 Hello everyone, welcome to this special CUBE conversation I'm John Furrier here inside the CUBE studios in Palo Alto. We're having a great CUBE conversation around security, malware, phishing, and we're here at Atif Mushtak who's the CEO of Slash Next. It's a startup here in the Bay Area with a Series A funding and they really solved probably one of the hardest problems that people are trying to crack the code on which is how do you solve the human problem of not getting phished and that is the technique that people are getting in. I should welcome to the CUBE, thanks for coming in. Thanks for having me. So love bringing the startups in to get the real lay of the land because you got some funding, you got customers, you just kind of get out in the market, you're at the front lines of security, and you're solving one of the hardest problems, malware, phishing. Phishing, yes. So before we get into it, take a minute to explain what the company's doing, what is Slash Next, why did you start the company, what's the early product look like, and what's the core problem you're targeting? Yeah, of course. I mean, I think you already told that we are a company that is completely focused on phishing and social engineering. We are not a part time, phishing is not a part time problem for us. The company was built on the promise that okay, the phishing is a growing problem and we really need a technology and a company who's dedicatedly focused on social engineering and phishing. Before founding Slash Next, I worked for a company called Farai, and the Farai was not about phishing. Farai was all about malware problem, right? So when I came out of that, I started to see that there was a time when the malware were really growing rapidly, right? And at that time, they were trying to exploit the problems in the software and exploiting that without any human intervention, right? And over the period of time, what we saw that Google, Microsoft, the world, they tried to make their software really secure. So during my last days at Farai, I started to feel that malware growth is going down and the reason is that the Microsoft software are much better than they used to be. Google is really determined that nobody should really exploit my software to install malware. But at the same time, I was seeing that, the cyber crimes are rising. So if the malware are going down, what is really causing these cyber crimes? And under the day, I found that the game has changed. Now it's more about tricking humans and tricking in such a way that they give you their information. They click on the malware themselves without exploiting anything in the software. And I also found that, you know what, I mean, you can't really solve this problem with just conventional computing, right? With just the algorithm, you really need to understand the human psychology because these guys are exploiting that psychology. Fear, trust, and reward. All of us have these emotions, right? They just have to exploit them in such a way that we get excited enough to hand over information billingly to them. And this is where we start. And it's working too, by the way. We know the numbers are off the charts and we cover it heavily on SiliconANGLE.com and we're about to do a bunch more content on cybersecurity and national security. So no, it's not just the individual. The implications are broader. That's right. Well, let's go back. Before we get into that, I want to get into that. You said you were at FireEye, the company you worked for, you said they were just doing malware. So they saw malware declining. You saw the trends going up. So when you, before you wrote a line of code, that's what you saw. When you started technology, what did you do next? I think it started with the problem. I think first of all, I really wanted to make sure that I'm solving a growing problem. If the problem is going down, eventually other people will catch up and by the time you have a solution, maybe the problem is not really there. So it's funny that at that time, there were so many other companies trying to solve the malware problem. And they didn't realize that, the malware problems are going down, right? And because I was working for a company who started the malware thing around 2004 or five, right? So I had already seen. A little bit older, the trend moves on. The fashion moved to phishing. But what did you start writing code on? Is it born in the cloud? Did you have servers? What were you doing? How were you getting going? Yes, the code technology is based on cognitive computing. And the reason you really need a cognitive computing or artificial intelligence, because you need computer software who could understand emotions. Because phishing is about exploiting the human emotion. And they try to exploit you by giving you a piece of text or some visuals in order to trick you. Your CEO look like, say, okay, transfer me $50,000. There's nothing really malware in it, right? It's just $50,000 transferred to me, right? They give you a fake login page of PayPal. No malware in that. They're just using the logo. And sometimes they ask you, okay, there are various computer problems on your laptop, right? In order to fix that, you need to call us, right? So they're trying to exploit your emotion of trust, reward, and greed. So under the day, we thought that, okay, unless we have an army of researchers who are doing all this job because they understand the human emotions, or we can build programs that can understand these emotions. And whenever they see someone is trying to exploit this emotion, they can trigger on that. So result is that we have built a technology in the cloud. So while your user is checking an email or a web page is being rendered on the computer screen, we, within millisecond, we find, okay, something suspicious is going on. And we send the information to our cloud. And from our cloud, we launch the