 Hey everyone, welcome to this CUBE conversation, which is part of the AWS startup showcase season two episode four of our ongoing series. The theme of this episode is cybersecurity, detect and protect against threats. I'm your host, Lisa Martin, and I'm pleased to be joined by the founder and CEO of Hunters AI, Ori May. Ori, welcome to the CUBE, it's great to have you here. Thank you, Lisa, it's good to be here. Tell me a little bit about your background and the founder's story. This company was only founded in 2018, so you're quite young, but give me that backstory about what you saw in the market that really determined this is needed. Yeah, absolutely, so I mean, I think the biggest thing for us was the understanding that significant things have happened in the cybersecurity landscape for customers and technology stay the same, right? I mean, we tried on solving the same, we tried on solving a big problem with the same old tools when we actually noticed that a problem has changed significantly. And we saw that change happening in two different dimensions. The first is the types of attacks that we're defending against. A decade ago, we were mostly focused on these highly sophisticated nation-state efforts that included unknown techniques and tactics and highly sophisticated kind of methods. Nowadays, we're talking a lot about cyber crime gangs, groups of people that are financially motivated are using off-the-shelf tools, off-the-shelf malware, coordinating in the dark web, attacking for money and ransom, basically, and versus our sophisticated intelligence kind of objectives. And in the same time of that happening, we also saw what we like to refer to as explosion of the security stack. So some of our customers are using more than 60 or 70 different security tools that are generating sometimes tens of terabytes a day of logs. That explosion of data together with a very persistent and consistent threats that is continuously affecting customers create a very different environment where you need to analyze a big variety of data and you need to constantly defend yourself against stuff that are happening all the time. And that was kind of like our eureka moment when we understand that the tools that are out there now might have been the right tools a decade ago. There are probably not the right tools to solve the problem now. So yeah, I think that that was kind of like what led us to hunters and in the same time, I think that that's my personal kind of story behind it. We used to talk a lot about the fact that we want to solve a fundamental problem and we as part of the ideation around hunters and us zooming in on exactly the areas that we want to focus on insecurity, we talked with a lot of CISOs, we talked with a lot of industry experts, everyone directed us to the security operation center. I mean, the notion that there's a lot of tools and there's always going to be a lot of tools but eventually decisions are being made by people that are running security operation center that are actually acting as the first line of defense. And that's where you feel that the processes are broken. That's where you feel that that technology doesn't really meet the rubber. The rubber doesn't really meet the road. And for us, it was a very clear sign that this is where we need to focus on. And that set us on a journey to explore threat hunting and then understand that we can solve something bigger than that. And then eventually get to where we are today, which is go to market around a holistic SOC platform that can help SOC analysts doing the day-to-day job defending the organizations. So you saw back in 2018, probably even before that, that the SIM market was prime and ripe for disruption. And only in a four year time period, there's been some pretty significant milestones and accomplishment that the team at Hunters has made in that short timeframe. Talk to me about some of those big milestones that the company has reached in just four years. Yeah. I think that the biggest thing, and I know that it's going to sound like a cliche, but we're actually believing that. I think it's the team, right? I mean, we're able to go to an organization of around 150 employees all over the world because I think, I mean, the last time that I checked like 15 countries and just that's the most amazing feeling that you can have, right? That ability to attract people to a single mission from all over the world and to get them collaborate and do amazing things and unbelievable and achieve an unbelievable accomplishment. I think that's the biggest thing. The other thing for us was customers. I mean, think about it like SIM is such a central and critical system. So for us as a young startup from Tel Aviv to go out, to enterprise America and convince the biggest enterprise around the world to rip and replace the existing solutions that are being built by the biggest brands, software brands out there and install hunters instead, that's a huge leap of trust and that we're very grateful for and we're trying to handle with a lot of care and a lot of responsibility. And obviously I think that other than that is all of the investors that we were able to attract that basically enabled all of that customer acquisition and team building and product development and we're very fortunate to work with the biggest names out there both from a strategic perspective and also from tier one VCs from mainly from the US but from all over the world actually that are back in us. Great customers, solid foundation. Hunters is built for the clouds, is powered by Snowflake, this is AWS built. Talk to me about what's in it for me from an AWS customer perspective. What's that value in it for them? Yeah, so I think that the most important thing in my opinion at least is the security value that you're getting from it. Other than the fact that Hunters is a multi-tenant SaaS application running in AWS, it's also a system that is highly tuned and specifically built to be very effective against detecting threats