00:00welcome to the a 16z podcast I have
00:02Michael Copeland the thing about
00:04enterprise security from the outside at
00:06least is it reads like a Hollywood
00:08thriller nation-states are after your
00:11company's most valuable assets and they
00:13must be stopped at all costs and yes
00:16some nation state-sponsored hacks have
00:18caused tremendous damage but the best
00:21course for most companies isn't to focus
00:24on combating mission impossible like
00:27come through the vent break-ins says
00:29tinium co-founder Orion Honda we it's
00:32the far less sexy practice of simply
00:34keeping the virtual windows and doors to
00:36your company locked it is the thing that
00:39will fix you Hindi says in a
00:42conversation from the firm's capital
00:44some event Ben Horowitz in Orion
00:46discussed the state of enterprise
00:48security and how tain iums
00:50block-and-tackle not cloak-and-dagger
00:53approach has defined the company's
00:55technology and also led to its
00:58tremendous growth Ben Horowitz starts
01:01things off hello everybody so
01:06Pat's management and these kinds of
01:08things have been around for quite a
01:10while back Vic fixed it patch management
01:13why is what you do hard so why is it
01:16that like clearly you meet a need but
01:18like why is it hard why do the old
01:20solutions not work what's different
01:22about Tamiya so if you look at every
01:25solution in our space that's targeting
01:27large enterprise and you look at the way
01:29they designed it it's the same so we
01:31call it a hub-and-spoke but basically it
01:33means there's a central server and then
01:35you got potentially hundreds of
01:36thousands of servers sprinkled around an
01:38environment they talk to every computer
01:39and they try and fix things that was
01:41designed when as I said 10,000 computers
01:44was law and now you look at some of our
01:47big banking customers they have five
01:48hundred thousand computers and they have
01:50thousands of branches and they're all
01:51connected and they need to be able to
01:53manage them and the hub-and-spoke is
01:55literally still the way that people have
01:56approached it since you know 1972 today
01:59other than Taney we had to take a
02:02completely refactored approach to the
02:04problem we actually had to go from the
02:05ground up and spend five years building
02:06a completely different topology to do
02:08this because we realized that that
02:10approach the core approach was the
02:11problem the fact that you have hundreds
02:16of thousands of things that are going up
02:17and down constantly that you've got VMs
02:19that are starting up that you've got
02:20cloud environments those are all new
02:22facets that have been entered into this
02:25problem in the last 10 15 years and just
02:27coordinating hundreds of thousands of
02:29anything is really hard I mean it takes
02:31them days to do what we can do in
02:32seconds because they're still doing it
02:33the way that you would if you have five
02:35thousand things instead of five hundred
02:36thousand right right and what about it
02:41kind of makes it a five year R&D project
02:46like what is the dynamic cuz scale like
02:50scale itself won't cost you five years
02:54particularly if I already built the
02:56thing or once before it big fix like is
03:00it the dynamic nature of the
03:01virtualization environment is it mapping
03:03what like how do you get to like such a
03:06big investment to solve what people
03:09really thought they already had solved
03:11or so people have optimized that
03:14hub-and-spoke as much as they possibly
03:16can and it's a known problem
03:18we realized that we had to change that
03:21topology so profoundly that basically
03:24every problem that had had to be solved
03:26in the hub-and-spoke had to be resolved
03:27in a different way so I'll give you an
03:29example security right so security in a
03:33standard model you secure the pipe that
03:35data is going down and you know which
03:37servers talking and it's really easy to
03:39know this server is supposed to encrypt
03:41the data this guy supposed to receive it
03:42we're gonna exchange the key and we're
03:44gonna do that right in a model where
03:46clients are talking to each other you
03:48don't know who's going to be talking to
03:49the client and you can't pass out keys
03:52to every one of them and exchange keys
03:54so you have to do it a different way and
03:55so we had thousands of edge cases that
03:57we had to plow through and many of them
04:00are kind of Theory edge cases others are
04:02just practical right we wanted to
04:03institute a different communications
04:05architecture and practically you know
04:07the things that we could rely on the
04:09libraries weren't really designed to do
04:11that so we had to rebuild some of them
04:12and so there's a lot of kind of re
04:14architecture from the ground up where
04:16you're absolutely right we had a team
04:18that had already done it the old way
04:19right and so we knew the problems with
04:21the old way and they knew what they have
04:23to build and it still took us five years
04:25with 12 engineers to do it because
04:27there's a lot of grunt lifting in
04:29rebuilding something from a ground up
04:31you know it's it is messy sadly I know
04:34well that that is a very messy problem
04:36well it's also a nice barrier to entry
04:38but yes it was good at the end yeah no
04:41doubt no doubt so you spoke about the
04:45the big attacks the headline attacks
04:47that we've seen in the news aren't kind
04:51of attacks by state actors other than
04:53Sony so what about like could you have
