(bright upbeat music) >> Hello, everyone, and welcome to this #CUBEConversation here in Palo Alto, California. I'm John Furrier, host of "theCUBE." We have the co-founder and CTO of Armis here, Nadir Izrael. Thanks for coming on. Appreciate it. Armis is hot company, RSA, we just happened. Last week, a lot of action going on. Thanks for coming on. >> Thank you for having me. Sure. >> I love CTOs and co-founders. One, you have the entrepreneurial DNA, also technical in a space with cyber security, that is the hottest most important area. It's always been important, but now more than ever, as the service areas are everywhere, tons of attacks, global threats. You got national security at every level, and you got personal liberties for privacy, and other things going on for average citizens. So, important topic. Talk about Armis? Why did you guys start this company? What was the motivation? Give a quick commercial what you guys do, and then we'll get into some of the questions around, who you guys are targeting. >> Sure, so yeah, I couldn't agree more about the importance of cybersecurity, especially I think in these days. And given some of the geopolitical changes happening right now, more than ever, I would say that if we go back 6.5 years or so, when Armis was founded, we at the time talked to dozens of different CIOs, CSOs, it managers. And every single one of them told us the same thing. And this was at least to me surprising at the time. We have no idea what we have. We have no idea what the assets that are connected to our network, or our environment are. At the time, when we started Armis, we thought this was simply, let's call it the other devices. IOT, OT, all kinds of different buzzwords that were kind of flying around at the time, and really that's, what we should focus on. But with time, what we understood, it's actually a problem of scale. Organizations are growing massively. The diversity of different assets they have to deal with is incredible. And if 6.5 or 7 years ago, it was all about just growth of actual physical devices, these days it's virtual, it's containerized, it's cloud-based. It's actually quite insane. And organizations find themselves really quickly dealing with billions of assets within their environment, but no real way to see, account for them, and be able to manage them. That's what Armis is here to solve. It's here to bring back visibility and order into the mix. It's here to bring a complete map of everything within the organization, and the ability to manage different security processes on top of that. And it couldn't have come, I think at a better time for organizations, because the ability to manage these days, the attack surface of an organization, understand where are different weak spots, what way to invest in? They start and end with a complete asset map, and that's really what we're here to solve. >> As I look at your story and understand what you guys are doing, certainly, a lot of great momentum at RSA. But also digging under the hood, you guys really crack the code with on the scale side as well. And also it's lockstep with the environment. If you look at the trends that we've been covering on "theCUBE," system on chip, you're seeing a lot of Silicon action going on, on all the hyperscalers. You're starting to see, again, you mentioned IOT devices and OT, IP enabled processors. I mean, that's basically you can run multi-threaded applications on a light bulb, basically. So, you have these new things going on that are just popping in into the environment. Just people are hanging them on the network. So, anything on the network is risk and that's happening massively, so I see that. But also you guys have this contextualization capability, scope the problem statement for us? How hard is it to do this? Because you got tons of challenges. What's the scale of the problem that you guys have been solving? 'Cause it's not easy. I mean, it's not network management, not just doing auto discovery, there's a lot of secret sauce there, scope the problem? >> Okay, so first of all, just to get a measure of how difficult this is, organizations have been trying to solve this for the better part of the last two decades. I think even when the problem was way smaller, they've still been struggling with being able to do this. It's an age old problem, that for the most part, I got to say that when I describe the problem the way that I did, usually, what the reaction from clients are, "Yes, I'd love for you to solve that." "I just heard this pitch from like five other vendors and I've yet to solve this problem. So, how do you do it?" So, as I kind of scope this, it's also a measure of just basically, how do you go about solving a complex situation where, to kind of list out some of the bold claims here in what I said. Number one, it's the ability to just fingerprint and be able to understand what your assets are. Secondly, being able to do it with very dirty data, if you will. I would say, in many cases, solutions that exist today, basically tell clients, or tell the users, were as good as the data that you provide us. And because the data isn't very good, the results aren't very good. Armis aspires to do something more than that. It aspires to create a logically perfect map of your assets despite being hindered by incomplete and basically wrong data, many times. And third, the ability to infer things about the environment where no source data even exists. So, to all of that, really Armis' approach is pretty straightforward, and it relies on something that we call our collective intelligence. We basically use the power and scale of these masses to our advantage, and not just as a shortcoming. What