The Founder Formula
The Founder Formula

Episode · 1 year ago

Amir Ben-Efraim, Co-founder Menlo Security - A Mission to 100% Eliminate Malware


Menlo was founded, in part, because five cybersecurity experts were fed up. Security products should stop bad things from happening — but they didn’t.

Founding his second company on the premise of “Hey, we can do better” has taken this entrepreneur all the way to validation in Gartner’s Magic Quadrant within a decade.

In this episode, we interview Amir Ben-Efraim, CEO at Menlo Security, about lessons learned from the acquisition of his first company and the wild success of his second one.

In this episode, we also discuss:

  • Menlo Security’s origin story
  • The balance of business and technology in entrepreneurship
  • What Amir learned from founding Altor
  • Validation from Gartner and tracking the competition

Check out these resources we mentioned during the podcast:

Listen to this and all of The Founder Formula episodes at Apple Podcasts, Spotify, or our website.

Listening on a desktop & can’t see the links? Just search for The Founder Formula in your favorite podcast player.

And the combination of technology and business. I think, is what makes an entrepreneur really at the end of the day, in high tech you do need to innovate, you need to deliver a new sort of technology, but it has to solve a problem, it has to deliver value, it has to Frenchiate itself in the marketplace. The founder formula brings you in behind the curteys and inside the minds of today's brave executives at the most future leaning startups. Each interview will feature a transformative leader who's behind the wheel at a fast paced and innovative tech firm. They'll give you an insiders look at how companies are envisioned, created and scaled. We hope you're ready. Let's get into the show. Hey, everybody, welcome back to the show. My Name is Todd Galina, and with me is Tony Olzach. He's the chief technology officer here at trace three. Tony, how are you hey? It's I'm good, a morning, glad to be here. Thanks for having me on you bet. I know you're really excited about our guests today and the space that they're in. So what I would love to do is quickly get into the interview with our guests and then perhaps you and I can talk about this specific security space after we've parted ways with our guests at the end of the interview. Yeah, sounds great. I love it, you know. As you know, very personally passionate about cyber security, you know, in all its forms, and really excited about today's guests. Let's get into it, okay. Our guest is an entrepreneur and two time founder. His first company, outour networks, was founded in two thousand and seven and purchased by juniper networks in two thousand and Tenour Hurd and ninety five million dollars. Shortly after, he co founded Menlo Security, a company that protects organizations from malware. They are located in mountain view, California. He has an MBA from UCLA and did his Undergrad at Stanford, possibly the most mentioned school on our podcast. Please welcome us in joining a mire ben L Fryne, thank you for joining us. A mere pleasure, nice to be on the podcast. Thanks for inviting me. Yeah, may are great. Great to have you on. Appreciate you joining where. We're kind of on a good security streak right now. We had Andrew from alumio on on their last episode. May I think you can und it's an honorable follow them. I know we're we're going to come quick at you today, so just dive right in. We would love to hear a little bit more about Menlo Security and why you started it. Yeah, we started mental with five of us and we've all spent considerable time in the security industry and, frankly, we're just getting tired of products not living up to their core mission. Security products, at the end of the day, should stop bad things from happening to you. They should stop malware, they should stop breaches and measured on not basis. They just the security industry was simply not working back in two thousand and thirteen when we started the company, and frankly, the next narration products that we're seeing coming around a corner felt like more of the same. Didn't feel that mott mallor was it evolving and becoming more and more sophisticated, and it felt like the security industry was falling further behind. So at mentally said, hey, we can do better. Why don't we start a company that's focused on delivering a hundred percent effectively? When we meet with a customer and they asked us, Hey, I've purchased your product. Is Am I done now? We wanted that answer to bys. You're done, at least with the traffic or you know, and the network connections that you'll ass let us handle. We can guarantee that those will be safe, and that's the origin of mental we wanted to find a different sort of company in the mission for us was to completely eliminate Malor a hundred percent and deliver a different kind of security outcome. That's great and from everything we're seeing, you guys are really successful out of the gate doing terrific. Wanted to talk a little bit about you a mirror. You know, you did your Undergrad at Stanford, which has a reputation of attracting, you know, technology entrepreneurs as students. Is this one of the reasons that you went there? Maybe you can tell us a little bit about your time there and a little bit about your background, your formative time at becoming an...