browser in real time. So while I'm seeing this web page on my screen, the computer programs are actually seeing a copy of that from the cloud. The only difference is that this, I might not be the tech savvy guy, but the computer algorithm that actually looking into the web page, seeing what logo is being used and the reading the natural language, they're quite tech savvy. So with it. How about the technology? So you had customers out of the gate. Before you had one dime of venture capital, you started getting paying customers. How are they deploying? What was the original product? What was their initial traction? If there's a SaaS model, do they buy software? What's the, what were they paying you for? The form factor was hardware based. The hardware was cloud powered. The whole purpose of the hardware was to sniff the network traffic, all the web traffic at the network switch level. And whenever they see something suspicious, they engage the cloud. So all the secret sauce and the main technology resided at the cloud. It was just a mechanical way for us to sniff the traffic. So the first product that we sold was that hardware device. And now we're moving towards more other form factor. Do you guys catch some fishing out of the gate? Do you guys solve some problems out of the gate? Yeah, within, within second, we started catching stuff. We first of all started seeing the data exfiltration attempts. We started seeing the fishing attempt right away. And this is where I think they got, we got them by surprise, because they already have all these big vendors already in place. And they were kind of overconfident. They said, okay, you know what? You look like a young guy who's really have big claims. You're in a fire. You must know what you're talking about. We'll give it a shot. We'll give it a shot. They did never believe that, okay. They thought, okay, maybe I can catch one or two fishing attacks, right? I'm not the blue. I'll try it. I'm buying everything on the planet. One more, what's one more box? But we got them by surprise. At the very, very beginning, the moment you attach the network traffic, we'll start tripping. And this is how we got, I mean, no marketing material, no website. If founder is going without any presentation and just selling, and I had a VP of sale who would actually carry the box with me, I would manufacture the box in my bedroom. My wife would put stickers. She's really good at that. And we actually pack it. It looks good. Yeah. It's for micro boxes. Well, China ship on there. Not only kidding. Okay, so you got the products. How many customers did you get on the early stages? How many did you get? We had around 10 paying customer and revenue for around $300,000, $400,000 ARR before we went in front of the VCs. And these guys had actually seen Farai and Farai took a lot of money before they even had the pinkers. And they say, you know, what are you doing? You did a good move there. So these bootstrapping is a great, I think it's not only brave from an entrepreneurial standpoint, it really gives you the more creative freedom because you put in your own cash on the table, shows commitment, and also it gives you creative license, not looking at that extra pressure. Most VCs, some of these might give you a pass. Some most are watch on board meetings and want to put pressure on you. That's right. All right, let's take a step back. Give us a 101 on the current state of malware. What are the different types of malware out there? You mentioned a few of them just a second ago. Break down the top malware, I mean, the phishing attacks. What are the top phishing attacks that you're seeing right now that people should know about that may not know about? Okay, so there are two things I would call it. First of all, there are two things that are happening when it comes to phishing. First of all, the mechanism that phishing attacks were using is moving beyond email. That is the first change. Now we are seeing phishing attacks spreading through advertisement, through social media, through messaging apps. Previously it was just email. So that's one difference that we are seeing. Another difference is that the type of phishing is changing as well. Historical, it has been about fake login pages or money transfer scams. Now we are seeing a lot more things that were never being tried by the bad guys. You're seeing the skierware scams where suddenly there's a pop up on your screen and they're asking you to install a malware because their problem on your system and so-called antivirus is gonna solve that problem. We are seeing browser extensions being spread through phishing. We are seeing a telephone fraud happening through this phishing. So it has moved beyond just fake login pages. So first of all, more communication medium and at the same time more type of phishing attacks that are happening. So right now if you see around 20 to 30% of the attacks that we are catching are the credential stealing, fake login pages, around 20 to 30% the rogue software, fake flash player, fake PDF readers and all that and then the rest of the browser extensions. So what is spear phishing? I hear that term a lot. Spear phishing is the targeted phishing. Spear phishing is that I'm not sending 200 and 1,000 of people randomly and whoever gets victim to it, that's a bonus, right? A system admin for the Linux kernel for the bank. Yeah, I'm targeting you. I'm targeting him. So I'm going to LinkedIn. I'm going to LinkedIn. I want to target your company. So I got your name, I got your email and I'm sending one email to you. That is spear phishing, right? The drive-by phishing is all about sending it to 1,000 and 1,000 of people and then getting them phished. But there's one thing, there's one trend that is happening that is actually making spear phishing going away. What's really happening is that a lot of people who are targeting you, they don't need to send