 Good afternoon, everyone. Welcome back to theCUBE's day one coverage of CrowdStrike Falcon 23 Live at Caesars Palace in Las Vegas. Lisa Martin and Dave Vellante here. We've had a great morning so far, talking with execs and some customers. We've another customer that we're really going to unpack their case study next. PK is here from Navan, Global Head of Security and Trust CSO. PK, great to have you. Thanks so much for joining us today. Thanks for having me. It's a pleasure to be here. Give the audience an overview of Navan. I know this is formally trip actions, give us an overview of the company and the type of business that you do. Yeah, yeah. So, Navan is an all in all travel and expense management mobile-first SaaS platform. Our core mission is to simplify travel and expensing for our customers and users. We have thousands of customers, close to 3,000 employees. It's global operations. Talk about, was the company founded back in 2015? Yes, yes. What were some of the gaps in the market at the time? I've used trip-to-action myself to relate to that. So, what were some of the gaps that the founders wanted? We can fix this. Yeah, so our founders, Ariel Cohen and Ilan Twig, were frequent travelers. And the antiquated nature of the travel tech kind of industry and the products that they were using actually caused a lot of frustration to them to actually come out and build a company to solve this problem. And modernized travel technology with a mobile-friendly simplified travel experience for the user. That's the genesis of why the company was formed. So, what's changed in your business in the last few years? Obviously, the world has changed. The world has traveled. The world of travelers changed. Consumer habits have changed. We come out to Las Vegas a lot and you can see everybody's so eager to get out and travel. What has changed in your business in terms of its drivers and how has that changed the way you approach security? Yes, so Navan, the focus has always been on the user. That's why the company was formed. We focused on the user. We want to simplify the experience for the user. So it was initially started as a travel tech platform. And then we went out and built a payments platform to offer a single pane of glass to our customers with travel and payments. And lately, we've been early adopters of the generative AI technology. And I can talk more about that. So all of this has resulted in its unique set of security challenges, right? We have a lot of customer, PII, financial information. We're using Genai and product workflows. Engineers are using it. So it's created a unique set of security risks and challenges that we had to address as a security function. What were some of those major challenges that you had from a security perspective that led you to start looking for technologies like CrowdStrike? Sure, yeah. So if you look at all the common breaches in the recent past, right? It's mostly happening from a business email compromise, MFA bypass, endpoint-related kind of vulnerabilities that lead to these kind of attacks, right? And as a security function and a security organization, our primary, one of our primary objective is to make a cost of an attack as expensive as possible. It's a risk management function. We want to constantly reduce the risk, right? So from that perspective, we were looking at how to mitigate some of these risk vectors on the endpoint. And we were looking at Best in Class technologies there. So that's why we kind of initially onboarded the Falcon EDR platform. And then we expanded the relationship to Falcon Complete, which is the managed services platform as well because the tech and the service was so good and we want to make our internal operations as efficient as possible. So that was kind of what led to this, yeah. You mentioned you're using generative AI. How so? And when did you start? What does that journey look like? And then I want to ask you about what you saw on stage today. Yeah, great question. So we were actually the first travel and expense management company to adopt this technology. Earlier on, beginning of this year, we released a virtual assistant called Ava Chatbot to support our customers using generative AI technology. And then we also have an admin offering as part of our product, where we kind of use some of these technologies to offer like a personalized data assistant to CFOs and admins. And then in addition to that, our developers also use this technology to write, build, test, and fix code as well. So there's multiple use cases from customer product workflows, internal developer workflows, and also some of our internal operations. So, I mean, you said early this year, so not long after ChatGPT was announced, of course, generative AI was around before that. Yes. So you were, I'm inferring, you were working on it before last November, is that true? No, so. Ash, November, the catalyst. Great question. So, Nawan has always leveraged AI technology, right? But the adoption of this technology because of the open AI and the wave that has happened has really changed. I mean, you can see it here at CrowdStrike, and you can see it on many other platforms, right? So that is the piece that I was referring to. We were always in AI-first technology, but the adoption of some of these generative AI technologies in our product workflows, and for our developers, how we write code for our technical workflows, internal operations, we were embraced and adopted this technology in a huge way, because we know this is going to disrupt the market. What was your talk about today? So today my talk was about SOC transformation, modernizing your security operation center and incident response, yeah. Talk a little bit about that. As organizations really struggle, some that don't even have SOCs, what does a modern SOC look like today, especially with the threat landscape being so amorphous, the perimeter being so porous? Great question. So if you look at legacy