I mean by that, is Armis today tracks overall, over 2 billion assets worldwide. That's an astounding number. And it thanks to the size of some of the organization that we work with. Armis proudly serves today, for instance, over 35 of Fortune 100. Some of those environments, let me tell you, are huge. So, what Armis basically does, is really simple. It uses thousands, tens of thousands, hundreds of thousands sometimes, of instances of the same device and same assets to basically figure out what it is. Figure out how to fingerprint it best. Figure out how to marry conflicting data sources about it and figure out what's the right host name? What's the right IP address? What are all the different details that you should know about it? And be able to basically find the most minimalist fingerprints for different attributes of an asset in a changing environment. It's something that works really, really well. It's something that we honestly, may have applied to this problem, but it's not something that we fully invented. It's been used effectively to solve other problems as well. For instance, if you think about any kind of mapping software. And I use that analogy a lot. But if you think about mapping software, I happened to work for Google in the past, and specifically on Google Map. So, I know quite a bit about how to solve similar problems. But I can tell you that you think about something like a mapping software, it takes very dirty, incomplete data from lots of different sources, and creates not a pixel perfect map, but a logically perfect map for the use cases you need it to be. And that's exactly what Armis strives to do. Build the Google Maps, if you will, of your organization, or the kind of real time map of everything, and be able to supply that or project that for different business processes. >> Yeah, I love the approach, and I love that search analogy. Discover is a big part of mapping as you know, and reasoning in there with the metadata you have and the dirty data is critical. And by the way, we love bold statements on "theCUBE," because as long as you can back 'em up, then we'll dig into that. But let's back up some of those bold claims. Okay, you have a lot of devices, you've got the collective intelligence. How do you manage the real time nature of devices changing in real time? 'Cause if you do fingerprint on it, and you got some characteristics of the assets in the map, what happens in real time? How fast are you guys managing that? What's the process for that? >> So, very quickly, I think another quick analogy I like to use, because I think it orients people around kind of how Armis operates, is imagine that Armis is kind of like a Shazam for assets. We take different attributes coming from your environment, and we match it up, that collective intelligence to figure out what that asset is. So, we recognize an asset based off of its behavioral fingerprint, or based off of different attributes, figure out what it is. Now, if you take something that recognizes tunes on the radio or anything like that, it's built pretty similarly. Once you have access to different sources. Once we see real environments that introduce new devices or new assets, Armis is immediately learning. It's immediately taking those different queues, those different attributes and learning from them. And to your point, even if something changes its behavioral fingerprint. For instance, it gets updated, a new patch rolls out, something that changes a meaningful aspect of how that asset operates, Armis sees so many environments, and so much these days that it reacts in almost real time to the introduction of these new things. A patch rolls out, it starts changing multiple devices and multiple different environments around the world, Armis is already learning and adapting this model for the new type of asset and device out there. It works very quickly, and it's part of the effectiveness of being able to operate at the scale that we do. >> Well, Nadir, you guys got a great opportunity there at Armis. And as co-founder, you must be pretty pumped, actually working hard, stay up to date, and got a great, great opportunity there. How was RSA this year? And what's your take on the landscape? Because you're kind of in this, I call the new category of lockstep with an environment. Obviously, there's no perimeter, everyone knows that. Service area is the whole internet, basically, distributed computing paradigms and understanding things like discovery and mapping data that you guys are doing. And it's a data problem as well. It's a lot of problems that you guys are solving. But the industry's got some old beggars, as I still hear endpoint protection, zero trust. I hear trust, if you're talking about supply chain, software supply chain, S bombs, you mentioned in a previous interview. You got software supply chain issues with open source, 'cause everything's open source now on infrastructure, so that's happening. How do you manage all that? I mean, is it zero trust or is it trust? 