How does Darktrace protect enterprises from cyber disruption?
Join us on Tech Deep Dive as Max Clark, founder of ITBroker.com, sits down with Scott Bennett, Strategic Channel Manager at Darktrace. Scott will share how Darktrace addresses generative AI concerns with the introduction of AI Models that help protect Data Privacy
Tune in to learn about Darktrace's powerful self-learning AI, its ability to identify what's not normal, and how it protects against sophisticated cyber-attacks.
Max:00:08
Hi. This is a it broker.comtechdeepdive. I'm Max Clark, and I'm sitting with Scott Bennett with Darktrace. Scott, thank you for joining.
Scott:00:16
Absolutely. Thanks for having me.
Max:00:17
Scott, I've been excited. We've been trying to schedule this a little bit. We've been going back and forth. Your schedule, my schedule has been a nightmare. So so very happy that we're we're here today.
Scott:00:25
Yeah. Absolutely. No. This time of year can get crazy in dark trace land, so appreciate you being flexible.
Max:00:31
Scott, let's let's just start at the beginning. Let's start at the beginning and work our way through. What is dark trace, and what do you do?
Scott:00:37
We are a autonomous detection and response platform that's powered by our proprietary artificial intelligence and machine learning technology. And I know those two words are things that get thrown around a lot these days, but I think as we kinda learn as we get in, we've been, you know, taking the AI approach since the company's inception in 2012. So we cover the entire digital estate, email and network, cloud endpoint, OT environments as well. So it's definitely a little bit different than kind of some more traditional security providers. I've really enjoyed working here coming up on 2 years now, running the channel here in the United States.
Scott:01:15
Yeah. Definitely happy to to dive in and and educate everyone a little bit more. I think we've, we're headquartered in London. So kinda coming over to the States specifically, you know, within the channel, trying to get our name out there to, you know, obviously, partners like yourself, more customers in the United States. That's, been kind of my my go to mission here the past 2 years.
Max:01:36
I'm gonna try to not spend all my time talking about Formula 1 and Darktrace, but we'll we'll we'll we'll get to that at some point. So, okay. Autonomous detection response platform powered by AI, which means nothing. I won't pick on you too much for that and but machine learning. Okay.
Max:01:51
Great. Before I ask you to start contrasting and and kinda like picking into these different things, you talk about the entire digital state. Let's let's talk about this in terms of what a company would already have potentially or replacing or you know, there's some that are greenfield, and and I wanna get it I'll I wanna get into the greenfield conversation in a moment. But let's let's talk about, like, we've already got some pieces of this. You know, chances are, you know, a company is already running some EDR.
Max:02:15
You know? Hopefully, at this point, they're not running antivirus. They're running a real EDR. Maybe they've got a email filtering service already because, you know, we all know that Office 365 doesn't really filter your email. So what does Darktrace do for them that they can already do themselves, or what can they do better with Darktrace?
Scott:02:31
Yeah. Great question. So I would say the typical use case is that we are working with a customer that either has a small IT team that, is scaling, is growing, and they need a solution that's gonna keep up with that. We have learned, and this has really kind of been Darktrace's approach, is that humans can no longer keep up with that any longer. Cybersecurity has gone, way past a human scale problem.
Scott:03:02
And there are many malicious attackers and threats that are actually powered by AI. So our team built a solution, fully 100% from scratch that says, hey. You know, we're gonna fight fire with fire. I think I heard a a famous phrase one time. It's like, you know, if you wanna hunt wolves, you need wolves.
Scott:03:22
So we've developed a solution that can not only keep up with that, but that can proactively, mitigate threats that no one's ever seen before. And that's really been proven out through our, proof of value process that we do for every single new customer to show them like, hey. This is how we are different, but this is also how it can play with other existing tools, within your security infrastructure. So I think the biggest thing for us, and there's a lot of these on our website, around blog post, around, you know, kind of, you know, the new threat of the week. Right?
Scott:03:56
And we can find those because we aren't looking for predefined rules and signatures. We are not looking at historical tack data. We are looking at brand new data, and we're looking at what is normal and what isn't normal. So it's definitely a little bit different because I think we're traditionally compared against your, you know, your XDR or your MDR, right, your managed detection and response. Well, while we are detection and response, we're not relying on a, you know, no no offense to all the humans, but we're not relying on humans.
Scott:04:28
And rather, we are relying on a proprietary technology that can respond, detect, and mitigate threats detect, respond, and mitigate sorry. I had that backwards. Threats within seconds and not minutes. So, we can plug and play with anything in the environment. I wouldn't say there's an area where we say, hey.
