hybrid work is the new reality according to the most recent survey data from enterprise technology research cios expect that 65 of their employees will work either as fully remote or in a hybrid model splitting time between remote and in office remote of course can be anywhere it could be home it could be at the beach overseas literally anywhere there's internet so it's no surprise that these same technology executives cite security as their number one priority well ahead of other critical technology initiatives including collaboration software cloud computing and analytics which round out the top four in the etr survey now as we've reported securing endpoints was important prior to the pandemic but the explosion in the past two plus years of remote work and corollary device usage has made the problem even more acute and let's face it managing sprawling i.t assets has always been a pain patch management for example has been a nagging concern for practitioners and with ransomware attacks on the rise it's critical that security teams harden it assets throughout their life cycle staying current and constantly staying on top of vulnerabilities within the threat surface welcome to this special program on the cube enable and secure the everywhere workplace brought to you by ivanti in this program we highlight key partnerships between avanti and its ecosystem to address critical problems faced by technology and security teams in our first segment we explore a collaboration between avanti and sentinel one where the two companies are teaming to simplify patch management my name is dave vellante and i'll be your host today and with me are nayaki nayar who's the president and chief product officer at avanti and nick warner president and security of the security group at sentinel one welcome naki and nick and hackie good to have you back in the cube great to see you guys thank you thank you dave uh really good to be back on cube uh i'm a veteran of cube so thank you for having us and um look forward to a great discussion today yeah you better thanks okay hey good nick nick good to have you on as well what do we need to know about this partnership please so uh if you look at uh we are super excited about this partnership nick thank you for joining us on this session today um when you look at ivanti ivanti has been a leader in two big segments uh we are a leader in unified endpoint management with the acquisition of mobileye now we have a holistic end-to-end management of all devices be it windows linux mac ios you name it right so we have that seamless single pane of glass to manage all devices but in addition to that we are also a leader in risk-based patch management um dave that's what we are very excited about this partnership with the with central one where now we can combine the strength we have in the risk-based patch management with central one's xdr platform and truly help address what i call the need of the hour with our customers for them to be able to detect uh vulnerabilities and being able to remediate them proactively remediate them right so that's what we are super excited about this partnership and nick would love to hand it over to you to talk about uh the partnership and the journey ahead of us thanks and you know from center one's perspective we see autonomous vulnerability assessment and remediation as really necessary given the evolution uh in the sophistication the volume and the ferocity of threats out there and what's really key is being able to remediate risks and machine speed and also identify vulnerability exposure in real time and you know if you look traditionally at uh vulnerability scanning and patch management they've really always been two separate things and when things are separate they take time between the two coordination communication what we're looking to do with our singularity xdr platform is holistically deliver one unified solution that can identify threats identify vulnerabilities and automatically and autonomously leverage patch management to much better protect our customers so maybe maybe that's why patch management is such a challenge for many organizations because as you described nick it's sort of a siloed from security and those worlds are coming together but maybe you guys could address the specific problems that you're trying to solve with this collaboration yeah so if you look at uh just in a holistic level uh dave today cyber crime is at catastrophic heights right and this is not just a cio or a cso issue this is a board issue every organization every enterprise is addressing this at the board level and when you double click on it one of the challenges that we have heard from our customers over and over again is the complexity and the manual processes that are in place for remediation or patching all their operating systems their applications their third party apps and that is where it's very very time consuming very complex very cumbersome and the question is how do we help them automate it right how do we help them remove those manual processes and autonomously intermediate right so which is where this partnership between ivanti and central one helps organizations to bring this autonomous nature to bring those proactive predictive capabilities to detect an issue prioritize that issue based on risk-based prioritization is what we call it and autonomously remediate that issue right so that's where uh this partnership really really uh helps our customers address the the top concerns they have in cyber crime or cyber security got it so prioritization automation nick maybe you could address what are the keys i mean you got to map vulnerabilities to software updates how do you make sure that your the patches there's not a big lag between your patch and and the known vulnerabilities and you've got this diverse set of you know i.t portfolio assets how do you manage all that it's a great question and i and i think really the number one uh issue around this topic is that security teams and it teams are facing a really daunting task of identifying all the time every day all the vulnerabilities in their ecosystem and the biggest problem with this is how do they get context and priority and i think what people have come to realize through the years of dealing with with patch management uh and vulnerability scanning is that patching without the context of what the possible impact or priority of that risk is really comes down to busy work and i think what's so important in a totally interconnected world with attacks happening at machine speed is being able to take that precious asset that we call time and make sure you properly prioritize that how we're doing it from sentinel one singularity xdr perspective is by leveraging autonomous threat information and being able to layer that against vulnerability information to properly view through that lens the highest priority threats and vulnerabilities that you need to patch and then using our single agent technology be able to autonomously remediate and patch those vulnerabilities whether or not it's on a mac a pc server a cloud workload and the beauty of our solution is it gives you proper clarity so you can see the impact of vulnerabilities each and every day in your environment and know that you're doing the right thing in the right order got it okay so the context gives you the risks profile allows you to prioritize and then of course you can you know remediate what else should we know about this this joint solution uh in terms of you know what it is how i engage any other detail on how it addresses the the problem specifically yeah so it's all about race against the time um uh dave when it's how we help our customers uh detect the vulnerability prioritize it and remediate it the attackers are able to weaponize those vulnerabilities and and have an attack right so it's really it's how we help our customers be a lot more proactive and predictive address those vulnerabilities versus um before the attackers really get access to it right so that's where our joint solution in fact i always say whatever edr with this edr or mdr or xdr the r portion of that r is very one he comes in our neurons for patch management or what we call neurons but risk based patch management combined with um central ones xdr is where we truly uh bring the combined solutions to to to