a16z Podcast | The Fundamentals of Security and the Story of Tanium’s Growth

a16z2019-01-02

437 views|5 years ago

💫 Short Summary

The video explores enterprise security challenges, emphasizing the importance of basic security measures and innovative solutions like Tanium's topology. It discusses rebuilding communication architecture, addressing vulnerabilities, and the ROI of security solutions. The speaker reflects on developing a company, network hardening, and the shift in cybersecurity focus. The evolving cyber threat landscape, network security measures, and the need for cybersecurity hygiene are highlighted. The video also touches on endpoint security, the market shift to cloud computing, and the importance of efficient security solutions in the face of growing data challenges.

✨ Highlights

📊 Transcript

✦

The importance of enterprise security and the challenges of nation-state attacks.

00:48

Emphasizing the necessity for companies to prioritize basic security measures such as keeping virtual windows and doors locked.

Discussing the limitations of traditional patch management solutions and the need for a new approach in managing large enterprise networks.

Highlighting Tanium's innovative topology as a more efficient and effective solution to the evolving cybersecurity landscape.

✦

Challenges in rebuilding communication architecture with a focus on security in client-to-client interactions.

04:25

Emphasis on the need for a unique approach due to the impossibility of distributing keys to every client.

The project involved rebuilding libraries, addressing various edge cases, and lasted five years with a team of 12 engineers.

Despite the complexity, the speaker recognizes the high barrier to entry created by the problem.

Mention of companies bringing in new personnel post-breach for analysis and prevention of future incidents.

✦

Company acquires solution to address vulnerabilities and improve response to attacks.

06:06

Security and operations have different ROI, with security being urgent but lacking tangible returns.

Solution addressing both security and operations leads to securing large deals.

Five years spent building solution, leveraging existing relationships for customer trust before market launch.

Emphasis on scalability and customer satisfaction for success.

✦

Building a Company Without Sales or Marketing Staff.

08:07

Emphasizing the importance of creating a functional product before entering the market confidently.

Targeting underserved markets and leveraging knowledge of competitors from previous ventures.

Contrasting approach with established companies like IBM, focusing on extensive experience and newer architectures.

Acknowledging challenges of competing with larger incumbents but remaining optimistic about unique selling proposition and market strategy.

✦

Network hardening and security measures taken by a major telco company.

11:03

The telco company invested heavily in protecting 22 network access points, spending millions on each.

Despite the robust security measures, vulnerabilities were found, including executives bypassing security protocols.

The challenges of securing corporate networks are highlighted as the perimeter dissolves, especially with the rise of remote work.

The importance of reducing noise and blocking threats is emphasized, even though a complete block is not feasible.

✦

Importance of cybersecurity tools and practices in protecting against cyber threats.

14:17

Cybersecurity tools are designed to allow the first attack through to determine if it's a threat before blocking subsequent attacks.

Many companies face challenges due to outdated data and difficulty in tracking attackers.

Despite increased spending on security tools, the focus remains on perimeter defense rather than endpoint security.

Addressing basic hygiene problems like applying patches is essential for effective cybersecurity, even though some companies find it tedious.

✦

Importance of Basic Security Measures in Cybersecurity Solutions

16:57

Many companies prioritize exciting cybersecurity solutions over fundamental security measures.

Customers often allocate less than 5% of their cybersecurity budget to critical security hygiene practices.

Traditional approaches to cybersecurity are becoming less effective, leading to a growing interest in practical security strategies.

Implementing basic security measures, like metaphorically closing doors and windows, can significantly enhance overall security posture.

✦

Importance of understanding room layout in a house to optimize sales and identify wasted spending.

18:13

Pilot program with a credit card processor successfully uncovered inefficiencies, saving companies millions and improving ROI.

Emphasis on the challenge of cybersecurity, stressing the need for effective firewalls to prevent malware attacks.

Importance of addressing vulnerabilities promptly to protect the business.

✦

Evolution of cyber attacks from generic viruses to targeted malware.

21:50

Antivirus tools are no longer effective against sophisticated attackers with prevention software copies.

Focus shifted to detecting anomalies and unusual behavior in the network.

Goal is rapid identification and response to security breaches.

High-profile targeted attacks like Sony and OPM demonstrate the need for improved cybersecurity measures.

✦

Importance of learning from past cyber attacks for improving cybersecurity measures.

22:41

Financial services sector has been successful in sharing information to prevent attacks.

Goal is to reduce attackers' time in a network and protect sensitive data.

Balancing security measures with user convenience is crucial to avoid hindering productivity.

Implementing cybersecurity hygiene, such as patching vulnerable machines and enforcing multi-factor authentication, is essential for a secure environment.

✦

Challenges of implementing and deploying security practices effectively.

27:11

Compliance and operational benefits are crucial for successful security measures.

Negative impact of heavy service-oriented products on the industry, stressing the need for quick-deployment products.

Drawbacks of relying on services for revenue and potential conflicts with partners.

Emphasis on offering efficient security solutions and avoiding prolonged implementation timelines.

✦

Importance of endpoint security and operations in the market shift towards cloud computing and mobile devices.

28:31

Emphasis on securing server environments, back-end systems, and data on multiple platforms.

Highlighting the extensibility of the platform and the upcoming release of modules for specific use cases.

Explanation of the advantages of a platform approach over individual point solutions in addressing complex issues.

Illustration of the benefits of a comprehensive approach through the development of a forensics product using existing platform infrastructure.

✦

Shift towards Best-of-Breed Solutions in Cybersecurity Market.

31:36

Customers are willing to replace existing vendors for better options, focusing on efficiency and cost-effectiveness.

Increased need for endpoint protection due to growth in data storage and prevalence of cyber attacks.

Recognition of high costs of cyber attacks and lack of competition in effective solutions.