04:58helped Home Depot you know could you
05:00have prevented all those guys from
05:01getting fired so I'll answer it slightly
05:05more generally because I've already
05:06gotten in trouble using customer names
05:07ok yes almost every big breach
05:12subsequent to the breach the companies
05:14typically will bring in a new set of
05:16players and then they'll do an analysis
05:18of how the breach happened out of the
05:20top 10 breaches that have happened in
05:21the last year we've been bought by eight
05:23of them and we're in procurement without
05:24their - so and it's not because they're
05:27buying every solution it's because
05:28they're actually analyzing where did
05:31what ended up happening was they
05:33realized they had indicators that told
05:35them they were being attacked they just
05:37didn't know how to figure out what to do
05:39if you can't ask your endpoints what
05:41they're experiencing and you think maybe
05:43it's happening somewhere that would be
05:45like me telling you you know god forbid
05:47but you've got three cancerous cells
05:48somewhere in your body I don't know
05:49where they are and I don't know if
05:50they're gonna metastasize what are you
05:51gonna do with that yeah you know what
05:54does that data do for you and so they
05:57are able with daenam to actually go and
05:59scan their entire body and see exactly
06:00what's not the way they expect it to and
06:03deal with it before it can become
06:06emergent and so they ended up buying us
06:08because they realize that how does a
06:10company how does a big company have
06:13these vulnerabilities kind of approach
06:16the problem of like what it's worth to
06:18them to buy Taner so we have two
06:22luxuries there that I think are unusual
06:25so the first is we spend security and
06:27operations and so security has a lot of
06:31urgency and a lot of people are very
06:32interested in it but the ROI is not
06:34there the tangible hard ROI in
06:37operations so things like how much
06:39software you're licensing or whether
06:41you're actually deploying that software
06:42correctly there is real ROI but there
06:45isn't much urgency because it's you know
06:46kind of the analogy somebody made was
06:48you know my left arm I have a cut on it
06:50it's annoying me but my right arm was
06:52cut off and it's like bleeding profusely
06:54I have to deal with the security problem
06:56but you know so I'm not going to deal
06:58with the operations problem emergently
06:59but if I can give you a solution that
07:01does both it becomes really interesting
07:03because we can take the ROI from
07:05operations apply it to security get the
07:07urgency there and get some really
07:09enormous deals I mean we've got now four
07:11or five ten plus million dollar deals
07:13from very large environments who don't
07:16spend that much on software typically
07:18and the reason is we have a broad set of
07:20things that we do then they span both
07:23operations in security but I'll take
07:25another approach to that question we
07:29decided to spend five years building
07:31this thing and took it to market when we
07:32already had customers using it on
07:34hundreds of thousands of computers right
07:36we leveraged the relationships that we
07:37had from bigfix to take some very big
07:40companies and have them trust us enough
07:41that they would deploy us into
07:45and work with them to make sure it
07:46worked before we ever took it to market
07:47and so you know one of the luxuries we
07:49have is not having to worry that thing
07:51doesn't scale and trying to chase after
07:53a dream in front of our customers and I
07:56don't think a lot of people have the
07:57patience to go through five years of
07:59development without a salesperson on
08:00staff or a marketing person on staff and
08:03just have a bunch of Engineers in a
08:05boiler room in Berkeley and you know go
08:07and build something but once you do that
08:09you've got something that you know works
08:11and then you can go prosecute the market
08:12with confidence instead of saying that
08:14you know my prayer is that eventually I
08:16will get here and I want you guys to
08:17give me money so that you can help me
08:19make my multi-billion dollar company
08:21it's just a very hard argument right so
08:23and a lot of it was you know many
08:26companies actually learn the
08:28requirements in market and since you had
08:30been in market with bigfix you already
08:33knew all the requirements you could go
08:34into the lab and build the whole thing
08:36and we need the competitors I mean so
08:38that's another real luxury we have is we
08:40knew exactly who we'd be competing with
08:41I mean it's the same people we competed
08:43with in our last company I looked for a
08:45market that I knew well that had a
08:47really large dam that was underserved by
08:50its incumbents and that I didn't see any
08:52good movement and I mean everyone has
08:54left the end point for dead they all
08:56want to go work on cloud or on mobile or
08:57on some app and I want them to go do
09:00that I want them all to go do that
09:01because I like my 20 billion dollar team
09:03that's being prosecuted by like 70 year
09:05old gray hairs at IBM it's fantastic for
09:08me I don't think any of the large
09:14incumbent players are feeling threatened
09:16at all and for the simple reason that
09:17they're keeping most of what they're
09:20they're selling like I mean you know if
09:22you look at IBM they used to sell into
09:24the customers were selling to now
09:26they're selling into banks in Brazil
09:27because they're at the end of the
