RSA Innovation Sandbox Finalist: Mitiga with CTO, Ofer Maor

[00:00:00] Hey, it's Andrew. Just quickly before we start this episode, I want to tell you about one of my

[00:00:03] favorite podcasts, the Secure Ventures podcast. The host Kyle McNulty interviews cybersecurity

[00:00:09] founders about what they are building. I enjoy it because Kyle focuses on their technology,

[00:00:14] what it solves, why they build it, where it fits in the market. Also listeners can understand

[00:00:19] the why of these startups. In some ways is a great compliment to my own podcast where I

[00:00:23] focus on the go-to-market side, not the technology side. He set some great guests on

[00:00:27] recently. For example, the CEO of Reality Defender when they talked about the ins and

[00:00:32] outs of deep fate detection. He's had the co-founder and CEO of Go Security and also

[00:00:37] the co-founder radical Chris Peterson who was incidentally a founder of LogRhythm.

[00:00:42] They talk about the role of AI in the sock. This is not a paid promotion. I just simply

[00:00:46] enjoy what Kyle is doing with his interviews and get a lot out of them. Check it out. It's

[00:00:51] Secure Ventures podcast. Now on with this episode.

[00:01:04] Welcome to the Cybersecurity Go-To-Market podcast for a special showcase episode where

[00:01:10] we're talking to leaders of the companies selected for the 2024 RSA Conference Innovation

[00:01:16] Sandbox. These are the very, very few. In fact, just 10 companies the judges have

[00:01:22] selected out of hundreds, if not over a thousand as the most innovative startups

[00:01:27] in cybersecurity today. I am your host, Andrew Monahan. Today we're talking with Ofer Maor,

[00:01:33] CTO and co-founder of Mitiga. Ofer, welcome to the podcast.

[00:01:37] Hi, and thanks for having me here.

[00:01:39] Yeah, this is an exciting time, I'm sure, for Mitiga, right? Getting selected down to

[00:01:43] just the last 10. That's a heck of an accomplishment for you all.

[00:01:47] Thank you. Yeah, it is very, very exciting.

[00:01:50] First question for you, Ofer. Where in the world did you have your first sandbox?

[00:01:56] I grew up in Israel in Haifa. It's the third largest city. It's in the north of the country.

[00:02:03] I grew up in a pretty good home. Both of my parents are PhDs, one in physics,

[00:02:08] one in chemistry. So no pressure growing up at all. In fact, I always joke that I'm the

[00:02:14] black sheep of the family because everybody else in my family, my sister, my brother,

[00:02:18] everybody's got PhDs and I just went to do companies instead.

[00:02:22] You're just a merely successful founder of a startup or two. If you're the black sheep,

[00:02:28] then that's a heck of a position to be in.

[00:02:30] Yeah, it's not too bad.

[00:02:33] My sister actually was on a cruise in the Mediterranean last year and they

[00:02:36] stopped in at Haifa for a day and she said it was awesome. She loved it.

[00:02:39] Yeah, it's a harbor town. It's on a mountain by the beach. It's really, really nice.

[00:02:45] Did you send me a picture of this huge staircase? Is it a huge road that goes straight down from

[00:02:49] up in the mountain somewhere? Is that right?

[00:02:51] Yeah.

[00:02:53] All right. So let's talk about the business side then. What's the story of the founding

[00:02:58] of the company?

[00:03:00] It's pretty funny. I have two co-founders, Tal and Ariel. Tal and I had two other companies

[00:03:05] before which we sort of spin out one out of the other and sold both of them. We were

[00:03:11] both working at two big corporates after selling the two companies and then we both decided to

[00:03:18] leave. We'd be talking very confers, you know, we need to leave, do something new.

[00:03:22] And then finally at a cruise in the Maldives, scuba diving cruise,

[00:03:27] and I get a call from Tal, oh, you know, this VC introduced me to this other guy from

[00:03:33] 8200. You need to have one of those in the founding team. And I think we should

[00:03:38] start a company. You're in, I said, well, sure. And I spend half of the cruise between dives

[00:03:44] going on con calls trying to figure out what is the company that we're building.

[00:03:49] So I've never heard of someone doing conference calls between scuba dives. That's a great

[00:03:53] situation to be in.

[00:03:55] Well, you can't do them while scuba diving. That doesn't work.

[00:03:58] I once did a forecast call from a chairlift at a ski resort. Not quite the same, but,

[00:04:03] you know, I could do that at the same time, right? I could actually talk, which was fun.

[00:04:07] So what's the problem, Ofer, that you're solving at Midigun? Who cares about it?

[00:04:12] Who are you solving this problem for?

[00:04:14] So everybody cares about it. So the problem is...

[00:04:16] That's a problem. That's a problem right there.

[00:04:18] That's a problem. The problem is that, you know, we're moving through the cloud.

