think it really boils down into you can't secure what you can't see. And so from an Armis perspective, it's about seeing everything in order to protect everything. And not only do we discover every connected asset that you have, we provide a risk rating to every single one of them, we provide a criticality rating, and the ability to take action on top of these things. >> Having a map is huge. Everyone wants to know what's in their inventory, right, from a risk management standpoint, also from a vulnerability perspective. So I totally see that, and I can see that being the holy grail, but on the vulnerability side, you got to see everything, and you guys have new stuff around vulnerability management. What's this all about? What kind of gaps are you seeing that you're filling in the vulnerability side, because, okay, I can see everything. Now I got to watch out for threat vectors. >> Yeah, and I'd say a different way of asking this is, okay, vulnerability management has been around for a while. What the hell are you bringing into the mix that's so new and novel and great? So I would say that vulnerability scanners of different sorts have existed for over a decade. And I think that ultimately what Armis brings into the mix today is how do we fill in the gaps in a world where critical infrastructure is in danger of being attacked by nation states these days, where ransomware is an everyday occurrence, and where I think credible, up-to-the-minute, and contextualize vulnerability and risk information is essential. Scanners, or how we've been doing things for the last decade, just aren't enough. I think the three things that Armis excels at and completes the security staff today on the vulnerability management side are scale, reach, and context. Scale, meaning ultimately, and I think this is of no news to any enterprise, environments are huge. They are beyond huge. When most of the solutions that enterprises use today were built, they were built for thousands, or tens of thousands of assets. These days, we measure enterprises in the billions, billions of different assets, especially if you include how applications are structured, containers, cloud, all that, billions and billions of different assets, and I think that, ultimately, when the latest and greatest in catastrophic new vulnerabilities come out, and sadly, that's a monthly occurrence these days. You can't just now wait around for things to kind of scan through the environment, and figure out what's going on there. Real time images of vulnerabilities, real time understanding of what the risk is across that entire massive footprint is essential to be able to do things, and if you don't, then lots and lots of teams of people are tasked with doing this day in, day out, in order to accomplish the task. The second thing, I think, is the reach. Scanners can't go everywhere. They don't really deal well with environments that are a mixed IT/OT, for instance, like some of our clients deal with. They can't really deal with areas that aren't classic IT. And in general, these days over 70% of assets are in fact of the unmanaged variety, if you will. So combining different approaches from an Armis standpoint of both passive and active, we reach a tremendous scale, I think, within the environment, and ability to provide or reach that is complete. What if you could have vulnerability management, cover a hundred percent of your environment, and in a very effective manner, and in a very scalable manner? And the last thing really is context. And that's a big deal here. I think that most vulnerability management programs hinge on asset context, on the ability to understand, what are the assets I'm dealing with? And more importantly, what is the criticality of these assets, so I can better prioritize and manage the entire process along the way? So with these things in mind, that's what Armis has basically pulled out is a vulnerability management process. What if we could collect all the vulnerability information from your entire environment, and give you a map of that, on top of that map of assets? Connect every single vulnerability and finding to the relevant assets, and give you a real way to manage that automatically, and in a way that prevents teams of people from having to do a lot of grunt work in the process. >> Yeah, it's like building a search engine, almost. You got the behavioral, contextual. You got to understand what's going on in the environment, and then you got to have the context to what it means relative to the environment. And this is the criticality piece you mentioned, this is a huge differentiator in my mind. I want to unpack that. Understanding what's going on, and then what to pay attention to, it's a data problem. You got that kind of search and cataloging of the assets, and then you got the contextualization of it, but then what alarms do I pay attention to? What is the vulnerability? This is the context. This is a huge deal, because your businesses, your operation's going to have some important pieces, but also it changes on agility. So how do you guys do that? That's, I think, a key piece. >> Yeah, that's a really good question. So asset criticality is a key piece in being able to prioritize the operation. The reason is really simple, and I'll take an example we're all very, very familiar with, and it's been beaten to death, but it's still a good example, which is Log4j, or Log4Shell. When that came out, hundreds of people in large organizations started mapping the entire environment on which applications have what aspect of Log4j. Now, one of the key things there is that when you're doing that exercise for the first time, there are literally millions of systems in a typical enterprise that have Log4j in them, but asset criticality and the application and business context are key here, because some of these different assets that have Log4j are part of your critical business function and your critical business applications, and they deserve immediate attention. Some of them, or some Git server of some developer somewhere, don't warrant quite the same attention or criticality as others. Armis helps by providing the underlying asset map as a built-in aspect of the process. It maps the relationships and dependencies for you. It pulls together and clusters together. What applications does each asset serve? So I might be looking at a server and saying, okay, this server, it supports my ERP system. It supports my production applications to be able to serve my customers. It serves maybe my .com website. Understanding what applications each asset serves and every dependency along the way, meaning that endpoint, that server, but also the load balancers are supported, and the firewalls, and every aspect along the way, that's the bread and butter of the relationship mapping that Armis puts into place to be able to do that, and we also allow users to tweak, add information, connect us with their CMDB or anywhere else where they put this in, but once the information is in, that can serve vulnerability management. It can serve other security functions as well. But in the context of vulnerability management, it creates a much more streamlined process for being able to do the basics. Some critical applications, I want to know exactly what all the critical vulnerabilities that apply to them are. Some business applications, I just want to be able to put SLAs on, that this must be solved within a week, this must be solved within a month, and be able to actually automatically track all of these in a world that is very, very complex inside of an operation or an enterprise. >> We're going to hear from some of your customers later, but I want to just get your thoughts on, anecdotally, what do