...entrepreneur. Yeah, I mean I ended up getting my masters and engineering from Stanford, you know, obviously a great engineering school. Did My undergrad work at, you see, Berkeley, so just sort of, you know, around a corner in the bay, if you will, and I started out as an engineer developing software simulation tools. You know, Stanford really helped me progress that. But you know, at the time, you know, after finishing my my degree at Stanford, AD opportunity to kind of go dive deeper into the tech world or go explore the business world. I ended up actually choosing to go pursue my MBA and wanted to learn more about the business side of the house, and I think that kind of set me out, you know, set me on a track that become an entrepreneur, to really not just think about developing the technology, but really think more in terms of business outcomes, you know, look for gaps in a certain market place and the combination of technology and business, I think, is what makes an entrepreneur really at the end of the day, in high tech you do need to innovate, you need to deliver a new sort of technology, but it has to solve a problem, it has to deliver value, it has to differentiate itself in the market place. So I think that's what sort of you know how my my formative years came about, if you will. It's a combination of business thinking and technology thinking and how can I leverage my technical background that kind of help solve, you know, significant problems? Yeah, it's that's a great background it. We've heard it kind of from both angles. We've had some founders on who started more in the business side of the equation then, you know, when into technology. But I think it's definitely a valuable lesson of just having knowledge and both sides the equation. It's not just technology. You have to be able to solve business problems. Yeah, absolutely. I mean, at the end of the day, lots and lots and lots of tech companies looking for a problem. But I think those was it really stand out and end up having successful journeys do it because there really are able to connect with customer value. At the end of the day, at least on the enterprise side of the house, it really is about delivering value and solving problems the customers care about. You know, that's the only recipe for success. Hey, mary, so you graduate, you get out into the business world, looks like you did a stint at checkpoint and then ultimate some point you start your own company. Love to hear about how that first first journey began and then you guys sold pretty quickly what was that always the plan? Or love to hear just like how that played out and what you're thinking was of the time. Yeah, I mean checkpoint was a great opportunity. I joined in neat formative years of the cyber security are if you will write. firewalls were just kind of coming on and you know, the Internet was, you know, really getting established and people were connecting or private networks to this new thing called the public Internet, and clearly a firewall was needed to separate your private network from from the Public Internet, and it was a real boondoggle at the time. You checkpoint really add the right the right product at the right time and you really got to experience, at least for me the first time, of being inside the Tornado, if you will write, the demand Tornado. The phones were ringing off the hook and you know, it was really a special moment, if you will, and a special time to be there. I really fell in love with a cyber industry. From that moment on. It felt like a real significant problem to solve. The adversaries kept evolving all the time and means cyber is a bit different than the rest of tech in a sense that it's human versus human. If you can think of switching or routing. It's sort of humans against packets, right. You're trying to kind of become more efficient at moving packets around. You can always do better there. But security there's an equally smart bad person who's trying to cause damage, you know, thinking how they're going to defeat all of the security tools that are in their way. So it becomes a bit of a chess match, and which is the the part that I enjoy about cyber security. So I think that was kind of the the early years is really kind of set out to find gaps. there. I left checkpoint, to start all,...

...tour which was a virtualization security company, and the gap was the emergence of virtual machines. So as virtual machines were becoming sort of the new workhorses of the data center and all of the security was in physical boxes, kind of outside of the virtual world, but the workloads themselves weren't virtual machines talking on one another, completely invisible to the physical boxes that were delivering the security. Of the time, we thought about building virtual security right into the hypervisor, if you will, and that was the genesis of the company we started called altour networks and Juniper, you know, having a gap in that in their portfolio. Relative to that and recognizing all of the traction and the momentum behind virtualization, you came in pretty early in our journey as a strategic investor and then ultimately acquired the company aating a year for our journey. So yeah, it was it was a pretty quick journey by enterprise standards, but we had a good partnership there with juniper and thought we, you know, had a good home for ourselves to continue grow into business. So we sometimes have people on the on the podcast. You've done multiple startups and we're always very curious, you know, around things like what did you learn from that first experience that you change or maybe did better when you started Menlo, like were there any learnings that you took away that maybe you did some things a little bit differently or lessons that you had to learn that really came in handy when you started men though? Yeah, I think, you know, you just get better at all of it. Right. If your first startup journey, you know, I mean one fortunate that sort of have that one end in a great success. At the time we raised very little money for the company and it got sold for a little over a hundred million right. So ended up producing a nice outcome for, you know, the employees. The team was only around forty people. You know, the founding team was quite small as well. So it was it was a good outcome. Certainly not, you know, one of these multi billion dollar journeys that people are on today or even the metal is on at the moment, but you know, a great outcome for the time. But again, the company was only forty people. Were chest early into, you know, our sales journey and frankly, you know, the product team as well was kind of less than twenty people. So you start to sort of figure out how to put the pieces together. Can see the early parts of scale, but but not the kind of the full journey there. So I think, you know, the main things I learned from the air is like look for large markets, look for large opportunities, make sure that you know you have a good run on your own, that there aren't really going to read any gorillas around. A quarter can turn around and crush you. In our case at the time, and virtualization, the big gorilla was vm where, you know, they owned The hypervisor, if you will, and started building security capabilities into their own hypervisor, which made it a lot more difficult for us to continue to, you know, deliver our own success. So I mean I look for these patterns. When I wanted to kind of go after something else, I wanted to pick a big, difficult problem, such as the one we just discussing in mental we set out to eliminate Maur from web and email. Those are ninety percent of hour comes from M and emails. So we wanted to pick a very big journey, a big problem, and then go make a dent in that particular problem and and really deliver a different sort of outcome. And I think that was the biggest learning. Is Pick your markets really well, pick your teammates well and pick people around you can scale as the organization used to grow. That's great. That's a great way to recalibrate how things go the second way around. Let's talk a little bit about surrounding yourself with the right people. I'm sure, being in the industry as long as you were, you know when you started Menlo, you had a great opportunity to pick a great team. You guys are one of the rare examples of a woman founded Tech Company, so I know you have Parnema on your team. You want to talk about building out that, that founding team for Menlo? Yeah, I mean, I think I'll chat a little bit about the founding team and pre NEMA. So I mean, first of all, you know, I looked for likeminded people who shared my frustration with the failing approaches to cyber security that...

