>>Hello, fabulous cloud community and welcome to Las Vegas. We are the Cube and we will be broadcasting live from the AWS Reinvent Show floor for the next four days. This is our first opening segment. I am joined by the infamous John Furrier. John, it is your 10th year being here at Reinvent. How does >>It feel? It's been a great to see you. It feels great. I mean, just getting ready for the next four days. It's, this is the marathon of all tech shows. It's, it's busy, it's crowd, it's loud and the content and the people here are really kind of changing the game and the stories are always plentiful and deep and just it's, it really is one of those shows you kind of get intoxicated on the show floor and in the event and after hours people are partying. I mean it is like the big show and 10 years been amazing run People getting bigger. You're seeing the changing ecosystem Next Gen Cloud and you got the Classics Classic still kind of doing its thing. So getting a lot data, a lot of data stories. And our guests here are gonna talk more about that. This is the year the cloud kind of goes next gen and you start to see the success Gen One cloud players go on the next level. It's gonna be really fun. Fun week. >>Yes, I'm absolutely thrilled and you can certainly feel the excitement. The show floor doors just opened, people pouring in the drinks are getting stacked behind us. As you mentioned, it is gonna be a marathon and very exciting. On that note, fantastic interview to kick us off here. We're starting the day with Stripe. Please welcome nor and Brian, how are you both doing today? Excited to be here. >>Really happy to be here. Nice to meet you guys. Yeah, >>Definitely excited to be here. Nice to meet you. >>Yeah, you know, you were mentioning you could feel the temperature and the energy in here. It is hot, it's a hot show. We're a hot crew. Let's just be honest about that. No shame in that. No shame in that game. But I wanna, I wanna open us up. You know, Stripe serving 2 million customers according to the internet. AWS with 1 million customers of their own, both leading companies in your industries. What, just in case there's someone in the audience who hasn't heard of Stripe, what is Stripe and how can companies use it along with AWS nor, why don't you start us off? >>Yeah, so Stripe started back in 2010 originally as a payments company that helped businesses accept and process their payments online. So that was something that traditionally had been really tedious, kind of difficult for web developers to set up. And what Stripe did was actually introduce a couple of lines of code that developers could really easily integrate into their websites and start accepting those payments online. So payments is super core to who Stripe is as a company. It's something that we still focus on a lot today, but we actually like to think of ourselves now as more than just a payments company but rather financial infrastructure for the internet. And that's just because we have expanded into so many different tools and technologies that are beyond payments and actually help businesses with just about anything that they might need to do when it comes to the finances of running an online company. So what I mean by that, couple examples being setting up online marketplaces to accept multi-party payments, running subscriptions and recurring payments, collecting sales tax accurately and compliantly revenue recognition and data and analytics. Importantly on all of those things, which is what Brian and I focus on at Stripe. So yeah, since since 2010 Stripes really grown to serve millions of customers, as you said, from your small startups to your large multinational companies, be able to not only run their payments but also run complex financial operations online. >>Interesting. Even the Cube, the customer of Stripe, it's so easy to integrate. You guys got your roots there, but now as you guys got bigger, I mean you guys have massive traction and people are doing more, you guys are gonna talk here on the data pipeline in front you, the engineering manager. What has it grown to, I mean, what are some of the challenges and opportunities your customers are facing as they look at that data pipeline that you guys are talking about here at Reinvent? >>Yeah, so Stripe Data Pipeline really helps our customers get their data out of Stripe and into, you know, their data warehouse into Amazon Redshift. And that has been something that for our customers it's super important. They have a lot of other data sets that they want to join our Stripe data with to kind of get to more complex, more enriched insights. And Stripe data pipeline is just a really seamless way to do that. It lets you, without any engineering, without any coding, with pretty minimal setup, just connect your Stripe account to your Amazon Redshift data warehouse, really secure. It's encrypted, you know, it's scalable, it's gonna meet all of the needs of kind of a big enterprise and it gets you all of your Stripe data. So anything in our api, a lot of our reports are just like there for you to take and this just overcomes a big hurdle. I mean this is something that would take, you know, multiple engineers months to build if you wanted to do this in house. Yeah, we give it to you, you know, with a couple clicks. So it's kind of a, a step change for getting data out of Stripe into your data work. >>Yeah, the topic of this chat is getting more data outta your data from Stripe with the pipelining, this is kind of an interesting point, I want to get your thoughts. You guys are in the, in the front lines with customers, you know, stripes started out with their roots line of code, get up and running, payment gateway, whatever you wanna call it. Developers just want to get cash on the door. Thank you very much. Now you're kind of turning in growing up and continue to grow. Are you guys like a financial cloud? I mean, would you categorize yourself as a, cuz you're on top of aws? >>Yeah, financial infrastructure of the internet was a, was a claim I definitely wanna touch on from your, earlier today it was >>Powerful. You guys are super financial cloud basically. >>Yeah, super cloud basically the way that AWS kind of is the superstar in cloud computing. That's how we feel at Stripe that we want to put forth as financial infrastructure for the internet. So yeah, a lot of similarities. Actually it's funny, we're, we're really glad to be at aws. I think this is the first time that we've participated in a conference like this. But just to be able to participate and you know, be around AWS where we have a lot of synergies both as companies. Stripe is a customer of AWS and you know, for AWS users they can easily process payments through Stripe. So a lot of synergies there. And yeah, at a company level as well, we find ourselves really aligned with AWS in terms of the goals that we have for our users, helping them scale, expand globally, all of those good things. >>Let's dig in there a little bit more. Sounds like a wonderful collaboration. We love to hear of technology partnerships like that. Brian, talk to us a little bit about the challenges that the data pipeline solves from Stripe for Redshift users. >>Yeah, for sure. So Stripe Data Pipeline uses Amazon RedShift's built in data sharing capabilities, which gives you kind of an instant view into your Stripe data. If you weren't using Stripe data pipeline, you would have to, you know, ingest the state out of our api, kind of pull yourself manually. And yeah, I think that's just like a big part of it really is just the simplicity with what you can pull the data. >>Yeah, absolutely. And I mean the, the complexity of data and the volume of it is only gonna get bigger. So tools like that that can make things a lot easier are what we're all looking for. >>What's