09:29adoption curve and they continue
09:31monetizing that they're just further
09:33along on the conversion curve you know
09:34ten years further just kind of marching
09:36through and they've recap their their
09:39recoup their purchase costs they feel
09:42great about their purchase and
09:43eventually they'll go buy something else
09:45and milk that dry so as your main
09:47competitor actually IBM selling your old
09:49software it's one of them it does give
09:52you an advantage to kind of know what's
09:53wrong with well I mean it's so it's
09:55really hard to argue with you're buying
09:58from IBM that I invented when I was 18
09:59years old and had absolutely no idea
10:01what I was doing and you can either do
10:02that or buy the product that I had 15
10:04years of learning that I put into it you
10:06know a much newer architecture it is
10:08really hard to compete yeah yeah no it's
10:12are the good news is their sales guys
10:14have plenty of other stuff to sell so
10:17you know you hear a lot about kind of mm
10:21security and a lot of the big banks
10:24complain about okay like we've deployed
10:26the mm security model hard candy shell
10:29on the outside delicious chocolate
10:31Center tell us about what that is and
10:37how the market plays out between
10:39solutions that take that approach and
10:41what you're doing so yeah I mean a
10:44different way to phrase that is as a
10:45networking there's that point and so
10:47many of our customers invested
10:49tremendously in this idea that they were
10:51going to figure out every way into their
10:54network and that they were going to
10:56harden every one of those and that they
10:58didn't have to worry about was inside
10:59because they'd hardened it and it's just
11:01to give you a story about that we work
11:04with one of the biggest telcos in the
11:05world and when we got there they told us
11:07they had exactly 22 ways under their
11:09network and they were spending seven
11:10million dollars a year protecting each
11:11one of them they'd bought every solution
11:13they'd layered it up
11:14it was impregnable there was no way in
11:16so 22 am 22 ways in but they protected
11:20each one to the point where as Fort Knox
11:21one of the things you can do with DES
11:23Neum is you can just figure out the way
11:25out to the internet from every endpoint
11:26because just it's called a traceroute
11:28you know you can just tell it you know
11:29go figure out how you get to the
11:31Internet and tell me the last stage that
11:32was internal to the environment that you
11:34went out through and 1,500 ways out this
11:38is the network provider that's providing
11:41the beverages when you tell them that
11:42well no they didn't so we told them okay
11:44well you know about these 20 to go check
11:46the 23rd and where did the support from
11:48like well how did how did they have sure
11:50an extra whatever fourteen hundred and
11:54seventy they had my five points they had
11:58executives who were sitting in corner
12:00offices that it actually bridged in the
12:01Starbucks network that was reachable
12:03from their corner office into their
12:05corporate network because they didn't
12:06like web filtering they had people in
12:09branches actually running DSL lines back
12:11the branches so they could use the DSL
12:14line because they didn't like having to
12:16use the corporate network because it was
12:17too slow they had all kinds of I mean
12:21they're great ways to cheat this and the
12:23problem is the perimeter has dissolved
12:25to the point what so cloud by definition
12:27has no perimeter corporate networks
12:30they're finding out don't really have a
12:31perimeter either you know you start
12:33looking at things like work from home I
12:34mean one of our banks has 50 thousand
12:37computers working from home and any
12:38given time and they're not VPN den so
12:40they're literally just on the internet
12:42and I think they've all realized that
12:45the perimeter is not a protective
12:47mechanism what it is useful for is
12:49reducing noise and it's useful because
12:52you can block a lot you're not going to
12:54block everything but you block a lot and
12:55it's useful for being able to get
12:57indications of what you should look for
12:59internally so you know there are the
13:01sand boxes and they're really good
13:03telling you hey you're getting attacked
13:04in this way now you need to go figure
13:06out where that actually landed and
13:08that's the part most people didn't have
13:10a Forte neum got there they couldn't
13:12take that intelligence and actually say
13:14okay well where did that actually land
13:15and did it succeed and did it spread and
13:18without that all they're doing is
13:20basically sending up a flare and saying
13:22hey another Trojan horse got in we don't
13:24know what's in there like there might be
13:25some soldiers it might be a bomb
13:27whatever but like another one came in
13:29you go figure it out so it's in their
13:31way so so you're telling me that if I
13:34buy state-of-the-art firewall from a
13:37great company that may have like a South
13:40Bay named since we're not naming names
13:43all I'm really gonna know is something
13:48about how I am people are trying to
13:50attack me but I'm not going to know that
13:54like they didn't succeed because I'm not
13:57going to be securing necessarily all the
13:58ways into my company and I'm not going
14:00to be able to know how far along it is
14:02or any of those kinds of things so if
14:04you look at the design of those tools
14:06they're designed to let the first attack
