 Hello, and welcome back to theCUBE's coverage of CloudNative SecurityCon North America 2023. Obviously, theCUBE's coverage with our CUBE Center report. We're not there on the ground, but we have folks in our CUBE alumni there. We have entrepreneurs there. Of course, we want to be there in person, but we're remote. We've got Ben Hirschberg, CTO and co-founder of RMO, a CloudNative Security startup, well-positioned in this industry. He's there in Seattle. Ben, thank you for coming on and sharing what's going on with theCUBE. Yeah, it's great to be here, John. So we had written you guys up on SiliconANGLE. Congratulations on your momentum and traction. But let's first get into what's going on there on the ground. What are some of the key trends? What's the most important story being told there? What is the vibe? What's the most important story right now? So I think, I would like to start here with the, I think the most important thing was that, I think the event is very successful, okay? Usually, you know, the CloudNative Security Day usually was part of CUBECon in the previous years. And now it became its own conference of its own. And it really kudos to all the organizers, okay? Who brought this up in, actually in a short time. And we were, it wasn't really clear how many people will turn up. But at the end, okay, we see a really nice turn up, okay? And really great talks and keynotes around here. I think that's one of the biggest trends, okay? Which is, having started like in this conference, already we're talking for a while is supply chain, okay? Supply chain is security. I think it's right now the biggest trend in the talks, okay? In the keynotes. And I think that we are, start to see companies, big companies, okay, who are adopting themselves into this direction, okay? There is a clear industry need. There is a clear problem. And I think that the cloud native security teams are coming up with tooling around it. I think for right now we see more tools than adoption, but the adoption is always right following, okay? The tooling. And I think it already proves itself. So we have just very interesting talk this morning about the OpenSSL vulnerability, which was, I think around the Halloween, which came out and everyone thought that it's going to be a critical issue for the whole cloud native and internet infrastructure. And at the end, it turned out to be a lesser problem, but the reason why I think it was understood that to be a lesser problem real soon was that because people started to use S-bombs, store software composition information in the environment. So security teams could look up in their systems, okay, where they are using OpenSSL, which version they are using. It became really soon real clear that this version is not adopted by a wide array of software out there. So the attack surface is relatively small. And I think it already proved itself that the direction, okay, of everyone is talking about. Yeah, we agree. We're very bullish on this move from the cloud native foundation, CNCF, to do the security conference. Amazon Web Services has reinvented, that's their big show, but they also have reinforced a security show. So clearly they work together. I like the decoupling, very cohesive, but you guys have coopscapes of Kubernetes security. Talk about the conversations that are there and that you're hearing around why the different event, what's different on KubeCon and cloud native con than this cloud native security con? It's not called KubeSecCon, it's called cloud native security con. What's the difference? Are people confused? Is it clear? What's the difference between the two shows? What are you hearing? So I think that there is a good question, okay, where is cloud native computing foundation came from? Obviously everyone knows that it was somewhat coupled with the adoption of Kubernetes, okay? It was a clear understanding in the industry that there are different efforts where the industry needs to come together without looking, be very vendor specific, okay? And try to sort out a lot of issues in order to enable adoption and to bring great value. And I think that the main difference here, okay, between KubeCon and the cloud native security conference is really the focus, okay? And not just on Kubernetes, but the whole ecosystem behind that, okay? The way we are delivering software, the way we are monitoring software and where Kubernetes is only just, you know, maybe the biggest clog in the system, but, you know, just one of the others. And it gives a great overview of what you have in the whole ecosystem. Yeah, I think it's a good call. I would add that what I'm hearing too is that security is so critical to the business model of every company. It's so mainstream, the hackers have a great business model, they make money, their costs are lower than the revenue. So the business of hacking and breaches, ransomware all over the place is so successful that they're playing offense, everyone's playing defense. So it's about time we can get focus to really be faster and more nimble and agile on solving some of these security challenges in open source. So I think that to me is a great focus on that. So I give total props to the CNC. If I call it the event operating system, you know, you got the security group over here, decoupled from the main kernel, but they work together, good call. And so this brings back up to some of the things that are going on. I want to ask you, as your startup as a CTO, you guys have the Coupscape platform, how do you guys fit into the landscape and what's different from your tools for Kubernetes environments versus what's out there? So I think that our journey is really interesting, okay, in the solution space because I think that our mode really tried to understand, okay, where security can meet the actual adoption because as you just said, okay, somehow we have to sort out together, okay, how security is going to be automated and integrated in its best way. So Coupscape project started as a Kubernetes security posture tool. Okay, just, you know, when people are really early in their adoption of Kubernetes systems, okay, they want to understand, okay, whether the installation is secure, whether the basic configurations are look okay and giving them instant feedback on that, both in life systems and in the CICD, this is where Coupscape came from, okay? And we started it as an open source project because we are big believers of open source, of the power of open source security. And I can, you know, I think maybe this is my first interview when I can say that Coupscape was accepted to be a CNCF sandbox project. So ARMO is actually donating, okay, the project to the CNCF, I think which is a huge milestone and a great way, okay, to further, you know, the adoption of Kubernetes security. And from now on, okay, we want to see where the users, ARMO and Coupscape projects want to see where the users are going, okay, in their Kubernetes security journey and help them to automatize, help them to implement security more fast in their way, the way the developers are using working. Okay, if you don't mind, I want to just get clarification. What's the difference between the ARMO platform and Coupscape? Because you have the Coupscape sandbox project and ARMO platform. Could you talk about the differences in, Sure, sure. So Coupscape is an open source project and ARMO platform