Scott:04:47
Rip this out and put us in. You know, you brought up email as a good point. I would say that is probably the one area that maybe at first we will get paired with some type of traditional email gateway. And then maybe a year down the road, you know, we've shown, like, hey. Over the past 12 months, your gateway has missed about 15,000 emails within your organization.
Scott:05:08
And so I will often hear the sales team say, like, yeah. You know, they had this solution for 6 to 12 months, but, you know, it it wasn't working to their satisfaction. So they just use dark trace for email now.
Max:05:21
I'm gonna do this backwards, because I'm curious about this. The what is the the customer's obligation expectation versus dark trace? And and what I mean by that is, you know, a lot of MDR services will say, hey. We'll we'll raise and we'll flag events to you, but you have to go out and you have to remediate. You have to do the instant response on those events.
Max:05:42
And some places say we will do the incident response and really what they mean is that they're gonna do, like, quarantine. We're gonna we're gonna disconnect the device from your networks. That way, it can't do more bad things until you can investigate it. So, you know, before we get into, like, tools and tool differentials, you know, I really kinda wanna understand how you interact with your customers and what the customer responsibility is and what Darktrace does and and how you end up working together.
Scott:06:07
So it's a great question. And there are a couple different ways that we can go about it. The the first way and the most traditional way is that there is a an organization I would say the majority of organizations we work with are 500 employees and above, and it's organizations that they have an IT team. They have a security team, but they cannot keep up with all of the ongoing noise in the background. They don't know what's what.
Scott:06:34
They don't know what's normal, what's not normal, what's bad, what's good. So we really come in, and we really consolidate all of that noise into a singular, what we call cyber AI loop. And so what we're doing is we're taking that all into a kind of always on loop that's going up and down and around, and it's investigating every single action that's being taken within the environment, whether it's human, whether it's machine, whether it's, you know, someone clicked on a bad link, whether it's someone, got a fishy email sent to them, something like that. So customers really like that because it's something that they can have eyes on glass that they can view. They can log into our UI, which is very easy to use.
Scott:07:19
But when they're not there for the day, there there's no type of adjustment. There's no additional work that the customer needs to do. All they needed to do is to fit in with everything else they've got with other investments that they've made, and and they and they need it to work. Right? And I know that sounds kind of oversimplified, but but our stuff works.
Scott:07:40
And I I think the biggest differentiator and the thing that customers love the most about us is that we're just at the end of the day, we're just finding threats that other tools aren't. And we don't like to go to market with that. That's kinda what we use our, proof of value process for, but I think the customer really enjoys that because there's no additional work that they need to put into on their end. It's truly a plug and play that is backed by our SOC team, and a couple of other additional services, that they can throw on top of the of the actual solution.
Max:08:15
Are they are they doing the IR, or is Star Trace doing part of the IR? I mean, you know, if if you're talking to a a a CIO or a CSO and they say, hey. If we get an alert at 2 o'clock in the morning, I just want that thing removed from our network, and then we'll deal with it tomorrow. But I don't wanna think about it. I don't wanna have to look at my email or have a pager duty event or, you know, you know, things like that.
Scott:08:34
So the AI is doing all of that. It's doing the detection, the response, the triage, the you know, maybe there's a situation where we have to, just lock someone out and reset credentials, and we quarantine that machine. But on top of that, on the back end, we have our SOC that's looking into this. And that's saying, like, you know, we're getting an alert, not one that says, like, hey. You better go look at this.
Scott:08:59
Rather, it says, hey. We detected, responded to this, and triaged, and quarantined this machine. So our SOC goes in and looks, and it's just like, oh, okay. Like, you know, that that was actually normal. That's something that, you know, we learned during the proof of value process.
Scott:09:12
Okay. We're gonna release this machine back. This was like, you know, Janice just doing work at, like, a random hour. Right? But if it is a situation where, like, okay.
Scott:09:24
We have never seen this before, we're gonna take full action. We're gonna, you know, reach out to the customer, and say, hey. Our AI detection responded this and found it. This is not deemed as normal at all. We don't believe this is normal at all.
Scott:09:40
Let's let's get on a call as quick as we can. Uh-huh. The type of that type of situation. So, the AI is kind of the, you know, maybe, like, the star player of of the, you know, of a situation like that. And then our SOC team on the back end is doing more of the investigation and communication with the customer after the incident.