...we discussed earlier and and a real passion for building something truly revolutionary. These enterprise journeys are long journeys. We are started in two thousand and thirteen. Today, two thousand and twenty one. You can see kind of eight plus years into the journey, we're still going strong right. So people truly need to be committed to this mission, you know, because it's not it's not an easy journey and and it's not a short amount of time, and I think that's what sort of keeps US jell together. I mean our founders, you know, for the most part, is still in a company because they do share this passion and and want to kind of deliver that better outcome than we discussed relative to, you know, helping enterprises eradicate malware. So I think that's a really important blue. It also helps that we've all worked together before, so we knew we can get along. oftentimes you can sort of maybe share the passion, but then as you start walking some hard yards together, you discover that you don't get along as well as you thought you would. And again, talking about the number of years that it takes to make this come together, you can think of it is a bad marriage, if you will right. It's just hard to stay in it for a long haul like that. So we're fortunate again, having worked together before, we knew we got along well, and I think that's, you know, something to speak about Prenima in particular. I've known her for over twenty years. We met a checkpoint software. She ended up joining my business development team over at checkpoint and when I left checkpoint to start altware networks, she end up taking over the team and eventually join me there. So we, you know, already knew we got along well. I'd great respect for her technical acumen and great respect for her leadership style. She's a just a terrific leader and get stuff done. Could really you know, when I guess the ultimate compliment is is when you can hand something off to someone and know that they're going to do it better than you can write. They always say higher people are better than you around you and, you know, while that sounds like a cliche, you know I really feel like I've achieved that with Pernima. You know, someone at that you can really look at as a CO founder to kind of take on big, you know, difficult problems and do a great job at solving them, and I think that's kind of the ultimate the ultimate value is someone you can trust in to get the job done, and very fortunate to have ended up with her as a CO founder at metal. That's great. That's a great endorsement. Hey, Mir or, we've been following you guys for a very long time with our research innovation team, back when I used to lead directly the security team here. We've been huge fans of you guys for a long time and really big fans of the approach. That's the technology, how you guys actually do what you do. You just just wondering last year, through the pandemic and then this explosion of remote and High Harvard work, I got imagine that this has become kind of like a all the stars of aligned and the opportunity in front of you is got to be pretty tremendous. Can you just talk us through, you know, what's going to happen over the last year and where you see the company being embraced and some of the techniques that you guys use? Yeah, I think covid has been very interesting. So, first of all we're seeing covid do is really accelerate digital transformation. So, you know, cloud based applications are are growing like there is no tomorrow, because people have figured out if my workforce is all remote, it's easier to connect to a cloud based world than it is to connect back to the enterprise data center and overwhelm existing vpns and so on and and the cloud, you know, is proved resilient. Through Covid, all of the SASS world remained up and running and, you know, delivered sort of low latency connections and a great experience for users, you know, from their homes or no matter where they were, they were getting a great experience. In the world of security, it sort of created a bit of a challenge because most of security resides inside the corporate data center, if you will. Yet the application stack is moving outside the word the corporate data center into the world of SASS. So what we've seen with Covid is an acceleration of moving security to cloud based services. Mento, of course, is a cloud based, secure web gateway which is really kind of at the forefront of allowing...