the machine learning angle? Cause I know there's lots of big topic here this year. More machine learning, more ai, a lot more solutions on top of the basic building blocks and the primitives at adds, you guys fit right into that. Cause developers doing more, they're either building their own or rolling out solutions. How do you guys see you guys connecting into that with the pipeline? Because, you know, data pipelining people like, they like that's, it feels like a heavy lift. What's the challenge there? Because when people roll their own or try to get in, it's, it's, it could be a lot of muck as they say. Yeah. What's the, what's the real pain point that you guys solve? >>So in terms of, you know, AI and machine learning, what Stripe Data Pipeline is gonna give you is it gives you a lot of signals around your payments that you can incorporate into your models. We actually have a number of customers that use Stripe radar data, so our fraud product and they integrate it with their in-house data that they get from other sources, have a really good understanding of fraud within their whole business. So it's kind of a way to get that data without having to like go through the process of ingesting it. So like, yeah, your, your team doesn't have to think about the ingestion piece. They can just think about, you know, building models, enriching the data, getting insights on top >>And Adam, so let's, we call it etl, the nasty three letter word in my interview with them. And that's what we're getting to where data is actually connecting via APIs and pipelines. Yes. Seamlessly into other data. So the data mashup, it feels like we're back into in the old mashup days now you've got data mashing up together. This integration's now a big practice, it's a becoming an industry standard. What are some of the patterns and matches that you see around how people are integrating their data? Because we all know machine learning works better when there's more data available and people want to connect their data and integrate it without the hassle. What's the, what's some of the use cases that >>Yeah, totally. So as Brian mentioned, there's a ton of use case for engineering teams and being able to get that data reported over efficiently and correctly and that's, you know, something exactly like you touched on that we're seeing nowadays is like simply having access to the data isn't enough. It's all about consolidating it correctly and accurately and effectively so that you can draw the best insights from that. So yeah, we're seeing a lot of use cases for teams across companies, including, a big example is finance teams. We had one of our largest users actually report that they were able to close their books faster than ever from integrating all of their Stripe revenue data for their business with their, the rest of their data in their data warehouse, which was traditionally something that would've taken them days, weeks, you know, having to do the manual aspect. But they were able to, to >>Simplify that, Savannah, you know, we were talking at the last event we were at Supercomputing where it's more speeds and feeds as people get more compute power, right? They can do more at the application level with developers. And one of the things we've been noticing I'd love to get your reaction to is as you guys have customers, millions of customers, are you seeing customers doing more with Stripe that's not just customers where they're more of an ecosystem partner of Stripe as people see that Stripe is not just a, a >>More comprehensive solution. >>Yeah. What's going on with the customer base? I can see the developers embedding it in, but once you get Stripe, you're like a, you're the plumbing, you're the financial bloodline if you will for the all the applications. Are your customers turning into partners, ecosystem partners? How do you see that? >>Yeah, so we definitely, that's what we're hoping to do. We're really hoping to be everything that a user needs when they wanna run an online business, be able to come in and maybe initially they're just using payments or they're just using billing to set up subscriptions but down the line, like as they grow, as they might go public, we wanna be able to scale with them and be able to offer them all of the products that they need to do. So Data Pipeline being a really important one for, you know, if you're a smaller company you might not be needing to leverage all of this big data and making important product decisions that you know, might come down to the very details, but as you scale, it's really something that we've seen a lot of our larger users benefit from. >>Oh and people don't wanna have to factor in too many different variables. There's enough complexity scaling a business, especially if you're headed towards IPO or something like that. Anyway, I love that the Stripe data pipeline is a no code solution as well. So people can do more faster. I wanna talk about it cuz it struck me right away on our lineup that we have engineering and product marketing on the stage with us. Now for those who haven't worked in a very high growth, massive company before, these teams can have a tiny bit of tension only because both teams want a lot of great things for the end user and their community. Tell me a little bit about the culture at Stripe and what it's like collaborating on the data pipeline. >>Yeah, I mean I, I can kick it off, you know, from, from the standpoint like we're on the same team, like we want to grow Stripe data pipeline, that is the goal. So whatever it takes to kind of get that job done is what we're gonna do. And I think that is something that is just really core to all of Stripe is like high collaboration, high trust, you know, this is something where we can all win if we work together. You don't need to, you know, compete with like products for like resourcing or to get your stuff done. It's like no, what's the, what's the, the team goal here, right? Like we're looking for team wins, not, you know, individual wins. >>Awesome. Yeah. And at the end of the day we have the same goal of connecting the product and the user in a way that makes sense and delivering the best product to that target user. So it's, it's really, it's a great collaboration and as Brian mentioned, the culture at Stripe really aligns with that as >>Well. So you got the engineering teams that get value outta that you guys are dealing with, that's your customer. But the security angle really becomes a big, I think catalyst cuz not just engineering, they gotta build stuff in so they're always building, but the security angle's interesting cuz now you got that data feeding security teams, this is becoming very secure security ops oriented. >>Yeah, you know, we are really, really tight partners with our internal security folks. They review everything that we do. We have a really robust security team. But I think, you know, kind of tying back to the Amazon side, like Amazon, Redshift is a very secure product and the way that we share data is really secure. You know, the, the sharing mechanism only works between encrypted clusters. So your data is encrypted at rest, encrypted and transit and excuse me, >>You're allowed to breathe. You also swallow the audience as well as your team at Stripe and all of us here at the Cube would like your survival. First and foremost, the knowledge we'll get to the people. >>Yeah, for sure. Where else was I gonna go? Yeah, so the other thing like you kind of mentioned, you know, there are these ETLs out there, but they, you know that that requires you to trust your data to a third party. So that's another thing here where like your data is only going from stripe to your cluster. There's no one in the middle, no one else has seen what you're doing, there's no other security risks. So security's a big