Max:10:02
You know, the the fear for executives with that and the reason why I I bring this up is, and I mean, real world examples that I've had with with clients is, the person that was on call just decided not to deal with anything. And they put their cell phone in the freezer because for whatever reason, it just made sense for them to put their cell phone in the freezer and ignore it for 24 hours. And, you know, you know, there's there's all these, there's all these components that break down into process with people. And and if if your process or your people break down, you know, is your organization at risk or not? Or, you know, other horror stories I think of, Target.
Max:10:37
You know, Target had, you know, a a really well known exploit, you know, with with with, you know, software running all their point of sales terminals and lots and lots of credit cards compromised. You know? And and that threat factor, you know, came from one of their subcontractors. Okay. A small organization that had access to their network.
Max:10:54
But they had a service in place that solved this stuff and was alerting, you know, Target's teams that were just, like, ignoring it. Email. And, you know, so, you you know, I'm I'm I'm all I'm very curious about, you know, how you augment that process and and people and and actually, you know, give that, you know, executive peace of mind of, you know, look. We're gonna help ensure that there isn't a process or people break down here, and, you know, you're not gonna find yourself on the front page of a newspaper come Monday.
Scott:11:26
Exactly. And I think that's a perfect example. We're we're not trying to replace the humans. Right? I think, a lot of these you know, when AI machine learning all get get tossed around a lot, you know, I I see on Twitter all the time, you know, Boston Robotics, I think, is, like, a bigger it's like, oh, the robot's coming from my job.
Scott:11:46
That's not what we're trying to do. We're trying to make the humans' jobs easier. We're trying to put less responsibility, and we're trying to put less pressure on the humans. And we're not just saying, like, oh, beep beep alert. Like, better go check it out.
Scott:12:00
We're just like, oh, hey. No. We saw this, and we've we've responded to it in less than a second. That's what we're doing. And then we're reaching out.
Scott:12:07
We're taking care of the problem with our technology, then we're reaching out and getting more of the human component involved. So and and I think that really ties back in well really, really well with our POV process because a big part about AI machine learning is it takes a little time to learn. Right? So for that 1st 30 days, that's free. We are taking that time to learn the customer's environment.
Scott:12:31
So when it time when it comes time, you know, to put pen to paper, we're ready to rock. We're ready to roll. We've learned their environment. We know exactly what types of integrations that they have. We know where their weak spots are.
Max:12:42
I have I have lots of thoughts on this, but I'll get too sidetracked here. Alert fatigue is a real thing. I mean, 20 some odd years ago, I was at a dotcom, and we installed Snort. And I don't think we had that thing running for an hour before we, disabled the email notifications because it was just it was a joke. I mean, it was basically, every single packet matched some pattern that was you know?
Max:13:03
And and I ask I ask, you know, when we when we go from a CIO or CTO down to the actual teams, it's like, you know, are you running some tool? Okay. Let's see your folder and your email where you're filtering all these alerts into this thing because, you know, you you know, it's not it's not even that you don't wanna deal with it. It's just that you just don't have the capacity of dealing with this. You can't you can't take somebody who has, you know, already probably 14 hours a a day worth of work to do and then say, okay.
Max:13:27
We're gonna give you 2,000 alerts on top of that for security to look at. So you you've mentioned, you know, typically 500 and above. Is that is that a, you know, a threshold in terms of, you know, you know, revenue that you're trying to achieve? Or is this that at that size, companies have tried to do this themselves and have realized that they're painted into a corner and they just can't keep up with it. And so it just became like this natural fit of, you know, now you're mature enough that you know you need a cyber program, but you also understand that you can't implement a cyber program yourself anymore because you just don't have the staff and the resources to do it.
Scott:14:04
Yeah. I would say that 500 number just comes from more, I would just say comes more from typically below that size. We're not the most expensive tool in the world, but we're definitely, we're we're we're definitely not the cheapest. We often find that organizations below that size have just a very, very, very small tiny IT team, mean, maybe one security person. That being said, there absolutely are exceptions.
Scott:14:33
There's a Christmas tree farm in Oregon that's a Darktrace customer, because they got hacked, which is, you know, another story another story in itself. But, but, typically, we're seeing it that size that, you know, more of that traditional, maybe more of that traditional MDR approach is good where they say, like, hey. I don't wanna see it. I don't wanna touch it. I don't wanna smell it.
