 Hi, this is your host of Kumbhatiya and welcome to tier 4. Let's talk. And today we have with us Emre Tenastope, founder and CEO of Binalize. Emre, it's great to have you on the show. Thanks to us from now. It's a pleasure being here. I would love to know a bit about the history and the story of the company. Tell me how old is the company, when you folks created it and what was the problem that you saw was still needed to be solved that led to the creation of this company? So, we are almost six years old. We started in 2018 and the idea was automating a lot of the manual stuff that has been in practice for the last 35-40 years. Binalize is a digital front-sixth-inch response company. It's now being categorized into cloud investigation and response automation. That's how Gartner calls it, C-I-R-A. So, what we basically do is we are automating a lot of the manual stuff that was mainly invented by law enforcement on a machine-by-machine basis and applying digital front-sixth visibility to a lot of the modern problems that we are facing in security operations centers and mainly MSSP. So, what we do is we are automating all that process end-to-end so that you can focus on what matters rather than doing the plumbing work. That's how our customers call it. And who are these customers? You did mention law enforcement, but I just want to get a kind of pulse-up or idea of, you know, who are you serving? We originally started with the law enforcement in mind, but it quickly changed after the first year. So, the initial product was a single executable that you run on a machine, collects all the evidence that you need so you can rapidly understand what's happening on that machine. And then we started to get a lot of requests from enterprise customers, which we kept listening in the following five years. And our product turned into a full-blown enterprise product by listening, like keeping an eye on the customers. And now it's at the center of the security operations center, which means any mid-level to like mid to, not SMBs. So, our buyers are large enterprises, mid to large enterprises, and also MSSPs who are serving these type of customers. So, two types of buyers, enterprises, which can be from any segment, but mainly we have finance, government, airlines, banking, finance. So, these are the main buyers. So, if I look at the industry that you folks kind of operating it, if we try to put a label, what would that be? Is it like cybersecurity? Is it forensics? Is it, you know, monitoring testing? Is it incidental smart? Or you feel that, you know what, these lines overlap, the lines get blurred. So, talk about that. Yeah, especially cybersecurity is quite crowded. Five years ago, if you asked this question, I would have told you we are a cybersecurity product, but that's not the answer anymore, because we don't believe there is 100% cybersecurity. And that's the reason why the industry is shifting towards cyber resilience. So, we're not talking about cybersecurity anymore. It's cyber resilience. And Binaliz is a cyber resilience company. So, we are providing means and platforms for you to investigate, understand, and based on an understanding, you can respond to these type of alerts, which can be false posted elimination, which can be a real case investigation, which can be a proactive or reactive investigation. Because we assume that there may be a breach. And that makes us not suitable to the word cybersecurity anymore. Talk a bit about your own background, because when you said you started a company was initially created to cater to the law enforcement. Do you have a background in there? And also, if you can talk about, where are you folks based and what kind of regional market you folks serve? We are currently operating from 10 countries. So, it's a fairly distributed team. And the customers are all around the world. We have customers in the US, in Europe, and in like APAC. So, we don't have a specific region. About 50% of our revenue is coming from the US. So, we are definitely growing from the US. And my background is endpoint security. I spent more than 10 years in reverse engineering malware, working on developing endpoint security solutions that allowed our customers to secure their endpoints. And then, it didn't take too much time to understand that whatever we do, there will be a breach because it was a cat and mouse game 10 years ago. And it's still the case, by the way. And we were finally proceeded that whatever we do, there will be kind of an investigation. And that's how we started. And the idea of panelists came while I was involved in high-profile investigations with our advisors, and they are from law enforcement background. So, I'm not from law enforcement. I've been an engineer for more than half of my life. But the idea of the product came while we were investigating these breaches. And it was mainly for solving our own problems, not for creating the commercial products. But it turned you into being a commercial product pretty fast due to the need. As you were also earlier saying that if I asked the question five years ago, you would say, you know, we are a cyber security company, but today the thing is different. I also want to talk a bit about, just forget about the jargon, just forget about the labels, and look at the larger picture. The importance