focus and it kind of runs through the whole process both on our side and Amazon side. >>What's the most important story for Stripe at this event? You guys hear? How would you say, how would you say, and if you're on the elevator, what's going on with Stripe? Why now? What's so important at Reinvent for Stripe? >>Yeah, I mean I'm gonna use this as an opportunity to plug data pipelines. That's what we focus on. We're here representing the product, which is the easiest way for any user of aws, a user of Amazon, Redshift and a user of Stripe be able to connect the dots and get their data in the best way possible so that they can draw important business insights from that. >>Right? >>Yeah, I think, you know, I would double what North said, really grow Stripe data pipeline, get it to more customers, get more value for our customers by connecting them with their data and with reporting. I think that's, you know, my goal here is to talk to folks, kind of understand what they want to see out of their data and get them onto Stripe data pipeline. >>And you know, former Mike Mikela, former eight executive now over there at Stripe leading the charge, he knows a lot about Amazon here at aws. The theme tomorrow, Adams Leslie keynote, it's gonna be a lot about data, data integration, data end to end Lifeing, you see more, we call it data as code where engineering infrastructure as code was cloud was starting to see a big trend towards data as code where it's more of an engineering opportunity and solution insights. This data as code is kinda like the next evolution. What do you guys think about that? >>Yeah, definitely there is a ton that you can get out of your data if it's in the right place and you can analyze it in the correct ways. You know, you look at Redshift and you can pull data from Redshift into a ton of other products to like, you know, visualize it to get machine learning insights and you need the data there to be able to do this. So again, Stripe Data Pipeline is a great way to take your data and integrate it into the larger data picture that you're building within your company. >>I love that you are supporting businesses of all sizes and millions of them. No. And Brian, thank you so much for being here and telling us more about the financial infrastructure of the internet. That is Stripe, John Furrier. Thanks as always for your questions and your commentary. And thank you to all of you for tuning in to the Cubes coverage of AWS Reinvent Live here from Las Vegas, Nevada. I'm Savannah Peterson and we look forward to seeing you all week.

(upbeat music) >> Hi, everyone. Welcome to theCUBE's presentation of the AWS Startup Showcase. This is season two, episode four of our ongoing series, where we're talking with exciting partners in the AWS ecosystem. This topic on this episode is cybersecurity. Detect and protect against threats. I have two guests here with me today from Hunters. Please welcome Lital Asher-Dotan, the CMO. And Ofer Gayer, the VP of product management. Thank you both so much for joining us today. >> Thank you for having us, Lisa. >> Our pleasure. Lital, let's go ahead and start with you. Give the audience an overview of Hunters. What does it do, when was it founded, what's the vision? All that good stuff. >> So Hunters was founded in 2018. Two co-founders coming out of Unit 8200 in the Israeli Defense Force. The founders and our people in engineering and R&D are mostly coming from both offensive cybersecurity as well as defensive threat hunting, advanced operations, or being able to see and response to advance attack. And with the knowledge that they came with, they wanted to enable security teams in organizations, not just those that are coming from, you know, military background but those that actually need to defend day in and day out against the growing cyber-attacks that are growing in sophistication, in the numbers of attacks. And we all know that every organization nowaday is being targeted, is it ransomware, more sophisticated attacks. So this thing has become a real challenge. And we all know those challenges that the industry is facing with talent scarcity, with lack of the knowledge and expertise needed to address this. So came in with this mindset of we want to bring our expertise into the field, build it into a platform, into a tool that will actually serve security teams in organizations around the world to defend against cyber attacks. So born and raised in Tel Aviv, became a global company. Recently raised a serious CO funding. Funded by the world's greatest VCs, from Stripes, Wild Ventures, supported by Snowflake data breaks and Microsoft M12, also as strategic partners. And we now have broad variety of customers from all industries around the world, from tech to retail to e-commerce to banks that we work closely with. So very exciting times. And we're very excited to share today how we work with AWS customers to support the environments. >> Yeah, we're going to unpack that. So really solid foundation the company was built on, only a few years ago. Lital was there, why a new approach? Was there a compelling event? Obviously, we've seen dramatic changes in the threat landscape in recent years. Ransomware becoming a, when it happens to us, not if. But any sort of compelling event that really led the founders to go, "Ah! This new approach, we got to go this direction." >> Absolutely. We've seen a tremendous shift of organizations from cloud adoption to adoption of more security tools. Both create a scenario which the toolsets that are currently being used by security organizations, the security teams are not efficient anymore. They cannot deal with the plethora of a variety of data. They cannot deal with the scale that is needed. And the security teams are really under a tremendous burden of tweaking tools that they have in their environment without too much of automation, with a lot of manual work processes. So we've seen a lot of points where the current technology is not supporting the people and the processes that need to support security operations. And with that, Ofer, and his product team kind of set a vision of what a new platform should come to replace and enhance what teams are using these days. >> Excellent. Ofer, that's a perfect segue to bring you into the conversation. Talk about that vision and some of those really key challenges and problems that Hunters is solving for organizations across any industry. >> Yeah. So as Lital mentioned, it was very rightful. The problem with the SIM space, that the space that we're disrupting is the well-known secret around is it's a broken space. There's a lot of competitors. There's a lot of vendors out there. It's one of the most mature, presumably mature markets in cybersecurity. But it seems like that every single customer and organization we talk to, they don't really like their existing solution. It doesn't really fit what they need. It's a very painful process and it's painful all across their workflow from the time they ingest the data. Everybody knows if you ever had a SIM solution or a SOC platform, just getting the data into your environment can take the most amount of your time, the lion's share of whatever your engineers are working on will go to getting the data into the system, and then keeping it there. It's this black hole that you have to keep feeding with more and more resources as you go along. It's an endless task with a lot of moving pieces, and it's very very painful before you even get a single moment of value of security use case from your product. That's a big, painful piece. What you then see is, once they set it up, their detection engineering is so far behind the curve because of all the different times of things they need to take care of. It used to be a limited attack surface. We all know the attack surface here