14:08through right so the first attack comes
14:11in and it takes them five or ten minutes
14:13to test whether that is actually an
14:15attack so they let it through it lands
14:17on the end point then they process for
14:18five minutes and then if it's a problem
14:20they send up a flare
14:21they don't let the second attack in
14:23or xx attack if it was 19 of them that
14:26got through in the first five minutes
14:27but right yeah I mean essentially it's
14:29to reduce the noise but then you need to
14:32go clean up what got through and the
14:34problem for many of our customers is
14:35they're playing whack-a-mole right
14:37attackers and they're using
14:39three-day-old data to chase attackers
14:41that are moving every five minutes and
14:43with the kind of gigantic increase of
14:46spend on security tools and with the
14:48number of really smart people building
14:50them how is it that everybody is
14:55attacking the perimeter problem and
14:56nobody's attacking the endpoint the
14:58security problem so I'll give you my
14:59opinion but that may not be completely
15:02true for everybody this problem that we
15:05solved this hygiene problem of you need
15:07to apply patches in our environment is
15:11most companies consider that like if
15:13you're in a founder and you're looking
15:15at it you're like I don't want to figure
15:16out how to apply patches
15:17I want to go figure out how to find the
15:18Russians I want the NSA to use my stuff
15:21to kill bin Laden that's really exciting
15:23right the problem is that's not actually
15:27what most of our customers are facing
15:28day in and day out and we focused on
15:31this problem because we knew it was
15:33actually really important rather than
15:35that it was super exciting and we made a
15:37cutting edge by taking a different
15:38approach to it but you look at a lot of
15:41companies I mean if you look at the
15:42cyber spend of a company that's spending
15:44a lot on cyber and you cut out all the
15:46analytics stuff which is super fluffy
15:48right like we're just gonna take a bunch
15:49of data and we're gonna show you
15:51outliers and I can't even tell you how
15:52we're gonna do it but I promise it's
15:54gonna be really interesting cut that out
15:55you cut out antivirus and all the legacy
15:58stuff that's 20 years old right you cut
16:00out the network side you're looking at
16:02you know whatever it is 5% of the span
16:04that's left and if that's what you look
16:07like you are failing because it should
16:10be a big investment in that area of
16:12hygiene and most people just don't look
16:14at that as like the new exciting thing
16:16but it is actually the thing that will
16:18fix you and how do the customers look at
16:21it you know how hard is it to get more
16:23than 5% of their spend to solve that
16:26that problem given they've purchased all
16:29these other products and they've
16:30justified them and at business cases and
16:34bought this awesome firewall like what
16:36are you talking about we're totally safe
16:38so five years ago that would have been
16:41really hard because people are still
16:42hoping that would work I think a lot of
16:44people are now cognizant that it's not
16:45working and if it's not working and you
16:49you probably got fired and then your
16:51replacement is probably looking for an
16:53answer for this fundamental question of
16:55we're spending a lot of money and it's
16:57and so what we're finding actually is
16:59very open ears from our customers who
17:01want us to explain to them the answer to
17:03that question and what we now have is
17:05the preponderance of the fortune 100 who
17:07are using us who can demonstrate that
17:09they're becoming more secure by falling
17:11really block-and-tackle things not you
17:14know cloak-and-dagger come through the
17:16vent like close your doors close your
17:18windows like make sure that you actually
17:21know how many rooms you have in your
17:22house like that don't put a note on the
17:26front door I was talking to CIO recently
17:28and he was telling me you know I asked
17:30him how many computers he had he said
17:31between 100 and 200 which is my normal
17:34answer 100 to 200 thousand computers and
17:36I have no idea where they are and the
17:37please help me and I was kind of I was
17:40smiling because it that's like somebody
17:42coming in and saying you want to do
17:44construction in your house and they ask
17:45you how BIG's the house and they're
17:46expecting you to say you know it's
17:47exactly this number of square feet and
17:49you say between two and seven bedrooms
17:50how am I supposed to even price that
17:53like what am I supposed to do for you
17:54yeah you don't even know how big your
17:57house is and you want me to tell you
17:59exactly how someone's gonna break in and
18:00so we need to figure out where all the
18:02rooms are we need to figure out what's
18:04happening in each one of them you know
18:05what's its purpose what should it look
18:08and and does that basically enable the
18:11product to sell itself so can you just
18:13walk in and say oh you don't know how
18:15many rooms you have like let me on your
18:18network and I'll tell you and every
18:21customer goes through a pilot we forced
18:23them to even if they don't want to we
18:25encouraged them to because we have
18:27modules that sit on top of this platform
18:29and if they don't know how many rooms
18:30they have they definitely don't know
18:31what kind of furniture they want to buy
18:32right so we need to tell them what they
18:35look like and show them where the lowest
18:37kind of effort highest yield areas are
