(triumphant orchestral music) >> Hello, everyone, and welcome to a special CUBE conversation. I'm John Furrier, here inside theCUBE Studios in Palo Alto. We have a great CUBE conversation around security, malware, phishing, and we got Atif Mushtaq who's the CEO of SlashNext. It's a startup here in the Bay Area with a Series A funding and they really solved probably one of the hardest problems that people are trying to crack the code on, which is how do you solve the human problem of not getting phished? And that is the technique how people are getting in. Actually, welcome to theCUBE, thanks for coming in. >> Thanks for having me. >> So I love bringing the startups in to get the real lay of the land because you got some funding, you got customers, you just kind of get out in the market, you're at the frontlines of security. And you're solving one of the hardest problems. >> That's right. >> Malware, phishing. >> Phishing, yes. >> So before we get into it, take a minute to explain what the company's doing. What is SlashNext? Why did you start the company? What's the early product look like? And what's the core problem you're targeting? >> Yeah, of course, I mean, I think you already told that. We are a company that is completely focused on phishing and social engineering. We are not a part-time, phishing is not a part-time problem for us. The company was built on the problem that, okay, that phishing is a growing problem, and we really need a technology and a company who's dedicatedly focused on social engineering and phishing. Before founding SlashNext, I worked for a company called FireEye. And the FireEye was not about phishing. FireEye was all about malware problem, right? So when I came out of that, I started to see that there was a time when the malware were really growing rapidly, right? And at that time, they were trying to exploit problems in the software, and exploiting that without any human intervention, right? And over the period of time, what we saw that Google, Microsoft, the world, they tried to make their software really secure. So during my last days at FireEye, I started to feel that malware growth is going down, and the reason is that Microsoft software are much better than they used to be. Google is really determined that nobody should really exploit my software to install malware. But at the same time I was seeing that, okay, the cyber crimes are rising. So if the malware are going down, what is really causing the cyber crimes? And, end of the day, I found that, okay, the game has changed. Now it's more about tricking humans and tricking in such a way that they give you their information, they click on the malware themselves, without exploiting anything in the software. And I also found that, you know what, I mean, you can't really solve this problem with just conventional computing, right? With just the algorithm. You really need to understand the human psychology because these guys are exploiting that psychology. Fear, trust, and reward. All of us have these emotions, right? They just have to exploit them in such a way that we get excited enough to hand over our information willingly to them. And this is where we start-- >> And it's working too, by the way. We know the numbers are off the charts and we cover it heavily on siliconangle.com, and we're about to do a bunch more content on cybersecurity and national security. So now it's not just the individual, the implications are broader. >> That's right. >> But let's go back. Before we get into that, I want to get it back, when you said at FireEye, the company you worked for, you said they were just doing malware. So they saw malware declining, you saw the trends going up. Before you wrote a line of code, that's what you saw. When you started the technology, what did you do next? >> I think it started with the problem. I think first of all, I really wanted to make sure that I'm solving a growing problem. If the problem is going down, eventually other people will catch up and by the time you have a solution, maybe the problem is not really there. So it's funny that at that time there were so many other companies trying to solve the malware problem, and they didn't realize that, okay, the malware problems are going down, right? And because I was working for a company who started the malware thing around 2004 or '05, right? So I had already seen-- >> A little bit older. The trend moves on. The fashion moved to phishing. But what did you start writing code on? Is it born in the cloud, did you have servers? What were you doing? How were you getting going? >> Yes, the code technology is based on cognitive computing. And the reason you really need a cognitive computing or artificial intelligence because you need computer software who could understand emotions. Because phishing is about exploiting the human emotion. And they try to exploit you by giving you a piece of text or some visuals in order to trick you. Okay, your CEO lookalike say, okay, transfer me $50,000. There's nothing really malware in it, right? It's just $50,000 transfer to me, right? They give you a fake login page of PayPal. No malware in that, they're just using the logo and sometimes they ask you, okay, there are various computer problems on your laptop, right? In order to fix that, you need to call us, right? So they're trying to exploit your emotion of trust, reward, and greed. So, end of the day, we thought that, okay, unless we have an army of researchers who are doing all this job because they understand the human emotions, or we can build programs that can understand these emotions, and whenever they see someone is trying to exploit this emotion, they can trigger on that. So result is that we have built a technology in the cloud. So while your user is checking an email, or a webpage is being rendered on the computer screen, within milliseconds we find, okay, something suspicious is going on. And we send the information to a cloud, and from our cloud we launch the browser in realtime. So while I'm seeing