Gap in the market for innovative cybersecurity solutions due to major players hesitating to invest in long-term development.

✦

Importance of Reassessing Tools and Processes in Organizations

33:19

Optimizing database usage is crucial to prevent resource wastage.

Identifying underutilized software is key to maximizing efficiency.

Critique of current Mobile Device Management (MDM) solutions, specifically Apple's approach favoring user freedom over enterprise control.

Speaker expresses doubt regarding existing MDM solutions meeting the needs of enterprise customers.

✦

Discussion on Intel, Qualcomm, and IoT market dominance potential.

36:01

Collaborative projects embedding communications architecture into chips to address power and wireless issues at a deeper level.

Challenges in managing billions of connected devices.

Critique of iOS, Android, and Windows Phone for being unmanageable.

Apple's lack of enterprise focus despite lip service, customer dissatisfaction with Apple's point solutions for various industries, and concerns about generalized issues remaining unsolved.

00:00welcome to the a 16z podcast I have

00:02Michael Copeland the thing about

00:04enterprise security from the outside at

00:06least is it reads like a Hollywood

00:08thriller nation-states are after your

00:11company's most valuable assets and they

00:13must be stopped at all costs and yes

00:16some nation state-sponsored hacks have

00:18caused tremendous damage but the best

00:21course for most companies isn't to focus

00:24on combating mission impossible like

00:27come through the vent break-ins says

00:29tinium co-founder Orion Honda we it's

00:32the far less sexy practice of simply

00:34keeping the virtual windows and doors to

00:36your company locked it is the thing that

00:39will fix you Hindi says in a

00:42conversation from the firm's capital

00:44some event Ben Horowitz in Orion

00:46discussed the state of enterprise

00:48security and how tain iums

00:50block-and-tackle not cloak-and-dagger

00:53approach has defined the company's

00:55technology and also led to its

00:58tremendous growth Ben Horowitz starts

01:01things off hello everybody so

01:06Pat's management and these kinds of

01:08things have been around for quite a

01:10while back Vic fixed it patch management

01:13why is what you do hard so why is it

01:16that like clearly you meet a need but

01:18like why is it hard why do the old

01:20solutions not work what's different

01:22about Tamiya so if you look at every

01:25solution in our space that's targeting

01:27large enterprise and you look at the way

01:29they designed it it's the same so we

01:31call it a hub-and-spoke but basically it

01:33means there's a central server and then

01:35you got potentially hundreds of

01:36thousands of servers sprinkled around an

01:38environment they talk to every computer

01:39and they try and fix things that was

01:41designed when as I said 10,000 computers

01:44was law and now you look at some of our

01:47big banking customers they have five

01:48hundred thousand computers and they have

01:50thousands of branches and they're all

01:51connected and they need to be able to

01:53manage them and the hub-and-spoke is

01:55literally still the way that people have

01:56approached it since you know 1972 today

01:59other than Taney we had to take a

02:02completely refactored approach to the

02:04problem we actually had to go from the

02:05ground up and spend five years building

02:06a completely different topology to do

02:08this because we realized that that

02:10approach the core approach was the

02:11problem the fact that you have hundreds

02:16of thousands of things that are going up

02:17and down constantly that you've got VMs

02:19that are starting up that you've got

02:20cloud environments those are all new

02:22facets that have been entered into this

02:25problem in the last 10 15 years and just

02:27coordinating hundreds of thousands of

02:29anything is really hard I mean it takes

02:31them days to do what we can do in

02:32seconds because they're still doing it

02:33the way that you would if you have five

02:35thousand things instead of five hundred

02:36thousand right right and what about it

02:41kind of makes it a five year R&D project

02:46like what is the dynamic cuz scale like

02:50scale itself won't cost you five years

02:54particularly if I already built the

02:56thing or once before it big fix like is

03:00it the dynamic nature of the

03:01virtualization environment is it mapping

03:03what like how do you get to like such a

03:06big investment to solve what people

03:09really thought they already had solved

03:11or so people have optimized that

03:14hub-and-spoke as much as they possibly

03:16can and it's a known problem

03:18we realized that we had to change that

03:21topology so profoundly that basically

03:24every problem that had had to be solved

03:26in the hub-and-spoke had to be resolved

03:27in a different way so I'll give you an

03:29example security right so security in a

03:33standard model you secure the pipe that

03:35data is going down and you know which

03:37servers talking and it's really easy to

03:39know this server is supposed to encrypt

03:41the data this guy supposed to receive it

03:42we're gonna exchange the key and we're

03:44gonna do that right in a model where

03:46clients are talking to each other you

03:48don't know who's going to be talking to

03:49the client and you can't pass out keys

03:52to every one of them and exchange keys

03:54so you have to do it a different way and

03:55so we had thousands of edge cases that

03:57we had to plow through and many of them

04:00are kind of Theory edge cases others are

04:02just practical right we wanted to

04:03institute a different communications

04:05architecture and practically you know

04:07the things that we could rely on the

04:09libraries weren't really designed to do

04:11that so we had to rebuild some of them

04:12and so there's a lot of kind of re

04:14architecture from the ground up where

04:16you're absolutely right we had a team

04:18that had already done it the old way

04:19right and so we knew the problems with

04:21the old way and they knew what they have

04:23to build and it still took us five years

04:25with 12 engineers to do it because

04:27there's a lot of grunt lifting in

04:29rebuilding something from a ground up

04:31you know it's it is messy sadly I know

04:34well that that is a very messy problem

04:36well it's also a nice barrier to entry

04:38but yes it was good at the end yeah no

04:41doubt no doubt so you spoke about the

04:45the big attacks the headline attacks

04:47that we've seen in the news aren't kind

04:51of attacks by state actors other than

04:53Sony so what about like could you have

04:58helped Home Depot you know could you