18:40for them to start fixing and how we can
18:41help them do that and so we asked them
18:44to do a pilot and you know it's
18:45interesting we had a credit card
18:46processor recently go to a hundred
18:48Computers in three days in pilot it
18:50basically said you know we'll push it
18:51out until we run into roadblocks
18:54they globally deployed in three days and
18:56then we can give them perfect data on
18:58where their vulnerabilities were but
19:00interestingly we could also show them
19:02that they had hundreds of copies of
19:03sequel server that were installed that
19:05they weren't using but they were paying
19:06for hundreds of copies of sequel server
19:08is hundreds of thousands of dollars a
19:10year of spend and they started really
19:12delving into it and seeing that they
19:14were actually wasting millions and
19:15millions of dollars with that vendor and
19:17potentially millions and millions of
19:18dollars with other vendors and the ROI
19:20justification became trivial right I'll
19:23go save the money over here and then I
19:25will prevent the existential threat that
19:27is gonna potentially kill me over there
19:29with that money so it's basically free
19:31so if I if I stopped using my idle
19:34versions of sequel server I can secure
19:37myself now I mean it's it's free for for
19:39the customer it's good money for us and
19:40it's really bad for Microsoft but yes
19:42it's so but so the the firewall guys
19:48can't keep people out that the first
19:50person comes through and then anywhere
19:52where there's not a firewall so if the
19:5422 spots where they have firewalls they
19:56can get through that 1478 spots where
19:59they didn't have firewalls doesn't
20:01matter how about you can you stop all
20:06malware from coming in and if not then
20:10like at what point do you deal with it
20:11and how does the customer know sure and
20:13you know how do they feel about that
20:16that the bad guys do get in somehow
20:18before you can catch them so we don't
20:22prevent attack there are ways that you
20:26can do that but they all rely on you
20:29first getting an indication of what you
20:30should be preventing and so let's take a
20:32step back 20 years ago it used to be the
20:34same virus would hit every single
20:36company in the world it's a slammer and
20:37blaster and there were these examples of
20:39viruses where everybody got the exact
20:42same copy and you could prevent it with
20:43a DAT so that's where antivirus came
20:46from right you take a step forward today
20:49most companies are being attacked by
20:51variants of malware that are
20:52specifically targeted to them you've got
20:54a level of sophistication that is
20:55definitely higher than just set it and
20:57forget it throw it at the Internet
20:59out you can't prevent those things
21:02effectively because essentially
21:03prevention is assuming that the guy who
21:05wrote the prevention tool is smarter
21:07than all the attackers in the world
21:08right right and what we're seeing is
21:10that even not that sophisticated
21:13attackers have copies of the software in
21:15their environment they're cueing their
21:16attacks against the software right so if
21:19I had some kind of tool that was
21:21supposed to be prevent preventing attack
21:22and I as a programmer of an exploit
21:26wanted to sit there and bang against it
21:28until I found a hole
21:29no one's smart enough to write something
21:31that doesn't have a hole and so you know
21:33you look at fire I there are five lines
21:34of code that we're well known to get you
21:36around fire I you look at Emmet you look
21:38at a lot of these tools that are
21:38preventative there are known ways to get
21:40around them and the idea is not to
21:43actually prevent it's to be able to tell
21:46you that there are differences in the
21:47behavior in your environment that are
21:49interesting so there's a new process
21:50we've never seen before and it's
21:52touching your DLP protected data your
21:54sensitive data and it's talking outside
21:56of the internet or of your network
21:57that's an interesting combination right
22:00and what's novel about a Neum is we can
22:02tell you about in seconds instead of
22:03five days later right and so when you
22:06how much do your customers think of it
22:09as kind of because you can't be so
22:13secure that nobody ever gets in you
22:16can't be faster than the bear so to
22:17speak of how much of it is just being
22:19faster than their peers that's exactly
22:21what it is I mean so there are some very
22:25specific attacks like Sony in Las Vegas
22:27Sands and OPM that were very targeted
22:30joint staff it didn't matter how secure
22:33everybody else was they were gonna go
22:34after that target for every one of those
22:37that are a hundred where it was just a
22:38crime of convenience and so getting a
22:41lot more secure than your peers is very
22:43important learning from your peers about
22:45the attacks that they suffered from so
22:46that you can protect protect against
22:48them is important and you know being
22:51able to learn patterns so that you're
22:53able to be more proactive about them you
22:57look at FSI sector financial services
22:59has a really really good kind of groove
23:01where they share information it's been
23:03really effective it's stopping attacks
23:04but to answer your question I mean the
23:08goal is to narrow down the amount of
23:10time that an attackers in your network
23:12and narrow down the scope of what they
23:15are attacking so that they can't get
23:16your most sensitive data it's not to
