(upbeat music) >> Hey everyone. And welcome to this CUBE Conversation which is part of the AWS startup showcase. Season two, episode four of our ongoing series. The theme of this episode is cybersecurity, detect and protect against threats. I'm your host, Lisa Martin, and I'm pleased to be joined by the founder and CEO of Hunters.AI, Uri May. Uri, welcome to theCUBE. It's great to have you here. >> Thank you, Lisa. It's great to be here. >> Tell me a little bit about your background and the founders story. This company was only founded in 2018, so you're quite young. But gimme that backstory about what you saw in the market that really determined, this is needed. >> Yeah, absolutely. So, I mean, I think the biggest thing for us was the understanding that significant things have happened in the cybersecurity landscape for customers and technology stayed the same. I mean, we tried on solving the same... We tried on solving a big problem with the same old tools when we actually noticed that the problem has changed significantly. And we saw that change happening in two different dimensions. The first is the types of attacks that we're defending against. A decade ago, we were mostly focused on these highly sophisticated nation state efforts that included unknown techniques and tactics and highly sophisticated kind of methods. Nowadays, we're talking a lot about cyber crime gangs, whoops of people that are financially motivated or using off the shelf tools, of the shelf malware, coordinating in the dark web, attacking for money and ransom basically, versus sophisticated intelligence kind of objectives. And in the same time of that happening, we also saw what we like to refer to as explosion of the securities stack. So some of our customers are using more than 60 or 70 different security tools that are generating sometimes tens of terabytes a day of flows. That explosion of data, together with a very persistent and consistent threat that is continuously affecting customers, create a very different environment, where you need to analyze a big variety of data and you need to constantly defend yourself against stuff that are happening all the time. And that was kind of like our wake moment when we understand that the tools that are out there now might have been the right tools a decade ago, they are probably not the right tools to solve the problem now. So yeah, I think that that was kind of what led us to Hunters. And in the same time, and I think that that's my personal kind of story behind it. We used to talk a lot about the fact that we want to solve a fundamental problem. And we, as part of the ideation around Hunters and us zooming in on exactly the areas that we want to focus on in security, we talked with a lot of CSOs, we talked with a lot of industry experts, everyone directed us to the security operation center. I mean the notion that there's a lot of tools and there's always going to be a lot of tools, but eventually decisions are being made by people that are running security operation center, that are actually acting as the first line of defense. And that's where you feel that the processes are woke. That's where you feel that that technology doesn't really meet the rabel, and the rabel doesn't really meet the hold. And for us, it was a very clear sign that this is where we need to focus on. And that set us on a journey to explore red hunting and then understand that we can solve something bigger than that. And then eventually get to where we are today, which is go to market around. So holistic a platform that can help SOC analysts doing the day to day job defending the organizations. >> So you saw back in 2018, probably even before that that the SIEM market was prime and right for disruption. And only in a four year time period, there's been some pretty significant milestones and accomplishment that the team at Hunters has made in that short timeframe. Talk to me about some of those big milestones that the company has reached in just four years. >> Yeah, I think that the biggest thing and I know that it's going to sound like a cliche, but we're actually believing that I think it's the team. I mean, we're able to go to an organization of around 150 employees. All over the world, the course, I think I mean the last time that I checked, like 15 countries. That's the most amazing feeling that you can have. That ability to attract people to a single mission from all over the world and to get them collaborate and do amazing things and achieve unbelievable accomplishment. I think that's the biggest thing. The other thing for us was customers. I mean, think about it like, SIEM it's such a central and critical system. So for us as a young startup from Tel Aviv to go out to Enterprise America and convince the biggest enterprise around the world to rip and replace the the existing solutions that are being built by the biggest software brands out there and install Hunters instead, that's a huge leap of trust, that we are very grateful for, and we're trying to handle with a lot of care and a lot of responsibility. And obviously, I think that other than that, is all of the investors that we were able to attract that basically enabled all of that customer acquisition and team building and product development. And we're very fortunate to work with the biggest names out there, both from a strategic perspective and also from tier one VCs from mainly from the U.S., but from all over the world, actually that are backing us. >> Great customers, solid foundation. Hunters is built for the clouds, is powered by Snowflake. This is AWS built. Talk to me about what's in it for me from an AWS customer perspective. What's that value in it for them? >> Yeah, so I think that the most important thing, in my opinion, at least, is the security value that you're getting from it. Other than the fact that Hunters is a multi-tenant SaaS application running in AWS, it's also a system that is highly tuned and specifically built to be very effective against detecting