Scott:14:59
You go do absolutely everything for me, and that's completely fine. You know, we don't we we don't try to be fits for every single person every single time. You know, we do have a small business team for a reason, which which is which is kinda below that. But I think if we're looking at, you know, the kind of traditional enterprise model that benefits the most from Darktrace and gets the biggest bang for their buck, it's probably gonna be it's probably gonna be in that area. And that's just kinda typically, you know, we see.
Scott:15:28
It's like, hey. We have an we have an IT team. We have an experienced security team. However, we can't keep up with all the noise that's going on. We don't know what's what, and we don't have the time or the resources to build out our own SOC.
Scott:15:43
So they use dark trace to kind of complement, augment just not just their team, but other tools that they have to give them just more visibility, more eyes on glass. I mean okay.
Max:15:54
So MDR is becoming, you know
Scott:15:54
and, of course,
Max:15:54
we've already you know, the the market is already branded now XDR. It's like, what the heck is XDR? Right? You know, but this whole thing, it's like, you know, thank you tech marketing for just making our lives just worse than they already are. You know, I mean, off the top of my head, it feels like, you know, like, 80, 90% of the MDR market at this point is an MSP that's decided to add cyber to their portfolio.
Max:16:13
And what cyber for their portfolio really means is is we're gonna help you install, you know, an EDR tool, and maybe we're gonna help you install a SIM tool. And then you get into questions like, you know, how many people do you have in your SOC? And it's like, well, we have 7 people in our SOC. And and that response to me is very telling because, you know, 7 people is the exact amount of people you need to do have to cover 1 shift on a 247 cycles. You're like, do you only have 1 person on call at any given moment, or do you only have 7 people total and you don't have coverage?
Max:16:43
Like, where are we on this adoption curve, and where where do you see, you know, this this proceeding?
Scott:16:48
I think there's kind of 3 different paths that we typically see. I think the first path is what you just said. It's a organization that they had an incident. Maybe nothing happened, but, the tools in place that they had did not prevent that incident from happening. And so they're looking for a solution that does things maybe a little bit differently, like dark trace.
Scott:17:13
I think email is a perfect example. A link gets through. 1 of the Gartner Magic Quadrant leaders, gets through their gateway. Darktrace is not a gateway. We are a journaling we're a journaling rule that uses our AI and machine learning to say, like, hey.
Scott:17:33
This email is normal. No. This email is not normal. Account takeover is a big thing right now as well within the email space where within a gateway, if someone's credentials get hacked and they have their MFA that they can get through, like, no one's gonna know. Whereas Darktrace, and this is a real story, CEO's account got attacked or got got hacked.
Scott:17:55
They knew password. MFA got through the whole thing, and they start blasting out emails, you know, send payment here, send payment there. Well, we picked up on that because we said, okay. This person's login is legit, but it is not normal for them to send, a, this many emails within this amount of time. B, they don't use this type of punctuation typically.
Scott:18:15
They don't use you know, they don't have this many grammatical errors. And, c, they don't typically send emails to these to these people. So we shut it down. And then come and lo and behold, the CEO is like, oh my gosh. Like, my stuff you know?
Scott:18:30
That they're you know, they got compromised. So I think that is one example. 1 of their peer companies had a breach or got attacked. And I'll this is public information, so I'll talk about this. But, LA County Schools, they recently went through, a breach.
Scott:18:47
I think it was last year. And so Ann Arbor Public Schools, you know, I'm in Chicago, so they come knocking on our door. And I think I'm sure our team had called them a handful of times. And it was like they held a emergency board meeting. They said, we do not want this to happen to us.
Scott:19:05
Because when you talk about, it's one thing for, you know, customers and employees information. But when you talk about students, you know, children, that's a whole another that's a whole another thing. So, you know, they came knocking on our door, and we we got them set up pretty quick. I think the 3rd arena, and this one's been really trending on lately, is cyber insurance. It's a big topic of conversation, and dark trace can actually help lower cyber insurance premiums.
Scott:19:35
So when we look at the total cost of a breach versus a monthly payment that someone's already making, it's really easy for us to kinda do the math and say, like, hey. You know, you're paying this for dark trace, but you're also lowering your premiums by this much. And then we can put together, you know, kind of a creative package to say like, hey. This is you know, maybe this event has happened to you in the past. And so now with dark trace in place, your premiums are lower.
Scott:20:02
So, you know, while you are spending money on Darktrace, at the end of the day, you're gonna be saving money because your because your premiums are a lot lower.