is actually a managed platform, okay, which runs Coupscape, in the cloud for you because Coupscape is, it has several parts, okay, one part is, which is running inside the Kubernetes cluster on in the CI CD processes of the user. And there is another part, okay, which we called the backend, okay, where the results are stored and can be analyzed, okay, further. So ARMO platform gives you a managed way, okay, to run the backend, but I can tell you that the backend is also will be available within a month or two also for everyone to install on their premises as well. So because again, we are an open source company, okay, and we want to enable users. So the difference is that ARMO platform is a managed platform, okay, behind Coupscape. How does Coupscape differ from closed proprietary source solutions? So I can tell you that there are closed proprietary solutions, okay, which are very good security solutions. But I think that the main difference if I had to pick, okay, beyond, you know, the very specific technicalities is the world view. Okay, the way we see that our user is not the CISO, our user is not necessarily the security team. From our perspective, the user is the DevOps and the developers, okay, who are working on the Kubernetes cluster day to day and we want to enable them to improve their security. So actually our approach is more developer friendly if I would need to define it very shortly. What is this risk calculation score you guys have in Coupscape? That's come up and we cover that in our story. Can you explain to the folks how that fits in? Is it Coupscape, is the platform and what's the benefit? What's the purpose? So the risk calculation is actually a score we are giving, okay, to clusters in order for the users to understand where they are standing in the general, you know, population, okay, how they are faring, okay, against a perfect hardened cluster. It is based on the number of different tests we are making, okay. And I don't want to go into, you know, the very specifics of the mathematical functions, but in general it takes into account how many functions are failing, security tests are failing inside your cluster, okay, how many nodes you are having, how many workloads are having and creating this number which enables you to understand where you are standing in the global, in the world. What's the customer value that you guys pitching? What's the pitch for the ARMWO platform when you go and talk to a customer? Are they like, we need you, do they come to you? Is it word of mouth, you guys have a strategy? What's the pitch? What's so appealing to the customers? Why are they enthusiastic about you guys? So John, I can tell you I'm, maybe it's not so easy to say the words, but I'm nearly 20 years in the industry, okay. And I've been always around cyber and the defense industry. And I can tell you that I never had, you know, this journey where before where I could say that the customers are coming to us and not we are pitching to customers, okay. Simply because people want to, this is very easy to, very, very easy to use, very understandable. And it very helps the engineers to improve security posture. And they are coming to us and they're saying, well, awesome, okay. How we can like use it? Do you have a graphical interface? And we are, we are pointing them to the ARMWO platform and they are falling in love and coming to us even more. And we can tell you that we have a big number of active users behind the platform itself. You know, one of the things that comes up every time at KubeCon and CloudNativeCon when we're there and we'll be in Amsterdam. So folks watching, you know, what we'll see on site. Developer productivity is like the number one thing everyone talks about. And security is so important. It's become by default a blocker or anchor or drag on productivity. This is big, the things that you're mentioning. Easy to use, engineering, supporting it, developer adoption. You know, we've always said on the Kube, developers will be the de facto standards bodies by their choices, because it's developers make all the decisions. So if I can go faster and I can have security kind of programmed in, I'm not shifting left. It's just, I'm just having security kind of in there. That's the dream state. Is that what you guys are trying to do here? Because that's the Nervon. Everyone wants to do that. Yeah, yeah. I think your definition is like perfect. Okay, because really we had like this for a very long time we had this world where we decoupled security teams from developers and even for sometimes from engineering at all. And I think for multiple reasons, okay, we are more seeing big convergence. Okay, the security teams are becoming part of the engineering and the engineering becoming part of the security. And as you're saying, okay, the day-to-day world, okay, of developers are becoming very tangled up in the good way with security. So think about it that today, one of my developers at Armo is creating a pull request. Okay, his code is already scanned by security scanners for the test for different security problems. Okay, it's already, you know, before he already gets a feedback on his first time where he's sharing his code. And if there is an issue, he already can solve it and this is just solving issues much faster, much cheaper. Okay, and also you asked me about, you know, the wipe, okay, in the conference. And, you know, no one can deny, okay, the current economic wipe, okay, we have. And this also relates to security teams and security teams has to be much more efficient, okay. And one of the things that everyone is talking, okay, we need more automation, we need more better tooling. And I think we are really fitting into this. Yeah, and I talked to venture capitalists yesterday and today, an angel investor. Best time for a startup is right now. And again, open source is driving a lot of value. Ben, it's been great to have you on and sharing with us what's going on on the ground there, as well as talking about some of the traction you have. Just final question, how old is the company? How much funding do you have? Were you guys located? Put a plug in for the company. You guys looking to hire? Tell us about the company. Were you guys located? How much can you have? So, okay, the company is here for three years. We've passed A round last March, okay, with Tiger and Hyperwise Capitals, okay. We are located, most of the companies located today in Israel, in Tel Aviv. But we have like great team also in Ukraine and also great guys are in Europe. And right now also Craig Boggs joined us as an open source VP for, and he's like right now located in New Zealand. So we are really a global team, which I think it's really helps us to strengthen ourselves. And I think this is the entrepreneurial equation for the future. It's really great to see that global. We heard that in Priyanka Sharma's keynote. It's a global culture, global community. And so really, really props to you guys. Congratulations on Armo. And thanks for coming on theCUBE and sharing insights and expertise. And also what's happening on the ground. Appreciate it, Ben. Thanks for coming on. Thank you, John. Okay, cheers. Okay, this is CUBE coverage here of the cloud native security con in North America 2023. I'm John Furrier for Lisa Martin, Dave Vellante. We'll be back with more of a wrap up of the event after this short break.