life right so the r is where ivanti really plays a big part in uh in the joint solution yeah absolutely the response i mean people i think all agree you're going to get infiltrated that's how you respond to it you know the thing about this topic is when you make a business case a lot of times you'll go to the cfo and say hey if we don't do this we're going to be in big trouble and so it's this fear factor and i get that it's super important but but are there other measurements of success that that you you can share in other words how are customers going to determine the value of this joint solution so it's a mean time to repair let me go nick and then i'm sure you have your uh metrics and how you're measuring the success it's about how we can detect an issue and repair that issue it's reducing that mean time to repair as much as possible and making it as real-time as possible for our customers right that's where the true outcome through success and the metric that customers can track measure and continuously improve on nick you want to add to that for sure yeah you know you make some great great points niaki and what what i would add is um what sentinel one singularity platform is known for is automated and autonomous detection prevention and response and remediation across threats and if you look traditionally at patch management or vulnerability assessment they're typically deployed and run in point-of-time solutions what i mean by that is that they're scans and re-scans the way that advanced edr solutions and xdr solutions such as single one singularity platform work is we're constantly recording everything that's happening on all of your systems in real time and so what we do is literally eliminate the window of opportunity between a patch being uh needed a vulnerability being discovered and you knowing that you have that need for that vulnerability to be patched in your environment you don't have to wait for that 12 or 24-hour window to scan for vulnerabilities you will immediately know it in your network you'll also know the security implications of that vulnerability so you know when and how to prioritize and then furthermore you can take autonomous hatching measures against that so at the end of the day the name of the game in security is time and it's about reducing that window of opportunity for the adversaries for the threat actors and this is a epic leap forward in in doing that for our customers and that capability nick is a function of your powerful agent or is it architecture where's that come from that's a great question it's it's a combination of a couple of things the first is our agent technology which performs constant monitoring on every system every behavior every process running on all your systems live and in real time so this is not a batch process that that kicks up once a day this is always running in the background so the moment a new application is installed the moment a new application version is deployed we know about it we record it instantaneously so if you think about that and layer against getting best in class vulnerability information from a partner like avanti and then also being able to deploy patch management against that you can start to see how you're applying that in real time in your environment and the last thing i i'd like to add is because we're watching everything and then layering it against thread intel and context using our proprietary machine learning technology that that idea of being able to prioritize and escalate is critical because if you talk to security providers there's a couple different uh challenges that they're facing and i would say the top two are alert fatigue and then also human human power limitations and so no security team has enough people on their team and no security teams have an absence of alerts and so the fact that we can prioritize alerts surface the ones that are the most important give context to that and also save them precious hours of their personnel's time by being able to do this autonomously and automatically we're really killing two birds with one stone that's great there's the business case right there you just laid out some other things that we can measure right it all comes back to the data doesn't it we got to go but i'll give you the last word yeah i mean we are super excited about this partnership uh like nick said uh we believe in how we can help our customers discover all the assets we have they have um manage those assets but a big chunk of it is how we help them secure it right secure uh their devices the applications the data that's on those devices the end points and being able to provide an experience a service experience at the end of the day so that end users don't have to worry about securing you don't have to think about security it should be embedded it should be autonomous and it should be contactually personalized right so uh that's the journey we are on and uh thank you nick for this great partnership and look forward to a great journey ahead of us thank you yeah thanks to both of you nick appreciate it okay keep it right there after this quick break we're gonna be back to look at how ivanti is working with other partners to simplify and harden the anywhere workplace you're watching the cube your leader in enterprise and emerging tech coverage [Music] you

(bright upbeat music) >> Hello, everyone, and welcome to this #CUBEConversation here in Palo Alto, California. I'm John Furrier, host of "theCUBE." We have the co-founder and CTO of Armis here, Nadir Izrael. Thanks for coming on. Appreciate it. Armis is hot company, RSA, we just happened. Last week, a lot of action going on. Thanks for coming on. >> Thank you for having me. Sure. >> I love CTOs and co-founders. One, you have the entrepreneurial DNA, also technical in a space with cyber security, that is the hottest most important area. It's always been important, but now more than ever, as the service areas are everywhere, tons of attacks, global threats. You got national security at every level, and you got personal liberties for privacy, and other things going on for average citizens. So, important topic. Talk about Armis? Why did you guys start this company? What was the motivation? Give a quick commercial what you guys do, and then we'll get into some of the questions around, who you guys are targeting. >> Sure, so yeah, I couldn't agree more about the importance of cybersecurity, especially I think in these days. And given some of the geopolitical changes happening right now, more than ever, I would say that if we go back 6.5 years or so, when Armis was founded, we at the time talked to dozens of different CIOs, CSOs, it managers. And every single one of them told us the same thing. And this was at least to me surprising at the time. We have no idea what we have. We have no idea what the assets that are connected to our network, or our environment are. At the time, when we started Armis, we thought this was simply, let's call it the other devices. IOT, OT, all kinds of different buzzwords that were kind of flying around at the time, and really that's, what we should focus on. But with time, what we understood, it's actually a problem of scale. Organizations are growing massively. The diversity of different assets they have to deal with is incredible. And if 6.5 or 7 years ago, it was all about just growth of actual physical devices, these days it's virtual, it's containerized, it's cloud-based. It's actually quite insane. And organizations find themselves really quickly dealing with billions of assets within their environment, but no real way to see, account for them, and be able to manage them. That's what Armis is here to solve. It's here to bring back visibility and order into the mix. It's here to bring a complete map of everything within the organization, and the ability to manage different security processes on top of that. And it couldn't have come, I think at a better time for organizations, because the ability to manage these days, the attack surface of an organization, understand where are different weak spots, what way to invest in? They start and end with a complete asset map, and that's really what we're here to solve. >> As I look at your story and understand what you guys are doing, certainly, a lot of great momentum at RSA. But also digging under the hood, you guys really crack the code with on the scale side as well. And also it's lockstep with the environment. If you look at the trends that we've been covering on "theCUBE," system on chip, you're seeing a lot of Silicon action going on, on all the hyperscalers. You're starting to see, again, you mentioned IOT devices and OT, IP enabled processors. I mean, that's basically you can run multi-threaded applications on a light bulb, basically. So, you have these new things going on that are just popping in into the environment. Just people are hanging them on the network. So, anything on the network is risk and that's happening massively, so I see that. But also you guys have this contextualization capability, scope the problem statement for us? How hard is it to do this? Because you got tons of challenges. What's the scale of the problem that you guys have been solving? 