you hear from? You're the CTO, co-founder, you're actually going into the big accounts. When you roll this out, what are they saying to you? What are some of the comments? Oh my God, this is amazing. Thank you so much. >> Well, of course. Of course. >> Share some of the comments. >> Well, first of all, of course, that's what they're saying. They're saying we're great. Of course, always, but more specifically, I think this solves a huge gap for them. They are used to tools coming in and discovering vulnerabilities for them, but really close to nothing being able to streamline the truly complex and scalable process of being able to manage vulnerabilities within the environment. Not only that, the integration-led, designer-led deployment and the fact that we are a completely agent-less SaaS platform are extremely important for them. These are times where if something isn't easily deployable for an enterprise, its value is next to nothing. I think that enterprises have come to realize that if something isn't a one click deployment across the environment, it's almost not worth the effort these days, because environments are so complex that you can't fully realize the value any other way. So from an Armis standpoint, the fact that we can deploy with a few clicks, the fact that we immediately provide that value, the fact that we're agent-less, in the sense that we don't need to go around installing a footprint within the environment, and for clients who already have Armis, the fact that it's a flip of a switch, just turn it on, are extreme. I think that the fact, in particular, that Armis can be deployed. the vulnerability management can be deployed on top of the existing vulnerability scanner with a simple one-click integration is huge for them. And I think all of these together are what contribute to them saying how great this is. But yeah, that's it. >> The agent listing is huge. What's the alternative? What does it look like if they're going to go the other route, slow to deploy, have meetings, launch it in the environment? What's it look like? >> I think anything these days that touches an endpoint with an agent goes through a huge round of approvals before anything goes into an environment. Same goes, by the way, for additional scanners. No one wants to hear about additional scanners. They've already gone through the effort with some of the biggest tools out there to punch holes through firewalls, to install scanners in different ways. They don't want yet another scanner, or yet another agent. Armis rides on top of the existing infrastructure, the existing agents, the existing scanners. You don't need to do a thing. It just deploys on top of it, and that's really what makes this so easy and seamless. >> Talk about Armis research. Can you talk about, what's that about? What's going on there? What are you guys doing? How do you guys stay relevant for your customers? >> For sure. So one of the, I've made a lot of bold claims throughout, I think, the entire Q and A here, but one of the biggest magic components, if you will, to Armis that kind of help explain what all these magic components are, are really something that we call our collective asset knowledge base. And it's really the source of our power. Think of it as a giant collective intelligent that keeps learning from all of the different environments combined that Armis is deployed at. Essentially, if we see something in one environment, we can translate it immediately into all environments. So anyone who joins this or uses the product joins this collective intelligence in essence. What does that mean? It means that Armis learns about vulnerabilities from other environments. A new Log4j comes out, for instance. It's enough that, in some environments, Armis is able to see it from scanners, or from agents, or from SBOMs, or anything that basically provides information about Log4j, and Armis immediately infers or creates enrichment rules that act across the entire tenant base, or the entire client base of Armis. So very quick response to industry events, whenever something comes out, again, the results are immediate, very up to the minute, very up to the hour, but also I'd say that Armis does its own proactive asset research. We have a huge data set at our disposal, a lot of willing and able clients, and also a lot of partners within the industry that Armis leverages, but our own research is into interesting aspects within the environment. We do our own proactive research into things like TLStorm, which is kind of a bit of a bridging research and vulnerabilities between cyber physical aspect. So on the one hand, the cyber space and kind of virtual environments, but on the other hand, the actual physical space, vulnerabilities, and things like UPSs, or industrial equipment, or things like that. But I will say that also, Armis targets its research along different paths that we feel are underserved. We started a few years back research into firmwares, different types of real time operating systems. We came out with things like URGENT/11, which was research into, on the one hand, operating systems that run on two billion different devices worldwide, on the other hand, in the 40 years it existed, only 13 vulnerabilities were ever exposed or revealed about that operating system. Either it's the most secure operating system in the world, or it's just not gone through enough rigor and enough research in doing this. The type of active research we do is to complement a lot of the research going on in the industry, serve our clients better, but also provide kind of inroads, I think, for the industry to be better at what they do. >> Awesome, Nadir, thanks for sharing the insights. Great to see the research. You got to be at the cutting edge. You got to investigate, be ready for a moment's notice on all aspects of the operating environment, down to the hardware, down to the packet level, down to the any vulnerability, be ready for it. Great job. Thanks for sharing. Appreciate it. >> Absolutely. >> In a moment, Tim Everson's going to join us. He's the CSO of Kalahari Resorts and Conventions. He'll be joining me next. You're watching theCUBE, the leader in high tech coverage. I'm John Furrier. Thanks for watching. (upbeat music)

(bright upbeat music) >> Hello, everyone, and welcome to this #CUBEConversation here in Palo Alto, California. I'm John Furrier, host of "theCUBE." We have the co-founder and CTO of Armis here, Nadir Izrael. Thanks for coming on. Appreciate it. Armis is hot company, RSA, we just happened. Last week, a lot of action going on. Thanks for coming on. >> Thank you for having me. Sure. >> I love CTOs and co-founders. One, you have the entrepreneurial DNA, also technical in a space with cyber security, that is the hottest most important area. It's always been important, but now more than ever, as the service areas are everywhere, tons of attacks, global threats. You got national security at every level, and you got personal liberties for privacy, and other things going on for average citizens. So, important topic. Talk about Armis? Why did you guys start this company? What was the motivation? Give a quick commercial what you guys do, and then we'll get into some of the questions around, who you guys are targeting. >> Sure, so yeah, I couldn't agree more about the importance of cybersecurity, especially I think in these days. And given some of the geopolitical changes happening right now, more than ever, I would say that if we go back 6.5 years or so, when Armis was founded, we at the time talked to dozens of different CIOs, CSOs, it managers. And every single one of them told us the same thing. And this was at least to me surprising at the time. We have no idea what we have. We