threats inside AWS environments. So we invested a lot of time in research, in analyzing the way attackers are operating inside cloud environments, specifically in AWS. And then we model these techniques and tactics and procedures into the system. We're leveraging data sets like AWS CloudRail and CloudWatch and VPC Flow Logs, obviously AWS GuardDuty which is an amazing detection system that AWS offer to its customer, and we're able to leverage it, correlate it with other signals. And at the same time, there's also the commercial aspect and the business aspect. I mean, we're allowing AWS customers to leverage the AWS credits to the marketplace to fund same projects like Hunters that comes with a lot of efficiencies also. And with a lot of additional capabilities like I mentioned earlier. >> So let's crack open Hunters.AI. What makes this approach different? You talked about the challenges that you guys saw in the market that were gaps there, and why technology needed to come in from a disruption standpoint. But describe the differentiators. When you're talking to perspective customers, what are those key differentiators that Hunters brings to the table? >> Yeah, absolutely. So we like to divide it into three main pillars. The first pillar is everything that we do with data, that is very different from our competitors. We believe that data should be completely liberated from the analytical layer. And that's why we're storing data in a dedicated data warehouse. Snowflake, as you mentioned earlier, is one of our go to data warehouses. And that give customers the ability to own their own data. So you as a customer can opt in into using Hunters on top of your Snowflake. It's not the only way. You can also get Snowflake bundled as part of that, your Hunter subscription, but for some customers that ability to reduce vendor lock risk on data on your own and also level security data for other kind of workflows is something that is really huge. So that's the first thing that is very different. The second thing is what we like to call security engineering as a service. So when you buy Hunters, you don't just buy a data platform. You actually buy a system, a SOC platform that is already populated with use cases. So what we are saying is that in today's world the threats that we're handling as a SOC, as security operations center professionals are actually shared by 80% of the customers out there. So 80% of the customers share around 80% of the threat. And what we're basically saying is let us as a vendor, solve the detection response around that 80%. So you as a customer could focus on the 20% that is unique to your environment. Then in a lot of cases generate 80% of the impact. So that means that you are getting a lot of rebuilt tools and detections, data modeling to your integrations, automatic investigations, scoring correlations. All of these things are being continuously deployed and delivered by us because we're multi tenant SaaS. And also allowing you again to get this effortless tail key kind of solution that is very different from your experience with your current SIEM tools that usually involves a lot of tuning, professional services, configuration, et cetera. And the last aspect of it, is everything that we're doing around automation. We're leveraging very unique graph technology and what we call automatic investigation enrichments that allows us to take all of these signals that we're extracting from all over the attacks, of say AWS included, but also the endpoint and the email and the network and IOT environments and whatever automatically investigate them, load them into a graph and then automatically correlate them to what we call stones, which are basically representation of incidents that are happening across your tax office. And that's a very unique capability that we bring into the table that demonstrates our focus on the analytical lens. So it's not just log aggregation, and querying and dashboarding kind of system. It's actually a security analytic system that is able to drive real insights on top of the data that you're plugging into it. >> So talk to me, Uri, when you're in customer conversations these days the market is there's so many dynamics and flux that customers are dealing with. Obviously, the threat landscape continues to expand and really become quite amorphous as that perimeter blends. What are some of the specific challenges that security operation center or SOC teams come to you saying, help us eliminate this. We have so many tools, we've probably got limited resources. What are those challenges and how does Hunters really wipe those off the plate? >> Yeah, so I think the first and foremost has to do with the second pillar that I mentioned earlier and that's security engineering. So for most security operations centers and most organizations around the world, the feeling is that they're kind of like stuck on this third wheel. They keep on buying tools and then implementing these tools and then writing rules and then generating noise and then fine tuning the rules. And then testing the rules and understanding that the fine tuning actually generated misdetections. And they're kind of like stuck on this vicious side. And no one can really help because a lot of the stuff that they're building, they're building it in their environment. And what we're saying is that, let us do it for you. Well, that 80% that we've mentioned earlier and allows you to really focus on the stuff that you're doing and even offset your talent. So, we're not talking about really a talent reduction. Because everyone needs more talent in cybersecurity nowadays but we're talking a lot about offset. I mean, if we had a team of five people investing efforts in building walls, building automation, and now three or four of these people can go and do advanced investigations, instant response, threat hunting interval, that's meaningful. For a lot of SOCs, in a lot of cases that means either identifying and analyzing a threat in time or missing it. So, I