 Welcome to today's session of theCUBE's presentation of the AWS startup showcase. The next big thing in AI, security and life sciences. Today featuring Lacework for the security track. I'm your host, Natalie Erlich. Thank you for joining us. And we will discuss today how LendingTree automates AWS security for DevOps teams and stays compliant with Lacework. Now we're joined by Adam Leftick, the VP of product at Lacework, as well as Arun Sankaran, CISO of LendingTree. Thank you both very much for joining us today. Thank you for having us. Well, wonderful. Adam, let's start with you. Lacework positions itself as quote, cloud security at the speed of cloud innovation. What does that mean to you and how are you helping your customers? Great question, Natalie. I think one of the things that's really important to understand about Lacework really comes back to essentially what's happening at cloud speed, which is customers are aggressively moving more and more of their applications to the cloud. But they're doing so with the same number of resources to secure that environment. And as the cloud continues to grow both in terms of complexity, as well as overall ability to unlock new styles of applications that were never before even possible without this new technology landscape. Fundamentally, Lacework is designed to enable those builders to go faster without worrying about all the different intricacies and threats that they face out there on the internet. And so the core mission of Lacework is really about enabling builders to build those applications and leverage those cloud resources and new cloud technologies to move quicker and quicker. If you go back to the sort of foundation of the company there, we took a very different approach to how we think about security. Often, security approaches in the past have been a rules-driven model where you try and think of all the different vectors that attacks can come at. And fundamentally, you end up writing a series of these rules that are impossible to maintain. They out trophy over time and that you can't possibly think ahead of all these nefarious actors. So one of the things that Lacework did from the very beginning was take a very different approach, which is leveraging security as a data problem. And the way we do this is through what we refer to as our polygraph. And the polygraph essentially looks at all the exhaust telemetry that we're able to ingest, both from your cloud accounts as well as the underlying infrastructure. And we take that and we build a baseline and a behavioral model for how the application should behave when it's normal. And this baseline represents the state of normalcy. And so then we leverage modern data science techniques to essentially build a model that can identify potential threats without requiring our users to build rules and ultimately play catch up to all the different threats that they face. And this is a really, really powerful capability because it allows our customers both to identify misconfigurations and remediate them, monitor all the activity to reduce the overall overhead on their security organization. And of course, help them build faster and identify threats as they come into the system. And we differentiate lots of our offering in lots of different ways as well. So one of the things we're looking to do as part of the overall cloud transformation is really meet the DevOps teams and the security teams where they are. And so all of the information that we sort of captures, synthesizes and produce through our automation ultimately feed into the different channels that our users are really leveraging at scale today whether that's through their chat ops, windows or ultimately into their CAICD pipeline so that we give broad coverage both at build time as well as runtime and give them full visibility and insights and the ability to remediate those quickly. One of the other things that we're really proud of and this is core to our product philosophy is building more and more partnerships with our customers. And Lending Tree is really at the forefront of that partnership and we're super excited to be partnering with them. And that's certainly something that we've done and to differentiate our product offering. And I'd love to hear from Arun how have you been working with Lacework and how's that been going so far? Yeah, thank you, Adam. And frankly, I think that's a huge differentiator for us. There's a lot of players that can solve technology problems but what we really appreciated is that as a smaller shop and a smaller organization the level of connectedness that we feel with the development teams at Laceworks and that we raise a opportunity this can make things more efficient for us or this can reduce our time to triage. Or this visualization of this UI could be modified to support certain security operations center use cases and maybe that's not what it was designed for. And we've enjoyed a lot of success in shaping the product in order to meet all the different use cases and as Adam mentioned, as a CISO of my primary responsibility security but frankly, there's a lot of DevOps and tech use cases within the Polygraph visualization tool and understanding our environment and troubleshooting has frankly saved us quite a bit of time and we're looking forward to the partnership to continue to grow out the tool. And as we as a company scale in today's world it's very important that we're able to scale our capability to 3x without a corresponding to 3x in staff and resources. I think this is the kind of tool that's going to help us get there. Well, speaking to you Arun, Laceworks has recently grown tremendously and gotten a lot of industry attention but you saw something before everyone else. Can you tell us what really caught your attention? What stood out to you and why you decided to become an early adopter? Yeah, great question. Honestly, I wish it was a super tricky kind of answer but the real honest answer is it was a very easy decision because we had a need and we knew that we needed robust monitoring capability and detection of threats with containerized environments. And there are other players in the space but we have a very diverse environment where a combination of multiple container technologies and multiple platforms. And we needed something that had the greatest diversity of coverage across our environments. And this was really the only solution though workforce. I'd love to be able to say that it was like an aggressive