have no idea what the assets that are connected to our network, or our environment are. At the time, when we started Armis, we thought this was simply, let's call it the other devices. IOT, OT, all kinds of different buzzwords that were kind of flying around at the time, and really that's, what we should focus on. But with time, what we understood, it's actually a problem of scale. Organizations are growing massively. The diversity of different assets they have to deal with is incredible. And if 6.5 or 7 years ago, it was all about just growth of actual physical devices, these days it's virtual, it's containerized, it's cloud-based. It's actually quite insane. And organizations find themselves really quickly dealing with billions of assets within their environment, but no real way to see, account for them, and be able to manage them. That's what Armis is here to solve. It's here to bring back visibility and order into the mix. It's here to bring a complete map of everything within the organization, and the ability to manage different security processes on top of that. And it couldn't have come, I think at a better time for organizations, because the ability to manage these days, the attack surface of an organization, understand where are different weak spots, what way to invest in? They start and end with a complete asset map, and that's really what we're here to solve. >> As I look at your story and understand what you guys are doing, certainly, a lot of great momentum at RSA. But also digging under the hood, you guys really crack the code with on the scale side as well. And also it's lockstep with the environment. If you look at the trends that we've been covering on "theCUBE," system on chip, you're seeing a lot of Silicon action going on, on all the hyperscalers. You're starting to see, again, you mentioned IOT devices and OT, IP enabled processors. I mean, that's basically you can run multi-threaded applications on a light bulb, basically. So, you have these new things going on that are just popping in into the environment. Just people are hanging them on the network. So, anything on the network is risk and that's happening massively, so I see that. But also you guys have this contextualization capability, scope the problem statement for us? How hard is it to do this? Because you got tons of challenges. What's the scale of the problem that you guys have been solving? 'Cause it's not easy. I mean, it's not network management, not just doing auto discovery, there's a lot of secret sauce there, scope the problem? >> Okay, so first of all, just to get a measure of how difficult this is, organizations have been trying to solve this for the better part of the last two decades. I think even when the problem was way smaller, they've still been struggling with being able to do this. It's an age old problem, that for the most part, I got to say that when I describe the problem the way that I did, usually, what the reaction from clients are, "Yes, I'd love for you to solve that." "I just heard this pitch from like five other vendors and I've yet to solve this problem. So, how do you do it?" So, as I kind of scope this, it's also a measure of just basically, how do you go about solving a complex situation where, to kind of list out some of the bold claims here in what I said. Number one, it's the ability to just fingerprint and be able to understand what your assets are. Secondly, being able to do it with very dirty data, if you will. I would say, in many cases, solutions that exist today, basically tell clients, or tell the users, were as good as the data that you provide us. And because the data isn't very good, the results aren't very good. Armis aspires to do something more than that. It aspires to create a logically perfect map of your assets despite being hindered by incomplete and basically wrong data, many times. And third, the ability to infer things about the environment where no source data even exists. So, to all of that, really Armis' approach is pretty straightforward, and it relies on something that we call our collective intelligence. We basically use the power and scale of these masses to our advantage, and not just as a shortcoming. What I mean by that, is Armis today tracks overall, over 2 billion assets worldwide. That's an astounding number. And it thanks to the size of some of the organization that we work with. Armis proudly serves today, for instance, over 35 of Fortune 100. Some of those environments, let me tell you, are huge. So, what Armis basically does, is really simple. It uses thousands, tens of thousands, hundreds of thousands sometimes, of instances of the same device and same assets to basically figure out what it is. Figure out how to fingerprint it best. Figure out how to marry conflicting data sources about it and figure out what's the right host name? What's the right IP address? What are all the different details that you should know about it? And be able to basically find the most minimalist fingerprints for different attributes of an asset in a changing environment. It's something that works really, really well. It's something that we honestly, may have applied to this problem, but it's not something that we fully invented. It's been used effectively to solve other problems as well. For instance, if you think about any kind of mapping software. And I use that analogy a lot. But if you think about mapping software, I happened to work for Google in the past, and specifically on Google Map. So, I know quite a bit about how to solve similar problems. But I can tell you that you think about something like a mapping software, it takes very dirty, incomplete data from lots of different sources, and creates not a pixel perfect map, but a logically perfect map for the use cases you need it to be. And that's exactly what Armis strives to do. Build the Google Maps, if you will, of your organization, or the kind of real time map of everything, and be able to supply that or project that for different business processes. >> Yeah, I love the approach, and I love that search analogy. Discover is a big part of mapping as you know, and reasoning in there with the metadata you have and the dirty data is critical. And by the way, we love bold statements on "theCUBE," because as long as you can back 'em up, then we'll dig into that. But let's back up some of those bold claims. Okay, you have a lot of devices, you've got the collective intelligence. How do you manage the real time nature of devices changing in real time? 'Cause if you do fingerprint on it, and you got some characteristics of the assets in the map, what happens in real time? How fast are you guys managing that? What's the process for that? >> So, very quickly, I think another quick analogy I like to use, because I think it orients people around kind of how Armis operates, is imagine that Armis is kind of like a Shazam for assets. We take different attributes coming from your environment, and we match it up, that collective intelligence to figure out what that asset is. So, we recognize an asset based off of its behavioral fingerprint, or based off of different attributes, figure out what it is. Now, if you take something that recognizes tunes on the radio or anything like that, it's built pretty similarly. Once you have access to different sources. Once we see real environments that introduce new devices or new assets, Armis is immediately learning. It's immediately taking those different queues, those different attributes and learning from them. And to your point, even if something changes its behavioral fingerprint. For instance, it gets updated, a new patch rolls out, something that changes a meaningful aspect of how that asset operates, Armis sees