of either resiliency, because we don't live in that data center, centric world. We have moved to cloud. We have moved to edge. So, the way we look at security is also different. It's not that you're writing a piece of code, shipping it, and someone else is managing it. You are managing it yourselves. So, talk a bit about how do you look at the overall, I'm trying to put the question properly, developing a code, putting it out and running it by operator's team or DevOps team, that's good. But you have to maintain the hygiene, the health, the integrity, and also make sure that code is also not susceptible to attacks from outsider or the vulnerability from inside, because we're also delivering a lot of open source code base these days. And these open source code base comes from different sources. We can talk about supply chain. So, security is not that easy. I mean, for you, it is easy, but it's not an easier symbol. So, I want to look at it from the holistic perspective, the why companies should have a much more concrete approach towards, once again, we can give them a lot of different names, but how do you look at the importance? Does that question make sense? Great question. Great question. Actually, it summarizes where the industry is shifting towards. I will step back and not securing the code, but securing the employee, securing the human piece should be discussed. That's why the industry is moving towards a mindset of running continuous compromise assessment. So, whether you receive an alert or not, whether you face a breach or not, you should always have the mindset of proactive investigations. So, rather than securing the code, what if your employee gets compromised or what if there's an insider threat? So, in this case, there is no external threats, but you have someone inside the company who would help the attackers. So, that's why the idea of monitoring and the perception of, okay, we'll deploy this product, so it's a timeline, and at some points, we'll be having alerts. That's not valid anymore. And this is the reason why it takes 300 days, more than 300 days, based on IBM's latest reports, to identify and contain a breach, which clearly shows the fact that there's something wrong. So, that's the reason we have to embrace. There should be continuous compromise assessments. So, whether I have an alert or not, I should be continuously patrolling the environment mainly. So, running a patrol across your enterprise, which can be in the cloud, on-prem, on your mobile, so whatever the assets are comprised in your environment, you should be continuously running an assessment on them. And that's why, once a dark magic, that's how I call it, a compromise assessment was a specialty area for a few companies, five, 10 years ago. Now, it's heading to be more mainstream with the automated tools. So, that's how we see it. The days of monitoring, waiting for an alert, is way over. When you talk about continuous assessment, I almost heard you all talking about continuous integration and continuous delivery. And you also mentioned a lot of other things. How do you see the overlap of some of these practices, of course, CI, CD, pipeline, tools, practices, the whole, we can talk about observability space. We can talk about side reliability also. So, when we look at what you're talking about protecting users as much as you're protecting your environments or code base, whose responsibility do you think when you talk to your clients, you work with them? Which teams do you interact with? Or do you feel that this is organization-wide problem, but when something becomes everybody's problem actually and some becoming nobody's problem? So, just talk about from that perspective once again, if that makes sense. Yeah, let me start with the second part of the question. So, whose responsibility is it? It is. It's the security operation center, IT and IT problem. But just because having a lot of platforms that brought the responsibility of IT, we started to talk about the idea of security operation center, which is only responsible for the security aspect of these platforms, security view of the enterprise, which makes it clear that this is a SOC, responsibility, SOC. And if you are working with an MSSP, then it's the responsibility of MSSP. The first part is similar to what we have in engineering right now, CI, CD. We didn't have those 10 years ago. At least we didn't as a team. But now we are enjoying the automation of continuous integration, continuous delivery. So, we are focusing on the right problems rather than deploying the code, testing it manually. So, these type of problems are not there anymore, thanks to CI, CD. I see a very similar approach to security operation center, day-to-day work. So, that's the reason why our customers called before starting with Binalyze, we were doing the plumbing work of security operation center, which means whenever you receive an alert, you need to connect to those machines, you need to ask for permissions, you need to collect evidence, you need to analyze those evidence, and then you end up with a small, very small picture of a potential breach. And then you need to do the same for the other assets, which may be involved, which is very similar to CI, CD missing in an engineering framework. So, you are testing every single piece of code, one by