this webpage on my screen, the computer programs are actually seeing a copy of that from the cloud. The only difference is that, this, I might not be the tech-savvy guy, but the computer algorithm that actually looking into that webpage, seeing what logo is being used and reading the natural language, they're quite tech-savvy. So with it-- >> Talk about the technology. So, you had customers out of the gate before you had one dime of venture capital. You started getting paying customers. How are they deploying? What was the original product? What was their initial traction? Is it a SaaS model? Do they buy software? What were they paying you for? >> The form factor was hardware based. The hardware was cloud-powered. The whole purpose of the hardware was to sniff the network traffic, all the web traffic at the network switch level, and whenever they see something suspicious, they engage that cloud. So all the secret sauce and the main technology resided at the cloud. It was just a mechanical way for us to sniff the traffic. So the first product that we sold was that hardware device. And now we're moving more towards other form factor-- >> And you guys catch some phishing out of the gate? Did you guys solve some problems out of the gate? >> Yeah, within seconds, we started catching stuff. We, first of all, started seeing direct filtration attempts. We started seeing the phishing attempt right away. And this is where, I think, we got them by surprise because they already have all these big vendors already in place, and they were kind of over confident. They said, okay, you know what? You look like a young guy who's rarely had big claims. >> You had FireEye, you must know what you're talking about, we'll give it a shot. >> We'll give it a shot and they never believed that, okay? They thought, okay, maybe I can catch one or two phishing attacks, right? >> I have nothing to lose. I'll try it, I'm probably >> I'll try-- >> going to be on the plan, one more, what's one more box? >> But we got them by surprise. At the very, very beginning, the moment you attach the network traffic, we'll start tripping and this is how we got, I mean, no marketing material, no website. A founder is going without any presentation, and just selling. And I a hired a VP of sales who would actually carry the box with me. I would manufacture the box in my bedroom. My wife would put stickers, she's really good at that. And we actually pack it-- >> It looks good, yeah. >> It looks good. >> Little micro boxes, well, trying the chip on there. No, only kidding. Yeah, so you got the products, how many customers did you get on the early stages? How many did you get in that month? >> We had around 10 paying customer, and the revenue for around three, $400,000 ARR before we went in front of the VCs. And these guys had actually seen FireEye, and FireEye took a lot of money before they even had the paying customer. And they said, you know, what are you doing? >> You did a good move there. So, Atif, bootstrapping is a great, I think it's not only brave from an entrepreneurial standpoint, it really gives you the more creative freedom, because if you're putting your own cash on the table. So it's commitment and also it gives you creative license, not like that extra pressure. Most VCs might, some of these might give you a pass. Most are a bunch of board meetings and want to put pressure on you. >> That's right. >> Let's take a step back. Give us a 101 on the current state of malware. What are the different types of malware out there? You mentioned a few of them just a second ago. Break down the top malware, I mean, the phishing attacks. What are the top phishing attacks that you're seeing right now that people should know about? That may not know about. >> Okay, so there are two things. I would call it, first of all, there are two things that are happening when it comes to phishing. First of all, the mechanism that phishing attacks for using is moving beyond email. That is the first change. Now we are seeing phishing attacks spreading through advertisement, through social media, through messaging apps. Previously it was just emails. So that's one difference that we are seeing. Another difference is that the type of phishing's changing as well. Historical, it has been about fake login pages or money transfer scams. Now we are seeing a lot more things that were never been tried by the bad guys. You are seeing the scareware scams where suddenly there's a popup on your screen and they're asking you, to install a malware because there's a problem on your system and so-called anti-virus is going to solve that problem, right? We're seeing browser extensions being spread through phishing, right? We are seeing telephone fraud happening through this phishing, right? So it has moved beyond just fake login pages. So, first of all, more communication medium, and at the same time, more type of phishing attacks that are happening. So, right now, if you say around 20 to 30% of attacks that we are catching are the credential stealing, fake login pages. Around 20 to 30% are the rogue software, fake Flash player, fake PDF readers, and all that. And then the rest are the, you know what, browser extensions. >> So what is spear phishing? I hear that term a lot. >> Spear phishing is the targeted phishing. Spear phishing is that I'm not sending it to hundreds and thousands of people randomly, and who are gets victim to it, that's a bonus, right? >> The system admin for the Linux kernel for the bank. >> Yeah, I'm targeting you. >> I'm targeting him, social engineering. >> So I'm going to LinkedIn. I'm going to LinkedIn. I want to target your company. So I got your name, I got your email, and I'm sending one email to you. That is spear phishing, right? The drive by phishing is all about sending it to thousands and thousands of peoples, and then getting them phished. But there's one thing, there's one trend that is happening that is actually making spear phishing going away. What's really happening is that a lot of people