Max:20:10
So so the premium of the cyber converse the the cyber insurance conversation comes up a bunch. And, you know, premium reduction is awesome. But at the same time, I'm seeing signaling. I mean, it's it's interesting because there's a bunch of people that are like, no. No.
Max:20:22
No. This isn't an issue. But at the same time, you know, cases going to, you know, working their way through the court systems where the insure the insurance agent, provider is not paying out claims because it's, oh, this was a nation state attack, and that's not covered by your policy. And I'm I'm really kinda curious. Cyber insurance gets realigned because, I mean, they don't wanna be like, oh, hey.
Max:20:42
You know, we're gonna have a policy that says if you guys get hacked, we're gonna have to pay out, you know, $70,000,000 remediation. Right? Like, that's not really profitable for them.
Scott:20:49
No. I've been seeing a lot around that around that as well. And I think at the end of the day, I I think it's all the more reason to to evaluate a a tool like Darktrace just because we are not we are not a tool. I I would I would never come on here and say, like, oh, you know, we're unhackable or anything like that. But, we take the human error component completely out of it.
Scott:21:14
And and what I think that does is it really shines a light on, hey. Where do most breaches come from? It's like, well, over 90% of it comes from human error. 94% of it comes from the inbox. So that's why we've had such a big emphasis on our email tool.
Scott:21:29
But that is kind of the biggest thing with us is where, you know, again, a traditional email tool, a link might get through, and they might say, hey. Be careful. This might be suspicious, but we don't know. But it still lets you click on it. Whereas with our tool, the link will go through, but it's either gonna go through as plain text or it's gonna send you to a completely different redirection link that's not gonna take you anywhere near what was intended to be sent to you as well.
Scott:22:02
So, so so, yeah, I think the cyber insurance conversation is, you know, is really big. But but but, yeah, I think it just kinda speaks to the landscape that that we're in right now is and a lot of insurance companies are backing out of it because it doesn't seem to be you know, they're probably losing a lot of money, and I totally get that. But I think that's I think that's a conversation that's gonna evolve over time, but that definitely is something that I hear ourselves team talk about our sales team talk about a lot. But, I think at the end of the day, the biggest the biggest thing is just like, hey. You know, how many hours in the day are you spending chasing threats?
Scott:22:42
How many hours in the day are you spending, you know, managing all these existing tools? What if we could put all of this into a singular pane of glass, and we could give you kind of a, what we call our cyber AI analyst, which is kind of I wish we would give it a name. That would be really cool. I think
Max:22:58
we should name this analyst. What was the acronym I just came up with? It's like Dirk. Right? You wanna be like dark trace artificial intelligence response coordinator or something.
Max:23:08
Right? You know? And and give that to your marketing team and give me credit for it. So TM, Max Clark. There is an infinite amount of tooling available in cybersecurity.
Max:23:18
And part of the problem that I have with cybersecurity becomes, you know, like, at some point, there was the maturity model that came out of, like, where are you on the maturity model? And and then it's like, okay. Great. So, you know, if you go and you talk to a company, they're like, you know, we think out of a scale of 1 to 5, we wanna be like a 22.2. What does that mean?
Max:23:34
Nobody knows what that actually means in terms of, like, actually implementing tooling. And there's infinite infinite. There's there's so many acronyms in cybersecurity. We talk about, you know, like, common stuff people are aware of, like EDR, but then you get into, like, the things like CASB and DLP and SWG and RBI and, like, all this other stuff. And I'm gonna ask you the question I've asked a bunch of people now just as a thought exercise.
Max:23:57
There's a limited budget. Right? You know, companies aren't gonna invest, you know, first off, like, what percentage of their revenue are they investing or what percentage of their overall budget are they investing in cybersecurity at this point? You know? And is that a percentage of their IT budget or is that actually a carve out in terms of, you know, real world?
Max:24:12
Like, we've we've we've decided to allocate 2% of our revenue to cyber because that's that's our, you know, that's our threshold. You know, with a limited budget and you say, okay. You've got all these different tools that you can employ and you can put in, and I put some of it as, like, defensive tools and some of them is more like offensive tools. What do you do in what order? Like, what actually moves the needle in meaningful ways?
Max:24:30
And and I'm gonna start with the assumption that everybody should have a strong, you know, identity platform and 2 factor authentication as, like, table stakes. Like, what do you do next?
