 Hey everyone, welcome to theCUBE's presentation of the AWS startup showcase. This is season two, episode four of our ongoing series featuring exciting startups in the AWS ecosystem. This theme is Cyber Shiki, Detecting and Protecting Against Threats. I'm your host, Lisa Martin, and I'm pleased to be joined by Ragu Nandukamara, the Senior Director of Solutions Marketing at Alumio. We're gonna be talking about all things cybersecurity. Ragu, it's great to have you on the program. Lisa, it's fantastic to be here and the lovely to have this opportunity, thank you. Absolutely. So so much changing in the threat landscape. We're seeing threat actors are booming, new threats, customers having to solve really hard security problems across their organization, on-prem in the cloud, hybrid, multi-cloud, et cetera. Talk to me about some of the ways in which Alumio is helping customers to address those massive challenges. Sure, I think like to sort of to pair off what you said to begin with, you said so much has changed, but equally, and Kim Jetta made this point last week in her keynote at Black Hat, and Chris Krebs, former director of the CISA, also kind of reiterated this. So much has changed, yet so much hasn't changed. And really from sort of Alumio's perspective, the way we look at this is that as we are moving to a sort of a world of ever-increasing connectivity, I kind of almost pair off digital transformation, which pretty much every organization talks about, they've put a digital transformation program. I really pair that off with, well, what does that mean? It really means hyperconnectivity because you've got your data center connecting into workloads running in the cloud with users and user devices everywhere with a plethora of other connected devices. So we've got this massive hyperconnected web. Well, what does that lead to? It leads to a massively increasing mushrooming attack surface. So from a threat actor perspective, just the size of the opportunity is so much larger these days. But the problem then from a defender's perspective is that how do you even understand your this complex, very hybrid attack surface? So what we lack is the ability to get that consistent visibility of our actual exposure across the board. But then the ability to then deploy a consistent security control set across that estate to be able to manage that attack surface and reduce that exposure risk. And these two problems, the challenge of consistent visibility and the challenge of consistent security from an alluvial perspective, we believe we solve both of those with our zero cross segmentation platform. So we are really looking at helping organizations, helping our customers be resilient to the threats of today and the threats of tomorrow by giving them that consistent visibility and that consistent security through zero cross segmentation. Let's unpack zero trust segmentation. You know, when we look at some of the stats on ransom where it's been a while, that it's a matter of when not if for organizations. So getting that visibility and consistent security policies across the estate, as you say, is critical for businesses in every organization. How does zero trust segmentation, first of all, define it and then tell us how that helps? Oh, happily it's kind of one of my favorite subjects to talk about, right? So let's start with zero trust segmentation and kind of sort of to put it into a context that's probably more easy to understand, right? Is that we see sort of zero trust segmentation as being founded on two pillars, right? The first is an assumed reach mindset and I'll come onto what we mean by that in a second. And the second paired with that and what we see is kind of the natural progression from that is then the use of least privileged policies to go and control and protect your estate. So what does assumed breach mean? Well, assumed breach is really that approach that says, work on the assumption that bad event, that malicious actor, that anomalous action, that unexpected behavior and that could be intentional and the result of a malicious action or it could be completely unintentional. Think of that sort of someone, a misconfiguration in an application, for example, right? All of these things are essentially unexpected anomalous events. So start from that assumption that that's either happened or it's going to happen at some point, right? So when you make that assumption, right? And that assumption that that is happening on your internal network, so remember, right? Assume that that thing is already happening on your internal network. Not it's on outside of the perimeter and it's got to still find its way in. No, it's really about assuming that that initial sort of thing to get onto the network and some anomalous event has already happened. If you started from that premise, then how would you design your security controls? Well, the natural reaction to that is, well, if that's going to happen, what I need to ensure is that the impact of that is as limited as possible, is as restricted as possible. So how do I ensure that that is as limited as possible? Well, it's by ensuring that any access into the rest of my environment, the rest of the infrastructure, and that could be that hybrid infrastructure, private cloud, public cloud, et cetera, is built on a least privileged access model. And that way, I can ensure that even if I have a compromise in one part of my environment or potentially there could be compromises in different parts of my environment, that they're not going to impact the rest of the whole. So I'm containing the impact of that. And as a result, I'm protecting the rest of the infrastructure and able to maintain my resilience for longer. So that's how Zero Trust segmentation, well, that's what Zero Trust segmentation is and how it delivers better security for an organization. So preventing that lateral spread is really critical, especially as we've seen in the last couple of years this acceleration of cloud adoption, cloud migration, for customers that are in transit, if you will, CTS, why is it so fundamental? Well, I think you expressed it brilliantly, right? But if you look at any sort of malicious attack, whether it's ransomware, whether it's an advanced attacker like APT style attack over the last sort of decade, a common part, a common tactic, those attackers use in order to