05:00have prevented all those guys from

05:01getting fired so I'll answer it slightly

05:05more generally because I've already

05:06gotten in trouble using customer names

05:07ok yes almost every big breach

05:12subsequent to the breach the companies

05:14typically will bring in a new set of

05:16players and then they'll do an analysis

05:18of how the breach happened out of the

05:20top 10 breaches that have happened in

05:21the last year we've been bought by eight

05:23of them and we're in procurement without

05:24their - so and it's not because they're

05:27buying every solution it's because

05:28they're actually analyzing where did

05:30they fall apart and

05:31what ended up happening was they

05:33realized they had indicators that told

05:35them they were being attacked they just

05:37didn't know how to figure out what to do

05:38with that

05:39if you can't ask your endpoints what

05:41they're experiencing and you think maybe

05:43it's happening somewhere that would be

05:45like me telling you you know god forbid

05:47but you've got three cancerous cells

05:48somewhere in your body I don't know

05:49where they are and I don't know if

05:50they're gonna metastasize what are you

05:51gonna do with that yeah you know what

05:54does that data do for you and so they

05:57are able with daenam to actually go and

05:59scan their entire body and see exactly

06:00what's not the way they expect it to and

06:03deal with it before it can become

06:06emergent and so they ended up buying us

06:08because they realize that how does a

06:10company how does a big company have

06:13these vulnerabilities kind of approach

06:16the problem of like what it's worth to

06:18them to buy Taner so we have two

06:22luxuries there that I think are unusual

06:25so the first is we spend security and

06:27operations and so security has a lot of

06:31urgency and a lot of people are very

06:32interested in it but the ROI is not

06:34there the tangible hard ROI in

06:37operations so things like how much

06:39software you're licensing or whether

06:41you're actually deploying that software

06:42correctly there is real ROI but there

06:45isn't much urgency because it's you know

06:46kind of the analogy somebody made was

06:48you know my left arm I have a cut on it

06:50it's annoying me but my right arm was

06:52cut off and it's like bleeding profusely

06:54I have to deal with the security problem

06:56but you know so I'm not going to deal

06:58with the operations problem emergently

06:59but if I can give you a solution that

07:01does both it becomes really interesting

07:03because we can take the ROI from

07:05operations apply it to security get the

07:07urgency there and get some really

07:09enormous deals I mean we've got now four

07:11or five ten plus million dollar deals

07:13from very large environments who don't

07:16spend that much on software typically

07:18and the reason is we have a broad set of

07:20things that we do then they span both

07:23operations in security but I'll take

07:25another approach to that question we

07:29decided to spend five years building

07:31this thing and took it to market when we

07:32already had customers using it on

07:34hundreds of thousands of computers right

07:36we leveraged the relationships that we

07:37had from bigfix to take some very big

07:40companies and have them trust us enough

07:41that they would deploy us into

07:43production in beta

07:45and work with them to make sure it

07:46worked before we ever took it to market

07:47and so you know one of the luxuries we

07:49have is not having to worry that thing

07:51doesn't scale and trying to chase after

07:53a dream in front of our customers and I

07:56don't think a lot of people have the

07:57patience to go through five years of

07:59development without a salesperson on

08:00staff or a marketing person on staff and

08:03just have a bunch of Engineers in a

08:05boiler room in Berkeley and you know go

08:07and build something but once you do that

08:09you've got something that you know works

08:11and then you can go prosecute the market

08:12with confidence instead of saying that

08:14you know my prayer is that eventually I

08:16will get here and I want you guys to

08:17give me money so that you can help me

08:19make my multi-billion dollar company

08:21it's just a very hard argument right so

08:23and a lot of it was you know many

08:26companies actually learn the

08:28requirements in market and since you had

08:30been in market with bigfix you already

08:33knew all the requirements you could go

08:34into the lab and build the whole thing

08:36and we need the competitors I mean so

08:38that's another real luxury we have is we

08:40knew exactly who we'd be competing with

08:41I mean it's the same people we competed

08:43with in our last company I looked for a

08:45market that I knew well that had a

08:47really large dam that was underserved by

08:50its incumbents and that I didn't see any

08:52good movement and I mean everyone has

08:54left the end point for dead they all

08:56want to go work on cloud or on mobile or

08:57on some app and I want them to go do

09:00that I want them all to go do that

09:01because I like my 20 billion dollar team

09:03that's being prosecuted by like 70 year

09:05old gray hairs at IBM it's fantastic for

09:08me I don't think any of the large

09:14incumbent players are feeling threatened

09:16at all and for the simple reason that

09:17they're keeping most of what they're

09:20they're selling like I mean you know if

09:22you look at IBM they used to sell into

09:24the customers were selling to now

09:26they're selling into banks in Brazil

09:27because they're at the end of the

09:29adoption curve and they continue

09:31monetizing that they're just further

09:33along on the conversion curve you know

09:34ten years further just kind of marching

09:36through and they've recap their their

09:39recoup their purchase costs they feel

09:42great about their purchase and

09:43eventually they'll go buy something else

09:45and milk that dry so as your main

09:47competitor actually IBM selling your old

09:49software it's one of them it does give

09:52you an advantage to kind of know what's

09:53wrong with well I mean it's so it's

09:55really hard to argue with you're buying

09:57something if you

09:58from IBM that I invented when I was 18

09:59years old and had absolutely no idea

10:01what I was doing and you can either do

10:02that or buy the product that I had 15

10:04years of learning that I put into it you

10:06know a much newer architecture it is

10:08really hard to compete yeah yeah no it's

10:12are the good news is their sales guys

10:14have plenty of other stuff to sell so

10:17you know you hear a lot about kind of mm

10:21security and a lot of the big banks