today is enormous, especially when you talk about something like AWS, there's new services, new things all the time, more accounts, more things. It keeps moving a lot, and keeping track of that and having someone that can actually look into a new threat when it's released, look into a new attack surface, analyze it, deploying the detections in time, test and tweak, and all those things. Most organizations don't even how to start approaching this problem, and that's a big pain for them. When they finally get to investigating something, there lacks the context and the knowledge of how to investigate. They have very limited information coming to them and they go on this hunting chase of not hunting the attackers but hunting the data, looking for the bits and pieces they're missing to complete the picture. It's like this bad boss that gives you very little instructions or guidelines, and then you need to kind of try to figure out what is it that they asked, right? That's the same thing with trying to do triaging with very minimal context. You look at the IP and then you try to figure out, you look at the Hash, you look at all these different artifacts and you try to figure out yourself. You have very limited insights. And the worst is when you're under the gun, when there's a new emerging threat that happens like a Log4Shell, and now you're under the gun and the entire company's looking at you and saying, "Are we impacted? What's going on? What should we doing?" So from start to finish, it's a very painful process that impacts everybody in the security organization. A lot of cumbersome work with a lot of frustration. >> And it's companies in any industry, Ofer, don't have time. You talked about some of the time involved here in the lag. And there isn't time in the very dynamic threat landscape that customers are living in. Lital, question for you, is your primary target audience existing SIM customers? 'Cause Ofer mentioned the disruption of the SIM market. I'm just wanting to understand in terms of who you're targeting, what does that look like? >> Definitely looking for customers that have a SIM and don't like it, don't find that it helps them improve the security posture. We also have organizations that are young, emerging, have a lot of data, a lot of tech companies that have grown in the last 10, 15 years, or even five years. With Snowflake as a customer, they're booming. They have so much data that going the direction of traditional tools to aggregate the logs, cross-correlate them doesn't make any sense with the scale that they need. They need the cloud-based approach, SaaS approach that is capable of taking care of the environment. So we both cater to those organizations that we're shifting from on-prem to cloud and need visibility into those two environments and into those cloud natives. Born to the cloud don't want to even think of a traditional SIM. >> You mentioned Snowflake. We were just at Snowflake Summit a couple of months ago, I think that was. And tremendous company that massive growth, massive growth in data across the board though. So I'm curious, Ofer, if we go back to you, if we can dig into some of these data challenges. Obviously, data volume and variety, it's only going to continue to grow and proliferate and expand. Data in silos is still a problem. What are some of those main data challenges that Hunters helps customers to just eliminate? >> Definitely. So the data challenge starts with getting the right data in. The fact that you have so many different products across so many different environments and you need to try to get them in some location to try to use them for running your queries, your rules, your correlation. It's a big prompt. There's no unified standard for anyone, even if there was, you would have a lot of legacy things on-premises, as well as your AWS environment. You need to combine all these. You can keep things only on-prem. You can own... Mostly a lot of, most organizations are still in hybrid mode. They have, they're shifting most of their things to AWS. You still have a lot of things on-prem that they're going to shift in the next 3, 4, 5 years. So that hybrid approach is definitely a problem for gathering the data. And when they gather the data, a lot of the times their existing solutions are very cost prohibitive and scale prohibitive from pushing all the data in essential location. So they have these data silos. They'll put some of it there, some of it here, some of that in a different location, hot storage, cold storage, long-term storage. They don't really, they end up not knowing really where the data is especially when they need it the most becomes a huge problem for them. Now with analytics, it's very hard to know upfront what data I'll need not tomorrow, but maybe in three months to look back and query. Making these decisions is very hard. Changing them later is even harder. Keeping track of all these moving pieces. You know, you have a device, you have some vendor sending you some logs, they changed their APIs. Who's in charge of fixing it? Who's in charge of changing your schema? You move from one EDR vendor to the other. How are you making sure that you keep the same level of protection? All these data challenges are very problematic for most customers. The most important thing is to be able to gather as much data as possible, putting it in a centralized location, and having good monitoring in a continuous flow of, I know what data I'm getting in. I know how much I'm using, and I'm making sure that it's working and flowing. It's going to a central place where I can use it at any time that I want. >> We've seen, if I can add- >> So, Lital- >> Sorry. >> Yes, please. >> You wanted to add on that? We've seen too much compromise on data that because of prohibitive costs, structure of tools, or because of inability to manage the scale, teams are compromising or making choices and are paying a price of the latency of being able to then go search if an incident happened, that if you are impacted by something. It all means money and time at the end of the day when you actually need to answer yourself, am I breached or not? We want to break out from this compromise. We think that data is something that should not be compromised. It's a commodity today. Everything should be retained, kept, and used as appropriately without the team needing to ration what they're going to use versus what they're not going to use. >> Correct (faintly speaking). >> That's a great point. >> Go ahead. >> Yeah. And we've seen customers either having entire teams dedicated to just doing this and, or leveraging products and companies that actually build a business around helping you filter the data that you need to put in different data silos, which to me is, shows how much problem, pain, and how much this space is broken with what it provides with customers that you have these makeshift solutions to go around the problem instead of facing it head on and saying, "Okay, let's build something that you're put all your data as much as you want, not have to compromise on security." >> You both bring up such a great point where data and security is concerned. No business can afford to compromise. Usually compromise is a good thing, but in that case, it's really not. Companies can't afford that. We know with the threat landscape, the risk, all of the incentives for bad actors that companies need to ensure that they're doing the right things in a timely manner. Lital, I'm curious, you mentioned the target markets that you're going after. Where were customer conversations? Is this a C-suite conversation from a data security perspective? I would this is more than the CISO. >> It's a CISO conversation, as well as we talk on a daily basis with those that lead security operations, head of SOCs. Those that