Scott:24:40
Absolutely. So I think from there, when it comes to specific Darktrace products, the Darktrace detect and respond is the is the solution that we see majority of our customers start out with. If email is kind of the bugaboo, then Darktrace for email. Obviously, network is a big coverage area, and cloud is a big coverage area right now with everyone moving to AWS Azure. We have a big partnership with Microsoft.
Scott:25:07
Those are gonna be the areas where I think the customer is going to see is going to see the most value. And then when we kinda marry that with our POV process or, again, speaking of acronyms, yeah, POV. It's a POC. We we like we like to call it proof of value POV. And then we would run a 30 day POV within those two environments with detect and respond, and, yeah, it's kinda just let it rip from there.
Scott:25:34
You know, we let it sit on-site. We show the value to the customer. And and and more often than not, while we don't lead with this, more often than not, we will, you know, we will find a gap within their environment that they unfortunately didn't know that they had.
Max:25:51
Let's talk about let's talk about OT for a little bit because I don't think everybody understands what the difference between IT and OT is. So can you define IT versus OT and give some examples of both?
Scott:26:01
So, operational technology. So when you look at, like, power plants, manufacturing plants, oil and gas companies, things like that that are physical devices, that are maintained and ran by software that can very easily be manipulated. That's a that's a space that that's another big differentiator of us because in the OT space, you have a lot of players that just do OT. Like, that is their thing. That's what we do.
Scott:26:27
So when we came in to start doing it, it's something that's that's really cool. And quite frankly, it can be kinda scary. We worked with a I'm sure everyone has heard about the, the fish tank thermometer story that got hacked in the casino, but that's stuff we see all the time. We worked with, worked with an airport where their runway lights have gotten compromised. And that was kinda one of the situations.
Scott:26:52
Like, is that a thing? Can that happen? It's like, absolutely. If it's connected to any type of network anywhere at all, it can be hacked.
Max:26:59
Banks and casinos are easy. Right? Banks have money. They wanna protect the money. Casinos have money, or they have to pay out money.
Max:27:05
Like, it's a natural, like, we wanna protect that. Certain manufacturing, if you're if you're doing SCADA control systems, you have to protect that. That makes sense. Right? We don't wanna have, like, you know, vinyl chloride released, you know, down the down the drain.
Max:27:17
And I think the misconception that comes out a lot is it's not necessarily, like, somebody's gonna try to hack you because they, you know, wanna take over your CNC machine and, like, you know, create, like, pencils out of it. Right? They want to prevent you from using your CNC machine to cripple your business.
Scott:27:35
They wanna monopolize the pencil market.
Max:27:36
Yeah. Exactly. So that way you can't use the machine. So the scare the scariest thing that I've read recently in cyber was, Colonial Pipeline. And, of course, we had you know, first off, if you're not for those that don't know the the the story behind Colonial Pipeline, the the breach actually has been tracked to a VPN account for a person that had left the company a yearish beforehand, and that VPN account was compromised and then was used to gain access to the network, and then from there, go out.
Max:28:06
Right? And, like, the image I think in my head with Colonial Pipeline is this person with a pickup truck with a tarp in the back of the pickup truck pumping gas out of the into the tarp in the back of the pickup truck like they're making a swimming pool, you know, and you're just like, holy moly. This is where we're at. Anyways, when you get into detect and respond, what needs to be in place? I mean, does does the does the customer have to have an EDR in place already?
Max:28:32
Do they have to have a SIM in place already? Do you replace the EDR? Do you replace the SIM if they don't have it? Like, is it become you don't need it? You install your agent instead?
Max:28:40
What you know, are you installing a tap on the network? What are you installing on the cloud? Like, what let's get into, like, the nerdy part of this here. Like, what actually do they need, and and what do you
Scott:28:50
And I'll do my best here to be as nerdy as I can. But I so there really isn't any, at least in our world, any, you know, required checkbox that the customer needs to have. We're also not coming in and telling them, hey. You need to get rid of this or you need to get rid of that. We are installing a tap on their network to, feed logs and feed information all kind of into the Darktrace solution into the platform.
Scott:29:20
We can we can spin up a virtual device. We can ship out a physical appliance. I'm still seeing about half and half right now on that. Depending on how many sites they need a device on, we can, you know, kind of do some type of hybrid approach or things like that. But I think that's something that is that is really unique because we don't have at least Darktrace does not have, any requirements for, hey.
Scott:29:48
Can you use us? Well, then you need this. The only area that we that we do need that is if we're doing dark trees for email in a Google environment, they do have to have a specific tier of licensing of, I I forgot what kind of, like, Gmail for enterprise or or something like that, whatever that is. But that is really the only requirement that they have. So whenever we're looking at a network deployment or a network environment, You know?