so many environments, and so much these days that it reacts in almost real time to the introduction of these new things. A patch rolls out, it starts changing multiple devices and multiple different environments around the world, Armis is already learning and adapting this model for the new type of asset and device out there. It works very quickly, and it's part of the effectiveness of being able to operate at the scale that we do. >> Well, Nadir, you guys got a great opportunity there at Armis. And as co-founder, you must be pretty pumped, actually working hard, stay up to date, and got a great, great opportunity there. How was RSA this year? And what's your take on the landscape? Because you're kind of in this, I call the new category of lockstep with an environment. Obviously, there's no perimeter, everyone knows that. Service area is the whole internet, basically, distributed computing paradigms and understanding things like discovery and mapping data that you guys are doing. And it's a data problem as well. It's a lot of problems that you guys are solving. But the industry's got some old beggars, as I still hear endpoint protection, zero trust. I hear trust, if you're talking about supply chain, software supply chain, S bombs, you mentioned in a previous interview. You got software supply chain issues with open source, 'cause everything's open source now on infrastructure, so that's happening. How do you manage all that? I mean, is it zero trust or is it trust? 'Cause as you hear, I hear you talking about Armis, it's like, you got to have trusted components in there and you got to trust the data. So, that's not zero trust, that's trust. So, where zero trust and trust solve? What's your take on that? How do you resolve? What's your reaction to that? >> Usually, I wait for someone else to bring up the zero trust buzzword before I touch on that. So, because to your point, it's such an overused buzzword. But let me try and tackle that for a second. First of all, I think that Armis treats assets in a way as, let's call it the vessels of everything. And what I mean by that, is that at a very atomic aspect, assets are the atoms of the environment. They're the vessels of everything. They're the vessels of vulnerabilities. There's the vessels of actual attacks. Like something, some asset needs to exist for something to happen. And every aspect of trust or zero trust, or anything like that applies to basically assets. Now, to your point, Armis, ironically, or like a lot of security tools, I think it assists greatly or even manages a zero trust policy within the environment. It provides the asset intelligence into the mix of how to manage an effective zero trust policy. But in essence, you need to trust Armis, right? I mean, Armis is a critical function now within your environment. And there has to be a degree of trust, but I would say, trust but verified. And that's something that I think the security industry as a whole is evolving into quite a bit, especially post events like solar, winds, or other things that happened in recent years. Armis is a SaaS platform. And in being a SaaS platform, there is an inherent aspect of trust and risk that you take on as a security organization. I think anyone who says differently, is either lying or mistaken. I mean, there are no foolproof, a 100% systems out there. But to mitigate some of that risk, we adhere to a very strict risk in security policy on our end. What that means, is we're incredibly transparent about every aspect of our own environment. We publish to our clients our latest penetration test reports. We publish our security controls and policies. We're very transparent about the different aspects we're involve in our own environment. We give our clients access to our own internal security organization, our own CSO, to be able to provide them with all the security controls they need. And we take a very least privileged approach in how we deploy Armis within an environment. No need for extra permissions. Everything read-only unless there is an explicit reason to do else... I think differently within the environment. And something that we take very seriously, is also anything that we deploy within the environment, should be walled off, except for whatever lease privilege that we need. On top of that, I'd add one more thing that adds, I think a lot of peace of mind to our clients. We are FeRAMP ready, and soon to be certified, We work with DOD clients within the U.S kind of DOD apparatus. And I think that this gives a lot of peace of mind to our clients, even commercial clients, because they know that we need to adhere to hundreds of different security controls that are monitored and government by U.S federal agencies. And that I think gives a lot of extra security measures, a lot of knowledge that this risk is being mitigated and controlled, and governed by different agencies. >> Good stuff there. Also at RSA, you kind of saw people come back together face-to-face, which is great. A lot of kind of similar, everyone kind of knows each other in the security business, but it's getting bigger. What was the big takeaways from you for the folks watching here that didn't get to go to RSA this year? What was the most important stories that came out of RSA this year? Just generally across the industry, from your perspective that people should pay attention to? >> First of all, I think that people were just really happy to get back together. I think it was a really fun RSA. I think that people had a lot of energy and excitement, and they love just walking around. I am obviously, somewhat biased here, but I will say, I've heard from other people too, that our event there, and the formal party that was there was by far the kind of the the talk of the show. And we were fortunate to do that with Sentinel One. with Torque who are both great partners of ours, and, of course, Insight partners. I think a lot of the themes that have come up during RSA, are really around some of the things that we already talked about, visibility as a driver for business processes. The understanding of where do assets and tax surfaces, and things like that play in. But also, I think that everything was, in light of macroeconomics and geopolitics that are kind of happening in the background, that no one can really avoid that. On the one hand, if we look at macroeconomics, obviously, markets are going through quite a shake up right now. And especially, when you talk about tech, the one thing that was really, really evident though, is it's cybersecurity is, I think market-wise just faring way better than others because the demand is absolutely there. I think that no one has slowed down one bit on buying and arming themselves, I'd say, with defensive solutions for cybersecurity. And the reason, is that the threats are there. I mean, we're all very, very much aware of that. And even in situations where companies are spending less on other things, they're definitely spending on cybersecurity, because the toll on the industry is going up significantly year by year, which really ties into also the geopolitics. One of the themes that I've heard significantly, is all the buzz around different initiatives coming from both U.S federal agencies, as well as different governing bodies around anything, from things like shields up in critical infrastructure, all the way to different governance aspects of the TSA. Or even the SCC on different companies with regards to what are they doing on cyber? If some of the initiatives coming from the SCC on public companies come out the way that they are right now, cyber security companies will elevate... Well, sorry, companies in general, would actually elevate cyber security to board level discussions