...people to connect to all of these different STASS applications. So we were, you know, cloud native, if you will, found it on that cloud principle back in two thousand and thirteen. So, you know, absolutely the right form factor for COVID. On top of that, what we're seeing in sort of the latter part and sort of the more recent months is an acceleration of of Malur attacks. We've seen the colonial pipeline attack and the meat plant and just late last year, the solar winds attacks. So even though the world would like to sort of forget about cyber you know it's always there and you know the bad guys we are their head and sort of cause some untold amount of damage, just reminds all enterprises how vulnerable they are. So this combination of supporting digital transformation by shifting the form factor from on premises to cloud plus, when you do that with Mento, you achieve this sort of perfect security, if you will, right if you let us handle on your web sessions, we guarantee. In fact, we offer a one million dollar warranty that you will not be breached if you use mental and that's something none of our other sort of competitors or peers are able to offer because they just don't have the deep technical stack that we have, you know, an isolation based cord that delivers this type of outcome. So the combination of better security in a cloud form factor is really been, you know, allowed us to accelerate through covid. We had well, you know, our best year under covid and and grew almost a hundred percent year over year. So yeah, I guess to some extent we're fortunate to be resilient through the difficulties of this pandemic. It's amazing every time you think that the the industry might slow down a little bit, you just get that free advertising because some major event happens, you know, out of the blue. Yeah, I mean that cyber right. Like I said earlier, everybody would like to forget about it, but you know, the problem is always there and just when you least expected it rears it's ugly had. So I mean it's you know, enterprises have no choice but to continue to think about how to build better and better defenses and how to remain resilient, because it's a guarantee that the next attack is around a corner. Yeah, we had, as we were talking about earlier, Tony mentioned, we were speaking with Andrew Rubin and he basically said assume breach. You know, he was definding zero trust, but this all falls into the same kind of discussion. You just have to assume it's going to happen and you need to surround yourself with the right protection. You guys are really validated by Gartner. You guys are in their quadrant. We're in the pure Web Gateway Magic quadrants. Okay, so how involved are you with with those discussions? Can you talk a little bit about, you know, validation from from somebody like like Gartner? Yeah, I think. Look, analyst validations always helpful. When you do something special, it sort of helps to spread the word, if you will, and a certainly, you know, a big part of the market looks for analyst perspectives because it is crowded and analysts kind of helped to sift through that, you know, the noise and help sort of narrow down the field a bit. We've been a fissionary with Gardner for three years. I I think that the best validation actually is from the marketplace, right it's from customers and word of mouths. You know, we started our journey, you know, one of our first customers. Were fortunate to get JP Morgan as a customer. It's very early on, you know, in the life of menlow. I think again, we started the company two thousand and thirteen. Think we ended up with JP Morgan as a customer in two thousand and fifteen. So truly one of our first customers. And they help spread the word about Menlo and the outcomes were delivering for them. At the time, they were blocking big swaths of the web because they're worried about risk. With Menlo's unique, you know, way of accessing the web, again, we delivered the secure up gateway powered by Webisolation, we're able to let them go anywhere they wanted on the web risk free. So it ended up helping their various business associates access wider parts of the web and deliver better services to their clients and at the same time, you know, actually improve their security. So they kind of looked at us as as a strange animal. They said mostly security takes rights away. You guys are unique in the sense that you make security better and you actually allow people to do more,...