'Cause it's not easy. I mean, it's not network management, not just doing auto discovery, there's a lot of secret sauce there, scope the problem? >> Okay, so first of all, just to get a measure of how difficult this is, organizations have been trying to solve this for the better part of the last two decades. I think even when the problem was way smaller, they've still been struggling with being able to do this. It's an age old problem, that for the most part, I got to say that when I describe the problem the way that I did, usually, what the reaction from clients are, "Yes, I'd love for you to solve that." "I just heard this pitch from like five other vendors and I've yet to solve this problem. So, how do you do it?" So, as I kind of scope this, it's also a measure of just basically, how do you go about solving a complex situation where, to kind of list out some of the bold claims here in what I said. Number one, it's the ability to just fingerprint and be able to understand what your assets are. Secondly, being able to do it with very dirty data, if you will. I would say, in many cases, solutions that exist today, basically tell clients, or tell the users, were as good as the data that you provide us. And because the data isn't very good, the results aren't very good. Armis aspires to do something more than that. It aspires to create a logically perfect map of your assets despite being hindered by incomplete and basically wrong data, many times. And third, the ability to infer things about the environment where no source data even exists. So, to all of that, really Armis' approach is pretty straightforward, and it relies on something that we call our collective intelligence. We basically use the power and scale of these masses to our advantage, and not just as a shortcoming. What I mean by that, is Armis today tracks overall, over 2 billion assets worldwide. That's an astounding number. And it thanks to the size of some of the organization that we work with. Armis proudly serves today, for instance, over 35 of Fortune 100. Some of those environments, let me tell you, are huge. So, what Armis basically does, is really simple. It uses thousands, tens of thousands, hundreds of thousands sometimes, of instances of the same device and same assets to basically figure out what it is. Figure out how to fingerprint it best. Figure out how to marry conflicting data sources about it and figure out what's the right host name? What's the right IP address? What are all the different details that you should know about it? And be able to basically find the most minimalist fingerprints for different attributes of an asset in a changing environment. It's something that works really, really well. It's something that we honestly, may have applied to this problem, but it's not something that we fully invented. It's been used effectively to solve other problems as well. For instance, if you think about any kind of mapping software. And I use that analogy a lot. But if you think about mapping software, I happened to work for Google in the past, and specifically on Google Map. So, I know quite a bit about how to solve similar problems. But I can tell you that you think about something like a mapping software, it takes very dirty, incomplete data from lots of different sources, and creates not a pixel perfect map, but a logically perfect map for the use cases you need it to be. And that's exactly what Armis strives to do. Build the Google Maps, if you will, of your organization, or the kind of real time map of everything, and be able to supply that or project that for different business processes. >> Yeah, I love the approach, and I love that search analogy. Discover is a big part of mapping as you know, and reasoning in there with the metadata you have and the dirty data is critical. And by the way, we love bold statements on "theCUBE," because as long as you can back 'em up, then we'll dig into that. But let's back up some of those bold claims. Okay, you have a lot of devices, you've got the collective intelligence. How do you manage the real time nature of devices changing in real time? 'Cause if you do fingerprint on it, and you got some characteristics of the assets in the map, what happens in real time? How fast are you guys managing that? What's the process for that? >> So, very quickly, I think another quick analogy I like to use, because I think it orients people around kind of how Armis operates, is imagine that Armis is kind of like a Shazam for assets. We take different attributes coming from your environment, and we match it up, that collective intelligence to figure out what that asset is. So, we recognize an asset based off of its behavioral fingerprint, or based off of different attributes, figure out what it is. Now, if you take something that recognizes tunes on the radio or anything like that, it's built pretty similarly. Once you have access to different sources. Once we see real environments that introduce new devices or new assets, Armis is immediately learning. It's immediately taking those different queues, those different attributes and learning from them. And to your point, even if something changes its behavioral fingerprint. For instance, it gets updated, a new patch rolls out, something that changes a meaningful aspect of how that asset operates, Armis sees so many environments, and so much these days that it reacts in almost real time to the introduction of these new things. A patch rolls out, it starts changing multiple devices and multiple different environments around the world, Armis is already learning and adapting this model for the new type of asset and device out there. It works very quickly, and it's part of the effectiveness of being able to operate at the scale that we do. >> Well, Nadir, you guys got a great opportunity there at Armis. And as co-founder, you must be pretty pumped, actually working hard, stay up to date, and got a great, great opportunity there. How was RSA this year? And what's your take on the landscape? Because you're kind of in this, I call the new category of lockstep with an environment. Obviously, there's no perimeter, everyone knows that. Service area is the whole internet, basically, distributed computing paradigms and understanding things like discovery and mapping data that you guys are doing. And it's a data problem as well. It's a lot of problems that you guys are solving. But the industry's got some old beggars, as I still hear endpoint protection, zero trust. I hear trust, if you're talking about supply chain, software supply chain, S bombs, you mentioned in a previous interview. You got software supply chain issues with open source, 'cause everything's open source now on infrastructure, so that's happening. How do you manage all that? I mean, is it zero trust or is it trust? 