23:18prevent people from coming in I mean you
23:20know look eventine IAM has to worry
23:23about people being planted in by people
23:25that we don't like in our own company
23:27mm-hmm right a big company a big bank
23:31has hundreds if not thousands of people
23:33who are not really employees of the bank
23:35they know that trying to prevent every
23:39angle in is not a valuable way to spend
23:42your time the right way to spend your
23:43time is instrument your environment so
23:45that you can see that things are going
23:47wrong before they become really damaging
23:50and we can help them do that and how
23:54when you look at the balance of kind of
23:58the classic freedom versus security
24:00balance and how inconvenient these
24:03solutions can become and you think about
24:06securing an environment like at what
24:09point does it just get too inconvenient
24:12for the customer to have like that level
24:14of security like are there solutions
24:16that would work but are too inconvenient
24:19how does tinium put into that how do you
24:21think about that so there are definitely
24:23solutions that are so constraining that
24:27they're under playable I mean the
24:28reality is nobody can deploy them
24:30because as soon as somebody can't do
24:31their job they call their boss who calls
24:33their boss acausal CEO calls the CIO and
24:35tells them to stop doing that and you
24:39know it's kind of a little bit of you
24:40know the Frog boiling in water is kind
24:43of the analogy you know we've got a lot
24:44of our customers who deploy antivirus
24:46and that takes up 10% of their CPU and
24:48to play another thing it takes up five
24:50and it takes up three and takes up two
24:51and then they realize that their
24:53computers are spending 50 percent of
24:54their time doing things that are not
24:56actually productive for work but
24:57protecting them and somebody gets angry
25:00and then they rationalize the
25:01environment and go back down to 15% or
25:03over better the answer for you is we
25:07don't think that the hygiene that we
25:08implement is invasive at all I mean a
25:10user does not benefit from having a
25:12vulnerable machine that didn't get
25:13patched the users not gonna pay a
25:15penalty for a patch to be deployed there
25:17are some things that we can enforce like
25:19multi-factor authentication they do
25:21require the user to be involved a good
25:25be done and their justifications for
25:27them but a lot of this stuff is just
25:29comply with all the standards that you
25:31already thought you were complying with
25:33but there were ineffectively deployed so
25:35they're not actually comprehensively
25:37done right and how long how hard is teh
25:40Miam itself to deploy until it out
25:44secure the environment have it running
25:46in the right way and kind of get the
25:48operational benefits of knowing sure you
25:50know how many copies of sequel server
25:53that you have that are no good like what
25:55does that take what's involved in a and
25:57a deployment so our biggest deployments
25:59take a few weeks so you look at 450 or
26:03500,000 endpoints they typically take a
26:04few weeks less than a month
26:06if you look at a hundred thousand seats
26:08it's common to be less than a week and
26:10if you look at you know a fifty thousand
26:12seat environment it might be a day so
26:14then what is kind of your like your
26:16license to services mix and what are the
26:20services that you guys do the
26:22appointments obviously small we refuse
26:24to sell services so none this is another
26:27one of those really bad things about our
26:29industry right so if you come from a
26:31services background you treat services
26:33as a revenue stream you start building
26:35products that require lots of services
26:36and that's a bad product like it turns
26:39out that that's almost the definition of
26:40a bad product is it's really heavy to
26:42lift it in and it takes a ton of care
26:44and feeding that's basically a buggy
26:45product and you actually have incentives
26:47I've used the entire business model that
26:49you're they're turning bigfix slowly
26:51slowly you're absolutely right I'm
26:53watching in slo-mo but the net of it is
26:57if we insist on not having services to
26:59nice things happen one is we build
27:01products that are designed to be
27:02deployed in days not years because we're
27:05not making money from the years right
27:06fact we're losing money right we're
27:08putting people in for free who are
27:09helping you do things that are taking
27:11way too long and so it's you know
27:12eliminates moral hazard but the second
27:14one is we have a lot of partners who
27:16love providing services and even if teh
27:18Neum isn't a heavy services thing the
27:20ongoing kind of recommendations and
27:23helping the customer use it better there
27:25is a service opportunity and if I
27:26compete with my my partner who is my
27:29channel or maybe who's an OEM they're
27:32not as excited to get in business with
27:34me and so we've got a lot of partners
27:35who sell tain iam and then layer on
27:38recommendation services helping the
27:41customer actually put hands on keyboard
27:43I don't want to be in competition with
27:44my partner so if you're just license and
27:48you're solving this you know rather hard
27:51security problem like how big how big do
27:54you see the market is how like two four
27:57or five years like how big is the
27:59endpoint security and operations market
28:03and then how does that change as people
28:06go more to cloud computing and you know
28:09maybe go more to mobile devices and