on a regular basis. And everyone wants to be ready to answer effectively, different questions there. And then on top of all of that, I think we're all very aware of, I think, and not to be too doom and gloom here, but the geopolitical aspect of things. It's very clear that we could be facing a very significant and very different cyber warfare aspect than anything that we've seen before in the coming months and years. I think that one of the things you could hear a lot of companies and clients talk about, is the fact that it used to be that you could say, "Look, if a nation state is out to get me, then a nation state is out to get me, and they're going to get me. And I am out to protect myself from common criminals, or cybersecurity criminals, or things like that." But it's no longer the case. I mean, you very well might be attacked by a nation state, and it's no longer something that you can afford to just say, "Yeah, we'll just deal with that if that happens." I think some of the attacks on critical infrastructure in particular have proven to us all, that this is a very, very important topic to deal with. And companies are paying a lot of attention to what can give them visibility and control over their extended attack surface, and anything in between. >> Well, we've been certainly ringing the bell for years. I've been a hawk on this for many, many years, saying we're at cyber war, well below everyone else. So, we've been pounding our fist on the table saying, it's not just a national security issue. Finally, they're waking up and kind of figuring out countermeasures. But private companies don't have their own, they should have their own militia basically. So, what's the role of government and all this? So, all this is about competency and actually understanding what's going on. So, the whole red line, lowering that red line, the adversaries have been operating onside our infrastructure for years. So, the industrial IOT side has been aware of this for years, now it's being streamed, right? So, what do we do? Is the government going to come in and help, and bring some cyber militia to companies to protect their business? I mean, if troops dropped on our shores, I'm sure the government would react, right? So, where is that red line, Nadir? Where do you see the gap being filled? Certainly, people will defend their companies, they have assets obviously. And then, you critical infrastructure on the industrial side is super important, that's the national security issue. What do we do? What's the action here? >> That is such a difficult question. Such a good question I think to tackle, I think, there are similarities and there are differences, right? On the one hand, we do and should expect the government to do more. I think it should do more in policy making. I mean, really, really work to streamline and work much faster on that. And it would do good to all of us because I think that ultimately, policy can mean that the third party vendors that we use are more secure, and in turn, our own organizations are more secure in how they operate. But also, they hold our organizations accountable. And in doing so, consumers who use different services feel safer as well because basically, companies are mandated to protect data, to protect themselves, and do everything else. On the other hand, I'd say that government's support on this is difficult. I think the better way to look at this, is imagine for a second, no troops landing on our kind of shores, if you will. But imagine instead, a situation where Americans are spread all over the world and expect the government to protect them in any country, or in any situation they're at. I think that depicts maybe a little better, how infrastructure looks like today. If you look at multinational companies, they have offices everywhere. They have assets spread out everywhere. They have people working from everywhere around the world. It's become an attack surface, that I think you said this earlier, or in a different interview as well. There's no more perimeter to speak of. There are no more borders to this virtual country, if you will. And so, on the one hand, we do expect our government to do a lot. But on the other hand, we also need to take responsibility as companies, and as vendors, and as suppliers of services, we need to take accountability and take responsibility for the assets that we deploy and put in place. And we should have a very security conscious mind in doing this. >> Yeah. >> So, I think tricky government policy aspect to tackle. I think the government should be doing more, but on the other hand, we should absolutely be pointing internally at where can we do better as companies? >> And the asset understanding the context of what's critical asset too, can impact how you protect it, defend it, and ensure it, or manage it. I mean, this is what people want. It's a data problem in flight, at rest, and in action. So, Armis, you guys are doing a great job there. Congratulations, Nadir on the venture, on your success. I love the product, love the approach. I think it scales nicely with the industry where it's going. So, especially with the intelligent edge booming, and it's just so much happening, you guys are in the middle of it. Thanks for coming on "theCUBE." Appreciate it. >> Thank you so much. As I like to say, it takes a village, and there's so many people in the company who make this happen. I'm just the one who gets to take credit for it. So, I appreciate the time today and the conversation. And thank you for having me. >> Well, we'll check in with you. You guys are right there with us, and we'll be in covering you guys pretty deeply. Thanks for coming on. Appreciate it. Okay, it's #CUBEConversation here in Palo Alto. I'm John Furrier. Thanks for watching. Clear. (bright upbeat music)

(upbeat music) >> Hello everyone, welcome back to the manager risk across the extended attack surface with Armis. I'm John Furrier, your host of theCUBE. Got the demo. Got here, Bryan Inman sales engineer at Armis. Bryan, thanks for coming on. We're looking forward to the demo. How you doing? >> I'm doing well, John, thanks for having me. >> We heard from Nadir describing Armis' platform, lot of intelligence. It's like a search engine meets data at scale, intelligent platform around laying out the asset map, if you will, the new vulnerability module among other things that really solves CISCO's problems. A lot of great customer testimonials and we got the demo here that you're going to give us. What's the demo about? What are we going to see? >> Well, John, thanks. Great question. And truthfully, I think as Nadir has pointed out what Armis as a baseline is giving you is great visibility into every asset that's communicating within your environment. And from there, what we've done is we've layered on known vulnerabilities associated with not just the device, but also what else is on the device. Is there certain applications running on that device, the versions of those applications, and what are the vulnerabilities known with that? So that's really gives you great visibility in terms of the devices that folks aren't necessarily have visibility into now, unmanaged devices, IoT devices, OT, and critical infrastructure, medical devices things that you're not necessarily able to actively scan or put an agent on. So not only is Armis telling you about these devices but we're also layering on those vulnerabilities all passively and in real time. >> A lot of great feedback we've heard and I've talked to some of your customers. Rhe agentless is a huge deal. The discoveries are awesome. You can see everything and just getting real time information. It's really, really cool. So I'm looking forward to the demo for