'Cause as you hear, I hear you talking about Armis, it's like, you got to have trusted components in there and you got to trust the data. So, that's not zero trust, that's trust. So, where zero trust and trust solve? What's your take on that? How do you resolve? What's your reaction to that? >> Usually, I wait for someone else to bring up the zero trust buzzword before I touch on that. So, because to your point, it's such an overused buzzword. But let me try and tackle that for a second. First of all, I think that Armis treats assets in a way as, let's call it the vessels of everything. And what I mean by that, is that at a very atomic aspect, assets are the atoms of the environment. They're the vessels of everything. They're the vessels of vulnerabilities. There's the vessels of actual attacks. Like something, some asset needs to exist for something to happen. And every aspect of trust or zero trust, or anything like that applies to basically assets. Now, to your point, Armis, ironically, or like a lot of security tools, I think it assists greatly or even manages a zero trust policy within the environment. It provides the asset intelligence into the mix of how to manage an effective zero trust policy. But in essence, you need to trust Armis, right? I mean, Armis is a critical function now within your environment. And there has to be a degree of trust, but I would say, trust but verified. And that's something that I think the security industry as a whole is evolving into quite a bit, especially post events like solar, winds, or other things that happened in recent years. Armis is a SaaS platform. And in being a SaaS platform, there is an inherent aspect of trust and risk that you take on as a security organization. I think anyone who says differently, is either lying or mistaken. I mean, there are no foolproof, a 100% systems out there. But to mitigate some of that risk, we adhere to a very strict risk in security policy on our end. What that means, is we're incredibly transparent about every aspect of our own environment. We publish to our clients our latest penetration test reports. We publish our security controls and policies. We're very transparent about the different aspects we're involve in our own environment. We give our clients access to our own internal security organization, our own CSO, to be able to provide them with all the security controls they need. And we take a very least privileged approach in how we deploy Armis within an environment. No need for extra permissions. Everything read-only unless there is an explicit reason to do else... I think differently within the environment. And something that we take very seriously, is also anything that we deploy within the environment, should be walled off, except for whatever lease privilege that we need. On top of that, I'd add one more thing that adds, I think a lot of peace of mind to our clients. We are FeRAMP ready, and soon to be certified, We work with DOD clients within the U.S kind of DOD apparatus. And I think that this gives a lot of peace of mind to our clients, even commercial clients, because they know that we need to adhere to hundreds of different security controls that are monitored and government by U.S federal agencies. And that I think gives a lot of extra security measures, a lot of knowledge that this risk is being mitigated and controlled, and governed by different agencies. >> Good stuff there. Also at RSA, you kind of saw people come back together face-to-face, which is great. A lot of kind of similar, everyone kind of knows each other in the security business, but it's getting bigger. What was the big takeaways from you for the folks watching here that didn't get to go to RSA this year? What was the most important stories that came out of RSA this year? Just generally across the industry, from your perspective that people should pay attention to? >> First of all, I think that people were just really happy to get back together. I think it was a really fun RSA. I think that people had a lot of energy and excitement, and they love just walking around. I am obviously, somewhat biased here, but I will say, I've heard from other people too, that our event there, and the formal party that was there was by far the kind of the the talk of the show. And we were fortunate to do that with Sentinel One. with Torque who are both great partners of ours, and, of course, Insight partners. I think a lot of the themes that have come up during RSA, are really around some of the things that we already talked about, visibility as a driver for business processes. The understanding of where do assets and tax surfaces, and things like that play in. But also, I think that everything was, in light of macroeconomics and geopolitics that are kind of happening in the background, that no one can really avoid that. On the one hand, if we look at macroeconomics, obviously, markets are going through quite a shake up right now. And especially, when you talk about tech, the one thing that was really, really evident though, is it's cybersecurity is, I think market-wise just faring way better than others because the demand is absolutely there. I think that no one has slowed down one bit on buying and arming themselves, I'd say, with defensive solutions for cybersecurity. And the reason, is that the threats are there. I mean, we're all very, very much aware of that. And even in situations where companies are spending less on other things, they're definitely spending on cybersecurity, because the toll on the industry is going up significantly year by year, which really ties into also the geopolitics. One of the themes that I've heard significantly, is all the buzz around different initiatives coming from both U.S federal agencies, as well as different governing bodies around anything, from things like shields up in critical infrastructure, all the way to different governance aspects of the TSA. Or even the SCC on different companies with regards to what are they doing on cyber? If some of the initiatives coming from the SCC on public companies come out the way that they are right now, cyber security companies will elevate... Well, sorry, companies in general, would actually elevate cyber security to board level discussions on a regular basis. And everyone wants to be ready to answer effectively, different questions there. And then on top of all of that, I think we're all very aware of, I think, and not to be too doom and gloom here, but the geopolitical aspect of things. It's very clear that we could be facing a very significant and very different cyber warfare aspect than anything that we've seen before in the coming months and years. I think that one of the things you could hear a lot of companies and clients talk about, is the fact that it used to be that you could say, "Look, if a nation state is out to get me, then a nation state is out to get me, and they're going to get me. And I am out to protect myself from common criminals, or cybersecurity criminals, or things like that." But it's no longer the case. I mean, you very well might be attacked by a nation state, and it's no longer something that you can afford to just say, "Yeah, we'll just deal with that if that happens." I think some of the attacks on critical infrastructure in particular have proven to us all, that this is a very, very important topic to deal with. And companies are paying a lot of attention to what can give them visibility and control over their extended attack surface, and anything in between. >> Well, we've been certainly ringing the bell for years. I've been a hawk on this for many, many years, saying we're at cyber war, well below everyone else. So, we've been pounding our fist on the table saying, it's not just a national security issue. Finally, they're waking up and kind of figuring out countermeasures. But private companies don't have their own, they should have their own militia basically. So, what's the role of government and all this? So, all this is about competency and actually understanding what's going on. So, the whole red line, lowering that red line, the adversaries have been operating onside our infrastructure for years. So, the industrial IOT side has been aware of this for years, now it's being streamed, right? So, what do we do? Is the government going to come in and help, and bring some cyber militia to companies to protect their business? I mean, if troops dropped on our shores, I'm sure the government would react, right? So, where is that red line, Nadir? Where do you see the gap being filled? Certainly, people will defend their companies, they have assets obviously. And then, you critical infrastructure on the industrial side is super important, that's the national security issue. What do we do? What's the action here? >> That is such a difficult question. Such a good question I think to tackle, I think, there are similarities and there are differences, right? On the one hand, we do and should expect the government to do more. I think