Scott:30:17
And again and you'll hear me talk about our proof of value a 1000000 times, but this is kinda where that comes into play again, is we have a we have kind of a scoping call, a sizing call. It's based on it's based on per IP. So we're kind of trying to get a sense of how many IPs they have so we can decide on how large of a device we need to deploy. And then we spin it up, and it just starts learning. And I think that's another thing that's so that's so easy is because even if we're shipping out a physical appliance, it takes 10, 15 minutes to install.
Scott:30:46
I I think I think I've heard of one customer say, like, you know, no. We don't wanna evaluate Darktrace anymore because you're not coming out here and installing it for me. So so I think that's I I think that's not the reason why it's it's easy to learn.
Max:31:03
Do you have an EDR, or you just they have to have a CrowdStrike or Sentinel or Carbon or Netwitness or I mean I mean, what's the list, defender in place? I mean, because if there's no without an EDR on the on a on a PC or on a Mac or whatever it is, I mean, that's that's a lot of visibility. I mean, it's like everything becomes visibility. Right? Like, okay.
Max:31:24
We're on the network so we can see network stuff flowing back and through. You know? But you don't see what's going on on the actual device. But I guess what I'm asking you is, like like, let me just be blunt about it. Right?
Max:31:32
Like, if they don't have an EDR running on a PC, is that, like, shooting yourself in the foot where you're just missing a bunch of stuff that you really need to have in order to, you know, get value out of this?
Scott:31:41
We do have, an EDR product. That's just called Darktrace for endpoint. We do more often than not see most customers have something in place already like a CrowdStrike Falcon or, you know, like Carbon Black or Sophos or something, you know, something of that nature. But we do have an endpoint product that can either be layered on top of that, or it can be something that can sometimes be used as a stand alone EDR product. So it really just kinda depends on the situation.
Scott:32:11
Our EDR product is brand new to the market space, so it's very rare that I see an EDR only deployment where we are not layering on top of a CrowdStrike or something like that. And we have big partnerships with these companies as well. We make it a point to, you know, make sure we plug and play with them really, really well. Our integrations team, they they are juggernauts. We're constantly pumping out new integrations because as we talked about a lot here, there's always lots of new features, functionalities, new products coming onto the cyber market.
Scott:32:41
So, we have we have to circle back on that. I would say more often than not, we're seeing something that's in place, and they've either had an incident happen with that being in place. They've or they've had another company have that happen or, you know, they're just trying to be proactive and say, like, hey. We use your detection and respond for network and email, but we wanna look at endpoint as well to see how it can kinda plug and play with our CrowdStrike.
Max:33:05
So, CrowdStrike is probably I mean, by brand. Right? Like, I mean, at this point, we're gonna be CrowdStrike or Defender is probably the most commonly deployed.
Scott:33:14
Exactly.
Max:33:14
I sent those a great EDR too. I mean, there's lots of good EDRs. I'm not I'm not, like, picking sides here. But but in terms of, like, what Those
Scott:33:21
are the ones I just
Max:33:21
said, though. You come across. So, you know, so now now this gets kinda interesting. Right? Because Crowd has an EDR product, but they also have Falcon Complete where they're doing the MDR as well.
Max:33:30
And so when you're coming into this environment and the customer already has CrowdStrike and then they're running Falcon Complete and it's like, oh, we've got this, you know, full blown MDR instant response service already running on top of CrowdStrike. What is the what is the, you know, this value trigger that it's like, oh, we're gonna we're gonna keep CrowdStrike for the EDR, but we're gonna get rid of the MDR service and we're gonna switch over to to Darktrace because CrowdStrike doesn't do fill in the blank. Right? What what is what is that conversation?
Scott:34:00
Yeah. Typically, we're seeing those conversations with, typically yeah. Typically, we're seeing those types of conversations, around a sit around a situation of where, you know, CrowdStrike is. I'm trying to figure out how to Yeah.
Max:34:17
I'm not trying to I'm not I'm not I don't wanna pigeonhole this. Let's let's take we can take CrowdStrike out of the name. Right? But, I mean, the point is is, like, there's always this kind of conversation around, like, are you a really good m d you know, EDR within an MDR on top of it? And then how good is your MDR?
Max:34:30
And are people buying your MDR just because they're already buying your EDR because they know your name? And do they get value out of that? But now you've got this MDR service that doesn't give you email, that doesn't give you your network, that doesn't give you your cloud. Right? Like, is that valuable for you?