one, which makes it impossible to maintain. So, that's exactly what's happening in the security industry now, automating, integrating, so that we can use the creativity of human brain on things that matter rather than manual stuff that can be automated by the machine. Which is, again, another aspect of our product. So, you already have CM, SOAR, EDR, XDR, all these security solutions. And what these are doing, most of the time, are they're generating alerts for your SOC team to take a look at. So, why not we are automating the triage piece, automating the investigation piece as much as we can. So, rather than asking an investigator to do this, showing the investigator a picture and letting them decide if they should keep going or they should close the case. So, that's the aim of a modern SOC operation. In the very beginning news, also mentioned that security when you load security is still the kind of cat and mouse game. Security is not a product, it's a process. As good guys, we have to be right 101% of time. Bad guys have to be right only once. Do you see that just the way now cars have already airbags, they have a lot of mechanism for sleeping, skating, to kind of avoid things that we know will go wrong. From security perspective, do you see we are heading with all this automation now, we can also talk about AI in a direction where a lot of things are not responses to a lot of things that happen. Yeah, it will be extreme where you have to go in and respond, but we should be very proactive where you're saying, hey, you know what, we are not looking at security from a perspective or something happened and then we are trying to figure out and then we are trying to fix it. What are you seeing which is really happening here? Great point. Like similar to your airbag analogy, I think again we should take it one step further and it's similar to having maintenance like control, so every car, every year you need to have it checked, right? It's like a checkup for human. So similar to that analogy, enterprises should be running continuous compromise assessments whether they have a problem or not on a continuous basis rather than depending on their brakes, depending on their car's airbags. So very similar thing is now happening in the enterprise segment, which is not there yet, but this is where it should be. And this way, enterprises or any type of company should be running continuous assessments where they are, is there anything wrong rather than waiting for an alert, rather than waiting for an accident in car terms? So I agree on the person. How much adoption are you seeing of continuous assessment kind of practice and also would you label it as a practice, process or more or less like tools? It's a process and practice, but it's also a mindset. So without having this mindset, because we are in an industry that has been, the way I call it is brainwashed, because for the last 35, 40 years, we are used to buying a product, deploying it and then feeling ourselves safe, which is what I was doing 10 years ago. We were developing those products, we were showing you alerts, we were stopping them, preventing them if we can. But first you should embrace that this is a mindset shift and once you acknowledge that, that is the new way of doing things, then it becomes a process. So it starts with the mindset and then followed by a process change in an enterprise. And how much adoption are you seeing of this practices, process, culture? It's mostly the immature enterprises who faced that face a breach in the past. So they are the ones who has much higher awareness. So that's why the adoption is not there yet, like full adoption is not possible, but it's set in towards. Are you happy with the progress of adoption? What are some of the hurdles, roadblocks, pain points? Is it like awareness? Is it about need for more education? It's like no, they all know it. It's just budget and availability of toolings. It's mainly because of the understanding and the awareness level. So the ones, as I mentioned, the ones who are aware of the problem are the ones who were using all the money can buy. So the best products on the market, but still has an issue. So those are the ones who embrace the new approach much faster. And I think the biggest hurdle all the industry face, not a specific company, including us is the consolidation of tools and platforms. And also the budget constraints. So last year on the downturn environment, it was really hard for a lot of startup to get budgets. So the consolidation of the security stack is affecting it. It's an issue. For our segment, it's not a big issue because we don't have too many competitors. So a handful of products on the market, which is increasing every day. But for the most of the cybersecurity vendors, I think it was the economic downturn was the biggest problem last year. I want to go back to company and technologies. As you said, the, of course, market is getting crowded, but it's not that busy right now. Talk a bit about what does your solution offering look like? Is it a SaaS, is it software, it's cloud? It's actually all of them. So you can deploy it in your clouds. You can have it on-prem. Our government customers are using it and isolate the environment. So all those deployment models are possible, which has to be because the level of visibility