you the direct email. They actually go to the black market and all these guys who are randomly hunting you, they got your name from there. So they don't have to work hard, right? So I can go there and say, you know what, John? Is there anyone with this email who you recently phished and the guy who never really cared about you? Actually, I got that guy infected. How much are you going to pay me for that? I paid you $50 and now I got access to your information without even sending you any spear phishing email. So this dark market and this overall cybercrime business actually has made much easier for the guys who really want to target you, spend 50 bucks instead of I try to send you emails and I have to set up all these websites. I don't have to do anything. I can simply go to the dark web and can buy your information. This is a really good point. I think this is something people, it scares a lot of people, but it's well known. The crime syndicates in the dark web are well advanced and well funded. Certainly not a Bitcoin and cryptocurrency is self-fueling that. Share your opinion on that. Share some color commentary about how sophisticated and how robust the economy is in the dark web. There are hundreds of millions of dollars. I mean, the guys are making millions of dollars. I mean, there was a ransomware called Crypto Locker and going to FBA, they made tons of millions of dollars. So the money is huge and Bitcoin is actually fueling that. Previously it was very difficult. You can always track back. Previously around 2006 I remember there was a ransomware and they were asking you to transfer money through Western Union, but you can really cash those guys. The money trail always there. Bitcoin is one thing that really fueled the dark web because for the very first time you can steal people's money without leaving any trail. And that is actually, I think, is the unfortunate consequences. It is really fueling the cyber crimes because now you don't have to care about you getting tracked, getting arrested. You know, I mean, we have a debate on the cube all the time about this. I mean, you know, with every dark movement is also a light at the end of the tunnel. You know, gaming, culture leads a lot of the user experience. The dark web, I think, is leading a lot of the transactional things. If you think about shadow IT before cloud was popular, shadow IT is what drove a lot of the cloud early adopter. Some are saying that the dark web and cryptocurrency and blockchain token economics actually is a leading indicator of what we might become. So the dark web might become the operational model. Because if you just turn the lights on and say, hey, if this is so inefficient, why not just adopt this efficient market? Yeah, you can't track it, but it's more efficient. So again, that's a little bit provocative again, a little bit radical, but I mean, think about it. A lot of problems going on. Bitcoin certainly is a great way to clear that cash out. The cannabis sales in the U.S. is driving a lot of Bitcoin as well. Moving money around. So follow the money, you'll find the technology. Is what I always say. So your thoughts now on the business. How do you see the business shaping? What are you guys trying to do? What's the product currently? You got some venture capital. You got Wing VC. That's right. And Norwest, two great firms. What's it like? How much did you raise? What are you looking to do? So we raised around $9 million last year and we are getting up for our CVSB earlier next year. So we have actually made great progress. And I think one of the biggest thing that we're getting from our investor is that, I mean, that just like Farai, we got into the business of all this multi-vector fishing at the early stage. So we have an advantage of around two to three years as compared to our competitors, right? So at the same time, they also know that we are not developing a niche enterprise product. They are four billion internet users and fishing is all of them problem. So just think about that, right? We just have a tiny customer base, right? But if you target all those internet users, it's going to be around seven billion. So do you have a strategy laid out yet? It's going to be an enterprise business. You're targeting individuals. Have you had a clear visibility on some of the target beach head? So next two to three years, it's going to be all enterprise, right? And we'll start with the Northern America and all that. Maybe later stage a little bit of the international expansion. But overall, if you see the roadmap and we really want to make a great company, I never really started this company to at least sell it for $100 million. You probably made some good dough at FireEye, so they take care of you? Yeah, yeah, of course. So, but I think the purpose was that, I mean, I have nothing else to do, right? I mean, and so I'm not a CEO entrepreneur, right? So it was never the purpose that I can sell something quickly. You want to build a durable company? I want to build a durable company. And the overseas, they want us to build a durable company because they want to, they want to really want a big exit, right? But I think the roadmap that they're seeing is that, okay, you know what? You can start with enterprise and then you can go into the consumer space. And again, I think the problem is huge. It's not something that you can only sell to enterprise or you can only sell to consumer, right? Every internet user is a victim. Yeah, and I think there's an opportunity for a vendor to come, I mean, supplier to come out of the market. And I've always said to the aluminum guys, Colin Cohen and a bunch of other venture-backed companies that it's going to be a new company, a new brand that will be the big player because you look at the market share, no one company actually has dominant market share in cybersecurity. That's right. So you have, you know, a