10:24complain about okay like we've deployed

10:26the mm security model hard candy shell

10:29on the outside delicious chocolate

10:31Center tell us about what that is and

10:37how the market plays out between

10:39solutions that take that approach and

10:41what you're doing so yeah I mean a

10:44different way to phrase that is as a

10:45networking there's that point and so

10:47many of our customers invested

10:49tremendously in this idea that they were

10:51going to figure out every way into their

10:54network and that they were going to

10:56harden every one of those and that they

10:58didn't have to worry about was inside

10:59because they'd hardened it and it's just

11:01to give you a story about that we work

11:04with one of the biggest telcos in the

11:05world and when we got there they told us

11:07they had exactly 22 ways under their

11:09network and they were spending seven

11:10million dollars a year protecting each

11:11one of them they'd bought every solution

11:13they'd layered it up

11:14it was impregnable there was no way in

11:16so 22 am 22 ways in but they protected

11:20each one to the point where as Fort Knox

11:21one of the things you can do with DES

11:23Neum is you can just figure out the way

11:25out to the internet from every endpoint

11:26because just it's called a traceroute

11:28you know you can just tell it you know

11:29go figure out how you get to the

11:31Internet and tell me the last stage that

11:32was internal to the environment that you

11:34went out through and 1,500 ways out this

11:38is the network provider that's providing

11:41the beverages when you tell them that

11:42well no they didn't so we told them okay

11:44well you know about these 20 to go check

11:46the 23rd and where did the support from

11:48like well how did how did they have sure

11:50an extra whatever fourteen hundred and

11:54seventy they had my five points they had

11:58executives who were sitting in corner

12:00offices that it actually bridged in the

12:01Starbucks network that was reachable

12:03from their corner office into their

12:05corporate network because they didn't

12:06like web filtering they had people in

12:09branches actually running DSL lines back

12:11in

12:11the branches so they could use the DSL

12:14line because they didn't like having to

12:16use the corporate network because it was

12:17too slow they had all kinds of I mean

12:21they're great ways to cheat this and the

12:23problem is the perimeter has dissolved

12:25to the point what so cloud by definition

12:27has no perimeter corporate networks

12:30they're finding out don't really have a

12:31perimeter either you know you start

12:33looking at things like work from home I

12:34mean one of our banks has 50 thousand

12:37computers working from home and any

12:38given time and they're not VPN den so

12:40they're literally just on the internet

12:42and I think they've all realized that

12:45the perimeter is not a protective

12:47mechanism what it is useful for is

12:49reducing noise and it's useful because

12:52you can block a lot you're not going to

12:54block everything but you block a lot and

12:55it's useful for being able to get

12:57indications of what you should look for

12:59internally so you know there are the

13:01sand boxes and they're really good

13:03telling you hey you're getting attacked

13:04in this way now you need to go figure

13:06out where that actually landed and

13:08that's the part most people didn't have

13:10a Forte neum got there they couldn't

13:12take that intelligence and actually say

13:14okay well where did that actually land

13:15and did it succeed and did it spread and

13:18without that all they're doing is

13:20basically sending up a flare and saying

13:22hey another Trojan horse got in we don't

13:24know what's in there like there might be

13:25some soldiers it might be a bomb

13:27whatever but like another one came in

13:29you go figure it out so it's in their

13:31way so so you're telling me that if I

13:34buy state-of-the-art firewall from a

13:37great company that may have like a South

13:40Bay named since we're not naming names

13:43all I'm really gonna know is something

13:48about how I am people are trying to

13:50attack me but I'm not going to know that

13:54like they didn't succeed because I'm not

13:57going to be securing necessarily all the

13:58ways into my company and I'm not going

14:00to be able to know how far along it is

14:02or any of those kinds of things so if

14:04you look at the design of those tools

14:06they're designed to let the first attack

14:08through right so the first attack comes

14:11in and it takes them five or ten minutes

14:13to test whether that is actually an

14:15attack so they let it through it lands

14:17on the end point then they process for

14:18five minutes and then if it's a problem

14:20they send up a flare

14:21they don't let the second attack in

14:23or xx attack if it was 19 of them that

14:26got through in the first five minutes

14:27but right yeah I mean essentially it's

14:29to reduce the noise but then you need to

14:32go clean up what got through and the

14:34problem for many of our customers is

14:35they're playing whack-a-mole right

14:37they're chasing

14:37attackers and they're using

14:39three-day-old data to chase attackers

14:41that are moving every five minutes and

14:43with the kind of gigantic increase of

14:46spend on security tools and with the

14:48number of really smart people building

14:50them how is it that everybody is

14:55attacking the perimeter problem and

14:56nobody's attacking the endpoint the

14:58security problem so I'll give you my

14:59opinion but that may not be completely

15:02true for everybody this problem that we

15:05solved this hygiene problem of you need

15:07to apply patches in our environment is

15:10boring

15:11most companies consider that like if

15:13you're in a founder and you're looking

15:15at it you're like I don't want to figure

15:16out how to apply patches

15:17I want to go figure out how to find the

15:18Russians I want the NSA to use my stuff

15:21to kill bin Laden that's really exciting

15:23right the problem is that's not actually

15:27what most of our customers are facing

15:28day in and day out and we focused on

15:31this problem because we knew it was

15:33actually really important rather than

15:35that it was super exciting and we made a

15:37cutting edge by taking a different

15:38approach to it but you look at a lot of

15:41companies I mean if you look at the

15:42cyber spend of a company that's spending

15:44a lot on cyber and you cut out all the

15:46analytics stuff which is super fluffy

15:48right like we're just gonna take a bunch

15:49of data and we're gonna show you

15:51outliers and I can't even tell you how