SOC, right? Let's take a step back. If you look at legacy SOC, cost of operation is significantly high, right? There's logs that are getting ingested from your endpoint, from your cloud, from your application, and then the storage of these logs in a way where it can be indexed real-time and write detections on top of that. You need to hire good detection engineers, and then on top of that to build automation and hire the right skill sets to actually triage these security threats and respond in a timely manner. This entire operation used to be very expensive. So we've really modernized this approach where we use a data warehousing platform with log enrichment to actually pull in the right signals. And then, since once you have the right logs, then it's easy to build detections on top of that using detection engineering. And then you can figure out a strategy, like that's where Falcon Complete fits right in, where when it comes to endpoint alerts, right? They do the first level of triage for us, right? So that we don't have to look at, we only look at critical, high-risk alerts that matter and triage and our analyst time goes into those kind of activities, right? So it's mostly efficiencies and scale that we want to achieve, yeah. So you use a cloud data warehouse. Can you share what you use? Yes, yes, absolutely. I'm very public about it. We use Snowflake for our log aggregation. We use Snowflake for our log aggregation and we run a detection engineering platform on top of that. In addition to that, we also have in-house detection engineers who further build on top of out-of-the-box detections that we get through MITRE and all of that, and then we stitch all this together with a no-code automation play, yeah. Okay, so I know Snowflake has the security use case, there's a workload. They introduced it a while ago. So when you see something like Charlotte AI as a practitioner, what do you think about that? What are the concerns that you would have in terms of adopting that? How will you go through determining whether or not that's a good fit? And then how does it fit with, for instance, what Snowflake's doing with NVIDIA or other AI? Yeah, yeah. So Snowflake's use case, at least in our context and environment, is primarily for log aggregation, indexing, and all of those things, right? As I said, we have our own other ways of writing detections on top of that and then responding, right? Based on once you write detections, you get alerts, write signals, you got to respond to that. When I think about, like when I heard George today and the keynote and when I'm thinking about Charlotte AI, the first thing that comes to my mind is reducing triage time for my stock analysts and all of that, if we can achieve that because as our company is growing, our customer base is growing, our infrastructure is growing, the size of logs and the kind of detections that we need to write is getting complex and complex. So if this technology can help in triaging, some of this in an efficient manner and if we can maybe reduce the cycles for triaging by like 50% or something like that, that's what comes first to my mind. In terms of adopting the technology, I mean, if your question is broadly around generative AI and open AI, I have a different answer to that, but when it comes to CrowdStrike's technology, we have already embraced their platform, right? A lot of our logs are already getting processed in their platform, so I don't see any net new additional risk. So you don't have concerns about applying GenAI, which gives you a different answer every time, you know, it sometimes hallucinates, right? That's chat, GPT, I'm not saying CrowdStrike's, I'm not saying Charlotte hallucinates, but do you have concerns about that and how would you test those and try to mitigate that risk? Yeah, so there's always a human angle involved here, right? So we are just using this technology when it comes to security use cases like SOC and IR, it's just the first level of triage, right? To reduce some of these workflows and even that first level of triage, we want to validate it from the source, right? Is it alerting on the right signals, right? Whatever is coming out of that technology, is it the right thing? And it's always validated by humans. I think it's almost like, think about it this way. When we adopt something like this, you also have to have a rigor and audit the whole thing, right? From a completeness and accuracy perspective. So we look at it from that perspective. So, of course, so there's that. And then we also follow the NIST cybersecurity framework to look at all of other threat vectors and risks that we need to mitigate from an AI perspective. We also look at that as well. So AI will give you the first pass. Yes. A human will validate that. Yes. Just like we use ChatGPT. I mean, I don't think I've ever used whatever ChatGPT gives me. I'm always editing or changing or maybe getting an idea and then applying it. And so it's sort of similar here. Do you see the day when the AI will actually take action for you or maybe it does in certain cases that they'll write a report, but do you ever see a day where it's unsupervised? So from a security practitioner's mindset, right? I don't see that day yet. I'll be very honest with you because security is a very complex ecosystem. As you know, it's not just a technical profession. There are regulatory angle. There's a customer angle. Now SEC has its own requirements for cyber reporting, all of those things. So the stakes are really, really high, right? So I don't see that yet. We'll see. Next year, if you're having this conversation, let's see how much the technology has progressed. For now, I still want to rely on my team. Yeah. Share with us some of the reasons that Navan chose CrowdStrike in a crowded market. What were some of the things that really stood out to you is that this is the right technology. And was there any sort of catalyst event within Navan from a security perspective that