inside AWS environments. So we invested a lot of time and research in analyzing the way attackers are operating inside cloud environments specifically in AWS and they will model these techniques and tactics and procedures into the system. We're leveraging data sets like AWS cloud rail and cloud watch and VPC flow logs. Obviously AWS guard duty which is an amazing detection system that AWS offer to its customer and we're able to leverage it correlated with other signals. And at the same time, there's also the commercial aspect and the business aspect. I mean, we're allowing AWS customers to leverage their AWS credits through the marketplace to fund same projects like Hunters that comes with a lot of efficiencies also and with a lot of additional capabilities like I mentioned earlier. So let's crack open Hunters AI. What makes this approach different? You talked about the challenges that you guys saw in the market that were gaps there and why technology needed to come in from a disruption standpoint but describe the differentiators. When you're talking to prospective customers, what are those key differentiators that Hunters brings to the table? Yeah, absolutely. So we like to define divided into three main pillars. The first pillar is everything that we do with data that is very different from our competitors. We believe that data should be completely liberated from the analytical layer and that's why we're storing data in a dedicated data warehouse. Snowflake, as you mentioned earlier, is one of our go-to data warehouses and that gives customers the ability to own their own data. So you as a customer can opt in into using Hunters on top of your Snowflake. It's not the only way. You can also get Snowflake bundled as part of the Hunter subscription but for some customers that ability to reduce vendor lock risk, own data on your own and also leverage security data for other kind of workflows is something that is really huge. So that's the first thing that is very different. The second thing is what we like to call security engineering as a service. So when you buy Hunters, you don't just buy a data platform, you actually buy a system, a SOC platform that is already populated with use cases. So what we're saying is that in today's world, the threats that we're handling as a SOC, our security operations center professionals, are actually shared by 80% of the customers out there. So 80% of the customers share around 80% of the threat. And what we're basically saying is let us as a vendor solve the detection response around that 80%. So you as a customer can focus on the 20% that is unique to your environment then a lot of cases generate 80% of the impact. So that means that you're getting a lot of pre-built rules and detections, data modeling to your integrations, automatic investigations, scoring correlations. All of these things are being continuously deployed and delivered by us because we're a multi-tenant source. And also allowing you again to get this effortless, turnkey kind of solution that is very different from your experience with your current sim tools that usually involves a lot of tuning, professional services, configuration, et cetera. And the last aspect of it is everything that we're doing around automation. We're leveraging very unique graph technology and what we call automatic investigation enrichments that allows us to take all of these signals that we're extracting from all over the attacks, we say AWS included, but also the endpoint and the email and the network and IoT environments and whatever, automatically investigate them, load them into a graph and then automatically correlate them to what we call stories, which are basically representation of incidents that are happening across your attack surface. And that's a very unique capability that we bring into the table that demonstrates our focus on the analytical lens. So it's not just log aggregation and querying and dashboarding kind of system, it's actually a security analytics system that is able to drive real insights on top of the data that you're plugging into it. So talk to me, Erie, when you're in customer conversations these days, the market is, there's so many dynamics and flux that customers are dealing with. Obviously the threat landscape continues to expand and really become quite amorphous as that perimeter blends. What are some of the specific challenges that security operation center SOC teams come to you saying, help us eliminate this. We have so many tools, we probably got limited resources. What are those challenges and how does hunters really wipe those off the plate? Yeah. So I think the first and foremost has to do with the second pillar that I mentioned earlier and that security engineering. So for more security operation centers and most organizations around the world, the feeling is that they're kind of like stuck on this treadmill. They keep on buying tools and then implementing these tools and then writing rules and then generating noise and then fine-tuning the rules and then testing the rules and understanding that they're fine-tuning actually generated misdetections and they're kind of like stuck on this vicious cycle. And no one can really help because a lot of the stuff that they're building, they're building it in their environment. And what we're saying is that let us do it for you for that 80% that we've mentioned earlier and allows you to really focus on the stuff that you're doing and even offset your talent. So I mean, we're not talking about really a talent reduction, right? Because everyone needs more talent in cybersecurity nowadays, but we're talking a lot about offsetting. I mean, if we had a team of five people investing efforts in building rules, building automation and now three or four of these people can go and do advanced investigations, instant response, threat hunting, intel work, that's meaningful for a lot of socks in a lot of cases, that means either identifying and analyzing a threat in time or missing it. So I mean, I