who are targeting you, they don't need to send you the direct email. They actually go to the black market and all these guys who are randomly hunting you, they got your name from there. So they don't have to work hard. >> Dark web has my contact. >> Right, so I can go there and say, you know what, John, is there anyone with this email who you recently phished? And the guy who never really cared about you acted and die. I got that guy infected, how much you going to pay me for that? I pay you $50, and now I got access to your information without even sending you any spear phishing email. So this dark market and this overall cyber crime business actually has made much easier for the guys who really want to target you. Spend 50 bucks instead of I try to send you emails, and I have to set up all these website. I don't have to do anything. I can simply go to that dark web and can buy your information. >> This is a really good point. I think this is some people, it scares a lot of people, but it's well known the crime syndicates in the dark web are well advanced and well funded. So a lot of Bitcoin and cryptocurrencies help fueling that. Share your opinion on that. Share some color commentary about how sophisticated and how robust the economy is in the dark web. >> There are hundreds and millions of dollars. I mean, the guys are making millions of dollars. There was a ransomware called CryptoLocker and called in to FBI. They made tons of millions of dollars. So the money is huge. And Bitcoin is actually fueling that. Previously it was very difficult. You can always track by it. Previously, around 2006, I remember there was a ransomware, and they were asking you to transfer money through Western Union. But you can really catch those guys, the money trail always there. Bitcoin is one thing that really fueled the dark web. Because for the very first time, you can steal people's money without leaving any trail. And that is actually, I think, is the unfortunate consequences is it is really fueling the cyber crimes because now you don't have to care about you getting tracked, getting arrested. >> Yeah, I mean, we have a debate on theCUBE all the time about this. I mean, that with every dark movement there's also a light at the end of the tunnel. Gaming culture leads a lot of the user experience. The dark web, I think, is leading a lot of the transactional things. If you think about Shadow IT before cloud was popular, Shadow IT is what drove a lot of the cloud early adopter. Some are saying that the dark web, and cryptocurrency, and blockchain, token economics, actually is a leading indicator of what we might become. So the dark web might become the operational model. >> That's right. >> Because you just turn the lights on and say, hey, if this is so inefficient, why not just adopt this efficient market? Yeah, you can't track it but it's more efficient. So, again, that's a little bit provocative and a little bit radical, but, I mean, think about it. A lot of problems going on. Bitcoin certainly is a great way to clear that cash out. >> That's right. >> And cannabis sales in the US is driving a lot of Bitcoin as well. >> That's right. >> Moving money around. So, follow the money, you'll find the technology, is what I always say. So, your thoughts now on the business. How do you see the business shaping? What are you guys trying to do? What's the product currently? You got some venture capital. You got Wing VC. >> That's right. >> And Norwest too. >> Norwest Partners. >> Great firms. What's it like? How much did you raise? What are you looking to do? >> So, we raised around $9 million last year, and we are gearing up for our CDSP earlier next year. So we have actually made great progress, and I think that one of the biggest thing that we're getting from our investors is that, I mean, just like FireEye, we got into the business of all this multi-vector phishing at the early stage. So, we have an advantage of around two to three years, as compared to our competitors, right? And at the same time, they also know that we are not developing a niche enterprise product. There are four billion internet users and phishing is all of them problem. So just think about that, right? We just have a tiny customer base, right? But if you target all those internet users, it's going to be around seven billion internet users. >> So do you have a strategy laid out yet? It's going to be an enterprise business? You're targeting individuals? Have you had a clear visibility on some of the target beach yet? >> So next two to three years is going to be all enterprise, right? And we'll start with the Northern America and all that. Maybe a later stage, little bit of the international expansion. But, overall, if you see the road map, and we really want to make a great company. I never really started this company to at least sell it for $100 million. >> You probably made some good dough at FireEye, so. They take care of you? >> Yeah, yeah, of course. (John and Atif laughing) But I think the purpose was that, I mean, I have nothing else to do, right? I mean, and so I'm not a serial entrepreneur. It was never the purpose that I can sell something quickly. >> You want to build a durable company. >> I want to build a durable company, and all the VCs, they want us to build a durable company because they want really, want a big exit, right? But I think the roadmap that they're seeing is that, okay, you know what, you can start with enterprise, and then you can go into the consumer space. And then, I think the problem is huge. It's not something that you can only sell to enterprise, or you can only sell to consumer, right? Every internet user is a victim. >> Yeah, and I think there's an opportunity for a vendor to come, I mean, a supplier, to come out of the market. And I've always said to the Illumio guys, Alan Cohen, and a bunch of other venture-backed companies, that it's going to be a new company, a new brand, that will be the big player. Because if you look at the market share, no one company