[00:04:23] Everybody gets that, right? And for some years now, we've built as an industry,

[00:04:28] right now, we as an industry, we've built technologies to help us build more secure

[00:04:32] and robust cloud environments. But what we haven't done is help the other side of the

[00:04:37] security, the security operations, the people that need to respond to breaches and incident.

[00:04:42] We haven't given them any tools to move to the cloud, but the attackers are now moving

[00:04:47] to the cloud as well. And so as attackers are moving to the clouds, attacks are going big.

[00:04:53] And the teams are last line of defense, right? The people, the security operations,

[00:04:57] the defenders, the people that sit in 24-7 shifts and try to stop attacks don't have

[00:05:03] the right tools to deal with attacks in the cloud. And this is the problem we're solving.

[00:05:08] So these companies have deployed, you know, pick your acronym, ASPM, CSPM, DSPM,

[00:05:14] right? But it's still obviously there's going to be attacks and they need to be able to have

[00:05:17] a way to respond. And you're giving them what, like a dashboard, a tool set that

[00:05:22] enables them to watch and then take action. Right. So if you think about the SPMs of

[00:05:28] the world, right? Asterix SPMs. It's posture, right? They help you, they tell you when

[00:05:33] something is open. Think of it, you know, in a physical world. Think of it somebody

[00:05:37] coming to look at your bank and says, oh, you're missing bars on this back door.

[00:05:41] Somebody can go in, but they don't deal with what happens once somebody gone in.

[00:05:46] And then the people who have to defend, they need different tools. And the cloud being the

[00:05:51] cloud is big, complex, so many different types of services. So they need tools that can make

[00:05:57] sense out of this scale and complexity, just like we needed them right for the posture side.

[00:06:02] That's what posture tools did. We need that for detection and response. And that's what

[00:06:07] we're giving. It's, you know, of course there's dashboards and stuff, but the essence is giving

[00:06:12] them the right context, the right information out of, you know, insane amounts of information

[00:06:18] that's out there in the cloud, giving the right information contextualized so that they can

[00:06:23] understand what's going on and respond to it quickly, in seconds, in minutes, because you

[00:06:27] don't have time. Everything goes really fast in the cloud. And the idea of detection response,

[00:06:31] obviously, has been around for a while. You're bringing it to the cloud. What is the big

[00:06:35] innovation about how you do that though, at the scale and speed of the cloud world that

[00:06:40] the judges would have looked at and said, there's our finalist right there? So there are

[00:06:44] three big parts that everybody talking about the cloud in every aspect will tell you, right?

[00:06:49] There's scale, complexity and expertise. Those are the three things that are different in the

[00:06:54] cloud. The mass amounts of services, servers, workloads, everything in the cloud, the complexity.

[00:07:01] So there isn't just like, you know, here's 100,000 million, sorry, 100,000

[00:07:07] Windows machines, but they're machines of different sizes, types, Kubernetes, EC2s,

[00:07:12] multi-cloud, SaaS services, IaaS, identity, all that. And then the people don't have the expertise.

[00:07:20] So our innovation is about taking all that and making it so it's easy to understand what's

[00:07:26] going on, right? How do we do that? We're able to collect insane amounts of data. We

[00:07:31] have already petabytes of data, something that normal security operation tools can't deal

[00:07:36] with. We make sense out of the complexity. We've spent years in research that's, you know,

[00:07:42] we've been around for four years. We have a big research team. All we do is research how do attacks

[00:07:47] in the cloud look like? We build what we call the cloud attack scenario library. So we understand

[00:07:52] how it looks, how it manifests through the different data sources. And then we bring just

[00:07:58] cherry pick the pieces of data that are relevant for an attack and put them in front of you.

[00:08:04] And it could be pieces of data that come from 20 different sources. I was just showing demos in

[00:08:09] the last few days to a bunch of people and everybody's going, wow, this gives me, you know,

[00:08:14] in one view, something that could take me a day to investigate on my own. And that's assuming

[00:08:19] you know what you're doing. And is your vision then that you're enabling existing operations

[00:08:24] center folks who perhaps aren't cloud experts to become obviously much more rich and expert

[00:08:31] in the cloud world? Or are you trying to enable cloud expert, cloud security experts to be able to

[00:08:35] do that? Both. But I think the big challenge is how to enable those that are not experts.

[00:08:40] I mean, the experts, they could probably get it done. It will take them a lot longer without

[00:08:45] our solution, but they could get it done. They're not experts. They just can't get it

[00:08:50] done. And we don't have enough cloud experts to work in sec ops. Keep in mind sec ops,

[00:08:56] and especially SOC analyst is fairly entry level job to be going. Of course, you know,

[00:09:01] they're senior sec ops individuals. But SOC analyst, the people that do the 24 seven shifts,

[00:09:07] it's, you know, it's a career starting job. Over time, people get better and most of them

[00:09:13] will leave to the more senior IR jobs or go into other areas of security. And even if you're

[00:09:20] very good, being able to understand how attacks look like in 100 different cloud services is an

[00:09:26] impossible task. And the buyer is who the SOC leader or does it go higher than that?