actually see how the analyst are being overworked, are tired, have so many false positives that they need to deal with, noise day in, day out, becoming enslaved with the tools that they need to work on and tweak. So we have seen that the ones that are most enlightened by a solution like Hunters are actually the ones that have the SOC reporting to them. They know the daily pain and how much the process is broken. And this is probably one of the... We all talk about, you know, job satisfaction or dissatisfaction, the greatest, the great resignation, people are living. This is the real problem in security. And the SOC is one of these places that we see this alert, fatigue, people are struggling. It's a stressful work. And if there is anything that we can do to offload the work that is less appealing and have them work on what they sign up for, which is dealing with real threat, solving them, instead of dealing with false positives. This is where we can actually help. >> Can you add a little bit on that, Lital? And you mentioned the cybersecurity skills gap, which is massive. We talked about that a lot because it's a huge problem. How is Hunters a facilitator of companies that might be experiencing that? >> Absolutely. So we come with approach of, we call it the 80/20 of detection and response. Basically, there are about 80%, probably more, it's actually something like 95% of the threats are shared across all organizations in the world. Also, 80 to 90% of the environments are similar. People are using similar tools. They're on similar cloud services. We think that everything that goes around detection of threats, around those common attacks, scenarios in common attack landscape should come out of the box from the vendor like Hunters. So we automate, we write the rules, we cross-correlate. We provide those services out of the box once you sign in to use our solution. Your data flows in and we basically do the processing and the analysis of all the data, so that your team can actually focus on the 20%, or the 15, or the 5% that are very unique to your organization. If you are developing a specific app and you have the knowledge about the DevSecOps that needs to take place to defend it. Great, have your team focus on that. If you are a specific actor in a specific space and specific threats that are unique to you, you build your own detections into our tool. But the whole idea that we have the knowledge, we see attacks across industries and across industries we have the researchers and the capabilities to be on top of those things, so your team doesn't need to do it on a daily basis because new attacks come almost on a daily basis. Now, we read them in the news, we see them. So we do it, so your team doesn't have to. >> And nobody wants to be that next headline where a breach is concerned. Lital, close this out here with outcomes. I noticed some big stats on your website. I always gravitate towards that. What are some of the key outcomes that Hunters customers are achieving and then specifically AWS customers? >> Absolutely. Well, we already talked a lot about data and being able to ingest it. So we give our customers the predictability, the ability to ingest the data knowing what the cost is going to be in a very simple cost model. So basically you can ingest everything that you have across all IT tools that you have in your environment. And that helped companies reduce up to 75% of the data cost. We've seen with large customer, how much it change when they moved from traditional SIMs to using Hunters. Specifically, AWS customers can actually use the AWS Credits to buy Hunters if they're interested. Just go to AWS Marketplace, search for Hunters and come to a website, you can use your credits for that. I think we talked also about the security burden, the time spent on writing rules plus correlating incidents. We have seen sometimes a change in, instead of investigating an incident for two days, it is being cut for 20 minutes because we give them the exact story of the entire attack. What are the involved assets? What are the users that are involved, that they can just go see what's happening and then immediately go and remediate it. So big shift in meantime to detect meantime to respond. And I'm sure Ofer has a more kind of insights that he's seen with some of our customers around that. >> Yeah. So some great examples recently there. So there's two things that I've been chatting to customers about. One thing they really get a benefit of is we talked about the problem with talent. And where that really matters the most is that under the gun mode, we have a service that is, we see it as the natural progression of the service that we provide called Team Axon. What Team Axon does for you is when you're under the gun, when something like Log4Shell happens and everybody's looking at you, and time is ticking, instead of trying to figure out on yourself, Team Axon will come in, figure out the threat, will devise a report for all the customers, run queries on your behalf on your data, and give it to you within 24 hours. You'll have something to show your CEO or your executive team, your board even, this is where we got impacted or not impacted. This is what we did. Here's the mitigation thing, step that we need to take from world-class experts that you might not get access to for every single attack out there. That really helps customers kind of feel like they're safe. There's someone there to help them. There's a big brother there. I call it sometimes the Bat-Signal when we need it the most. The other thing is on the day-to-day, a lot of solution, we'll kind of talk about out-of-the-box security. Now, the problem with out-of-the-box security is keeping it up to date, that's what a lot of people miss. You have to think that you installed a year ago, but security doesn't stay put, you need to keep updating it. And you need to keep the updated pretty pretty frequently to stay ahead of the curve. If you're behind couple of months on your security updates, you know what happens. Same thing with your SOC platform on your SIM rule base. The reason that customers don't update is because if they usually do, then it might blow up the amount of alerts they're getting 'cause they need to tweak them. With the approach that we take that we tested on our customer's data transparently for them, and make sure to release them without false positives. We're just allowing them to push the updates transparently directly to their account. They don't need to do anything. And one customer, one of our biggest accounts, they have dozens of subsidiaries and multiple SOCs and one of the largest e-commerce companies in the world. And the person running security, he said, "If I had to do what Hunters gives me out of the box myself, I have to hire 20 people and put them to work for 18 months for what you give me out of the box." So for me, it's a very- >> That's huge. >> What we give customers and the kind of challenges that we're able to solve for them. >> Big challenges. Lital and Ofer, thank you so much for joining us on theCUBE today as part of this AWS Startup Showcase, talking about what Hunters does, why the vision and the value in it for customers. We appreciate your time and your insights. >> Thank you so much. >> For having us. >> My pleasure. For my guests, I'm Lisa Martin. Thank you for watching this episode of the AWS Startup Showcase. We'll see you soon. (cheerful music)