28:13these sorts of things so I guess it's
28:17worth defining what we consider to be
28:19our Tam right so today we sell Global
28:222000 companies on their desktop laptop
28:24server VM physical we don't really care
28:27if it has an operating system on it
28:28putting aside mobile for a second we'll
28:31cover it virtual machines in the cloud
28:34are actually a very comprehensive use
28:36case for us most of our customers employ
28:37everything that they own in the cloud so
28:41we need to say deploy so basically
28:43you're talking about their server
28:47environment all their back-end stuff so
28:48you're securing that as well as the
28:50endpoint right that's not machines that
28:52people have sure as well as the things
28:55that they deploy in Amazon in Wi Sur as
28:57well as the things that they deploy that
28:59work from home you know right
29:00basically it's any operating system that
29:02their data is gonna be resident on
29:03whether it's cloud or on pram realm or
29:06whatever it is we see about 20 billion
29:10dollars being spent in what we do today
29:12but what's nice about tain iam is this
29:15platform actually is extensible to do
29:16probably another 40 things we don't do
29:19today because we haven't productized
29:20them and so our strategy is to actually
29:22start releasing modules and already
29:24doing this once per quarter that are
29:26targeted toward use cases that today
29:28require point solutions so to give you
29:30an example there's this market for
29:32unmanaged assets so cisco has something
29:34called nack and they're little companies
29:36like for Scout that are designed to do
29:38this one thing we don't believe that
29:40that's a market that should stand alone
29:42and and why not so you know you spoke
29:45earlier about oh you know customers
29:47don't want these point solutions but
29:51the point solution vendors but argue
29:54look there's a lot of depth of these
29:55problems we're going to have a dedicated
29:57team on them they're gonna be really
29:58good why why do you argue that a
30:02platform approach is superior to that
30:04for two reasons one is they're not
30:06actually that complicated problems they
30:08doesn't want to make them sound
30:09complicated because I validate their
30:11existence it turns out that we built a
30:13forensics product with four engineers
30:15in six months the reason is 95% of the
30:19work was already done when we
30:20architected the platform the forensics
30:22module is just basically a workflow on
30:24top of that same data that you're
30:25gathering for things like asset
30:26inventory or for patch management or for
30:28compliance monitoring and so each one of
30:31those that I just mentioned is a point
30:33solution market they're all gathering
30:34the same data they're just presenting it
30:36slightly differently and they want to
30:38justify that difference as some kind of
30:40cataclysmic change between them and it
30:42turns out it's not and so we've had
30:44enormous adoption amongst our customers
30:46because the second reason they don't
30:48want to deploy twenty agents they don't
30:50want to deploy 50 boxes into every span
30:53port area they don't want to have all
30:55these different things that are
30:56essentially doing the same thing with a
30:57different logo on them setting up a new
30:59MLA with a different vendor having a
31:01different throat to choke having to try
31:03and integrate all those data streams
31:04into you know kind of a contiguous
31:06variance product right which it turns
31:09out is extremely difficult to do any of
31:10a vendor who doesn't understand what an
31:12API should be used for and like you look
31:14at this really hard problem that they
31:16put themselves in and they're fed up
31:18with it they don't want to do it anymore
31:19and they're telling us that every day
31:21and so if we can deliver best-of-breed
31:23solutions in these point solution spaces
31:25they're happy to rip out their point
31:26solution vendors and what we're seeing
31:28is immediately as we're entering into
31:30some of these spaces they're shutting
31:32down every project that they have
31:33internally that's related because if teh
31:36Neum can deliver it and we have one MLA
31:38and it's half the cost because it's a
31:39module on top of the platform and we
31:42don't have to buy a hundred servers and
31:43put them in house and we don't have to
31:44train on a new console it's so
31:47attractive that they're willing to go on
31:48faith and then we have to deliver right
31:51right and so if the current market is
31:54twenty billion dollars and it's
31:56essentially broken like the products
31:58don't work you've got many vendors
32:00involved and so forth does the market
32:05because you actually solved the problem
32:06in the same way that the mp3 market got
32:08a lot bigger when the iPod came out or
32:10does it get smaller because you're just
32:13not going to church for so many
32:15individual things so I guess what I
32:19would say is we don't see a static Tam
32:21we see it enlarging because we're gonna
32:23be able to add modules that expand what
32:25we can do but I would also say the
32:27number of endpoints people are trying to
32:29protect is actually going up we track it
32:31and every one of our customers most of
32:32them are growing 10 to 15% per year the
32:35data they're storing is becoming more
32:38and more painful for them to lose the
32:39number of attacks that they're seeing is
32:41growing the recognition that these
32:44attacks are costing them enormous
32:46amounts of money is growing and they're