actually has dominant market share in cybersecurity. >> That's right. >> So you have thousands of flowers blooming, but no clear winner yet. And I think that's a function of throwing everything at cybersecurity, and the buyers are like, I'll take anything. I'm so desperate. So there's a huge factor of desperation. How do you see that being solved? Because it is a desperate market, because people, they can't play offense, they got to play defense, they got to protect. And so the perimeter's gone. Used to be the moat and the firewall switch. Now it's gone, the perimeter. >> Is gone. >> Is gone, and so now you have service areas off the charts. So how do you protect it? (chuckles) What do you see? >> I think we started with the device model, right? But I think now we moving towards the software and the endpoint business. And we really believe that you need to cover the remote user. I mean, you just barely spend eight hours in the office, right? So we are actually developing technologies that are going to target the remote users, and we going to target multiple type of devices and all that. So that's our next big thing. Off of the same cloud technology. Cloud you have already developed, right? Now you have to develop multiple form factors or multiple ways to actually access that cloud. >> Multi-factor authentication, not just two-factor authentication really is the key, biometrics, things of that nature. Google's got some stuff going on there. But I want to get your thoughts on the cloud. I mean, cloud obviously is something you, cloud's your secret sauce. >> A big part of it. >> Is it on Amazon, Google? Which cloud do you use? >> It's distributed between AWS, but the core of our logic is actually reside in our own data centers. The reason is that the kind of GPU power that we wanted, because we are rendering all these pages in realtime, right? So we never got that kind of GPU support from the off-the-shelf AWS, right? So we really built our own-- >> So custom GPU powerhouse? >> Yes. >> For all the floating point calculations. >> Yeah, because you have to run millions of browser instances. Can you imagine? We are running all these virtual browser, continue-- >> Why didn't you start a GPU cloud? It's another venture. >> Yeah, another venture. (John laughing) But I think that's the lead for that because AI and the metrics calculation is going to be the key, right? And they're adding support. But around 2014 to be really frag-a-mit, it look like a joke. That you can have hundreds of millions of browser getting up and down, getting up and down, in realtime, right? So we got a very customized cloud for that purpose, and that's actually barrier to entry for a lot of other vendors. >> Yeah, and I think the cloud provides you some good agility as well. And they have, Amazon's kicking butt, we love Amazon. Okay, so now on the future. Hiring, you got some people. What are the key priorities for you guys? Engineering, obviously. More and more engineering. >> Engineering. >> Technology's cognitive. What kind of skill sets are you looking build? Machine learning, AI? >> It's already based on the machine learning and AI because we're doing the natural language processing, computer vision analysis. Because you want computer to see things, what's being rendered on the screen, right? So we already have the technology. What we really want to do now is to make it accessible for a variety of customers. Not every customer wants a hardware device, not every customer wants endpoint solution, right? You need to order multiple form factors. So you want to use this cloudware endpoint? Okay, you take that one. Okay, you love hardware device, right? But, end of the day, you're offering your cloud service to other people. So, first of all, building more form factors and definitely more customer traction. >> I better ask you the question, 'cause I just love the entrepreneurial hustle. And congratulations on the startup and it's looking really, great space to be in, by the way. So it's super, super great. 10 years out from now, in your mind's eye, what's the preferred future look like in your mind? For your company and the outcome that 10 years from now. What's it going to look like? What's the state of phishing and security? If you're successful, if you achieve your mission, what happens? >> Okay, so, I think, I mean, it's kind of funny. Over success lies with the bad news, right? I think every tech landscape is changing. It's usually one train lost was seven to eight years, before it goes down and the bad guys move to the next train. I think this is the very first time they have started targeting humans viciously, right? The problem is that by the time you have a trained professional, the new people who are emerging in, right? I don't think, right, this problem is going to get solved any time sooner. We can't rely on the humans to train, to get trained. You can't really make a user a computer security researches, right? In my opinion, eventually technology has to catch up. In my opinion. So I think we have to keep innovating because hackers are going to find new methods, and we have to keep on catching up. And I think we'll be a phishing protection company in the next 10 years. Maybe adjacent product, but I think we really want to be focus on this. >> And social engineering, to your point, and tell me if you agree with this, it's been very successful for hackers. Social engineering has been the tactic. And there's a variety of forms of social engineering. >> That's right. >> Great, awesome. Well, good luck with everything. Thanks for coming on theCUBE. We have Atif Mushtaq, the CEO of SlashNext. Hot startup funded by Norwest Venture Capital and Wing VC, two good firms that we know very well. They know their tech. And, again, security. Great problem to solve. And if there's a big thing you want to go after and solve a big problem, it's security. It's theCUBE bringing you the theCUBE coverage here in Palo Alto. I'm John Furrier, thanks for watching. (triumphant orchestral music)