think that that's the biggest thing. And the other thing has to do with the first thing that I mentioned earlier and these are the data challenges. Data challenges in terms of cost, performance, the ability to absorb data sets that today's tools can't really support. I mean, we're, for example, one of the biggest data sets that we're loading that is tremendously helpful is raw data from EDR ports. Raw data from EDR products in large enterprises can get to 10, 15, 20 terabytes a day. Today, in today's themes and SOAP platforms that customers are using, this thing is just prohibited from SOAP. They can't really analyze it because it's so costly. So what we're saying is a lot of, what we're seeing is a lot of customers either not analyzing it at all or saving it for a very little amount of time, like, I don't know, days because they can't really support it for, can't support the retention around it. So the ability to store huge data sets for a longer period of time makes it something that a lot of big enterprises need. And to be honest, I think that in the next couple of years they would also be forced to have these kind of capabilities even from a compliance and regulatory perspective. Is there so, in terms of outcomes and hearing reduction in costs, really helping security teams utilize their resources, the ability to analyze growing volumes of data, that's only gonna continue to increase as we know. Is there a customer story or that you have that really, where the value proposition of hunters really shines through? Yeah, I think that one thing comes to mind from the hospitality vertical. And actually it's a reference customer. I mean, we can share the name, his name is booking.com. It's also publicly shown on our website. And I think the coolest thing that we were able to do with booking is give them that capability to stay up to date with the threats that they're facing. So it's not just that we saved a lot of efforts from them because we came with a lot of out-of-the-box capabilities that they can use. We also kept them up to date with everything that they're facing. And there was a couple of cases where we were able to detect threats that were very recently from a threat perspective, a outer based on our ability to invest research time and efforts in everything that is going on in the ecosystem. And the feedback that we got from the customer and it's not a singular feedback, like we're getting it a lot is that without you guys, we wouldn't be able to do the effective research and then the implementation of this and the threat modeling and the implementation of these things in time and working with you kind of like made a difference between analyzing it and reacting in time and potentially blocking like a very serious breach versus maybe finding out when it's too late. Huge impact there. And I'm kind of thinking that Hunters A might be one of the reasons that booking.com's tagline it's booking.com, booking. Yeah. Yeah, we're secure. We know if we can demonstrate that to everyone that uses our service. I noticed kind of wrapping things up here. I noticed that back in, I think it was January of 2022, Hunters raised about 68 million in series C. You talked about kind of being in the GTM phase. Where are some of those strategic investments? What have you been doing focusing on this year and what's to come as we round out 22? Yeah, absolutely. So, I mean, there's a lot of building going on here still, right? I mean, we're getting into that scale mode and scale phase but we're very much also building our capabilities, building our infrastructure, building our teams, building our business processes. So there's a lot of efforts going into that. But in the same time, I mean, we're being able to vary, to depending our relationship with Databricks, which is a very important part of us. And we got some big news coming up on that. And they were a strategic investor that participated in our series C. And in the same time, we're walking in the EMEA market, which is a very interesting market for us. And we get a lot of support from another strategic investor that joined the series C, Deutsche Telekom. And there are a huge provider in IT and security in EMEA other than doing a lot of other things and including T-Systems and T-Mobile and everything that has to do with that. So we're getting a lot of support from them. And regardless, I think in that ties back to what we've mentioned earlier, the ability for us to come to really be customers with the core of investors that we have is a very important external foundation. It's basically saying like this company is here to stay, we're aiming at disrupting the market, we're building something big. You can count on us by replacing this critical system that we're talking about. And sometimes it makes a difference. Like sometimes for some of the customers, it means that this is something that I can rely on. Like it's not a startup that is going to be sold two months after I'm deploying it. And it's not a founder that is going to disappear on me. And for a lot of customers, these things happen, especially in an ecosystem like cybersecurity that is so big with such a huge variety of different systems. So yeah, I think that we're getting ready for that scale mode and hopefully it will happen sooner than what we think. A lot of growth already, as we mentioned in the beginning of the program since just 2018, it sounds like from a foundation perspective, you guys are strong, you're rocking away and ready to really take things into 2023 with such force. Uri, thank you so much for joining me on the program, talking about what Hunter's AI is up to and how you're different and why you're disrupting this in market. We appreciate your insights and your time. Absolutely Lisa, the pleasure was all mine. Thank you for having me. Likewise, for Uri May, I'm Lisa Martin. Thank you for watching our CUBE conversation as part of the AWS startup showcase. Keep it right here for more actions on theCUBE, your leader in tech coverage.