proliferate and in order to move to either spread that attack as far and wide as possible in the case of ransomware, or in the case of a very targeted attack to go and find that trophy target, one of the key tactics they leverage is lateral movement. So from a defender's perspective, if you're able to better detect and ideally better prevent upfront that lateral movement and limit it, you're proactively defending yourself from this threat. So what does that mean then from the perspective of organizations that are moving into cloud? So organizations that are, say, on that journey to transition into AWS, whether from a, right, I'm going all in an AWS and ultimately leaving my private data center behind or sort of more likely where my applications are now in this hybrid deployment model where I have some on-prem, some in the cloud. So there it's even more important because we know that things that are deployed in the cloud can very easily sort of get exposed to the internet, right? We've seen that with a number of sort of different customers of cloud where a misconfigured security group suddenly gives access to all resources from the internet, right? Or gives access on high-risk ports that you didn't want to be able to access. So here, zero trust segmentation is so important because if you come back to the fundamentals of it, it's around consistent visibility and consistent security policy. So what do we provide? Well, from an Illumio perspective and through our zero trust segmentation platform, we ensure that as your application, as your key resources, as they transition from your private data center into the cloud, you can have exactly the same visibility and exactly the same granularity of visibility over those interactions between your resources as they move into the cloud. And the most important thing here is that it's not in cloud. We realize it's not just about adopting compute. It's not just infrastructure as a service. Organizations are now adopting the more cloud-native services, whether that's managed databases or containers or serverless, et cetera, right? But all of these make up part of that new application and all of those need to be included in that visibility. So visibility isn't just about what your computer's doing where you've got this OS that you can manage, but it's really about any component that is interacting as part of your organization, as part of your applications. So we provide visibility across that and as it moves. So that granularity of visibility, the ability to see those dependencies between applications, we provide that consistently. And then naturally, we then allow you to consistently apply security policy as this application moves. So as you transition from on-prem, where you have controls, where you have your lateral movement controls, your segmentation controls, and as you move resources into the cloud, we allow you to maintain that security posture as you move into cloud. But not just that, doesn't just stop there. So we spoke at the top about how least privilege is fundamental to zero trust from a policy perspective. What we give you the ability to do, give our customers the ability to do as they move into AWS is compare what they have configured on their security groups. So the way they think, they've got the right security posture, we compare that to what the actual usage around those resources is. And we provide them recommendations to better secure those security groups. So essentially always tending them towards a more secure configuration, such that they can maintain that least privilege access over the, around their critical resources. So this is the way our technology helps our customers move and migrate safely and securely from on-prem into AWS. That's a great description, very thorough in how you're talking about the benefits to organizations. You know, as we think about cloud adoption, migration, cybersecurity, these are clearly C-suite conversations. Are you seeing things like zero trust, zero trust segmentation rise up to the C-suite and maybe even beyond to the board? Is this from a security perspective, a board level issue? Oh, absolutely. And Chris Krebs, former director of CISA last week said, security must absolutely be a board level topic. It's not something that needs to be sort of in the weeds of IT or just sort of under the purview of what the CISA or the chief security officer is doing. It needs to be a board level issue. And what we see is that while sort of talking about let's say zero trust segmentation or zero trust is very much a security function, what it typically ladders up to at the board room level is tying it into operational resilience, right? Because I think organizations now, it's not just about the ability, given the sort of attacks of proliferating and particularly the threat around ransomware is so high that the use of ransomware, not just as a way to steal data and extract money, but also ransomware as essentially a way to disrupt operations. And that is now what the concern is at that board level is that how is this attack going to impact me from a productivity perspective, from an availability perspective and depending on the type of organization. If it's for example, a financial organization there, their worry is around their reputation because ultimately organizations are unable to trust that financial organization. We very quickly see that we have sort of that run on the bank where customers, counterparties, et cetera, quickly want to take their business elsewhere. If it's a manufacturing or healthcare provider, their concern is can we deliver our critical services? For example, healthcare, can we deliver patient services? Manufacturing, can we continue to produce whatever it is we manufacture even in the case of being under attack? So at the board level, they're thinking about it from the perspective of resilience and operational resilience. And that then translates into cyber resilience when it comes to talking about where does zero trust segmentation fit in? Zero trust segmentation enables cyber resilience, which ultimately enables operational resilience. So this is how we see it laddering up to boardroom issues. Got it. And of course, when you were talking about brand reputation, brand damage, you think nobody wants to be the next headline where a breach is occurring. We've seen too many of those and we