15:52we're gonna do it but I promise it's

15:54gonna be really interesting cut that out

15:55you cut out antivirus and all the legacy

15:58stuff that's 20 years old right you cut

16:00out the network side you're looking at

16:02you know whatever it is 5% of the span

16:04that's left and if that's what you look

16:07like you are failing because it should

16:10be a big investment in that area of

16:12hygiene and most people just don't look

16:14at that as like the new exciting thing

16:16but it is actually the thing that will

16:18fix you and how do the customers look at

16:21it you know how hard is it to get more

16:23than 5% of their spend to solve that

16:26that problem given they've purchased all

16:29these other products and they've

16:30justified them and at business cases and

16:33told their CEO look

16:34bought this awesome firewall like what

16:36are you talking about we're totally safe

16:38so five years ago that would have been

16:41really hard because people are still

16:42hoping that would work I think a lot of

16:44people are now cognizant that it's not

16:45working and if it's not working and you

16:49get attacked

16:49you probably got fired and then your

16:51replacement is probably looking for an

16:53answer for this fundamental question of

16:55we're spending a lot of money and it's

16:56not getting better

16:57and so what we're finding actually is

16:59very open ears from our customers who

17:01want us to explain to them the answer to

17:03that question and what we now have is

17:05the preponderance of the fortune 100 who

17:07are using us who can demonstrate that

17:09they're becoming more secure by falling

17:11really block-and-tackle things not you

17:14know cloak-and-dagger come through the

17:16vent like close your doors close your

17:18windows like make sure that you actually

17:21know how many rooms you have in your

17:22house like that don't put a note on the

17:26front door I was talking to CIO recently

17:28and he was telling me you know I asked

17:30him how many computers he had he said

17:31between 100 and 200 which is my normal

17:34answer 100 to 200 thousand computers and

17:36I have no idea where they are and the

17:37please help me and I was kind of I was

17:40smiling because it that's like somebody

17:42coming in and saying you want to do

17:44construction in your house and they ask

17:45you how BIG's the house and they're

17:46expecting you to say you know it's

17:47exactly this number of square feet and

17:49you say between two and seven bedrooms

17:50how am I supposed to even price that

17:53like what am I supposed to do for you

17:54yeah you don't even know how big your

17:57house is and you want me to tell you

17:59exactly how someone's gonna break in and

18:00so we need to figure out where all the

18:02rooms are we need to figure out what's

18:04happening in each one of them you know

18:05what's its purpose what should it look

18:07like

18:08and and does that basically enable the

18:11product to sell itself so can you just

18:13walk in and say oh you don't know how

18:15many rooms you have like let me on your

18:18network and I'll tell you and every

18:21customer goes through a pilot we forced

18:23them to even if they don't want to we

18:25encouraged them to because we have

18:27modules that sit on top of this platform

18:29and if they don't know how many rooms

18:30they have they definitely don't know

18:31what kind of furniture they want to buy

18:32right so we need to tell them what they

18:35look like and show them where the lowest

18:37kind of effort highest yield areas are

18:40for them to start fixing and how we can

18:41help them do that and so we asked them

18:44to do a pilot and you know it's

18:45interesting we had a credit card

18:46processor recently go to a hundred

18:47thousand

18:48Computers in three days in pilot it

18:50basically said you know we'll push it

18:51out until we run into roadblocks

18:54they globally deployed in three days and

18:56then we can give them perfect data on

18:58where their vulnerabilities were but

19:00interestingly we could also show them

19:02that they had hundreds of copies of

19:03sequel server that were installed that

19:05they weren't using but they were paying

19:06for hundreds of copies of sequel server

19:08is hundreds of thousands of dollars a

19:10year of spend and they started really

19:12delving into it and seeing that they

19:14were actually wasting millions and

19:15millions of dollars with that vendor and

19:17potentially millions and millions of

19:18dollars with other vendors and the ROI

19:20justification became trivial right I'll

19:23go save the money over here and then I

19:25will prevent the existential threat that

19:27is gonna potentially kill me over there

19:29with that money so it's basically free

19:31so if I if I stopped using my idle

19:34versions of sequel server I can secure

19:37myself now I mean it's it's free for for

19:39the customer it's good money for us and

19:40it's really bad for Microsoft but yes

19:42it's so but so the the firewall guys

19:48can't keep people out that the first

19:50person comes through and then anywhere

19:52where there's not a firewall so if the

19:5422 spots where they have firewalls they

19:56can get through that 1478 spots where

19:59they didn't have firewalls doesn't

20:01matter how about you can you stop all

20:06malware from coming in and if not then

20:10like at what point do you deal with it

20:11and how does the customer know sure and

20:13you know how do they feel about that

20:16that the bad guys do get in somehow

20:18before you can catch them so we don't

20:22prevent attack there are ways that you

20:26can do that but they all rely on you

20:29first getting an indication of what you

20:30should be preventing and so let's take a

20:32step back 20 years ago it used to be the

20:34same virus would hit every single

20:36company in the world it's a slammer and

20:37blaster and there were these examples of

20:39viruses where everybody got the exact

20:42same copy and you could prevent it with

20:43a DAT so that's where antivirus came

20:46from right you take a step forward today

20:49most companies are being attacked by

20:51variants of malware that are

20:52specifically targeted to them you've got

20:54a level of sophistication that is

20:55definitely higher than just set it and

20:57forget it throw it at the Internet

20:59figure

20:59out you can't prevent those things

21:02effectively because essentially

21:03prevention is assuming that the guy who

21:05wrote the prevention tool is smarter

21:07than all the attackers in the world

21:08right right and what we're seeing is

21:10that even not that sophisticated

21:13attackers have copies of the software in

21:15their environment they're cueing their