mean, I think that that's the biggest thing. And the other thing has to do with the first thing that I mentioned earlier, and these are the data challenges. Data challenges in terms of cost, performance, the ability to absorb data sets that today's tools can't really support. I mean, for example, one of the biggest data sets that we're loading that is tremendously helpful is raw data for EDR products. Raw data for EDR products in large enterprises can get to 10, 15, 20 terabytes a day. In today's SIEMs and SOC platforms that the customers are using, this thing is just as prohibited from SOC. They can't really analyze it because it's so costly. So what we're saying is a lot of what we're seeing is a lot of customers, either not analyzing it at all, or saving it for a very little amount of time, account of days. Because they can't support the retention around it. So the ability to store huge data sets for longer period of time makes it something that a lot of big enterprises need. And to be honest, I think that in the next couple of years they would also be forced to have these kind of capabilities, even from a compliance perspective. >> So in terms of outcomes, I'm hearing reduction in costs really helping security teams utilize their resources, the ability to analyze growing volumes of data. That's only going to continue to increase as we know. Is there a customer story, Uri that you have that really, where the value proposition of Hunters really shines through? >> Yeah, I think that one thing comes to mind from those hospitality vertical and actually it's a reference customer. I mean, we can share the name. His name is booking.com. It's also publicly shown on our website. And they think the coolest thing that we were able to do with booking is give them that capability to stay up to date with the threats that they're facing. So it's not just that we saved a lot of efforts from them because we came with a lot of out of the box capabilities that they can use. We also kept them up to date with everything that they were facing. And there was a couple of cases, where we were able to detect threats that were very recently from threat perspective. Based on our ability to invest research time and efforts in everything that is going on in the ecosystem and the feedback that we got from the customer, and it's not a single of feedback. Like we're getting it a lot, is that, without you guys we wouldn't be able to do the effective research and then the implementation of this and the threat modeling and the implementation of these things in time. And walking with you kind of like made the difference between analyzing it and reacting in time and potentially blocking like a very serious bridge versus maybe finding out when it's too late. >> Huge impact there. And I'm kind of thinking, Hunters aim, might be one of the reasons that booking.com's tagline it's booking.com, booking.yeah. Yeah, we're secure. We know if we can demonstrate that to everyone that uses our service. I noticed kind of wrapping things up here, Uri. I noticed that back in I think it was January of 2022, Hunters raised about 60 million in series C. You talked about kind of being in the GTM phase, where are some of those strategic investments? What have you been doing, focusing on this year and what's to come as we round out 22? >> Yeah, absolutely. So, I mean, there's a lot of building going on. Yeah. Still, right. I mean, we're getting into that scale mode and scale phase but we're very much also building our capabilities, building our infrastructure, building our teams, building our business processes. So there's a lot of efforts going into that, but in the same time, I mean, we've being able to vary, to depending our relationship with DataBlitz which is a very important partner of us. And we got some big news coming up on that. And they were a strategic investor that participated in our series C. And in the same time we're walking in the air market which is a very interesting market for us. And we get a lot of support from one other strategic investor that joined the series C, Deutsche Telekom. And they are a huge provider in IT and security in email, other than doing a lot of other things and including T-systems and T-Mobile and everything that has to do with that. So we're getting a lot of support from them. And regardless, I think, and that ties back to what we've mentioned earlier, the ability for us to come to really big customers with the quality of investors that we have is a very important external validation. It's basically saying like this company is here to stay. We're aiming at disrupting the market. We're building something big. You can count on us by replacing this critical system that we're talking about. And sometimes it makes a difference, like sometimes for some of the customers, it means that this is something that I can rely on. Like it's not a startup that is going to be sold two months after I'm deploying it. And it's not a founder that is going to disappear on me. And for a lot of customers, these things happen, especially in an ecosystem like cybersecurity, that is so big with such a huge variety of different systems. So, yeah, I think that we're getting ready for that scale mode and hopefully it'll happen sooner than what we think. >> A lot of growth already as we mentioned in the beginning of the program. Since just 2018 it sounds like from a foundation perspective, you guys are strong, you're rocking away and ready to really take things into 2023 with such force. Uri, thank you so much for joining me on the program, talking about what Hunters.AI is up to and how you're different and why you're disrupting the SIEM market. We appreciate your insights and your time. >> Absolutely. Lisa, the pleasure was all mine. Thank you for having me. >> Likewise. For Uri May, I'm Lisa Martin. Thank you for watching our CUBE Conversation as part of the AWS startup showcase. Keep it right here for more actions on theCUBE, your leader in tech coverage. (upbeat music)