32:48not seeing any competition titanium
32:51today that's the thing that really kind
32:53of baffles me on the one side but that I
32:55understand is these big players as I
32:58mentioned earlier they don't really want
33:00to go through the five years of hard
33:01development or they refactor everything
33:03and throw away their old architectures
33:04and tell the hundreds of thousands of
33:06people who've been trained on tools like
33:07secm to just forget everything they
33:09learned and start over like they don't
33:11want to do it but if they don't do it
33:12they really are leaving that Tam for us
33:14and I think it'll grow because the
33:16number of endpoints is growing than the
33:18amount of data is growing in the
33:19severity of the problem is growing and
33:21then you look at the operations side I
33:22mean most people didn't believe that
33:24what we can do is even possible once I
33:27show it to you and I say hey you can
33:29actually save millions of dollars on
33:30this vendor in that vendor I can claim a
33:34lot of that portion of that value that
33:37really right now is deadweight loss it's
33:39not in art and it's in someone else's
33:42Tam right I mean Microsoft says the
33:43database market is worth X billion
33:45dollars it really should be half of X
33:47because half of its not being used
33:49nobody can identify the half that's
33:51nothing is like that you know all the
33:52adage about marketing you know I know
33:53I'm wasting half my money I just don't
33:55know what you have yeah that's the same
33:56with database markets but we can
33:59identify which half right right because
34:01you're you're actually getting it's it's
34:04an operational readout on everything not
34:06just the bad software but that the good
34:09software that just said isn't being used
34:10you're overpaying on it's great
34:12perhaps we can open some questions to
34:16teacher security and tango won't find
34:25that so I'll just tell you I mean unless
34:28you have like 50,000 mobile devices in
34:31your home you're probably not a good
34:32candidate for taining them anyway but
34:35the answer for you is that MDM at least
34:38in my estimation is a pretty broken
34:41market today and the reason it's broken
34:42is the vendors of the platforms that
34:45provide you know Google Microsoft Apple
34:47really Apple is kind of the real real
34:51offender here they don't believe in
34:53management the way that our enterprise
34:55customers want them to so enterprise
34:57customers want to be able to see for
34:59example what's using the power on a
35:00device that they provided a user they
35:02want to see where the data is and what
35:04applications are running and that's
35:06completely orthogonal to Apple's view on
35:08management which is here is your sandbox
35:10enterprise and the user can do anything
35:11they want on the same machine and you
35:14shouldn't be able to control it and you
35:15shouldn't even know kind of the
35:17underlying state of the device you
35:18should maybe just know what's happening
35:20in that little sandbox that you control
35:21and their operating system was built
35:23that way and the other vendors have
35:26different problems but the net of it is
35:27I haven't seen an MDM solution that
35:29really is great that I would look at and
35:32say I would love deploying that Itanium
35:33or if I were a customer I'd love
35:35deploying that and so the way we're
35:37looking at it actually is let's go a
35:39level deeper so Intel Qualcomm and it's
35:42not just mobile but it's you know IOT
35:44potentially are going to win a lot of
35:47this market and we've actually got
35:49projects with both of them to embed
35:52teams communications architecture
35:53directly into the chip so rather than
35:56trying to go in software where it's
35:58pretty inefficient you've got power
35:59issues you've got wireless issues let's
36:01go a level deeper and figure out how we
36:04can instrument a quark processor from
36:06Intel where they have 64 K of space with
36:10Taney um's code base so that we can
36:12actually communicate off that and what's
36:14interesting about it is you look at a
36:16light bulb and they want to sell
36:17billions of connected light bulbs they
36:19don't actually have an answer for how to
36:21manage billions of anything today
36:22containing is the closest they can get
36:24right the hub-and-spoke architecture is
36:26completely broken for that and that's
36:28what they tried and they failed
36:30and so if we can actually get that to
36:32work well then I think that's a good
36:33approach to mobile if that doesn't work
36:36then I think we're gonna have to see
36:38where iOS and Android and Windows Phone
36:40go because they continue to be
36:42unmanageable our customers continue to
36:44be frustrated they continue not to
36:46replace their desktops and laptops with
36:47them and until they actually solve this
36:51problem I don't think they will and do
36:55you see have you seen any change in the
36:57vendors along this journey as Apple
37:01softened at all are they still just as
37:03hard-nosed as ever my personal belief is
37:07that Apple is paying lip service to
37:09enterprise not really doing anything
37:10that my customers are asking for I mean
37:13the point solutions that they're making
37:15for different industries to allow
37:17airline pilots and not have to carry a
37:19book onto every plane is awesome that's
37:21great that's not the concern that my
37:24customers have is a generalized concern
37:25and I'm not seeing them solving it well
37:28thank you Oh Ryan this is you've been
37:29great thank you every day