you get using a product similar to ours is the utmost visibility. The way the reason why we call it is it's the James Webb telescope of cyber resilience is because of that because you get the utmost visibility. And then using that level of visibility, you can discover a lot of other stuff that you never thought of before. So the way you use it is it can be a SaaS, it can be on-prem, it can be isolated, all of those deployment models are possible. You also mentioned that there is need for a lot of awareness. Of course, big organizations, of course, they have deep pockets and they also try to stay ahead. Smaller organizations, they are the ones because of some limitations, it kind of slows them down. But I want to hear, it's been six years. What role do you see that Binalyte is playing in changing the whole landscape or future when we look at district forensics and incident response? Our role is, the way I describe it is emperor's clothes. So you know that kid in that emperor's clothes story? That's how I see ourselves because we are one of the first companies who started to talk about we are not cyber security anymore. Do not be fooled just because you have cyber security products, you are safe. So I think the role we play is increasing the awareness. And the reason why we don't have too many competitors, we have competitors, but they are mostly coming from the law enforcement background. So the products they offer to our customers are mainly developed like 15, sometimes 20 years ago. And just because customers are used to having that old mindset, old approach, because they were limited with those products, it is hard for them to embrace the new methodology, which is both an advantage and a disadvantage. Advantages, you are guiding the industry, you are increasing the awareness. At the same time, you are shaping the industry. The disadvantages, it becomes harder. So increasing competition is actually helping us because we are not the only ones defining that this is the way forward. There are other companies who are also telling the same story to the customers. So our role is we are the kid in that Emperor's Close story. Talk a bit about the funding you have, talk about the growth plans you have for 2024. So Binaless so far raised more than 30 million in three rounds. We have world-class investors. We started our first funding around three years ago with early birds. One of the most prominent species in Europe. And then we onboarded open ocean. And in the last round, which happened around two and a half months ago, we onboarded molten ventures alongside Cisco ventures, city ventures, and Deutsche Bank ventures. So we onboarded two major banks, one from Europe, one from the US, and the global XTR vendor, which shows the maturity of the product and the destructive nature of the product. So our vision is using what we have right now. This is not even 50% of what we are dreaming. So Binaless in its current state is well ahead of the competition. But it's just 50% of our dream. So what we have in our mind is using this visibility as the baseline and building new products which weren't possible before due to the level of missing visibility, the lack of visibility, and building a lot of new use cases that will be disrupting the enterprise cyber resilience segment. So this is just the beginning. That's the reason why we always use that term. This is just the beginning. We have just started. And if I'm not wrong, you folks are headquartered in Europe. And when we look at cyber resiliency, Europe, they came up with CRS Cyber Resiliency Act, which is being kind of frowned upon by a lot of open source communities because it puts a lot of onus responsibility on the developers. What are your thoughts on this? And what kind of work you're seeing is being done in Europe from the public sector? Because you do, as you said, work closely with law enforcement authorities. Actually, I think Europe is much better to start this kind of initiative is because of the GDPR. So GDPR emphasizes that the rather data should reside. And that's why I think we are lucky to have it's quite strict in this region. And specifically being headquartered in Estonia allows us to have a global mindset because Estonia is, I don't know if you have like background on it, but it's called the land of unicorns. It's the highest number of unicorn. And so it helps us like speed up the innovation phase of the product without spending our time with the bureaucracy, with the paperwork, because everything is digital here. And combining it with the fact that it's a European country, it allows us to do it on a frame that is well defined by the European laws. I think that's an advantage. Amrit, thank you so much for taking time out today, talk about the company, talk about how the landscape is changing, how you folks are kind of, I look at you as a catalyst in bringing this change. So thanks for sharing all those insights. But before we close this interview, any thoughts you want to leave our audience with? Thanks, that was my pleasure. I guess I would end it with the favorite quotes, one of my favorite quotes from Edmund Lockhart. He says, every contact leaves a trace. And my question to that, my humble question to that is how much of that is visible to your enterprise? I think that's the question we should all answer.