...and they went ahead and shared that story throughout the financial industry tune, where now eight out of the ten largest banks in the world are all mental customers, and you know, a big chunk of our revenues comes from a financial sector. So I think that customer validation and word of mouth is actually the most important thing you can ever have for yourself as an enterprise company. Of course, analysts like Gardner are extremely influential, so you have to sort of spend time and energy on that world as well. So I think it's that that combination I'd you know, I really personally enjoy most at the customer validation. I think that that working well with the analysis clearly important as well. Yeah, that's a tremendous theory. You know, keep your big customers happy, let them spread the word and the validation will come. That's a great story, by the way. We always like to hear, you know, great customer stories. Appreciate you sharing that with us. Hey, and marry you know, as you start to think about what comes next, and we're always curious those with an entrepreneur on mind you found in multiple companies. Are there other ideas you'd like to chase later in life, or are the things that you're really pondering right now? Give us a glimpse inside your mind and what you think is next for you. We'd love to hear like kind of how the future plays up. Yeah, I'm not front. Look, Mento is an all consuming journey and you know I do have, you know, I guess, ideas. I'm kind of a product oriented founder, if you will write. Haven't been raised as an engineer right from the ground up and sort of spending my initial years and that and that realm. So I think in terms of product, but it really tends to be focused on our current mission here at Menlo of kind of eradicating Malur from web and email and finding better and better ways to do that. So I'm not really thinking beyond mental I'm not sort of looking around a corner and going what is going to be my next journey? I feel my next journey is Menlo. I feel we're still in these sort of you know, I don't know what you want to call it, early innings of the potential. Our last round of financing. You know, we raise the hundred million dollars in our series E. I think we came, you know, out with the valuation of that. Is You shy of the billion dollars are public sort of competitors, if you will, the likes of Z scaler and so on are out with the market gap of twenty five to thirty billion dollars. So I feel there's a lot of value creation still ahead of us as we illustrate to the world that we're truly a better company in those and can deliver better outcomes. And that's really the goal is how to kind of, you know, put our best foot forward and our best thoughts and innovation into continuing that independent journey for mental and developing Menlo into the next great cybersecurity company. Yeah, that's that's great too great to hear. I mean it. We've seen you guys grow from the from the very beginning, and just excited to see the journey, excited to see the growth. You know, we've heard from some others and I believe this whole hardly myself as well, is that in order for something to see it do you have to put everything behind it. You can't split your attention between competing priorities and poor everything you've got into into the thing that is the most important to you. So glad to hear that that's still burning, the entrepreneurial fire and the curiosity and what your your guys are trying to do next, because you know, big hopes for the future for you guys. Appreciate that. And Yeah, I mean I think it does take tremendous dedication on these is, like I said, the long journeys and and you always need to learn. You know, the industry around you adopts as well, and you always need to remain creative and innovative. I think that you can't kind of rest on on something that you might have come up with five or six years ago, because the world around keeps changing. So, yeah, keep keeps it all fresh. Okay, so a mirror. You know, we mentioned, you know, the Gartner quadrants and you talked about where some of your competitors are going in that space. You know, we've seen a lot of startups come and go who were, you know, maybe near what you guys are trying to do, different isolation technologies or different other kinds of platforms, and we've seen some of the classic, maybe a larger companies try to grow into your space a little bit. How closely do you guys track competition and, you know, what do you do with that information? Yeah, I mean I think we're in a very exciting market. So, as I...

...mentioned earlier with Covid, you really are seeing an acceleration of on premises security moving to cloud based security services. We're in perhaps the most exciting part of that. When you look at clouds, secure up gateways in particular, that's been, you know, classically that was a pretty stagnant space, but you know, in the last five or six years this is really where a lot of the innovation has been coming from. So cloud secure up gateways are enabling now zero trust private access. So they're redefining vpns. Essentially use these cloud gateways to connect to you your corporate resources in a nonvpn sort of weight. On top of that, you know, we're seeing a convergence of capabilities. For example, casidy, which was a hot space, is getting converged into the secure roid gateway and data leak prevention is getting converged into secure up gateway and firewall, is a service, you know, for all ports and protocols, not just sweb, is getting converged into what was the secure web gateway. So in a way, you know, it's a very dynamic part of the market. It's starting to consolidate, you know, many, many billions of dollars of annual spend. So we're very excited about that opportunity. I think anytime you have something this disruptive it creates just amazing opportunity for new vendors to emerge and we feel that Menlo is going to be one of these new vendors. The market is crowded. There's certainly a lot of vendors, UN old, kind of all buying for this opportunity. Maybe another sort of, you know, acronym that I'm going to throw at you that's this kind of a hot if you will, is Sassy, secure access service edge. That's a term that gardener had defined and you know, it is sort of echoed back to us that it's the hottest movement or hottest area of interest they're seeing a gardener in the last decade is Sassy. There's just really the sort of combination of capabilities that I just described into a single cloud gateway. So one excited about that journey. It is a very prowded market, but we feel that Menlo is super well differentiated relative to that security outcome that we spoke of. We're the only ones out there saying, Hey, if you use Mento for your Clod Journey, will eradicate Malor from your web sessions a hundred percent. Will eradicate malor from your email sessions a hundred percent, you know, and we can guarantee it because we pioneered this webbiolation technology that no one else has that works at our scale and our level of efficacy. So, you know, I'm very confident that this differentiation matters to a lot of customers. We've spoken about our traction with large customers and he you know, kind of eight out of the ten largest banks and you know, and railways and airports and airlines and hospitals. You know, I can share that the United States Department of Defense is a big mental customer as well. They've actually chosen mental as there, as they're basically way to access the Internet for all three point five million personnel at Dod. I can share that because they've come on. They've noted that publicly. So it's very ex regulation, by the way. That's amazing. Thank you very much. So. So it's this kind of traction and this kind of word of mouth which is powering our growth journey, and I feel like the opportunity is almost infinite, you know, and and then, you know, will support us for many years to come. Yeah, it's amazing when you think about what you guys do and how disruptive it is and how it changes the game of allowing people to do much more but being much more secure at the same time. And not to get too down in the weeds of your guys actual touch, but you know, when I when I talk to security leaders, especially new ones, and they're typically very interested in, you know, how new technology might be changing what's possible and and how they should be thinking about the world. I mean, I got to believe that step number one if you're trying to manage risk is, you know, just deploys Menlo the gate as like a free commercier over you guys. But like, how could you not consume what you guys do and just have that be like the one of the first easy buttons you do to just get a handle on things? I mean, I couldn't agree more and I...