21:16attacks against the software right so if

21:19I had some kind of tool that was

21:21supposed to be prevent preventing attack

21:22and I as a programmer of an exploit

21:26wanted to sit there and bang against it

21:28until I found a hole

21:29no one's smart enough to write something

21:31that doesn't have a hole and so you know

21:33you look at fire I there are five lines

21:34of code that we're well known to get you

21:36around fire I you look at Emmet you look

21:38at a lot of these tools that are

21:38preventative there are known ways to get

21:40around them and the idea is not to

21:43actually prevent it's to be able to tell

21:46you that there are differences in the

21:47behavior in your environment that are

21:49interesting so there's a new process

21:50we've never seen before and it's

21:52touching your DLP protected data your

21:54sensitive data and it's talking outside

21:56of the internet or of your network

21:57that's an interesting combination right

22:00and what's novel about a Neum is we can

22:02tell you about in seconds instead of

22:03five days later right and so when you

22:06how much do your customers think of it

22:09as kind of because you can't be so

22:13secure that nobody ever gets in you

22:16can't be faster than the bear so to

22:17speak of how much of it is just being

22:19faster than their peers that's exactly

22:21what it is I mean so there are some very

22:25specific attacks like Sony in Las Vegas

22:27Sands and OPM that were very targeted

22:30joint staff it didn't matter how secure

22:33everybody else was they were gonna go

22:34after that target for every one of those

22:37that are a hundred where it was just a

22:38crime of convenience and so getting a

22:41lot more secure than your peers is very

22:43important learning from your peers about

22:45the attacks that they suffered from so

22:46that you can protect protect against

22:48them is important and you know being

22:51able to learn patterns so that you're

22:53able to be more proactive about them you

22:57look at FSI sector financial services

22:59has a really really good kind of groove

23:01where they share information it's been

23:03really effective it's stopping attacks

23:04but to answer your question I mean the

23:08goal is to narrow down the amount of

23:10time that an attackers in your network

23:12and narrow down the scope of what they

23:15are attacking so that they can't get

23:16your most sensitive data it's not to

23:18prevent people from coming in I mean you

23:20know look eventine IAM has to worry

23:23about people being planted in by people

23:25that we don't like in our own company

23:27mm-hmm right a big company a big bank

23:31has hundreds if not thousands of people

23:33who are not really employees of the bank

23:35they know that trying to prevent every

23:39angle in is not a valuable way to spend

23:42your time the right way to spend your

23:43time is instrument your environment so

23:45that you can see that things are going

23:47wrong before they become really damaging

23:50and we can help them do that and how

23:54when you look at the balance of kind of

23:58the classic freedom versus security

24:00balance and how inconvenient these

24:03solutions can become and you think about

24:06securing an environment like at what

24:09point does it just get too inconvenient

24:12for the customer to have like that level

24:14of security like are there solutions

24:16that would work but are too inconvenient

24:19how does tinium put into that how do you

24:21think about that so there are definitely

24:23solutions that are so constraining that

24:27they're under playable I mean the

24:28reality is nobody can deploy them

24:30because as soon as somebody can't do

24:31their job they call their boss who calls

24:33their boss acausal CEO calls the CIO and

24:35tells them to stop doing that and you

24:39know it's kind of a little bit of you

24:40know the Frog boiling in water is kind

24:43of the analogy you know we've got a lot

24:44of our customers who deploy antivirus

24:46and that takes up 10% of their CPU and

24:48to play another thing it takes up five

24:50and it takes up three and takes up two

24:51and then they realize that their

24:53computers are spending 50 percent of

24:54their time doing things that are not

24:56actually productive for work but

24:57protecting them and somebody gets angry

25:00and then they rationalize the

25:01environment and go back down to 15% or

25:03over better the answer for you is we

25:07don't think that the hygiene that we

25:08implement is invasive at all I mean a

25:10user does not benefit from having a

25:12vulnerable machine that didn't get

25:13patched the users not gonna pay a

25:15penalty for a patch to be deployed there

25:17are some things that we can enforce like

25:19multi-factor authentication they do

25:21require the user to be involved a good

25:23practice

25:25be done and their justifications for

25:27them but a lot of this stuff is just

25:29comply with all the standards that you

25:31already thought you were complying with

25:33but there were ineffectively deployed so

25:35they're not actually comprehensively

25:37done right and how long how hard is teh

25:40Miam itself to deploy until it out

25:44secure the environment have it running

25:46in the right way and kind of get the

25:48operational benefits of knowing sure you

25:50know how many copies of sequel server

25:53that you have that are no good like what

25:55does that take what's involved in a and

25:57a deployment so our biggest deployments

25:59take a few weeks so you look at 450 or

26:03500,000 endpoints they typically take a

26:04few weeks less than a month

26:06if you look at a hundred thousand seats

26:08it's common to be less than a week and

26:10if you look at you know a fifty thousand

26:12seat environment it might be a day so

26:14then what is kind of your like your

26:16license to services mix and what are the

26:20services that you guys do the

26:22appointments obviously small we refuse

26:24to sell services so none this is another

26:27one of those really bad things about our

26:29industry right so if you come from a

26:31services background you treat services

26:33as a revenue stream you start building

26:35products that require lots of services

26:36and that's a bad product like it turns

26:39out that that's almost the definition of

26:40a bad product is it's really heavy to

26:42lift it in and it takes a ton of care

26:44and feeding that's basically a buggy

26:45product and you actually have incentives

26:47I've used the entire business model that

26:49you're they're turning bigfix slowly

26:51slowly you're absolutely right I'm

26:53watching in slo-mo but the net of it is

26:57if we insist on not having services to

26:59nice things happen one is we build