thousand flowers blooming but no clear winner yet. And I think that's a function of, you know, they're throwing everything at cybersecurity and the buyers are like, I'll take anything. I'm so desperate. So there's a huge factor of desperation. How do you see that being solved? Because it is a desperate market because, you know, people, it's, they can't play offense. They got to play defense, they got to protect. And so that, you know, the perimeter's gone. You know, it used to be the moat and the firewall switch, you know? Now it's gone. The perimeter is gone. It's gone. And so now you have surface areas off the charts. So how do you protect it? How do you see? I think we started with the device model, right? But I think now we are moving towards the software and the endpoint business. And we really believe that you need to cover the remote user. I mean, we just barely spent eight hours in the office, right? So we are actually developing technologies that are going to target the remote users and we're going to target multiple type of devices and all that. So that's our next big thing. Offer the same cloud technology. Cloud is the, you have already developed, right? Now you have to develop multiple form factors or multiple ways to actually access that cloud. Multi-factor authentication, not just two-factor authentication, really is the key biometrics, things of that nature. Google's got some stuff going on there. But I want to get your thoughts on the cloud. I mean, cloud obviously is part of you. I mean, you cloud your stuff. It's a big part of it. Is it on Amazon, Google? Which cloud do you use? It's distributed between AWS, but the core of our logic is actually reside in our own data centers. The reason is that the kind of GPU power that we wanted, because we are rendering all these pages in real time, right? So we never got that kind of GPU support from the off-the-shelf AWS, right? So we really built our own. So a custom GPU powerhouse. Yes. For all the floating point calculations. Yeah, because you have to run millions of browser instances. Can you imagine? We are running all these virtual browsers. So why don't you start a GPU cloud? Another venture. Yeah, another venture, right? But I think that's the need for that, because AI and the metrics calculation is going to be the key, right? And they're adding support. But around 2014, to be really frank, I mean, it looked like a joke that you can have hundreds of millions of browser getting up and down, getting up and down in real time, right? So we got a very customized cloud for that purpose. And that's actually barrier to entry for a lot of other vendors. Yeah, and I think the cloud provides you some good agility as well. And they have Amazon's kicking bot. We love Amazon. So now on the future hiring. You got some people. What are the key priorities for you guys? Engineering, obviously, more and more engineering. Technology's cognitive. What kind of skill sets you're going to build? Machine learning, AI. It's already based on the machine learning and AI, because we are doing that national language processing, computer vision analysis, because you want computer to see things what's being rendered on the screen, right? So we already have the technology. What we really want to do now is to make it accessible for a variety of customers. Not every customer wants a hardware device. Not every customer wants endpoint solution, right? You need to order multiple form factors. So you want to use this cloud via endpoints. Okay, you take that one. Okay, you love hardware device, right? But at the end of the day, you're offering your cloud service to other people. So first of all, building more form factors and definitely more customer traction. I got to ask you the question, because I love the entrepreneurial hustle. And congratulations on the start up. And it's looking a really great space to be in, by the way, so super, super great. 10 years out from now. In your mind's eye, what's the preferred future look like in your mind for your company and the outcome at 10 years from now? What's it going to look like? What's the state of fishing and security? If you're successful, if you achieve your mission, what happens? Okay, so I think, I mean, it's kind of funny over success lies with the bad news, right? I think every threat landscape is changing. It's usually one trend lost for seven to eight years before it goes down and the bad guys move to the next trend. I think this is the very first time they have started targeting humans viciously, right? The problem is that by the time you have a trained professional, there are new people who are emerging in, right? So what's really, I don't think, right? This problem is going to get solved anytime sooner. We can't rely on the humans to train, to get trained. People can't really make a user a computer security researchers, right? In my opinion, eventually technology has to catch up. In my opinion. So I think we have to keep on innovating because hackers are going to find new methods and we have to keep on catching up. And I think we'll be a fishing production company in the next 10 years, maybe adjacent product, but I think we really want to be focused on this. And social engineering to your point, and tell me if you agree with this, has been very successful for hackers. Social engineering has been the tactic and there's variety of forms of social engineering. That's right. Great, awesome. Well, good luck with everything. Thanks for coming on theCUBE. We have Atif Moushtaki, the CEO of Slashnext, hot startup funded by Norwest Venture Capitalist and Wing VC, two good firms that we know very well. They know their tech. And again, security, great problem to solve. And if there's a big thing you want to go after and solve a big problem with security, it's theCUBE bringing you the CUBE coverage here in Palo Alto. I'm John Furrier. Thanks for watching.