>> From the Silicon Angle Media Office in Boston Massachusetts, it's "The Cube." (groovy techno music) Now, here's your host, Dave Vellante. >> Hello, everyone. The rise of open source is really powering the digital economy. And in a world where every company is essentially under pressure to become a software firm, open source software really becomes the linchpin of digital services for both incumbents and, of course, digital natives. Here's the challenge, is when developers tap and apply open source, they're often bringing in hundreds, or even thousands of lines of code that reside in open sourced packages and libraries. And these code bases, they have dependencies, and essentially hidden traps. Now typically, security vulnerabilities in code, they're attacked after the software's developed. Or maybe thrown over the fence to the sec-ops team and SNYK is a company that set out to solve this problem within the application development life cycle, not after the fact as a built-on. Now, with us to talk about this mega-trend is Peter McKay, a friend of The Cube and CEO of SNYK. Peter, great to see you again. >> Good to see you, dude. >> So I got to start with the name. SNYK, what does it mean? >> SNYK, So Now You Know. You know, people it's sneakers sneak. And they tend to use the snick. So it's SNYK or snick. But it is SNYK and it stands for So Now You Know. Kind of a security, so now you know a lot more about your applications than you ever did before. So it's kind of a fitting name. >> So you heard my narrative upfront. Maybe you can add a little color to that and provide some additional background. >> Yeah, I mean, it's a, you know, when you think of the larger trends that are going on in the market, you know, every company is going through this digital transformation. You know, and every CEO, it's the number one priority. We've got to change our business from, you know, financial services, healthcare, insurance company, whatever, are all switching to digital, you know, more of a software company. And with that, more software equals more software risk and cybersecurity continues to be, you know, a major. I think 72% of CEOs worry about cybersecurity as a top issue in protecting companies' data. And so for us, we've been in the software in the security space for the four and a half years. I've been in the security space since, you know, Watchfire 20 years ago. And right now, with more and more, as you said, open source and containers, the challenge of being able to address the cybersecurity issues that have never been more challenging. And so especially when you add the gap between the need for security professionals and what they have. I think it's four million open positions for security people. So you know, with all this added risk, more and more open source, more and more digitization, it's created this opportunity in the market where you're traditional approaches to addressing security don't work today, you know? Like you said, throwing it over the fence and having someone in security, you know, check and make sure and finding all these vulnerabilities, and throw it back to developers to fix is very slow and something at this point is not driving to success. >> So talk a little bit more about what attracted you to SNYK early. I mean, you've been with the company, you're at least involved in the company for a couple years now. What were the trends that you saw, and what was it about SNYK that, you know, led you to become an investor and ultimately, CEO? >> Yeah, so four years involved in the business. So you know, I've always loved the security space. I've been in it for a number, almost 20 years. So I enjoy the space. You know, I've watched it. The founder, Guy Podjarny, one of the founders of SNYK, has been a friend of mine for 16 years from back in the Watchfire days. So we've always stayed connected. I've always worked well together with him. And so when you started, and I was on the board, the first board member of the company, so I could see what was going on, and it was this, you know, changing, kind of the right place at the right time in terms of developer first security. Really taking all the things that are going on in the security space that impacts a developer or can be addressed by the developer, and embedding it into the software into that developer community, in a way that developers use, the tools that they use. So it's a developer-first mindset with security expertise built-in. And so when you look at the market, the number of open source container evolution, you know, it's a huge market opportunity. Then you look at the business momentum, just took off over the past, you know, four years. That it was something that I was getting more and more involved in. And then when Guy asked me to join as the CEO, it was like, "Sure, what took you so long?" (Dave laughing) >> We had Guy on at Node JS Summit. I want to say it was a couple years ago now. And what he was describing is when you package, take the example of Node. When you package code in Node, you bring in all these dependencies, kind of what I was talking about there, but the challenge that he sort of described was really making it seamless as part of the development workflow. It seems like that's unique to SNYK. Maybe you could talk about-- >> Yeah, it is. And you know, we've built it from the ground up. You know, it's very difficult. If it was a security tool for security people, and then say, "Oh, let's adapt it for the developer," that is almost impossible. Why I think we've been so successful from the 400,000 developers in the community using Freemium to paid, was we built it from the ground up for developer, embedded into the application-development life cycle. Into their process, the look and feel, easy for them to use, easy for them to try it, and then we focused on just developer adoption. A great experience, developers will continue to use it and expand with it. And most of our opportunities that we've been successful at, the customers, we have over 400 customers. That had been this try, you know, start it with the community. They used the Freemium, they tried it for their new application, then they tried it for all their new, and then they go back and replace the old. So it was kind of this Freemium, land and expand has been a great way for developers to try it, use it. Does it work, yes, buy more. And that's the way we work. >> We're really happy, Peter, that you came on because you've got some news today that you're choosing to share with us in our Cube community. So it's around financing, bring us up to date. What's the news? >> Yeah so you know, I'd say four months ago, five months ago, we raised a $70 million round from great investors. And that was really led by one of our existing investors, who kind of knew us the best and it was you know, Excel Venture, and then Excel Growth came in and led the $70 million round. And part of that was a few new investors that came in and Stripes, which is you know a very large growth equity investor were part of that $70 million round said you know, preempted it and said, "Look it, we know you don't need the money, but we want to," you know, "We want to preempt. We believe your customer momentum," here we did, you know, five or six really large deals. You know, one, 700, seven million, 7.4 million, one's 3.5 million. So we started getting these bigger deals and we doubled since the $70 million round. And so we said, "Okay, we want to make money not the issue." So they led the next round, which is $150 million round, at a valuation of over a billion. That really allows us now to, with the number of other really top tier, (mumbles) and Tiger and Trend and others, who have been part of watching the space and understand the market. And are really helping us grow this business internationally. So it's an exciting time. So you know, again, we weren't looking to raise. This was something that kind of came to us and you know, when people are that excited about it like we are and they know us the best because they've been part of our board of directors since their round, it allows us to do the things that we want to do faster. >> So $150 million raise this round, brings you up to