...appreciate the partnership with you guys and spreading a word to you know, the the the various enterprises out there right I feel like people do need to think about cyber in different ways and look for innovative new companies that can, you know, delivered these kinds of outcomes, just to continue doing the same old stuff and continue to spend money with the same firewall vendor for ten years and and perhaps, you know, take outdated technology and move it to the cloud and feel like you've done something better, you'll get the same outcome that you've done before. So it really is challenging your you know, your vendors are on innovation and how can you guarantee to me that when I use you, I'm not going to get breached anymore? Customers should be challenging their vendors to answer that question. If you don't like the answer and it's just kind of sounds like the same answer you've gotten for the last few years or five years, of ten years, then you should probably think about someone else you know, and I think that's the opportunity we welcome at Menlo and I agree with you that I feel that should be you know, essentially the standard for how people access the Internet is using technologies like web isolation to completely eradicate malware. Why I take a risk. Yeah, I mean speaking of making it the standard. You know there. I know there's been some companies that have made the leap into like the consumer side of the eation. How do you guys think about, you know, enterprise opportunity and focus versus consumer facing products? I think that they are really different kinds of companies. So first, the problem, said, is similar right now, ware and fishing and you know, ransomware and all of that stuff hits enterprises and also hits consumers. So the problem is the problem space, if you will, as similar, but the companies that go after it are quite different. If you're going to go after global t thousand companies and you build the sales force and the support infrastructure and you know everything that kind of goes into that and telling that particular story, that's a certain kind of machinery and engine that you've developed. It is completely different from a good to market engine for a consumer company that needs to chase consumer channels and you know app you know stores and you know viral marketing and you know all of the things that you use to kind of go after the consumer world, which, frankly, I don't know very well. You can probably tell just by my description, and I've been an enterprise guy for a long time. So you find very few companies that do both. Well, in fact, I'm not really aware of any. You know, some of the Anti virus companies tended to do semantic. Macafee did both consumer and enterprise, but but they've gone on the split their businesses, you know, semantic fragmented via being acquired by private equity, and macafee is undergoing that process right now. So if anything, it shows that the consumer side and the enterprise side or just really different, different kinds of companies. Well, you guys have done a tremendous, tremendous job. You know, in the space that you're in, you guys are red hot. Your you're the found of a red hot company in a in a red hot space. You guys are doing amazing and we can't thank you enough for hopping on with Tony and myself to kind of share your journey with us a mirror. This has been great. Well, pleasure and thank you guys for inviting me and look forward to continuing a partner with you and your team. Yeah, thanks a mare. It's been great. All right, guys, appreciate it. Like he told us like why he started men though, and he told us this like essentially what they do, which is at an incredibly high level. But like to me, the intriguing thing about what they do and why I've actually been like very enamored with this company since the beginning. Essentially how these guys started is so imagine, like I launched my browser, like in this case, is Google. Chrome's what I use, and I go to you know whatever website. What ends up happening is, in a background, Menlo is sending my web request through their their cloud platform, and their browsers are actually interacting with the content and then they're just sending me the screens. So why that matter... because any kind of attempt to compromise my machine through that web session hits them and doesn't hit me, and I'm only getting like the images and being able to interact with like the like the presentation of the website, not actually the data of the website. So it's shielding me from like everything that could come through, which means like whether it's healthy or not, no one cares, because as soon as that session is done, they destroy that container and spin up a new one. And like no one's the wiser and no one was able to touch me. Like literally, they are creating an environment at we've isolated the web session. It can't touch my computer. I'm just getting like a glimpse from the outside of like what that session looks like, and nothing touches me. When you start thinking about email in the same fashion, where, you know, if I open up an attachment, it opens up inside their platform and I just get to see it. I'm not actually interacting with the file, which means if there's malware in the file, if there's, you know, scripting in the file, it's not actually touching my machine. It's touching them. And so one attempt at this, like when you think about endpoint protection and point protection, is where like things are opening on your machine and it is trying to detect those things and prevent them from happening, and then they're constantly battling the sophistication level of the adversary. What if the stuff never touched your machine, it still looked like it was touching your machine. You still interacted like with the files, with the PDFS, with the word documents, with the website, but it wasn't happening on your machine, but it still appeared as if it was. And that's our whole value up. And when you think about that, you're basically like shrink wrapping a computer and saying this computer is not ever really going to touch the Internet, but it's going to appear like it is, and therefore we will give you a million dollar guarantee that, like, you will not get breached through the web or through email if you use Menlo. And when you think about what that does, are your user base? Like, think about how many times every week like assumed breach, like all this kind of stuff. Well, what if like ninety percent of the stuff that creates those assumed breaches was just wiped out, you know, and and and and so, yes, like assumed breach at some point time, because some savvy person is going to find some way in. But make us so that all the easy ways to get in or just like comple like a hundred percent eradicated. Yeah, it sounds like it. Just a regular person. That whole session is like kept in a container and destroy at the end, and it's you never interact with the actual person with the does that create blag? Well, I mean you you think about the ways they've matured over time. So you're already I mean think about like this, like they're they're being hosted in places like aws, you know, cloud data centers. That's the same. Those are the same places where all your other content is hosted. So, yeah, to put it back through their process and it's so lightweights and they've perfected it over time to wear like you, you would never notice, and I've seen, you know, bakeoffs and tests with their technology and play and like, as an end user, you would not notice. You not notice that whole process taking place, even some things that they will protect you with then as well. Like he here's the next way that people pick off credentials all time, like when we were, you know, doing pain testing a lot or you know, you do like different kinds of like penetration tests or, you know, social engineering and stuff like that. You send people to different kinds of web interfaces that replicate company websites or other kinds of sites they might use and you get them to put their credentials and none the wiser and you've just like picked off their their credentials. You're kind of sitting in the middle of the transaction. Yeah, companies like Menlo do other things too, which is now they see what you're submitting back because it has to go through them, and you could set policy like no, you can't submit company credentials to outside websites like Bam. It's just not going to happen. And so you think about all the ways that you can instantly protect your organization. Is it's pretty exciting and it's no wonder that like dod and other other places are bringing them on. No, it totally makes sense and I can tell that you wish that they had a consumer facing version. Exact I would deploy it right now, like my family, you know, like the kids and my wife and stuff. You...