'Cause as you hear, I hear you talking about Armis, it's like, you got to have trusted components in there and you got to trust the data. So, that's not zero trust, that's trust. So, where zero trust and trust solve? What's your take on that? How do you resolve? What's your reaction to that? >> Usually, I wait for someone else to bring up the zero trust buzzword before I touch on that. So, because to your point, it's such an overused buzzword. But let me try and tackle that for a second. First of all, I think that Armis treats assets in a way as, let's call it the vessels of everything. And what I mean by that, is that at a very atomic aspect, assets are the atoms of the environment. They're the vessels of everything. They're the vessels of vulnerabilities. There's the vessels of actual attacks. Like something, some asset needs to exist for something to happen. And every aspect of trust or zero trust, or anything like that applies to basically assets. Now, to your point, Armis, ironically, or like a lot of security tools, I think it assists greatly or even manages a zero trust policy within the environment. It provides the asset intelligence into the mix of how to manage an effective zero trust policy. But in essence, you need to trust Armis, right? I mean, Armis is a critical function now within your environment. And there has to be a degree of trust, but I would say, trust but verified. And that's something that I think the security industry as a whole is evolving into quite a bit, especially post events like solar, winds, or other things that happened in recent years. Armis is a SaaS platform. And in being a SaaS platform, there is an inherent aspect of trust and risk that you take on as a security organization. I think anyone who says differently, is either lying or mistaken. I mean, there are no foolproof, a 100% systems out there. But to mitigate some of that risk, we adhere to a very strict risk in security policy on our end. What that means, is we're incredibly transparent about every aspect of our own environment. We publish to our clients our latest penetration test reports. We publish our security controls and policies. We're very transparent about the different aspects we're involve in our own environment. We give our clients access to our own internal security organization, our own CSO, to be able to provide them with all the security controls they need. And we take a very least privileged approach in how we deploy Armis within an environment. No need for extra permissions. Everything read-only unless there is an explicit reason to do else... I think differently within the environment. And something that we take very seriously, is also anything that we deploy within the environment, should be walled off, except for whatever lease privilege that we need. On top of that, I'd add one more thing that adds, I think a lot of peace of mind to our clients. We are FeRAMP ready, and soon to be certified, We work with DOD clients within the U.S kind of DOD apparatus. And I think that this gives a lot of peace of mind to our clients, even commercial clients, because they know that we need to adhere to hundreds of different security controls that are monitored and government by U.S federal agencies. And that I think gives a lot of extra security measures, a lot of knowledge that this risk is being mitigated and controlled, and governed by different agencies. >> Good stuff there. Also at RSA, you kind of saw people come back together face-to-face, which is great. A lot of kind of similar, everyone kind of knows each other in the security business, but it's getting bigger. What was the big takeaways from you for the folks watching here that didn't get to go to RSA this year? What was the most important stories that came out of RSA this year? Just generally across the industry, from your perspective that people should pay attention to? >> First of all, I think that people were just really happy to get back together. I think it was a really fun RSA. I think that people had a lot of energy and excitement, and they love just walking around. I am obviously, somewhat biased here, but I will say, I've heard from other people too, that our event there, and the formal party that was there was by far the kind of the the talk of the show. And we were fortunate to do that with Sentinel One. with Torque who are both great partners of ours, and, of course, Insight partners. I think a lot of the themes that have come up during RSA, are really around some of the things that we already talked about, visibility as a driver for business processes. The understanding of where do assets and tax surfaces, and things like that play in. But also, I think that everything was, in light of macroeconomics and geopolitics that are kind of happening in the background, that no one can really avoid that. On the one hand, if we look at macroeconomics, obviously, markets are going through quite a shake up right now. And especially, when you talk about tech, the one thing that was really, really evident though, is it's cybersecurity is, I think market-wise just faring way better than others because the demand is absolutely there. I think that no one has slowed down one bit on buying and arming themselves, I'd say, with defensive solutions for cybersecurity. And the reason, is that the threats are there. I mean, we're all very, very much aware of that. And even in situations where companies are spending less on other things, they're definitely spending on cybersecurity, because the toll on the industry is going up significantly year by year, which really ties into also the geopolitics. One of the themes that I've heard significantly, is all the buzz around different initiatives coming from both U.S federal agencies, as well as different governing bodies around anything, from things like shields up in critical infrastructure, all the way to different governance aspects of the TSA. Or even the SCC on different companies with regards to what are they doing on cyber? If some of the initiatives coming from the SCC on public companies come out the way that they are right now, cyber security companies will elevate... Well, sorry, companies in general, would actually elevate cyber security to board level discussions on a regular basis. And everyone wants to be ready to answer effectively, different questions there. And then on top