our guests. Take us on that tour. Let's go with the demo for the guests today. >> All right. Sounds good. So what we're looking at here is within the Armis console is just a clean representation of the passive reporting of what Armis has discovered. So we see a lot of different types of devices from your virtual machines and personal computers, things that are relatively easy to manage. But working our way down, you're able to see a lot of different types of devices that are not necessarily easy to get visibility into, things like your up systems, IT cameras, dash cams, et cetera, lighting systems. And today's day and age where everything is moving to that smart feature, it's great to have that visibility into what's communicating on my network and getting that, being able to layer on the risk factors associated with it as well as the vulnerabilities. So let's pivot over to our vulnerabilities tab and talk about the the AVM portion, the asset vulnerability management. So what we're looking at is the dashboard where we're reporting another clean representation with customizable dashlets that gives you visuals and reporting and things like new vulnerabilities as they come in. What are the most critical vulnerabilities, the newest as they roll in the vulnerabilities by type? We have hardware. We have application. We have operating systems. As we scroll down, we can see things to break it down by vulnerabilities, by the operating system, Windows, Linux, et cetera. We can create dashlets that show you views of the number of devices that are impacted by these CVEs. And scrolling down, we can see how long have these vulnerabilities been sitting within my environment? So what are the oldest vulnerabilities we have here? And then also of course, vulnerabilities by applications. So things like Google Chrome, Microsoft Office. So we're able to give a good representation of the amount of vulnerabilities as they're associated to the hardware and applications as well. So we're going to dig in and take a a deeper look at one of these vulnerabilities here. So I'm excited to talk today about of where Armis AVM is, but also where it's going as well. So we're not just reporting on things like the CVSS score from NIST NVD. We're also able to report on things like the exploitability of that. How actively is this CVE being exploited in the wild? We're reporting EPSS scores. For example, we're able to take open source information as well as a lot of our partnerships that we have with other vendors that are giving us a lot of great value of known vulnerabilities associated with the applications and with hardware, et cetera. But where we're going with this is in very near future releases, we're going to be able to take an algorithm approach of, what are the most critical CVSS that we see? How exploitable are those? What are common threat actors doing with these CVEs? Have they weaponized these CVEs? Are they actively using those weaponized tools to exploit these within other folks' environments? And who's reporting on these? So we're going to take all of these and then really add that Armis flavor of we already know what that device is and we can explain and so can the users of it, the business criticality of that device. So we're able to pivot over to the matches as we see the CVEs. We're able to very cleanly view, what exactly are the devices that the CVE resides on. And as you can see, we're giving you more than just an IP address or a lot more context and we're able to click in and dive into what exactly are these devices. And more importantly, how critical are these devices to my environment? If one of these devices were to go down if it were to be a server, whatever it may be, I would want to focus on those particular devices and ensuring that that CVE, especially if it's an exploitable CVE were to be addressed earlier than say the others and really be able to manage and prioritize these. Another great feature about it is, for example, we're looking at a particular CVE in terms of its patch and build number from Windows 10. So the auto result feature that we have, for example, we've passively detected what this particular personal computer is running Windows 10 and the build and revision numbers on it. And then once Armis passively discovers an update to that firmware and patch level, we can automatically resolve that, giving you a confidence that that has been addressed from that particular device. We're also able to customize and look through and potentially select a few of these, say, these particular devices reside on your guest network or an employee wifi network where we don't necessarily, I don't want to say care, but we don't necessarily value that as much as something internally that holds significantly, more business criticality. So we can select some of these and potentially ignore or resolve for determining reasons as you see here. Be able to really truly manage and prioritize these CVEs. As I scroll up, I can pivot over to the remediation tab and open up each one of these. So what this is doing is essentially Armis says, through our knowledge base been able to work with the vendors and pull down the patches associated with these. And within the remediation portion, we're able to view, for example, if we were to pull down the patch from this particular vendor and apply it to these 60 devices that you see here, right now we're able to view which patches are going to gimme the most impact as I prioritize these and take care of these affected devices. And lastly, as I pivot back over. Again, where we're at now is we're able to allow the users to customize the organizational priority of this particular CVE to where in terms of, this has given us a high CVSS score but maybe for whatever reasons it may be, maybe this CVE in terms of this particular logical segment of my network, I'm going to give it a low priority for whatever the use case may be. We have compensating controls set in place that render this CVE not impactful to this particular segment of my environment. So we're able to add that organizational priority to that CVE and where we're going as you can see that popped up here but where we're going is we're going to start to be able to apply the organizational priority in terms of the actual device level. So what we'll see is we'll see a column added to here to where we'll see the the business impact of that device based on the importance of that particular segment of your environment or the device type, be it critical networking device or maybe a critical infrastructure device, PLCs, controllers, et cetera, but really giving you that passive reporting on the CVEs in terms of what the device is within your network. And then finally, we do integrate with your vulnerability management and scanners as well. So if you have a scanner actively scanning these, but potentially they're missing segments of your net network, or they're not able to actively scan certain devices on your network, that's the power of Armis being able to come back in and give you that visibility of not only what those devices are for visibility into them, but also what vulnerabilities are associated with those passive devices that aren't being scanned by your network today. So with that, that concludes my demo. So I'll kick it back over to you, John. >> Awesome. Great walk through there. Take me through what you think the most important part of that. Is it the discovery piece? Is it the interaction? What's your favorite? >> Honestly, I think my favorite part about that is in terms of being able to have the visibility into the devices that a lot of folks don't see currently. So those IoT devices, those OT devices, things that you're not able to run a scan on or put an