the 250, is that correct? >> Yes, 250. >> And obviously, an up-round. So congratulations, that's great. >> Yeah, you know, I think a big part of that is you know, we're not, I mean, we've always been very fiscally responsible. I mean, yes we have the money and most of it's still in the bank. We're growing at the pace that we think is right for us and right for the market. You know, we continue to invest product, product, product, is making sure we continue our product-led organization. You know, from that bottoms up, which is something we continue to do. This allows us to accelerate that more aggressively, but also the community, which is a big part of what makes that, you know, when you have a bottoms up, you need to have that community. And we've grown that and we're going to continue to invest aggressively and build in that community. And lastly, go to market. Not only invest, invest aggressively in the North America, but also Europe and APJ, which, you know, a lot of the things we've learned from my Veeam experience, you know how to grow fast, go big or go home. You know, are things that we're going to do but we're going to do it in the right way. >> So the Golden Rule is product and sales, right? >> Yes, you're either building it or selling it. >> Right, that's kind of where you're going to put your money. You know, you talk a lot about people, companies will do IPOs to get seen, but companies today, I mean, even software companies, which is a capital-efficient industry, they raise a lot of dough and they put it towards promotion to compete. What are your thoughts on that? >> You know, we've had, the model is very straightforward. It's bottoms up, you know? Developers, you know, there's 28 million developers in the world, you know? What we want is every one of those 28 million to be using our product. Whether it's free or paid, I want SNYK used in every application-development life cycle. If you're one developer, or you're a sales force with standardized on 12,000 developers, we want them using SNYK. So for us, it's get it in the hands. And that, you know, it's not like-- developers aren't going to look at Super Bowl ads, they're not going to be looking. It's you know, it's finding the ways, like the conference. We bought the DevSecCon, you know, the conference for developer security. Another way to promote kind of our, you know, security for developers and grow that developer community. That's not to say that there isn't a security part. Because, you know, what we do is help security organizations with visibility and finding a much more scalable way that gets them out of the, you know, the slows-down, the speed bump to the moving apps more aggressively into production. And so this is very much about helping security people. A lot of times the budgets do come from security or dev-ops. But it's because of our focus on the developer and the success of fixing, finding, fixing, and auto-remediating that developer environment is what makes us special. >> And it's sounds like a key to your success is you're not asking developer to context switch into a new environment, right? It's part of their existing workflow. >> It has to be, right? Don't change how they do their job, right? I mean, their job is to develop incredible applications that are better than the competitors, get them to market faster than they can, than they've ever been able to do before and faster than the competitor, but do it securely. Our goal is to do the third, but not sacrifice on one and two, right? Help you drive it, help you get your applications to market, help you beat your competition, but do it in a secure fashion. So don't slow them down. >> Well, the other thing I like about you guys is the emphasis is on fixing. It's not just alerting people that there's a problem. I mean, for instance, a company like Red Hat, is that they're going to put a lot of fixes in. But you, of course, have to go implement them. What you're doing is saying, "Hey, we're going to do that for you. Push the button and then we'll do it," right? So that, to me, that's important because it enables automation, it enables scale. >> Exactly, and I think this has been one of the challenges for kind of more of the traditional legacy, is they find a whole bunch of vulnerabilities, right? And we feel as though just that alone, we're the best in the world at. Finding vulnerabilities in applications in open source container. And so the other part of it is, okay, you find all them, but prioritizing what it is that I should fix first? And that's become really big issue because the vulnerabilities, as you can imagine, continue to grow. But focusing on hey, fix this top 10%, then the next, and to the extent you can, auto-fix. Auto-remediate those problems, that's ultimately, we're measured by how many vulnerabilities do we fix, right? I mean, finding them, that's one thing. But fixing them is how we judge a successful customer. And now it's possible. Before, it was like, "Oh, okay, you're just going to show me more things." No, when you talk about Google and Salesforce and Intuit, and all of our customers, they're actually getting far better. They're seeing what they have in terms of their exposure, and they're fixing the problems. And that's ultimately what we're focused on. >> So some of those big whales that you just mentioned, it seems to me that the value proposition for those guys, Peter, is the quality of the code that they can develop and obviously, the time that it takes to do that. But if you think about it more of a traditional enterprise, which I'm sure is part of your (mumbles), they'll tell you, the (mumbles) will tell you our biggest problem is we don't have enough people with the skills. Does this help? >> It absolutely-- >> And how so? >> Yeah, I mean, there's a massive gap in security expertise. And the current approach, the tools, are, you know, like you said at the very beginning, it's I'm doing too late in the process. I need to do it upstream. So you've got to leverage the 28 million developers that are developing the applications. It's the only way to solve the problem of, you know, this application security challenge. We call it Cloud Dative Application Security, which all these applications usually are new apps that they're moving into the Cloud. And so to really fix it, to solve the problem, you got to embed it, make it really easy for developers to leverage SNYK in their whole, we call it, you know, it's that concept of shift left, you know? Our view is that it needs to be embedded within the development process. And that's how you fix the problem. >> And talk about the business model again. You said it's Freemium model, you just talked about a big seven figure deals that you're doing and that starts with a Freemium, and then what? I upgrade to a subscription and then it's a land and expand? Describe that. >> Yeah we call it, it's you know, it's the community. Let's get every developer in a community. 