...know, when it comes to cyber security, people for the most part like the can't be bothered and anything that interferes with their life like the can't be bothered and they don't want to think like two more seconds about anything before they just like, Oh, I got to put my credentials in, are got to put a password in, or no, I'm trying to get to this website to do x Y Z or you like, the kids won't even read screens. Like half the time I'm trouble shooting something, I'm like what that pop up say, Oh, I don't know what that box say. I don't know, like why are you cooking? Yes, Brokay, through all these things with that reading, like it's telling you something for a reason. And so he do you have? All that kind of stuff happened. But the other thing is that I was having the discussion with some other security professionals over a slack channel the other day, which maybe is not the most secure way to talk, but we're not talking about anything sensitive nature. It was about how you control risk around certain kinds of things and and basically, when it came down to is like the consumers just don't care. You, like a lot of security professionals care, like, Oh, this company just leaked a hundred million records, like what are we going to do about it? And how are we going to penalize them? And that's not right, and it's like will certain people care, but if the consumers don't care, then it's really tough to do something about it versus just like the little slap on the wrist and a fine that ends up happening to them. And like case in point, right, if a hospital loses a hundred million records and they get fined, you know you can't shut them down, like and then do you think, like if, if I've got like a critical situation, I need to go to the hospital, I like not that hospital because they had a break. Like that's got breached two weeks ago, like nobody cares. And probably the biggest one of all. I mean think about tart that massive target breach, you know, is one of those like at the time that like just made like so much news. It was all over the place. If you look at their consumer spend, it's like, do you think my wife stopped shopping at target because they got breached? Like no, not. If people look on my bank account, there's that. No one cared. Like all the people who shop at target. One, if they heard about it, they didn't really understand it and to even if they got the notice in the mail, it says like, Oh, we lost all this information, we're going to cover you with free privacy services and identity services and all the stuff. They went right back the target the next week and shopped again and didn't care. So, you know, if the consumers don't care, it's a really tough spot to be in of figuring out, like what do you bring to bear? And now you make the stuff happen. But it's that consumers don't care thing that makes stuff like Menlo so valuable that I wish they would make a consumer version because, yes, okay, people in general just don't care. Let's assume that they don't care and assume the worst and let's allow them to do things in a manner where they don't have to care and we'll still protect them accordingly. And how do we do that? And I that's why I'm a big fan of the isolation techniques, because you know, all the bad stuff happens in someone else's container and never touches you and therefore like yeah, have at it to whatever you're gonna do, because you know you're going to do it anyway. Yeah, and so in this in this case, you would you would personally install it, you know, for your home, or you would expect someone like an Internet provider to supply it and you toggle it when you log in, or Google chrome would supply it. If it was a consumer product, how would folks be able to consume it, I guess, would be my question. Yeah, well, I think that, you know, that just speaks to business model in the grand scheme of things. If I had no other option, I would just install something on everyone's machine and you know, like that's just the model that you would go it. Just think about how service providers are trying to evolve themselves and become more valuable as you especially if people cut the cord and they tried to develop more streaming services and other kinds of valuable services. It's not just a Internet connection that you're buying, it's all these other richer services that come along with it. I mean that it is an example to where, like they many service in writers have added insecurity features into what it is they do for you. This is yet one more to wear. Look, if you can't get a consumer version of it, well, you could have a partnership between Menlo and, you know, whoever your service survirider is, and Serf...