agent on. Armis is not only giving you visibility into them, but also layering in, as I said before, those vulnerabilities on top of that, that's just visibility that a lot of folks today don't have. So Armis does a great job of giving you visibility and vulnerabilities and risks associated with those devices. >> So I have to ask you, when you give this demo to customers and prospects, what's the reaction? Falling out of their chair moment? Are they more skeptical? It's almost too good to be true and end to end vulnerability management is a tough nut to crack in terms of solution. >> Honestly, a lot of clients that we've had, especially within the OT and the medical side, they're blown away because at the end of the day when we can give them that visibility, as I've said, Hey, I didn't even know that those devices resided in that portion, but not only we showing them what they are and where they are and enrichment on risk factors, et cetera, but then we show them, Hey, we've worked with that vendor, whatever it may be and Rockwell, et cetera, and we know that there's vulnerabilities associated with those devices. So they just seem to be blown away by the fact that we can show them so much about those devices from behind one single console. >> It reminds me of the old days. I'm going to date myself here. Remember the old Google Maps mashup days. Customers talk about this as the Google Maps for their assets. And when you have the Google Maps and you have the Ubers out there, you can look at the trails, you can look at what's happening inside the enterprise. So there's got to be a lot of interest in once you get the assets, what's going on those networks or those roads, if you will, 'cause you got in packet movement. You got things happening. You got upgrades. You got changing devices. It's always on kind of living thing. >> Absolutely. Yeah, it's what's on my network. And more importantly at times, what's on those devices? What are the risks associated with the the applications running on those? How are those devices communicating? And then as we've seen here, what are the vulnerabilities associated with those and how can I take action with them? >> Real quick, put a plug in for where I can find the demo. Is it online? Is it on YouTube? On the website? Where does someone see this demo? >> Yeah, the Armis website has a lot of demo content loaded. Get you in touch with folks like engineers like myself to provide demos whenever needed. >> All right, Bryan, thanks for coming on this show. Appreciate, Sales Engineer at Armis, Bryan Inman. Given the demo God award out to him. Good job. Thanks for the demo. >> Thanks, thanks for having me. >> Okay. In a moment, we're going to have my closing thoughts on this event and really the impact to the business operations side, in a moment. I'm John Furrier of theCUBE. Thanks for watching. (upbeat music)

(energetic music) >> Hi, I'm Peter Burroughs and welcome to another CUBEConversation from our wonderful studios in Palo Alto, California. Today we're talking storage, not just any kind of storage, but fast, intelligent storage. We're got NGD Systems with us, and specifically welcome back to theCUBE, Nader Salessi, CEO founder, and Scott Shadley, VP of Marketing. >> Good to see you again, Peter. >> So, the last time we were here we had a great conversation about the role that storage is going to play in overall system performance. And Nader, when I think of NGD Systems, I think of really smart people doing great engineering to create really fast high-performance products. Where are we in the state of the art of fast storage, fast systems? >> So, what we are learning from the customers, the demand of the storage continues to grow exponentially. They want larger capacity per drive. All the challenge they have, physical space is limited always and the power consumption. It is not necessarily just power consumption of the device, they have also self resources for implementing their Hyperscale Data Centers from the physical space, from buying servers, network storage. The challenge that they face is power available from the utility companies are limited. They cannot overcome that. So, if they need to increase their capacity of the storage by double the size of the storage in a year timeframe, they cannot get access to the utilities and the power. So, they need to focus on energy efficiency. >> So, when I think of NGD Systems, what I should think about is smart, fast, and efficient from a power standpoint. >> That's correct. So, that's one of the areas that we are focusing a lot to provide energy efficient. We are improving the watt per terabyte by a factor of 10 compared to the best in class available the other side of the SSD drive that exists in the industry. >> Oh, let me make sure I got that. So, by improved wattage by a factor of 10 for the same capacity. >> Correct. In meaning we are improving watts per terabyte in a same physical space. And that's the challenge that the industry is facing. >> Got it. >> The next set of the challenge that all the hyperscalers are facing, and we are learning from them, moving of the data is a challenge. It just takes time and it's not efficient. So, the more they can do inside of the drive to do the manipulation of the data without moving the data, that's what they are looking for. And that's exactly where we are focusing and with our intelligent product that we're introducing. In the fourth quarter of this year, we are introducing mass producible solution that can take it to a mass production. >> So, give us an example of that, 'cause I know you were one of the first suppliers of technology that did things like brought mass produced down closer to the data. Is that the basic notion that we're talking here, and what are the use cases we're looking at? >> So, there are by far a lot more use cases and I'll let Scott go into some of the use cases that we have implemented as an example with some large partners which we are also announcing this coming week, or next week during the FMS. So, Scott, do you want to explore? >> Yeah, absolutely, so Peter, just to give to your point. There's a lot of different ways you can look at making storage intelligent. What we looked at we took a different direction. We're not trying to just do simple things like the minor database applications, we're going for what's new and innovative in the way of things like AI and machine learning. So, we talked last time a little bit about this image similarity search concept. As Nader mentioned, we're going to be live with a guest speaker at FMS implementing a version of that. >> Now, FMS is Flash Memory Summit. >> Yes, for those that don't know, Flash Memory Summit that happens every year. Other things that we've worked on again with partners relate to things like relational databases and being able to do things like implement Google TensorFlow live in the drive. We've also been able to port docker containers directly into the drives, so then there's now a customer's ability to take any application you're running, whatever format it's in and literally drop it in a container format into the drive and execute the commands in place on the data. And we're seeing improvements of 10 to 50x on execution time of those applications because they're not physically moving data around. >> So, to put this, kind of summarize this, if a customer, user, has a choice of moving 50 terabytes around of raw data as opposed to moving maybe a couple of hundred kilobytes or megabytes of application down to the drive, then obviously you want to move the smaller down. But it requires a fair amount of processing power and control be located very close to the data. So, how's that happening? >> So, by architecting the