28 million, we want to get into our community. From there, you know, leverage our Freemium, use it. You know, we encourage you to use it. Everybody to use our Freemium. And it's full functionality. It's not restricted in anyway. You can use it. And there's a subset of those that are ready to say, "Look it, I want to use the paid version," which allows me to get more visibility across more developers. So as you get larger organization, you want to leverage the power of kind of a bigger, managing multiple developers, like a lot of, in different teams. And so that kind of gets that shift to that paid. Then it goes into that Freemium, land, expand, we call it explode. Sales force, kind of explode. And then renew. That's been our model. Get in the door, get them using Freemium, we have a great experience, go to paid. And that's usually for an application, then it goes to 10 applications, and then 300 developers and then the way we price is by developer. So the more developers who use, the better your developer adoption, the bigger the ultimate opportunity is for us. >> There's a subscription service right? >> All subscription. >> Okay and then you guys have experts that are identifying vulnerabilities, right? You put them into a database, presumably, and then you sort of operationalize that into your software and your service. >> Yeah, we have 15 people in our security team that do nothing everyday but looking for the next vulnerability. That's our vulnerability database, in a large case, is a lot of our big companies start with the database. Because you think of like Netflix and you think of Facebook, all of these companies have large security organizations that are looking for issues, looking for vulnerabilities. And they're saying, "Well okay, if I can get that feed from you, why do I have my own?" And so a lot of companies start just with the database feed and say, "Look, I'll get rid of mine, and use yours." And then eventually, we'll use this scanning and we'll evolve down the process. But there's no doubt in the market people who use our solution or other solution will say our known the database of known vulnerabilities, is far better than anybody else in the market. >> And who do you sell to, again? Who are the constituencies? Is it sec-ops, is it, you know, software engineering? Is it developers, dev-ops? >> Users are always developers. In some cases dev-ops, or dev-sec. Apps-sec, you're starting to see kind of the world, the developer security becoming bigger. You know, as you get larger, you're definitely security becomes a bigger part of the journey and some of the budget comes from the security teams. Or the risk or dev-ops. But I think if we were to, you know, with the user and some of the influencers from developers, dev-ops, and security are kind of the key people in the equation. >> Is your, you have a lot of experience in the enterprise. How do you see your go to market in this world different, given that it's really a developer constituency that you're targeting? I mean, normally, you'd go out, hire a bunch of expensive sales guys, go to market, is that the model or is it a little different here because of the target? >> Yeah, you know, to be honest, a lot of the momentum that we've had at this point has been inbound. Like most of the opportunities that come in, come to us from the community, from this ground up. And so we have a very large inside sales team that just kind of follows up on the inbound interest. And that's still, you know, 65, 70% of the opportunities that come to us both here and Europe and APJ, are coming from the community inbound. Okay, I'm using 10 licenses of SNYK, you know, I want to get the enterprise version of it. And so that's been how we've grown. Very much of a very cost-effective inside sales. Now, when you get to the Googles and Salesforces and Nordstroms of the world, and they have already 500 licenses us, either paid or free, then we usually have more of a, you know, senior sales person that will be involved in those deals. >> To sort of mine those accounts. But it's really all about driving the efficiency of that inbound, and then at some point driving more inbound and sort of getting that flywheel effect. >> Developer adoption, developer adoption. That's the number one driver for everybody in our company. We have a customer success team, developer adoption. You know, just make the developer successful and good things happen to all the other parts of the organization. >> Okay, so that's a key performance indicator. What are the, let's wrap kind of the milestones and the things that you want to accomplish in the next, let's call it 12 months, 18 months? What should we be watching? >> Yeah, so I mean it continues to be the community, right? The community, recruiting more developers around the globe. We're expanding, you know, APJ's becoming a bigger part. And a lot of it is through just our efforts and just building out this community. We now have 20 people, their sole job is to build out, is to continue to build our developer community. Which is, you know, content, you know, information, how to learn, you know, webinars, all these things that are very separate and apart from the commercial side of the business and the community side of the business. So community adoption is a critical measurement for us, you know, yeah, you look at Freemium adoption. And then, you know, new customers. How are we adding new customers and retaining our existing customers? And you know, we have a 95% retention rate. So it's very sticky because you're getting the data feed, is a daily data feed. So it's like, you know, it's not one that you're going to hook on and then stop at any time soon. So you know, those are the measurements. You look at your community, you look at your Freemium, you look at your customer growth, your retention rates, those are all the things that we measure our business by. >> And your big pockets of brain power here, obviously in Boston, kind of CEO's prerogative, you got a big presence in London, right? And also in Israel, is that correct? >> Yeah, I would say we have four hubs and then we have a lot of remote employees. So, you know, Tel Aviv, where a lot of our security expertise is, in London, a lot of engineering. So between London and Tel Aviv is kind of the security teams, the developers are all in the community is kind of there. You know, Boston, is kind of more go to market side of things, and then we have Ottawa, which is kind of where Watchfire started, so a lot of good security experience there. And then, you know, we've, like a lot of modern companies, we hired the best people wherever we can find them. You know, we have some in Sydney, we've got some all around the world. Especially security, where finding really good security talent is a challenge. And so we're always looking for the best and brightest wherever they are. >> Well, Peter, congratulations on the raise, the new role, really, thank you for coming in and sharing with The Cube community. Really appreciate it. >> Well, it's great to be here. Always enjoy the conversations, especially the Patriots, Red Sox, kind of banter back and forth. It's always good. >> Well, how do you feel about that? >> Which one? >> Well, the Patriots, you know, sort of strange that they're not deep into the playoffs, I mean, for us. But how about the Red Sox now? Is it a team of shame? All my friends who were sort of jealous of Boston sports are saying you should be embarrassed, what are your thoughts? >> It's all about Houston, you know? Alex Cora, was one of the assistant coaches at Houston where all the issues are, I'm not sure those issues apply to Boston, but we'll see, TBD. TBD, I am optimistic as usual. I'm a Boston fan making sure that there isn't any spillover from the Houston world. >> Well we just got our Sox tickets, so you know, hopefully, they'll recover quickly, you know, from this. >> They will, they got to get a coach first. >> Yeah, they got to get a coach first. >> We need something to distract us from the Patriots. >> So you're not ready to attach an asterisk yet to 2018? >> No, no. No, no, no. >> All right, I like the optimism. Maybe you made the right call on Tom Brady. >> Did I? >> Yeah a couple years ago. >> Still since we talked what, two in one. And they won one. >> So they were in two, won one, and he threw for what, 600 yards in the first one so you can't, it wasn't his fault. >> And they'll sign him again, he'll be back. >> Is that your prediction? I hope so. >> I do, I do. >> All right, Peter. Always a pleasure, man. >> Great to see you. >> Thank you so much, and thank you for watching everybody, we'll see you next time. (groovy techno music)