 Hi everyone. Welcome to the Keynes presentation of the AWS Startup Showcase. This is season two, episode four of our ongoing series where we're talking with exciting partners in the AWS ecosystem. This topic on this episode is Cybersecurity, Detect and Protect Against Threats. I have two guests here with me today. From Hunters, please welcome Litao Asher Doton, the CMO, and Ofer Geier, the VP of Product Management. Thank you both so much for joining us today. Thank you for having us, Litao. Our pleasure. Litao, let's go ahead and start with you. Give the audience an overview of Hunters. What does it do? When was it founded? What's the vision? All that good stuff. So Hunters was founded in 2018. Two co-founders coming out of Unit 8200 in the Israeli Defense Force. The founders and people in engineering and R&D are mostly coming from both offensive cybersecurity as well as defensive threat hunting, advanced operations, or being able to see and respond to advanced attack. And with the knowledge that they came with, they wanted to enable security teams in organizations, not just those that are coming from military background, but those that actually need to defend day in and day out against the growing cyber attacks that are growing in sophistication in the numbers of attacks. And we all know that every organization now they is being targeted. Is it ransomware, more sophisticated attacks? So this thing has become a real challenge. And we all know those challenges that the industry is facing with talent scarcity, with lack of the knowledge and expertise needed to address this. So came in with this mindset of we want to bring our expertise into the field, build it into a platform, into a tool that will actually serve security teams in organizations around the world to defend against cyber attacks. So born and raised in Tel Aviv, became a global company, recently raised a series of funding funded by the world's greatest VCs from stripes, wild benches supported by Snowflake Databricks and Microsoft M12, also a strategic partners. And we now have broad variety of customers from all industries around the world, from tech to retail to e-commerce to banks that we work closely with. So very exciting times and we're very excited to share today, how we work with AWS customers to support the environment. Yeah, we're going to unpack that. So really solid foundation the company was built on. Only a few years ago, was there, why a new approach? Was there a compelling event? Obviously, we've seen dramatic changes in the threat landscape in recent years, ransomware becoming a one that happens to us, not if, but any sort of compelling event that really led the founders to go, ah, this new approach, we've got to go this direction. Absolutely. We've seen a tremendous shift of organizations from cloud adoption to adoption of more security tools, both create a scenario which the tool sets that are currently being used by security organizations, the security teams, are not efficient anymore. They cannot deal with the plethora of the variety of data. They cannot deal with the scale that is needed. And the security teams are really under a tremendous burden of tweaking tools that they have in the environment without too much of automation, with a lot of manual work processes. So we've seen a lot of points where the current technology is not supporting the people and the processes that need to support security operations. And with that, Offer and his product team kind of set a vision of what a new platform should come to replace and enhance what teams are using these days. Excellent. Over, that's a perfect segue to bring you into the conversation. Talk about that vision and some of those really key challenges and problems that hunters are solving for organizations across any industry. Yeah. So, as Leetal mentioned, and it's very rightful, the problem with the SIM space, that's the space that we're disrupting, is the well-known secret around is it's a broken space. There's a lot of competitors. There's a lot of vendors out there. It's one of the most presumably mature markets in cybersecurity. But it seems like that every single customer and organization we talk to, they don't really like their existing solution. It doesn't really fit what they need. It's a very painful process, and it's painful all across the workflow. From the time they ingest the data, everybody knows if you ever had a SIM solution or a soft platform, just getting the data into your environment can take the most amount of your time. The lion's share of whatever your engineers are working on will go to getting the data into the system and then keeping it there. It's this black hole that you have to keep feeding with more and more resources as you go along. It's an endless task with a lot of moving pieces, and it's very, very painful before you even get a single moment of value of security use case from your product. That's a big painful piece. What you then see is once they set it up, their detection engineering is so far behind the curve because of all the different times of things they need to take care of. It used to be a limited attack surface. We all know the attack surface here today is enormous, especially when you talk about something like AWS. There's new services, new things all the time, more accounts, more things. It keeps moving a lot and keeping track of that and having someone that can actually look into a new threat when it's released, look into a new attack surface, analyze it, deploy new detections in time, test them, tweak them, all those things. Most organizations don't even know how to start approaching this problem, and that's a big pain for them. When they finally get to investigating something, they relax the context and the knowledge of how to investigate. They have very limited information coming to them, and they go on this hunting chase of not hunting the attackers, but hunting the data, looking for the bits and pieces they're missing to complete the picture. It's like this bad boss that gives you very little instructions or guidelines, and then you need to try to figure out what is it that they asked. That's the same thing with trying to do triaging with very minimal context. You look at the IP and then you try to figure out, you look at the hash, you look at all these different artifacts and try to figure out yourself. You have very limited insights. The worst is when you're under the gun, when there's a new emerging threat that happens, like a log for Shell, and now you're under the gun, and the entire company is looking at you and saying, are we impacted? What's going on? What should we be doing? From start to finish, it's a very painful process that