27:01products that are designed to be

27:02deployed in days not years because we're

27:05not making money from the years right

27:06fact we're losing money right we're

27:08putting people in for free who are

27:09helping you do things that are taking

27:11way too long and so it's you know

27:12eliminates moral hazard but the second

27:14one is we have a lot of partners who

27:16love providing services and even if teh

27:18Neum isn't a heavy services thing the

27:20ongoing kind of recommendations and

27:23helping the customer use it better there

27:25is a service opportunity and if I

27:26compete with my my partner who is my

27:29channel or maybe who's an OEM they're

27:32not as excited to get in business with

27:34me and so we've got a lot of partners

27:35who sell tain iam and then layer on

27:38recommendation services helping the

27:41customer actually put hands on keyboard

27:43I don't want to be in competition with

27:44my partner so if you're just license and

27:48you're solving this you know rather hard

27:51security problem like how big how big do

27:54you see the market is how like two four

27:57or five years like how big is the

27:59endpoint security and operations market

28:03and then how does that change as people

28:06go more to cloud computing and you know

28:09maybe go more to mobile devices and

28:13these sorts of things so I guess it's

28:17worth defining what we consider to be

28:19our Tam right so today we sell Global

28:222000 companies on their desktop laptop

28:24server VM physical we don't really care

28:27if it has an operating system on it

28:28putting aside mobile for a second we'll

28:31cover it virtual machines in the cloud

28:34are actually a very comprehensive use

28:36case for us most of our customers employ

28:37everything that they own in the cloud so

28:41we need to say deploy so basically

28:43you're talking about their server

28:47environment all their back-end stuff so

28:48you're securing that as well as the

28:50endpoint right that's not machines that

28:52people have sure as well as the things

28:55that they deploy in Amazon in Wi Sur as

28:57well as the things that they deploy that

28:59work from home you know right

29:00basically it's any operating system that

29:02their data is gonna be resident on

29:03whether it's cloud or on pram realm or

29:06whatever it is we see about 20 billion

29:10dollars being spent in what we do today

29:12but what's nice about tain iam is this

29:15platform actually is extensible to do

29:16probably another 40 things we don't do

29:19today because we haven't productized

29:20them and so our strategy is to actually

29:22start releasing modules and already

29:24doing this once per quarter that are

29:26targeted toward use cases that today

29:28require point solutions so to give you

29:30an example there's this market for

29:32unmanaged assets so cisco has something

29:34called nack and they're little companies

29:36like for Scout that are designed to do

29:38this one thing we don't believe that

29:40that's a market that should stand alone

29:42and and why not so you know you spoke

29:45earlier about oh you know customers

29:47don't want these point solutions but

29:51the point solution vendors but argue

29:54look there's a lot of depth of these

29:55problems we're going to have a dedicated

29:57team on them they're gonna be really

29:58good why why do you argue that a

30:02platform approach is superior to that

30:04for two reasons one is they're not

30:06actually that complicated problems they

30:08doesn't want to make them sound

30:09complicated because I validate their

30:11existence it turns out that we built a

30:13forensics product with four engineers

30:15in six months the reason is 95% of the

30:19work was already done when we

30:20architected the platform the forensics

30:22module is just basically a workflow on

30:24top of that same data that you're

30:25gathering for things like asset

30:26inventory or for patch management or for

30:28compliance monitoring and so each one of

30:31those that I just mentioned is a point

30:33solution market they're all gathering

30:34the same data they're just presenting it

30:36slightly differently and they want to

30:38justify that difference as some kind of

30:40cataclysmic change between them and it

30:42turns out it's not and so we've had

30:44enormous adoption amongst our customers

30:46because the second reason they don't

30:48want to deploy twenty agents they don't

30:50want to deploy 50 boxes into every span

30:53port area they don't want to have all

30:55these different things that are

30:56essentially doing the same thing with a

30:57different logo on them setting up a new

30:59MLA with a different vendor having a

31:01different throat to choke having to try

31:03and integrate all those data streams

31:04into you know kind of a contiguous

31:06variance product right which it turns

31:09out is extremely difficult to do any of

31:10a vendor who doesn't understand what an

31:12API should be used for and like you look

31:14at this really hard problem that they

31:16put themselves in and they're fed up

31:18with it they don't want to do it anymore

31:19and they're telling us that every day

31:21and so if we can deliver best-of-breed

31:23solutions in these point solution spaces

31:25they're happy to rip out their point

31:26solution vendors and what we're seeing

31:28is immediately as we're entering into

31:30some of these spaces they're shutting

31:32down every project that they have

31:33internally that's related because if teh

31:36Neum can deliver it and we have one MLA

31:38and it's half the cost because it's a

31:39module on top of the platform and we

31:42don't have to buy a hundred servers and

31:43put them in house and we don't have to

31:44train on a new console it's so

31:47attractive that they're willing to go on

31:48faith and then we have to deliver right

31:51right and so if the current market is

31:54twenty billion dollars and it's

31:56essentially broken like the products

31:58don't work you've got many vendors

32:00involved and so forth does the market

32:02get bigger

32:05because you actually solved the problem

32:06in the same way that the mp3 market got

32:08a lot bigger when the iPod came out or

32:10does it get smaller because you're just

32:13not going to church for so many

32:15individual things so I guess what I

32:19would say is we don't see a static Tam

32:21we see it enlarging because we're gonna

32:23be able to add modules that expand what

32:25we can do but I would also say the

32:27number of endpoints people are trying to

32:29protect is actually going up we track it

32:31and every one of our customers most of

32:32them are growing 10 to 15% per year the

32:35data they're storing is becoming more