of all of that, I think we're all very aware of, I think, and not to be too doom and gloom here, but the geopolitical aspect of things. It's very clear that we could be facing a very significant and very different cyber warfare aspect than anything that we've seen before in the coming months and years. I think that one of the things you could hear a lot of companies and clients talk about, is the fact that it used to be that you could say, "Look, if a nation state is out to get me, then a nation state is out to get me, and they're going to get me. And I am out to protect myself from common criminals, or cybersecurity criminals, or things like that." But it's no longer the case. I mean, you very well might be attacked by a nation state, and it's no longer something that you can afford to just say, "Yeah, we'll just deal with that if that happens." I think some of the attacks on critical infrastructure in particular have proven to us all, that this is a very, very important topic to deal with. And companies are paying a lot of attention to what can give them visibility and control over their extended attack surface, and anything in between. >> Well, we've been certainly ringing the bell for years. I've been a hawk on this for many, many years, saying we're at cyber war, well below everyone else. So, we've been pounding our fist on the table saying, it's not just a national security issue. Finally, they're waking up and kind of figuring out countermeasures. But private companies don't have their own, they should have their own militia basically. So, what's the role of government and all this? So, all this is about competency and actually understanding what's going on. So, the whole red line, lowering that red line, the adversaries have been operating onside our infrastructure for years. So, the industrial IOT side has been aware of this for years, now it's being streamed, right? So, what do we do? Is the government going to come in and help, and bring some cyber militia to companies to protect their business? I mean, if troops dropped on our shores, I'm sure the government would react, right? So, where is that red line, Nadir? Where do you see the gap being filled? Certainly, people will defend their companies, they have assets obviously. And then, you critical infrastructure on the industrial side is super important, that's the national security issue. What do we do? What's the action here? >> That is such a difficult question. Such a good question I think to tackle, I think, there are similarities and there are differences, right? On the one hand, we do and should expect the government to do more. I think it should do more in policy making. I mean, really, really work to streamline and work much faster on that. And it would do good to all of us because I think that ultimately, policy can mean that the third party vendors that we use are more secure, and in turn, our own organizations are more secure in how they operate. But also, they hold our organizations accountable. And in doing so, consumers who use different services feel safer as well because basically, companies are mandated to protect data, to protect themselves, and do everything else. On the other hand, I'd say that government's support on this is difficult. I think the better way to look at this, is imagine for a second, no troops landing on our kind of shores, if you will. But imagine instead, a situation where Americans are spread all over the world and expect the government to protect them in any country, or in any situation they're at. I think that depicts maybe a little better, how infrastructure looks like today. If you look at multinational companies, they have offices everywhere. They have assets spread out everywhere. They have people working from everywhere around the world. It's become an attack surface, that I think you said this earlier, or in a different interview as well. There's no more perimeter to speak of. There are no more borders to this virtual country, if you will. And so, on the one hand, we do expect our government to do a lot. But on the other hand, we also need to take responsibility as companies, and as vendors, and as suppliers of services, we need to take accountability and take responsibility for the assets that we deploy and put in place. And we should have a very security conscious mind in doing this. >> Yeah. >> So, I think tricky government policy aspect to tackle. I think the government should be doing more, but on the other hand, we should absolutely be pointing internally at where can we do better as companies? >> And the asset understanding the context of what's critical asset too, can impact how you protect it, defend it, and ensure it, or manage it. I mean, this is what people want. It's a data problem in flight, at rest, and in action. So, Armis, you guys are doing a great job there. Congratulations, Nadir on the venture, on your success. I love the product, love the approach. I think it scales nicely with the industry where it's going. So, especially with the intelligent edge booming, and it's just so much happening, you guys are in the middle of it. Thanks for coming on "theCUBE." Appreciate it. >> Thank you so much. As I like to say, it takes a village, and there's so many people in the company who make this happen. I'm just the one who gets to take credit for it. So, I appreciate the time today and the conversation. And thank you for having me. >> Well, we'll check in with you. You guys are right there with us, and we'll be in covering you guys pretty deeply. Thanks for coming on. Appreciate it. Okay, it's #CUBEConversation here in Palo Alto. I'm John Furrier. Thanks for watching. Clear. (bright upbeat music)