bake-off and there was all these different options and they're really from a capability and scope and coverage. It was a fairly easy decision for us. And how has your threat detection and investigation process changed since you brought on laser work? Yeah, it certainly has. Our environment, within a 24 hour period it might generate 300 or a million events and that's process level data from hosts and network data access. It's just a very noisy amount of alerts. And with the laser works platform those 304 million get reduced to about 100 alerts a day that we see and of those five are critical and those tend to all be very actionable. So from an alert fatigue perspective, we really rely on this to give us actionable data, actionable alerts that teams can really focus on and it reduces that noise. So I would say it's probably the number one way that our detection process has changed and frankly a lot of what Adam mentioned as far as the underlying self-learning, self-tuning engine there's not a whole lot of active rules that we have to create or configuration that we have to do. It's kind of a learning system and I think it's really probably, I would estimate maybe 50, 60% reduction in triage and response time for alerts as well. And Adam now going to you while 2020 was a really rough year for a lot of people, a lot of businesses, laser work realized 300% revenue growth. So now that the economy is bouncing back and seemingly so in full force, what are your expectations for laser work in the next year? Great question. I think one of the things we're seeing broadly across the industry is an acceleration of the realization that companies that are going through digital transformations are have accelerated that pace. And so we anticipate even faster growth. Additionally, companies that may have not been on that trajectory are now realizing that they need to move to the cloud. There's not a lot of folks right now thinking that they're going to be racking and stacking in physical data centers going forward. So we fully expect a continuation of a massive growth and increasingly as customers are moving into the cloud they're looking for tools to help them build a secure footprint, but also enable them to go faster. So we have a point of view that we're going to continue to see this massive growth and if not have it even accelerate from here. Well, you're also the man behind the product. So could you go behind some of the key features that it offers? Sure. So if you think about our overall product portfolio we really have both breadth and depth. So first and foremost, most customers who are moving to the cloud or have a large cloud footprint the first concern they have is do I have a series of misconfigurations? We really help our customers both identify best practices with those configurations in the cloud and then also help them move quickly towards potential compliance standards that they need to adhere to everyone's operating in a regulated environment these days. And then of course once you've got that footprint to a place where it's healthy you really, really want to be able to monitor and track the changes to the configurations over time to ensure you're continuing to maintain that footprint. And so we provide a polygraph based model that essentially identifies potential behavioral risks that we're observing through our data clustering algorithms to help you identify potential holes that you may have created over time and help you remediate those things. And then of course, every customer faces a significant challenge when it comes to just keeping up with the overall landscape changes in terms of overall vulnerability footprint in their environments. And so we have a great capability with what we call vulnerability discovery which enables our customers to understand where they're vulnerable and not simply tell them how many vulnerabilities they have but help them isolate leveraging all the runtime and build time contexts we have so that they can really prioritize what's important to them and what represents the highest risk. And then of course lastly where the company really got started is in helping customers protect their cloud workloads. And we do this by identifying threats that we're able to leverage our machine learning and data clustering algorithms so that once we have those baseline behaviors identified and modeled, we can leverage all of our threat intelligence to identify anomalies in that system and help customers really identify those risks as they're coming into the system and deal with those in a really timely manner. So those are kind of the overall key capabilities that really help teams scale and drive their overall cloud security programs. And Arun, really quickly from your perspective what is a key feature that is really beneficial to Lending Tree? It's kind of what Adam mentioned with the kind of the self-tuning capability, the reduction of alerts and data based on behavioral-based detection versus rule-based. A lot of people have fancy work for they call AI, machine learning, this and that but I've rarely seen it work effectively. I think this is a situation where it does work really effectively and does free up time and resources on our side that we can apply to other problems we're going to solve. So I think that's number one. Okay, terrific. Well, I'm really curious Adam, got to ask you this question. I mean, we saw a really big software IPO last year. What do you think is in store for LaceWork? Yeah, well, the IPO is just a point in time as opposed to it's part of the journey. LaceWorks continuing to invest and really focus on fundamentally changing the security landscape. One of the reasons why I joined LaceWork and continue to be really excited about the opportunity comes back to the fundamental challenge that all security tools have. We do not want to create a platform that drives wet blanket behavior but really fundamentally enables teams like Arun to move faster and enable the builders to build the applications that fundamentally drive great business outcomes for our customers. And so that's what gets me out of bed. And I think everyone at LaceWork is really focused on helping drive great outcomes for our customers. Fascinating to hear how LaceWork is securing cloud around the world. Lovely to have you on this show. Adam left the VP of LaceWork as well as Arun Sankaran, the CISO of Lending Tree. I'm your host for the AWS startup network here on theCUBE. Thank you very much for watching.