it should do more in policy making. I mean, really, really work to streamline and work much faster on that. And it would do good to all of us because I think that ultimately, policy can mean that the third party vendors that we use are more secure, and in turn, our own organizations are more secure in how they operate. But also, they hold our organizations accountable. And in doing so, consumers who use different services feel safer as well because basically, companies are mandated to protect data, to protect themselves, and do everything else. On the other hand, I'd say that government's support on this is difficult. I think the better way to look at this, is imagine for a second, no troops landing on our kind of shores, if you will. But imagine instead, a situation where Americans are spread all over the world and expect the government to protect them in any country, or in any situation they're at. I think that depicts maybe a little better, how infrastructure looks like today. If you look at multinational companies, they have offices everywhere. They have assets spread out everywhere. They have people working from everywhere around the world. It's become an attack surface, that I think you said this earlier, or in a different interview as well. There's no more perimeter to speak of. There are no more borders to this virtual country, if you will. And so, on the one hand, we do expect our government to do a lot. But on the other hand, we also need to take responsibility as companies, and as vendors, and as suppliers of services, we need to take accountability and take responsibility for the assets that we deploy and put in place. And we should have a very security conscious mind in doing this. >> Yeah. >> So, I think tricky government policy aspect to tackle. I think the government should be doing more, but on the other hand, we should absolutely be pointing internally at where can we do better as companies? >> And the asset understanding the context of what's critical asset too, can impact how you protect it, defend it, and ensure it, or manage it. I mean, this is what people want. It's a data problem in flight, at rest, and in action. So, Armis, you guys are doing a great job there. Congratulations, Nadir on the venture, on your success. I love the product, love the approach. I think it scales nicely with the industry where it's going. So, especially with the intelligent edge booming, and it's just so much happening, you guys are in the middle of it. Thanks for coming on "theCUBE." Appreciate it. >> Thank you so much. As I like to say, it takes a village, and there's so many people in the company who make this happen. I'm just the one who gets to take credit for it. So, I appreciate the time today and the conversation. And thank you for having me. >> Well, we'll check in with you. You guys are right there with us, and we'll be in covering you guys pretty deeply. Thanks for coming on. Appreciate it. Okay, it's #CUBEConversation here in Palo Alto. I'm John Furrier. Thanks for watching. Clear. (bright upbeat music)

>> Viewers of our breaking analysis series know that we've been following the developments in cybersecurity for a number of years and of course, throughout the pandemic. Focusing on the permanent shifts that we see in cyber from remote work, distributed computing and technology advancements. We've reported how the adversaries are highly capable they're well-funded and they're motivated. And how they're constantly upping their game on defenders, island hopping, stealthily living off the land, planting self forming malware at various points in the digital supply chain, offering advanced ransomware as a service of the dark web to any disreputable individual with or without a high school diploma that may have access to a server and is brazen enough to steal from their company. We've also shared this chart from Optiv many, many times, it's a taxonomy of the cybersecurity landscape, and it is meant to make your eyes bleed, ask any CSO and they'll tell you they're drowning in fragmented tooling, technical debt, and their number one challenge is lack of talent. Not that their people aren't capable, they are, but CSOs just don't have enough of them. They can't hire fast enough or they can't retain qualified people with the talent war that's going on. Or they can't train people fast enough, or they just don't have the budget. Hello everyone, this is Dave Vellante and welcome to this video exclusive with Nick Schneider, president and CEO of Arctic Wolf Networks, Nick, so good to see you. Thanks for coming on the cube. >> Thanks for having me, Dave. >> That's our pleasure. So Arctic Wolf networks, let's talk about the company, the problem, you heard my little narrative upfront. What are you guys all about? >> Yeah, so at its core, we're a cybersecurity technology company. You know, it's our belief that we've really pioneered the first full scale cloud native security operations platform and at its core, what we're trying to do as a business is make security operations something that's fast, easy and economical for really a company of any size and scale to implement with really two key components, one we're agnostic to the technology and the landscape of the technology that they have already implemented within their environment, and two, we can feather into really any organization, regardless of the skill set they have from a cybersecurity standpoint in house. And really the problem that we're setting out to solve, I think you illustrated well at the beginning of the show here is that it's our belief that the cybersecurity industry in a sense has failed the end user or failed the customer by throwing, you know, a myriad of different tools at them. And it's really, you know, our mission here as a company to end cyber risk. And it's our belief that through the cloud native platform that we've bought in the cybersecurity security operations cloud that we've built, that we can deliver the outcomes that have been promised over time to these customers, which at the end of the day, is really just to be safe and have their customer and have their business protected. >> So you guys are the experts. You can kind of provide a white glove service that essentially plugs in to my business. Is that right? And how easy is that to do, what do I have to do to, to set it up? How complicated is that for me, the customer? >> Yeah, so it's, it's very straightforward. We can implement our security operations platform, you know, in as short as a week and generally speaking, you know, about a month and we plug in really to the infrastructure that the customer has in place. And for some of our customers, that's very little and for some of our customers, most of our customers, that's quite a bit of technology. And the beauty of the way that we've built the platform is that we're really agnostic to that tech. So, we can take feeds from kind of any technology that are in place, that helps to augment the platform that we've built. And then we feather in kind of the technologies that we've built within the platform, into their existing infrastructure. And at the end of the day, what we're trying to do is give the customer visibility, you know, into the tools that they have, the gaps that they might have as a result of the tools, you know, in some cases, the duplication of efforts that they have, you know, between these tools and then deliver a security outcome or a protection that maybe they haven't otherwise felt as a business. And then outside of kind of the technology platform, we add what we call our concierge security team as a layer to the deliverable that we give to the customer. And why that's important is that not all customers are created equal and with regard to the skillset that they have in house, in that that concierge security platform allows us to kind of work with a customer at any kind of, you know, point along their security journey, regardless of the in-house technology talent that they have. >> Now, so I got to ask you, our largest footprint for the cube is in the heart of Silicon Valley. We love the valley, but I also love stories of high growth companies that are outside of Silicon Valley. You guys are in the Midwest in Minnesota, it's got some Compellent DNA in there. And I remember my, so my business friends, Phil Soren, and Larry Yasmin, you