impacts everybody in this rigidity organization. A lot of cumbersome work with a lot of frustration. Companies in any industry, Ofer, don't have time. You talked about some of the time involved here in the lag, and there isn't time in the very dynamic threat landscape that customers are living in. Let's ask a question for you. Is your primary target audience existing SIM customers? Ofer, I mentioned the disruption of the SIM market. I'm just wanting to understand in terms of who you're targeting. What does that look like? Definitely looking for customers that have a SIM and don't like it. Don't find that it helps them improve the security posture. We also have organizations that are young, emerging, have a lot of data. A lot of tech companies that have grown in the last 10, 15 years or even five years. We have Snowflake as a customer. They're booming. They have so much data that going the direction of traditional tools to aggregate the logs, cross correlate them. It doesn't make any sense with the scale that they need. They need the cloud-based approach, SaaS approach that is capable of taking care of the environment. We both cater to those organizations that were shifting from on-prem to cloud and need visibility into those two environments and into those cloud natives. Wanted the cloud. Don't want to even think of a traditional SIM. You mentioned Snowflake. We were just at Snowflake a couple of months ago, I think that was, a tremendous company that massive growth. Massive growth in data across the board, though. I'm curious, Ofer, if we go back to you, if we can dig into some of these data challenges. Obviously, data volume and variety is only going to continue to grow and proliferate and expand. Data in silos is still a problem. What are some of those main data challenges that Huntress helps customers to just eliminate? Definitely. The data challenge starts with getting the right data in. The fact that you have so many different products across so many different environments, and you need to try to get them in some location to try to use them for running your queries, your rules, your correlation. It's a big problem. There's no unified standard for anyone. Even if there was, you have a lot of legacy things on-premises as well as your AWS environment. You need to combine all of these. You can't keep things only on-prem. You can own mostly, a lot of most organizations are still in hybrid mode. They're shifting most of the things to AWS. They still have a lot of things on-prem that they're going to shift in the next three, four, five years. That hybrid approach is definitely a problem for gathering the data. When they gather the data, a lot of the times, their existing solutions are very cross-prohibitive and scale-prohibitive from pushing all the data in a central location. They have these data silos. They'll put some of it there, some of it here, some of it in a different location, hot storage, cold storage, long-term storage. They end up not knowing really where the data is, especially when they need it the most, becomes a huge problem for them. Now, with analytics, it's very hard to know upfront what data I'll need, not tomorrow, but maybe in three months to look back and query, making these decisions very hard, changing them later is even harder, keeping track of all these moving pieces. You have a device, you have some vendor sending you some logs. They change their APIs. Who's in charge of fixing it? Who's in charge of changing your schema? You move from one EDR vendor to the other. How are you making sure that you keep the same level of protection? All these data challenges are very problematic for most customers. The most important thing is to be able to gather as much data as possible, putting in a centralized location and having good monitoring and a continuous flow of, I know what data I'm getting in, I know how much I'm using, and I'm making sure that it's working and flowing. It's going to a central place where I can use it at any time that I want. We've seen too much compromise on data that because of prohibitive costs, structure of tools or because of inability to manage the scale, teams are compromising or making choices and they're paying a price of the latency of being able to then go search if an incident happened, if you are impacted by something. It all means money and time at the end of the day when you actually need to answer yourself, am I breached or not? We want to break out from this compromise. We think that data is something that should not be compromised. It's a commodity today. Everything should be retained, kept, and used as appropriately without the team needing to ration what they're going to use versus what they're not going to use. That's a great point. Go ahead. We've seen customers either having entire teams dedicated to just doing this and or leveraging products and companies that actually build a business around helping you filter the data that you need to put in different data silos, which to me shows how much problem pain and how much this space is broken with what it provides with customers that you have these makeshift solutions to go around the problem instead of facing it head-on and saying, okay, let's build something that you put all your data as much as you want, not have to compromise on security. You both bring up such a great point where data and security is concerned no business can afford to compromise. Usually compromise is a good thing, but in that case it's really not. Companies can't afford that. We know with the threat landscape, the risk, all of the incentives for bad actors that companies need to ensure that they're doing the right things in a timely manner. Let's all, I'm curious, you mentioned the target markets that you're going after. Where are the customer conversations? Is this a C-suite conversation from a data security perspective? I would imagine this is more than the CISO. It's a CISO conversation as well as we talk on a daily basis with those that lead security operations, head of stocks, those that actually see how the analysts are being overworked, are tired, have so many false positives that they need to deal with, noise day in, day out, becoming enslaved for the tools that they need to work on and tweak. We have seen that the ones that are most enlightened by a solution like hunters are actually the ones that have the stock reporting to them. They know the daily pain and how much the process is broken. This is probably one of we all talk about job satisfaction or dissatisfaction, the greatest, the great resignation, people are living. This is a real problem in security. The stock is one of these places that we see this alert fatigue. People are