[00:09:32] It's between the SOC leader and the CISOs because what we see is that a lot of CISOs

[00:09:37] today understand that they have gap in in sec ops in the cloud. And so the sec ops people

[00:09:45] obviously want the tools to help them do their job. The CISOs want to know that they have coverage

[00:09:51] for attacks in the cloud. And one of the things we're actually doing for CISOs,

[00:09:56] which our customers really love is on top of this platform, we automate a lot of

[00:10:02] the detection, of course. But whenever something big happens, right, like the last Sisense

[00:10:07] breach or the last MGM breach or Microsoft Storm or Midnight Blizzard, anything you hear

[00:10:14] in the news, let's call it this way. We build specific detection for that within hours after

[00:10:21] it blows up and running for our customers. And we deliver them within the platform a report

[00:10:27] that says where they stand in regard to that. Are they impacted? Not impacted? Should they

[00:10:31] investigate further? And this is extremely valuable because what happens in these cases

[00:10:36] today is that the CISO gets a call from a board member or a CEO or somebody that doesn't

[00:10:41] really know security. And all they care about is like, is this impacting us? Like I heard on the

[00:10:46] Wall Street Journal that MGM got breached. And so we give a lot of value there for the CISO as

[00:10:53] well. And of course, for the sec op team. Yeah, that's a powerful use case right there.

[00:10:57] Take the board, take the CEO, the CFO off my back please with that simple,

[00:11:01] easy to read report. I can definitely see the value in that. When we're looking at

[00:11:05] it to 2024 over what's the big goals for the company for the rest of the year?

[00:11:09] So, you know, we're growing. We're growing really fast. We are expanding now a lot in the big

[00:11:15] companies, the Fortune 500s. When we were younger, most of the companies that were looking at sec

[00:11:21] ops in the cloud were more of the technology born in the cloud type of companies. But now

[00:11:27] as cloud attacks are on the rise and everybody's moving substantially to the cloud,

[00:11:32] we're going more and more into large organizations. And so our goal is to grow,

[00:11:38] do more integrations with the rest of the ecosystem and the sec op workflow and life cycle

[00:11:46] and be able to help more and more organizations respond to breaching in the cloud because

[00:11:51] they're coming. And it's a real problem. If you look at some of the stats,

[00:11:56] it's actually really interesting. If you're familiar with IBM's cost of data breach report,

[00:12:01] they've been publishing it year over year. The last two years, they started asking about cloud

[00:12:06] in 2022, 45% of breaches had a part in the cloud. Last year it was 82%. So double in one

[00:12:14] year and cloud breaches take longer to respond to, longer to detect. And because of that,

[00:12:21] they cost more. Their impact is higher. So we really look to help organizations reduce

[00:12:25] the impact of their cloud breaches. So it sounds like expansion and headcount growth

[00:12:30] is what you're after for us, right? That's where you're going.

[00:12:34] Like every startup. And let's talk about RSA. So we got it coming up now in less than two

[00:12:39] weeks. Gosh, it's coming up fast. Except for the wild celebrations of winning the Sandbox.

[00:12:45] What else do you guys have planned for that week?

[00:12:47] Wow, we have a very busy RSA. So on top of the Sandbox, I have two other talks

[00:12:53] I'm doing at RSA. So I usually speak at RSA. I got two talks accepted this year. So Monday,

[00:13:01] I'm doing the Sandbox Tuesday one talk, Wednesday, the other talk. It's gonna be busy.

[00:13:06] We have a pretty exciting booth where we'll show all our stuff. And if you're interested

[00:13:12] and this appeals to you, by all means come and get a demo. And you know, a bunch of events,

[00:13:18] VC events, customer meetings, the usual stuff you do in a conference.

[00:13:23] Well, listen, I wish you a huge success for the year. Good luck for this Sandbox. I hope

[00:13:28] you get your name in lights, not just doing the presentation, but actually getting into the

[00:13:32] final two and then hopefully winning the whole thing. So I wish you success for that

[00:13:36] and for the rest of the year. Thank you very much. You too.

[00:13:51] It would mean a lot to me and to the continued growth of the show if you'd help

[00:13:55] get the word out. So how do you do that easily? There are two ways. Firstly, just

[00:14:00] simply send a link to a friend, send a link to the show, to this episode. You can email it,

[00:14:06] text it, Slack it, whatever works for you and is easy for you. The second way is to leave a super

[00:14:12] quick rating. And sometimes that can seem complicated. So I've made it as easy for

[00:14:16] you as I can. You simply have to go to rate this podcast.com slash cyber. That's

[00:14:24] podcast.com slash cyber and explains exactly how to do it. Either of these ways will take

[00:14:30] you less than 30 seconds to do, and it will mean the world to me. So thank you.