know them, Phil used to tell me, Dave, this is actually an advantage for us to be in the middle of the part of the country. There's a talent war going on, which back then was a lot less than it is today, even. So how do you see that? Are there advantages to you and being in that part of the country, or does it not matter because you're so distributed around the world? >> Yeah, I mean, I would follow a similar tune to Phil, right. I, you know, obviously worked at Compellent early and, you know, historically I've worked at other Minneapolis based technology companies and the reality is there's a really strong technology ecosystem in Minneapolis. And a lot of the, of the talent, you know, is not just in sales and marketing or just on the technical side, but it's in building high growth technology companies kind of from the ground up into, you know, large scale. And now we've seen not only the fortune 500 kind of base that we have here in Minneapolis, but also a growing contingency of larger technology companies using Minneapolis as at least, you know, one of the spokes against their hub, if not the hub themselves. And clearly my pedigree in history was out of Minneapolis based tech, you know, and I've moved to other locations throughout the country, but as we started to build out, you know, Arctic Wolf and what we wanted Artic Wolf's culture to look like, and as we started to lay out the foundation for what we wanted our growth to look like, it became very clear to myself, you know, our chairman and co-founder Brian Nesmith, that Minneapolis would be a great home for us as Arctic Wolf. And then we would continue to invest in some of the locations that we have, you know, both across the country and now across the globe. >> So there are a lot of companies that are doing managed security services, but if I got it right, you guys specifically target smaller and midsize companies, is that correct? And why is that? >> Yeah, so I would say that that would be correct as of a few years ago, the dynamic has changed quite a bit. And I think it's a result of the dynamic of the market. First and foremost, we are a technology company. We have this concierge layer on top, which is really what the customers are looking for, but it's all powered by the platform. So the platform kind of allows us to do what we've done as a business, into both small organizations, which is, you know, where we probably got our start, but over the last few years, we've seen tremendous growth up market, you know, so for example, we as a business have grown, you know, over a hundred percent now for eight years in a row and now on a much larger denominator, but our upmarket business is growing at four to 500%. And I think that's a result of really two things. I think, A, customers of that size and scale have realized that cyber security and cybersecurity operations as a problem is something that's really hard to accomplish in-house regardless of your size and complexity. And then two, I think what happened over the past year, year and a half is that we saw a lot of organizations move from a centralized I.T or a centralized, you know, security function where they could all operate within an office and all operate in a centralized environment, all of a sudden becoming very disparate in their geography. And that led to a lot more interest in what we did with larger customers, because we could deploy a security operation effectively, remotely in a really short amount of time. And we could do it more effectively and economically than, than they could do on their own. And then we also solve for a component of the human aspect of what a security operation means, right. And what I mean by that is these larger organizations can take their highly skilled cybersecurity talent and focus them on the strategic initiatives within the company. Whereas a lot of the security work or risk is in kind of the day to day, right? The dieting that takes place within an organization. And that's where a lot of the breaches take place is in making sure that you're actually paying attention to, you know, the alerts that you're getting and paying attention to the telemetry and the tools that you've made investments in. And we augment that portion of a cybersecurity operation really, really well for larger organizations and for smaller organizations, we are that security operation. So it's kind of dependent on the way in which they're set up. >> Okay. So it's a mix of both well augmenting, and basically you take the whole thing and so, so your ideal customer profile, your ICP is anybody with a security problem. I mean, that's everybody, well, maybe you could describe paint a picture of your perfect customer, if you would. >> Yeah, so, and you, I know you said that somewhat jokingly, but it, but it is true. We have customers of all sizes, you know, so I, I bet our smallest customer is under 10 employees. Our largest customer is over 50,000 employees. We have customers in every vertical of the market, you know, mostly centralized in healthcare, financial organizations, manufacturing, but, you know, the largest swath of customers by industry would probably not top 10%. So, we service really any account that's looking to develop and invest in a security operation and has the support of their organization and the support of their board and their leadership teams to make that investment. And then where we, where we fall within the account is really dependent on the way in which their current operation is set up. And certainly, you know, the massive organizations that have, you know, 50 people within their cybersecurity team, and they have a hundred different tools. They're probably not the best target for us, but if they have security awareness, if they have a security as a top need or a top priority within their business, and they're looking for a way to build out a true security operation within their account, whether that be wholesale through a third-party or in part through a third-party, we're a perfect fit for all those accounts, which makes our addressable market massive. >> Yeah, so what's unique about you guys, I mean, this may be not the right analogy, but you're kind of like the easy button for cyber. I mean, there's nothing easy about cyber., I get that, but you, you do make it easy, especially for companies that don't have any cyber expertise to engage and get up to speed fast, and certainly be more protected. That's one aspect of your uniqueness. The other is, I think, is your tech stack. I'm hearing, you've got a platform. I know you're focused on network detection and fast response. Maybe you could talk a little bit about what's unique about Arctic Wolf. >> Yeah, so the platform itself is really what we founded the company on. So we spent the first few years of our organization in really building out this cloud scale, multitenant cloud, native platform, understanding that the volume of data and the amount of sophistication that we would need to deliver the security operation in the long run was going to be massive. So the platforms really kind of, you know, set on a few different founding principles. One, the platform needs to work for any organization regardless of their size, regardless of their underlying tech and regardless of the skill set within their account. And that's really important. A lot of the tools in the market today require certain things of the, of the customer. And it's our premise, regardless of the customer that we won't require anything from the customers themselves. It's up to them to tell us which portions of the experience they want to own, verse Artic Wolf owning. The second would be that we need to be able to ingest a vast amount of data, and we need to be able to make intelligent decisions with that data, in a short amount of time. And as we've built out our machine learning and our AR algorithms, what we've been able to do is leverage a tool set that allows us to ingest. I think we're up to now 1.5 approaching 2 trillion observations a week, right. Which might equate to a few hundred alerts within our SOC on a per customer basis. But we're only bringing one or two things to a customer on a weekly basis that really need attention. And that's all about the platform kind of curating, cultivating the vast amount of data that we've brought into it. And then, how do we explain