struggling. It's a stressful work. If there is anything that we can do to offload the work that is less appealing and have them work on what they sign up for, which is dealing with real threats, solving them, instead of dealing with false positives, this is where we can actually help. Can you add a little bit on that, Latala? You mentioned the cybersecurity skills gap, which is massive. We talk about that a lot because it's a huge problem. How is hunters a facilitator of companies that might be experiencing that? Absolutely. We come with the approach of we call it the 80-20 of detection and response. Basically, about 80 percent, probably more, it's actually something like 95 percent of the threats are shared across all organizations in the world. Also, 80 to 90 percent of the environments are similar. People are using similar tools. They are on similar cloud services. We think that everything that goes around detection of threats around those common attack scenarios and common attack landscape should come out of the box from a vendor like hunters. We automate. We write the rules. We cross-correlate. We provide those services out of the box. Once you sign in to use our solution, your data flows in and we basically do the processing and the analysis of all the data so that your team can actually focus on the 20 percent or the 15 or the 5 percent that are very unique to your organization if you're developing a specific app and you have the knowledge about the DevSecOps that needs to take place to defend it. Have your team focus on that. If you are a specific actor in a specific space and there are specific threats that are unique to you, you build your own detections into our tool. But the whole idea that we have the knowledge, we see attacks across industries and across industries. We have the researchers and the capabilities to be on top of those things so your team doesn't need to do it on a daily basis because new attacks come almost on a daily basis now. We read them in the news. We see them. So we do it so your team doesn't have to. And nobody wants to be that next headline where a breach is concerned. Let's all close this out here with outcomes. I noticed some big stats on your website. I always gravitate towards that. What are some of the key outcomes that hunter's customers are achieving and specifically AWS customers? Absolutely. Well, we already talked a lot about data and being able to ingest it. So we give our customers the predictability, the ability to ingest the data, knowing what the cost is going to be in a very simple cost model. So basically you can ingest everything that you have across all IT tools that you have in your environment. And that helped companies reduce up to 75% of the data cost. We've seen with large customer how much it changed when they moved from traditional Sims to using hunters. Specifically, AWS customers can actually use the AWS credits to buy hunters if they're interested. Just go to AWS marketplace, search for hunters and come to a website. You can use your credits for that. I think we talked also about the security burden, the time spent on writing rules, cross-correlating incidents. We have seen sometimes a change in instead of investigating an incident for two days, it is being cut for 20 minutes because we give them the exact story of the entire attack, what are the involved assets, what are the users that are involved, that they can just go see what's happening and then immediately go and remediate it. So a big shift in meantime to detect, meantime to respond. And I'm sure offer has a more kind of insight that you've seen with some of our customers around that. Yeah. So some great examples recently. So there's two things that I've been chatting to customers about. One thing they really get a benefit of is we talked, you talked about the problem with talent. And where that really matters the most is that under the gun mode, we have a service that is, we see it as the natural progression of the service that we provide called Team AXON. What Team AXON does for you is when you're under the gun, when something like law for shell happens and everybody's looking at you and time is ticking, instead of trying to figure out on yourself, Team AXON will come in, figure out the threat, will devise a report for all the customers, run queries on your behalf, on your data, and give it to you within 24 hours. You'll have something to show your CEO or your executive team, your board even. This is what we got impacted or not impacted. This is what we did. Here's the mitigation thing, a step that we need to take from world-class experts that you might not get access to for every single attack out there. That really helps customers kind of feel like they're safe. There's someone there to help them. There's a big brother there. I call it sometimes the bad signal when needed the most. The other thing is on the day-to-day, a lot of solution will kind of talk about out-of-the-box security. Now, the problem with out-of-the-box security is keeping it up to date. That's what a lot of people miss. You have to think that you installed a year ago, but security doesn't stay put. You need to keep updating it and you need to keep updating it pretty frequently to stay ahead of the curve. If you're behind a couple of months on your security updates, you know what happens. Same thing with your SOC platform or your SIM rule base. The reason that customers don't update is because if they usually do, then it might blow up the amount of alerts they're getting because they need to tweak them. With the approach that we take that we tested on our customers' data transparently for them and make sure to release them without false positives, we're just allowing them to push the updates transparently directly to their account. They don't need to do anything. One customer, one of our biggest accounts, they have dozens of subsidiaries and multiple SOCs and one of the largest e-commerce companies in the world and the person running security, he said, if I had to do what Hunters gives me out of the box myself, I have to hire 20 people and put them to work for 18 months for what you give me out of the box. So for me, it's a very huge, you know, what we give customers and the kind of challenges that we're able to solve for them. Big challenges. Letal and Over, thank you so much for joining us on the Cube today as part of this AWS startup showcase talking about what Hunters does, why the vision and the value in it for customers. We appreciate your time and your insights. Thank you so much. For having us. My pleasure. For my guests, I'm Lisa Martin. Thank you for watching this episode of the AWS startup showcase. We'll see you soon.