probably will see many more. So, Ragu, when you're in customer conversations, what are the top three differentiators that you share with customers versus like CPSM tools? What are those key core Illumio differentiators? Yeah, so like sort of CSPM tools, right? They're very focusing on assessing posture and sort of reporting on compliance and comparison to a baseline. So for example, it's, okay, here is what I think the security configuration should be and here is how I'm actually configured in AWS. Here is the diff and here is where I'm out of compliance, right? That's typically what CSPM products do, right? And there is a very important place for them in any organization's tool set. Now, what they don't do and where we provide the differentiation is that they're not set up to sort of monitor around lateral movement, right? They're not about providing you with that view about how your resources are interacting with each other. They're not about providing guidance as to whether a security configuration could be enhanced and could be tightened up. They also don't give you the view, particularly around, is this even relevant, right? And that's really where we come in because the visibility allows you to understand how resources are interacting with each other, that then allows you to determine whether those interactions are required or not, that then allows you to define a least privilege policy that controls access between these resources, but also kind of as this sort of the feedback loop goes on is to ensure that that least privilege policy is always tending towards what you actually need, so it's from what I think I need to what you actually need based on usage. So this is how we differentiate what we do from what a CSPM type of technology does, right? We're always about providing visibility and maintaining least privilege access between your resources. How many different security tools are you seeing that organizations have in place today those prospects that are coming to Illumios and we've got challenges, we understand the threat landscape, the malicious actors are very incentivized, but what are the security tools in place and is Illumio able to reduce that number, replace some of those tools so that simplification happens in this growingly complex environment? Yeah, I think that's a really good question. And I think that the answer to that is really actually not so much about, not necessarily about reducing though, of course, organizations always, if they can reduce tools and replace one tool that does one thing with a tool that does multiple things, it's always a benefit. But the way we see it is that what is the value that we provide that complements existing tooling that an organization already has, right? Because what we think is important is that any technology that you bring in shouldn't be just sit on its own island where its value is kind of isolated from the value you're getting from everything else, right? It should be part of, it should be able to be part of a sort of integrated ecosystem of complimentary technologies, right? And we believe that what we do firmly fits in to that type of technology ecosystem, right? So we, so for example, to give you examples, right? We enhance your asset discovery piece by providing the visibility that allows you to get the understanding of all your interactions. Why is that important? Because you can use that data to ensure that what you think is labeled or tagged in a particular way is in fact that asset, right? And we benefit from that because we benefit from the asset information to allow us to build security policy that maps those dependencies. We provide value to your detection and response capabilities because we have that visibility around lateral movement. We are able to be reactive in terms of containing an attack. We can be used to proactively limit sort of pathways such that let's say things like common ransomware can't leverage things like open RDP and open SMB ports to spread. We can go and inform things like service maps. So if your organization is sort of heavily invested in like service mapping and feeding that back into the sort of your ITIL tool set so ITSM tool sets, et cetera, right? We can provide data into that to enhance that particular experience. So there are lots of, there is lots of value beyond sort of what our own value proposition is that we bring into your existing technology ecosystem which is why we think we kind of add value into any deployment over and beyond just sort of the things that we do around visibility and consistent security. Yeah, what you were just describing so well, the first thought coming to my mind was value add. There's a lot of synergy there, synergies between other technologies. You mentioned that complimentary nature that seems like a huge value impact for organizations across any industry. Last question from a go to market perspective where can prospects go to learn more? This is available in the AWS marketplace but talk to us about where they can go to learn more. Yeah, so if you're an AWS customer, right? You can purchase Elumio straight from the AWS marketplace just go and find it under sort of security products in I think infrastructure software. So you can go and find that. You can obviously reach out to your AWS account team if you want sort of further information around Elumio and how to secure that through AWS. And of course, you can come along to elumio.com where we have a whole raft of information about what we do, how we do it, the benefits that we provide to our customers and how it ladders up to some of the key sort of boardroom issues around whether it's around transformation or resilience or ransomware containment. So come along to our website and find out all those things and we're here to help. Awesome, Ragu. What a great conversation around such an important topic, cybersecurity, detecting and protecting against threats that we know is an evolving landscape. We appreciate all of your insights, great explanations into what Elumio is doing there, how you're helping organizations and where they can go to find more. Thank you so much for joining me today. It's been an absolute pleasure, Lisa. Thank you very much for having me. All right, for Ragu Nanda Kamara, I'm Lisa Martin. We wanna thank you for watching this episode of the AWS startup showcase. We'll see you soon.