32:38and more painful for them to lose the

32:39number of attacks that they're seeing is

32:41growing the recognition that these

32:44attacks are costing them enormous

32:46amounts of money is growing and they're

32:48not seeing any competition titanium

32:51today that's the thing that really kind

32:53of baffles me on the one side but that I

32:55understand is these big players as I

32:58mentioned earlier they don't really want

33:00to go through the five years of hard

33:01development or they refactor everything

33:03and throw away their old architectures

33:04and tell the hundreds of thousands of

33:06people who've been trained on tools like

33:07secm to just forget everything they

33:09learned and start over like they don't

33:11want to do it but if they don't do it

33:12they really are leaving that Tam for us

33:14and I think it'll grow because the

33:16number of endpoints is growing than the

33:18amount of data is growing in the

33:19severity of the problem is growing and

33:21then you look at the operations side I

33:22mean most people didn't believe that

33:24what we can do is even possible once I

33:27show it to you and I say hey you can

33:29actually save millions of dollars on

33:30this vendor in that vendor I can claim a

33:34lot of that portion of that value that

33:37really right now is deadweight loss it's

33:39not in art and it's in someone else's

33:42Tam right I mean Microsoft says the

33:43database market is worth X billion

33:45dollars it really should be half of X

33:47because half of its not being used

33:49nobody can identify the half that's

33:51nothing is like that you know all the

33:52adage about marketing you know I know

33:53I'm wasting half my money I just don't

33:55know what you have yeah that's the same

33:56with database markets but we can

33:59identify which half right right because

34:01you're you're actually getting it's it's

34:04an operational readout on everything not

34:06just the bad software but that the good

34:09software that just said isn't being used

34:10you're overpaying on it's great

34:12perhaps we can open some questions to

34:15the audience

34:16teacher security and tango won't find

34:25that so I'll just tell you I mean unless

34:28you have like 50,000 mobile devices in

34:31your home you're probably not a good

34:32candidate for taining them anyway but

34:35the answer for you is that MDM at least

34:38in my estimation is a pretty broken

34:41market today and the reason it's broken

34:42is the vendors of the platforms that

34:45provide you know Google Microsoft Apple

34:47really Apple is kind of the real real

34:51offender here they don't believe in

34:53management the way that our enterprise

34:55customers want them to so enterprise

34:57customers want to be able to see for

34:59example what's using the power on a

35:00device that they provided a user they

35:02want to see where the data is and what

35:04applications are running and that's

35:06completely orthogonal to Apple's view on

35:08management which is here is your sandbox

35:10enterprise and the user can do anything

35:11they want on the same machine and you

35:14shouldn't be able to control it and you

35:15shouldn't even know kind of the

35:17underlying state of the device you

35:18should maybe just know what's happening

35:20in that little sandbox that you control

35:21and their operating system was built

35:23that way and the other vendors have

35:26different problems but the net of it is

35:27I haven't seen an MDM solution that

35:29really is great that I would look at and

35:32say I would love deploying that Itanium

35:33or if I were a customer I'd love

35:35deploying that and so the way we're

35:37looking at it actually is let's go a

35:39level deeper so Intel Qualcomm and it's

35:42not just mobile but it's you know IOT

35:44potentially are going to win a lot of

35:47this market and we've actually got

35:49projects with both of them to embed

35:52teams communications architecture

35:53directly into the chip so rather than

35:56trying to go in software where it's

35:58pretty inefficient you've got power

35:59issues you've got wireless issues let's

36:01go a level deeper and figure out how we

36:04can instrument a quark processor from

36:06Intel where they have 64 K of space with

36:10Taney um's code base so that we can

36:12actually communicate off that and what's

36:14interesting about it is you look at a

36:16light bulb and they want to sell

36:17billions of connected light bulbs they

36:19don't actually have an answer for how to

36:21manage billions of anything today

36:22containing is the closest they can get

36:24right the hub-and-spoke architecture is

36:26completely broken for that and that's

36:28what they tried and they failed

36:30and so if we can actually get that to

36:32work well then I think that's a good

36:33approach to mobile if that doesn't work

36:36then I think we're gonna have to see

36:38where iOS and Android and Windows Phone

36:40go because they continue to be

36:42unmanageable our customers continue to

36:44be frustrated they continue not to

36:46replace their desktops and laptops with

36:47them and until they actually solve this

36:51problem I don't think they will and do

36:55you see have you seen any change in the

36:57vendors along this journey as Apple

37:01softened at all are they still just as

37:03hard-nosed as ever my personal belief is

37:07that Apple is paying lip service to

37:09enterprise not really doing anything

37:10that my customers are asking for I mean

37:13the point solutions that they're making

37:15for different industries to allow

37:17airline pilots and not have to carry a

37:19book onto every plane is awesome that's

37:21great that's not the concern that my

37:24customers have is a generalized concern

37:25and I'm not seeing them solving it well

37:28thank you Oh Ryan this is you've been

37:29great thank you every day

37:31[Applause]

🎥 Related Videos

a16z Podcast | Things Come Together -- Truths about Tech in Africa

a16z Podcast | The Infrastructure of Total Health

The Robot Lawyer Resistance with Joshua Browder of DoNotPay

a16z Podcast | Bots and Beyond

Design Sprints as a Tool for Organizational Change

a16z Podcast | Valuing Today's Fast-Growing Software Companies

🔥 Recently Summarized Examples

Former Priest REVEALS Jesus' MYSTICAL Lost Years & His Connection to BUDDHA! | Fr. Seán ÓLaoire

Kim Kardashian's Plastic Surgery Reversal: Is She Trying to Rewind Time?

How To Succeed As A NEW & YOUNG Realtor [Deals Every Month + Luxury Listings]

BITCOIN EMERGENCY: NEXT PRICE TARGETS REVEALED!! Bitcoin News Today & Ethereum Price Prediction!

Uncovering Ancient Atlantean Ruins: Exploring Evolutionary Pathways and Psychic Phenomenon

Samsung Technician Knives TV To Void Warranty

View original video