and how do we sell that platform with this concierge later into the customer base is also important. And we've done that through what we call modules. So we kind of founded the company on MDR managed detection and response, but we are not a managed detection and response company. It's one of our modules. We've then added manage risk, which competes kind of in the vulnerability management space. We've added a SAS and IAS monitoring, which is really cloud security. We've added what we call log search, which is really our first foray into collaboration. And then we just recently launched a quarter ago, what we call managed security awareness training, which is, you know, training the human aspect of the company on the threats of cybersecurity. And we actually just announced another acquisition in the managed security space today with habituate, which is going to give us, you know, kind of a Hollywood style approach to content within managed awareness training. But tying all those together is very unique in the market. So generally speaking, you'll see a company focused on a specific attack surface, or a specific threat. And what we're trying to say is, look, you're not a hundred percent protected as a business, or you don't have a robust security operation unless you're bringing together all aspects of cybersecurity under one umbrella. And that's really our goal as a company. >> Okay. So you got all these different modules and you may not want to go here cause you're in the cyber business and you're, you're prudently secretive, but, but I'm interested in kind of what's underneath. I presume you're using best of breed tooling underneath, but unlike, you know, the hosting company of the past or those, you know, a big, you know, integrator who could do this, but they've got one of everything and it's sort of, kind of a mess. You're building a scalable business, but you're not, you're not developing, you know, best of breed, identity access products for the marketplace. You're I presume you're buying those in integrating them and working through whatever APIs and making it all work across your stack. Can you talk a little bit about your tech stack? >> Yeah, so the technology stack has been built from the ground up by Arctic Wolf. So certainly we're using, you know, various technologies or open source technologies from within the ecosystem, but the technology and the platform itself is Arctic Wolf. So we're not beholden to any third parties for what we deliver to the customer. And that makes us very nimble in a few areas. One, it makes us very nimble in the way that we price the solution to the customer, which for us is a very predictable model. And then two, it allows us to be nimble with customer needs as to what they want from us, both of the existing modules that we have, but also additional modules or, you know, additional solutions that we might bring to the market. So a lot of vendors that have historically kind of lived within the MDR space and certainly vendors that have lived in the managed, you know, the MSSP or MSP space, which we are certainly not, they're generally leveraging third-party technologies. They're generally buying and implementing or white labeling third-party technologies. And then they're layering kind of a services component on top. And we are not doing that. We've built the technology ourselves and don't get me wrong. That was a massive investment in both time and resources. But I think in the end, what it'll allow us to do is be very nimble with the market and most importantly, be very nimble with the customer's requirements and requests. >> Right. Okay. So let's talk about your market opportunity. I mean, the cyberspace, I mean, I got it well over a hundred billion, I don't know, maybe it's 110, 120 billion. That's kind of your tan, you may be not serving that entire market today. Although you said you started in small and mid-size, you're targeting now your enterprise, your higher end businesses growing, you talked about, I think you said a hundred percent growth, like eight quarters in a row. And so there's no shortage of opportunity for you. How do you think about your total available market? Maybe you could add some color to that. >> Yeah. Yeah. So it's been eight years of a hundred percent growth. >> Eight years, not eight quarter, I apologize. >> It's been going really well for us. And it's a reflection on the market itself and the approach we're taking. So in our view, security operations is really the opportunity to unify all these disparate markets in cybersecurity. And, when I walk into a customer account, if I had to use two words to describe how they're feeling, one would be confused, the other would be frustrated. Sometimes they're both. Sometimes they're only one, but generally speaking, one of those two words comes out of their mouth. And the reason for it is at the end of the day, they just want to be protected. They want the outcome. And all of these disparate markets are promising the same outcome, but they're just promising it on the endpoint or just on the network or just in cloud or just an IOT or just an OT, or just in fill in the blank. And it's our view that it's our opportunity as a company to really fill that void for the customer, which is to unify all of these different technologies and spaces into one security operation. And sometimes that means that we're delivering our own end point. And sometimes that means that we're leveraging an end point or an end point solution that the customer has in house. And we're ingesting that data into our platform and we're making sense of it to the end user. But when you put that market together, you know, it's a hundred, I think Gartner's recent numbers there are 150 plus billion dollar market. And in 2021, I think it's growing at, you know, 12 to 15%. And it's our view that we can service the majority of that market, you know, I think on a conservative measure, you know, 90 to a hundred billion is the, is the Tam that we're addressing. And we're now starting to go, not only scaling out from the number of products for the markets that we service, and you can see that through managed security awareness training, but also the geographies we service, the segments of the market we service, specialization within verticals. And, for us, that is the opportunity at the end here. >> I wonder if you could help us squint through some of the data you hear in the industry, some of the trends you see in the press, certainly this came up in the, in the solar winds hack. We were seeing, I mentioned upfront, the adversaries are very capable. They're able to get in, live off the land, live stealthily, they're island hopping into the supply chain. You know, oftentimes you don't know, more than often, you don't know they're there, I've heard stats like, and we look at the solar winds hack, we saw that it was, you know, 300 days or over a year that they were inside the company. And you've heard, you know, average statistics from, you know, whatever that it's hundreds of days are those, are you able to compress those? Can you talk about that a little bit in terms of where you see your customers and how you're helping them, you know, respond? >> Yeah, so at the end of the day, you know, cybersecurity, the industry is really about limiting the volume of incidents within a customer account and then limiting the impact. And what you're talking about is the impact. And the impact as these threat actors have become, you know, more sophisticated is larger as they're in the environment for a longer period of time. So the faster you can get to an attack or the faster you can detect an attack, the better off you'll be as a business. And that is the core of what we do as a company. And, and certainly, you know, managed detection response or MDR, our first offering was all about that. It's all about detecting early and responding early to a threat so that you can get anything that has gotten through your perimeter defenses out of your systems, as fast as humanly possible. And then we feathered in, you know, manage risk, which is more about the front end. So how do we make sure that we have everything configured properly? How do we make sure that we, you know, fill any holes that are in the current environment so that we don't even get to a point where we have to manage the time with