really led you to realize some of the changes that you needed to make? Yeah. So we were looking at, as I mentioned earlier, like we are in this mode of constant risk reduction and making a cost of an attack as expensive as possible, right? So we are constantly looking to move the needle from an endpoint perspective, from a cloud perspective, from an application security perspective, what we do around humans, training, training the developers. So since endpoint was such a common attack vector, we were looking at how to enhance our security posture there. And we looked at the players in the market and I have to say the CrowdStrike EDR product is easily, you know, it tops everybody there, right? I mean, that's what, that was the first product that they released. And I mean, now I've got a little bit of a behind the scene view because I'm in the customer advisory board and I know how they ship, how much rigor it goes into when they ship something. They also tested in their own environments when they ship something. So all of those things. So yeah, that was why we adopted that and then we expanded the relationship to like Falcon Complete and now I'm looking at the cloud offerings and so on and so forth. Do you use Microsoft security products? No, we do not. You don't. You don't use any. Okay, I mean, I know there's a lot of competition there and there's a lot of overlap there, but you know. What's the structure of your security regime? How are you organized? Who do you report to? You know, people are always asking what's the right security regime? There is no right answer, but curious as to how your reporting structure works. Great question. So let me take a step back. The primary objective and mission for my organization is three things, right? We are a product company. So securing our product, building customer trust, having the ability to detect and respond to security threats and incidents in a timely manner because there are regulatory commitments, customer commitments, investor commitments, all of those things. And lastly, you know, reduce risk, right? Reduce risk so that we can support the business. So based on this, my security organization has three main pillars, product and platform security, which is led by a senior leader and all of the leaders are director level. Then there is a SecOps detection and response function. And lastly, the governance risk and compliance and the GRC function, which takes care of like all the compliance, third party risk and policies and customer facing security content. That's how we are organized. And I report to EVP of engineering, who this is a person who runs all of our engineering parts of our product and also many other things, IT operations, a very, very senior exec. And then I have reporting obligations to the audit committee of the board and also kind of like a dotted line to GC and CFO because as I mentioned, there are multiple implications here in security. As a technology, so many, if not most CISOs will tell us their number one challenges, lack of talent, lack of depth, lack of bench strength. I'm sure you hear it all the time. Do you have that same challenge or is it because you're a technology company, you don't face that challenge? No, that's always a challenge. Yeah, that's always a challenge. But the way I think about security and the way I've built the organization here at Navan is it's a mission driven profession. I mean, we are not in a nine to five kind of a job, right? It's mission driven. I mean, you need people who are passionate and think this way. I'm very fortunate that I've found some folks who think like this and it's a mission for us, right? It's a constant mission and we are always brainstorming, thinking how to move the needle forward, reduce the risk and all of that stuff, right? When you build that culture, it kind of trickles down and it's sometimes this word of mouth, you know, the industry is small and it kind of spreads and it becomes easier to attract talent. But if you just follow the traditional run book, it's extremely challenging because professionals are good ones, are very, very sought out, yeah. Do you see AI is helping to, you know, in a good way and move the needle on the skills gap? Of course, yeah, of course. So I think the time, a simple example is, if you think about the education industry, right? Or think about up leveling some folks, right? The time to digest information, you can just get a summary of like a 20 page document, key takeaways, things like that, right? So of course, it's easier to upskill and it's definitely moving the needle here, yeah, yeah. Last question for you, PK, in the last 30 seconds or something we have, what are some of the main outcomes, business outcomes that Navan is achieving with the CrowdStrike partnership? Yes, so there are, the primary one is this fits right into our SecOps detection and response play, where one of the key missions that I mentioned was around the ability to detect and respond in a timely manner, which is very critical with all the regulations that are coming in the security world. So that is absolutely critical, right? With the Falcon platform and Falcon complete on top of that, we are at least on the endpoint side, we have really good coverage. And then in addition to that, also risk reduction, significant risk reduction in terms of how we manage our endpoint security, yeah. Risk reductions, what it's all about. PK, thank you so much for joining Dave and me on the program. Talking to the audience about Navan, what it is that you guys are doing, how you're really strengthening your security posture and how CrowdStrike is the key component of that. We really appreciate your time. Of course, thanks for having me. It was a pleasure. Our pleasure as well. For PK and Dave Vellante, I'm Lisa Martin. You're watching theCUBE Live, day one of our two days of coverage of CrowdStrike Falcon 23. Stick around, Dave and I will be joined by our next guest in just a minute.