fundamentals of the storage from a sketch, we are able to provide the right solution. So, architecting within each control, or each SSD there is a controller for managing the flash and the interfacing with the host. As part of that, we have embedded additional resources. Part of it is a quad-core application processor, 64 bit application processor that is running at at least a gigahertz that the application can come down and run on that, or operating system is running on it. In addition to that we have embedded the hardware accelerator to accelerate certain functions that makes sense to be done. Plus the access to the data tower that is readily available at a much higher bandwidth than the host interface. So, that's how we are at this end. Then of course, by providing the complete software stack to make it easy for the customers to bring their application rather than starting from scratch, or having it very specialized and custom solutions. >> So, when I think about if I'm a CIO or if I'm a senior person in infrastructure, I'm thinking, what workloads naturally lend themselves to high degrees of parallelism? Then I'm thinking, how can I move more of that parallelism closer to the data. Have I got that right? >> Exactly. >> Absolutely. >> So, how's this turning into product? >> So, for that perspective we've been releasing, or we've had released now two platforms we've called the Catalina Family of Solutions. And they've been POCs, prototypes, and some limited production volume. As Nadir mentioned, our third platform we're calling the Newport Platform is going to be an ASIC base solution that's going to be able to drive that mass marketed option that he referenced. It's a whole bunch of unique things about it. A, we have the application coprocessors. It's the first SSD controller to ever be done on a 14 nanometer process node, so that's where the energy efficiency piece of this comes into play. And the fact that we can do the densities the customers are looking for. 'Cause right now, there's a challenge in the market to be able to do a large enough drive at the right performance characteristics and power consumption to solve the need. >> So, you're following some locations in Southern California, from Catalina to Newport. In the next couple of years you'll be in the San Bernardino Mountains. >> Sure. >> So, as we think about where the technology is, so give us an example of the performance improvements, which you're seeing from an overall benchmark standpoint. >> So, one of the other use cases that it may not be intuitive to think about this is for the content of a video, for video content everywhere. So, the new generation of contents, they are large, they are massive, they require massive amounts of storage. And the old fashioned way of doing it, they have multiple drives in a server. They all converge and they go through another server for the encryption and authentication. Well, we are moving that function inside of the storage. Now, all of a sudden, same server instead of having all converging and going through one narrow pipe, all the drives concurrently can serve multiple subscriber in parallel by more than factor of 10. And that's substantial from the performance point of view. So, it is not necessary the old fashioned way of measuring it, what's the IOPS, those are the old way of measuring it. The new ways, the end users how they can access the data without being a bottleneck. And that's again, another use case of it. The other use case as Scott mentioned for the doing image similarity search, in the old fashioned way when they were accessing a billion images, it's working fine with the current SSDs, off the shelf SSDs, and the current servers, and GPUs. The challenge they are facing as they increase this database to a trillion images, it just cannot do it that old way. So, it's more than just how many gigabytes they push through or how many IOPS. It's being able to look at it from the system level point of view, and how many subscribers or how many customers can access it concurrent. >> So, you're describing a number of relatively specialized types of applications, but nonetheless, applications of significant value to their businesses. But let's talk just for a second about how a customer would employ the technology. Customers don't mind specialized or more specialized devices as long as they fit in within the conventions for how they get used. So, what's the complexity of introducing your product? >> Very good point that you're raising. Fundamentally, we are a solid state drive storage as a block storage based on PCle NVMe without any drivers. They plug it in, it's plug and play. It works. On top of that, and for this scenario of the block storage, we are the highest capacity, lowest power consumption, or lowest watt per terabytes, and servicing the majority of the market that nowadays are focused more on the read and consistent read, rather than what's the again, IOPS or how fast is the write. So, we have our architecture and the algorithms is set up that we would provide a very narrow beam of the consistent latency no matter what workload they put on it, and provide the right solution for them. Then on top of that, if they have a specialized workload or the use cases, they still can enable it or disable it based on simple software switch. >> So, Scott, when you think about partners, the ecosystem, I know that we talked about this a bit last time, getting started, expanding it, where are we in terms of NGD Systems getting the market? >> Absolutely, so from that perspective we've gone beyond the proof of concept only phase. We've actually got production orders that have shipped to customers. We're starting to see that roll out in the back half of this quarter. As Nadir mentioned, we roll into Q4 with the new product, then upgrade those customers and start getting into even larger rollouts. But it's not just a couple of mom and pop shops type of thing. It's some big names. It's some high-level partners. And we're starting to now build out the ecosystem and how to deliver it through server ODMs or other partners that can play off of the system, whether it be storage array providers or even some of the big box players. >> So, we're now here with Newport. >> Yes. >> You've no doubt got plans. We don't have to go too deep into 'em, but as your company starts to scale, what's the cadence going to look like? Are you going to be able to continue to push the state of the art from performance smarts and energy efficiency standpoint? >> Absolutely, there are already things that are in the pipeline for the next generation of how to bring more intelligence inside of the drive. With more resources for a lot more workload to be able to adapt itself to many, many use cases, rather than only maybe today it might be a dozen use cases, to go infinite. It truly is a platform rather than just a unique for this application. And then we're going to expand on that toward the next generation of it. So obviously, as we ramp up the first generation of product in mass production, the R&D's working on the next generation of the intelligence that they've got to pour into it and continue that cadence. And of course, we scale the company accordingly. >> Great news from NGD Systems. Nadir. >> It is wonderful, this FMS coming up, we are announcing there are new generation of product, as well as announcing the close partner with one of the hyperscalers that we are introducing the next generation of product. >> Fantastic, Scott Shadley, VP of Marketing. Nadir Salessi, CEO founder. NGD Systems, thanks very much again for being on theCUBE. And to you, once again, thanks for watching this CUBEConversation. Until we meet again, thanks for watching. (energetic music)