which an attack has had to live within your environment? So, it's all about kind of those two things, reduce the frequency and reduce the impact. And we're, we're focused on both, both the, kind of the proactive measures, which would be more on the front end and then the reactive measures, which is what do you do and how can you act as quickly as possible within your environment to ensure that, you know, they're not getting into the crown jewels of the business. >> We've seen lately where the, the attackers have. I mean, it's really insidious, right Nick, they, they will exfiltrate, they'll get in they'll exfiltrate stealthily and they'll be ready to attack from a ransomware standpoint. And then they, you know, maybe they're hitting the bank and they're scouring to see what the Chief Information Officer is going to invest in. And they're actually making trades ahead of that. They're making more money, you know, snooping than from the ransomware. And then when the company realizes and they respond, then they get them in a headlock and say, okay, now, now that you're going to stop us from making all this money through exfiltration, we're going to hit you with ransomware. So it's just, it's a really awful situation. So my point being that, or we've said, organizations have to be stealthy in their response. Have you seen that as a trend? Am I overstating that? >> No, no. I mean, customers are, you know, good news, bad news customers are very aware of the threats in particular ransomware, data exfiltration and all the other trends in the market. And I think they become more sophisticated in the way in which they respond. And I think as a result, we've seen both changes in the way customers kind of set up their environment technologically, but we've also seen a pretty dramatic shift recently with the way in which they view insurance and the way in which, you know, carriers, view insurance, and how that plays a role in, you know, cybersecurity in their cybersecurity operation. And for a lot of customers, I think recent trends are that the carriers are struggling to, you know, make money on their cyber books. And the reason for that is because they need to make sure that the customer's environment is truly secure, or they're kind of flying blind on what their book looks like. And we've started to see that both on the end-user side, we've seen that through the carriers themselves, and that also has played an integral role in the way in which the customer views risk. And I think that dynamics changing. And I think what the result of that will be is that customers are going to be looking more and more towards how they solve this problem by alleviating risk in-house, as opposed to transferring some of that risk to an insurance carrier or a third party. And what I hope that means for customers is that they'll have the proper investment. They'll have the proper tooling, they'll have the proper operations around how to react and how to respond in the quickest possible manner, which at the end of the day, the faster you can react to an incident, the smaller the impact will be and the smaller of a financial burden it will be. And they'll do that through vendors like Arctic Wolf, you know, tools that are best of breed within their infrastructure. And then a really well thought out plan about how to respond to anything that, that you know, happens within their environment. >> Yeah. I mean, if I'm an insurance company, I give a discount to somebody who's got an alarm in their house and they use it. Maybe I'll give a discount if they're working with a company like Arctic Wolf. >> Exactly. >> What percent, do you have a census to what percent of enterprises actually have a SOC? >> Yeah, we actually did a, some homework here and there's kind of two stats that jump out. And these are through a few different surveys through very well-known organizations in the cybersecurity market. But one is that last year, which would have been, you know, 2020, about 60% of organizations said that they suffered some semblance of a breach, 60%, you know, think about how many tools and how much money these organizations are investing in protecting their businesses. And over half are suffering some semblance of a breach. When those same customers are asked whether or not they felt like they have a security operation, over 99% answered no. >> Wow. >> Right. So they have a bunch of tools they're investing a ton of money, but at the end of the day, when asked, hey, do you feel like you have an operation that can protect your business? Their answer is no. And that's really the void we're trying to. >> And you and I both know that 60%, okay. But then the other 40%, they've been hacked. They just don't know it. So, all right. Let's wrap with the sub stats on the company. I think you've raised nearly half a million, half a billion dollars to date $500 million to date. So that's, I can infer from that some pretty lofty numbers, but where are you in funding with that kind of growth? I got to believe IPO is and you and your future. What can you tell, what metrics can you share? What can you tell us about where you want to take this thing? >> Yeah, so I'll give you a few metrics on the platform and a few metrics on the company. So the platform itself, you know, we're observing over 1.5 trillion observations a week, we have 10,000 plus sensors in the field. You know, we're ingesting coming from a, you know, Compellent infrastructure guy. You know, we're in ingesting over a petabyte and a half a data week. I would have loved to have been that sales guy in the glory days, you know, but the platforms, you know, operating at massive scale, we've grown the business eight years in a row, over a hundred percent. We've talked about that. Our subscription gross margins are very software-like. We have over 2000 customers. You know, our customers are really happy with an NPS score, you know, approaching 70, you know, over a million licensed users. So we're, we're doing very, very well as a business. And as a result, we've raised money to invest in that growth, which is to the tune of about a half a billion dollars and our path here, and we've stated this publicly now is that, you know, next summer give or take a quarter is really the timeframe that we're marching towards for an IPO. If I'm being honest, given the metrics that we have as a business, we could be a publicly traded company today, especially with the way the market's operating in the valuations of some of the businesses that have gone out. There might be some, even some pressure to do so, but we want to make sure that we are ready to go from a systems and an operation standpoint to not just be, you know, a flashing the pan awesome IPO, but a company that's really kind of the backbone of cybersecurity for years to come. >> Well, obviously a hot space. What we've been covering for a couple of years now, Okta, CrowdStrike, Zscaler, we've seen what's happened in the action in the market there. I mean, what are your comps? I mean, I know, I think dark trace is getting ready to go. I don't think they've gone yet. I know Sentinel One went out. How should we think about you? You're not an Okta or I don't think well, CrowdStrike, but you know, those are pure play product companies. How should we think about you guys? >> Yeah, I mean, companies that were on a similar trajectory as us at our size, Sentinel One's a very good example. And you can kind of look across all the core business metrics on that. And clearly those will all be public here in under a year. CrowdStrike's a great example. If you go, you know, reel back the tape to when they were, you know, our size we're right in line with them Zscaler, Okta, you know, I joke with our board and investors and our CFO, that the number of companies that we benchmark ourselves against is starting to become a very small number, given you know, our growth at the scale that we're at. >> Well, that's an awesome story, Nick. We're really excited that you could make some time to come on the Cube and we want to follow your progress. Welcome you back anytime. Really appreciate your time. >> Yeah. Great. Thanks for having me, Dave, and looking forward to continuing the conversation at some point. >> Excellent and thank you for watching everybody. This is Dave Vellante for the Cube and we'll see you next time.