...writer could just provide it as a service back to you and that would work. To bottom line is, how do you get more sophisticated security tooling and capabilities into the hands of consumers, because we're doing an awful lot to protect enterprises and they still keep getting, you know, hit every single week, but you don't hear about all the you know, the people just at home with bad stuff happening to them every single day and they have much less access into the savvier kinds of tooling that they need. And we kind of need it because if you think about the remote workforce, even if I had, you know, all these tools, you know, sitting to probably protecting me on my work machine, but people are sending their their work machines at home and they're they're putting them in their home networks and their home is getting whacked and then, you know, your kid is doing something and they get whacked and through their machine and ends up whacking your machine and it ends up hitting your work machine, to which is just connected to your home network too, and now you've got malware on that thing, even though you know you were protected, quote unquote, through your company's access, through the other direction. Like you kind of have to give thought to protecting the whole home if employees are going to work from home. And you know, in a classic sense, way back in the day we would have just sent devices to the home, like you know, here's your dedicated router VPN device with its own wireless and everything, and Oh, by the way, don't ever connect your work machine to your home network, which everyone just did. Oh by the way, don't ever let your kids use your work machine, which half the people end up doing. And just because if you've got a computer at home with Internet access and it's sitting there, someone's going to use it and you can't prevent people from doing it. And there's like the classic security thinking of like well, we'll put policies in place, and that's again policy and that's against these things. Will put controls in place to prevent that from happening, and it's like what I love about Andrews talk from from the week before. It was that same thing about as soon breach, like you just have to assume that these things are going to happen, like it's fine to put in a policy that like you're not allowed to do these things, or you're not allow to do x, Y and Z, but you had just have to assume that they are going to happen. And when you take like that jocko willing approach, which is good, like this is going to happen. Good. Now, what are you going to do about it? Because you don't have an option to fail. How well, how would you think differently if you just knew it was going to happen and then how would you think differently about protection in today's world? You have to protect the employees entire home because that is part of the attack surface and you can't just ignore the fact that everything else in their house is going to be touched and or kids or spouses are going to pick up the work computer and do whatever they're going to do. That, you know, my may violate your policies, but it's going to happen. Yeah, no, for sure, way to bring jock going too. That those sweet no, no, I think I think we have plenty, so I'll just I'll just close it out. Trace three is hyper focused on helping it leaders deliver business outcomes by providing a wide variety of data center solutions and consulting services. If you're looking for emerging technology to solve tried and true business problems, trace three is here to help. We believe all possibilities live in technology. You can learn more at trace threecom podcast. That's trace, the number threecom podcast. You've been listening to. The founder formula, the podcast for all things start up, from Silicon Valley to innovators across the country. If you want to know what it takes to lead tomorrow's tech companies subscribe to the show wherever you get your podcasts. Until next time,.

In-Stream Audio Search


Search across all episodes within this podcast

Episodes (38)