Max:34:41
And is is that the trigger?
Scott:34:43
Yeah. So I I think it can be both of those. So I think one of the biggest things that our team has done is and you'll kinda see this phrase all over our website, but the cyber AI loop, cyber AI loop. And we have another product coming out in this year called Darktrace Heal. So now we can prevent, detect, respond, heal, and it's gonna kind of do the whole loop t loop, but that's maybe a conversation for another day when that comes out.
Scott:35:04
But, yeah, we're typically seeing consolidation of consolidation of vendors, or we're typically seeing a conversation where, you know, again, CrowdStrike is much more, the traditional approach to MDR and cybersecurity, predefined rules and signatures, historical attack data. And since our technology is proprietary in the way it works within our environment, we're just gonna see things in a completely different light. And, you know, again, kinda going back to that proof of value process, we will we will there's really no situation where we'll say, like, oh, okay. So you've CrowdStrike for this or for that. Okay.
Scott:35:40
Like, now we're good. You know? Like, nope. You can't get any value out of us. Sorry.
Scott:35:45
So I think that's that's always a situation where where we can really create a bespoke solution for a customer that's in that particular situation. And we do see that a lot, where they say, like, well, I already have this, this, and this. Like, you know, why would I need dark trace? And then we have a conversation with them. We deploy the POV, and they're like, okay.
Scott:36:04
Like, I get it now. But I think the biggest thing is kind of a single pane of glass bringing everything into one singular AI brain, so to speak. That is true true AI that is detecting, bonding to threats, you know, truly within seconds. So it's always, you know, it's not always that easy. You know?
Scott:36:22
That doesn't always end with the customer saying, like, alright. Where do I sign? Right? You know, there's a lot of different steps that we go through.
Max:36:28
Can you ingest data? I mean, so if they've got, you know, Mimecast or Proofpoint deployed today and they're in contract and that's gonna run for whatever amount of time, I mean, is that something where you can get data from Mimecast or Proofpoint and feed it into your
Scott:36:51
know, to you know, to the minute how many emails that that gateway is missing. We can show, like and we can show the different types of emails that their gateway is missing as well. So, now do we come out and say, do we have a partnership with a Proofpoint or Mimecast like we do, like we do with a CrowdStrike or Sentinel 1 or Carbon Black? No. No.
Scott:37:15
We don't. But, yeah, that absolutely is a case where we can ingest that data and, again, bring it into kind of that AI brain that's gonna show them like, hey. You know, this is missing this. This missed this link. This missed that link.
Scott:37:28
And we can put it all in up to up to the second data within our email console as well.
Max:37:33
MDR and EDR is somewhat of reactionary. You know? You know, it's it's it's a defensive let's call it a defensive or reactionary, you know, methodology. Right? Like, why not just go to, you know, more like, proactive offensive, you know, things where it's like, okay.
Max:37:50
We're gonna we're gonna deploy, you know, a, we're gonna go full sassy and deploy a secure web gateway with threat intelligence, with remote browser inspection. I'm spelling out the words instead of saying SWG and RB and all these things. Right? You know, with with with with CASB and DLP, and we're gonna have all this stuff because, you know, hey. Guess what?
Max:38:12
You know, we need to have remote access anyways for our users so we can just get a SaaSy tool and that SaaSy tool is DLP and threat intelligence and and, remote browser inspection. And we can we can just wrap it all up and and have 0 trust and we can do ZTNA on top of it, you know, WordSoup. Right? And and and and take this approach more from, like, an offensive side where it's like, oh, yeah. You know, like, all of our traffic from a device flows through this gateway that's got threat intel with remote browser inspection built into it to see what this payload is trying to do and prevent, you know, block it that way.
Max:38:42
Like, you know, if you're if you're gonna say, okay. Choose between the 2 and you've got budget for only 1, you know, why one versus the other?
Scott:38:49
Yeah. I think we live in a security landscape right now where, you know, I hate using this phrase in my my father-in-law. He, when I told him the name of my company one time, he's like, wow. That sounds ominous. And then he said, it's not if, it's when.
Scott:39:07
And I we're just cracking up at the dinner table. But it is true. Like, compromise will happen. I I mean, I read every single day about teenagers overseas that hacking the Verizon just because they feel like it. You know?
Scott:39:23
Yeah. So hey. You know, team of weeks are here. But and and that's really kind of the approach that we've taken. We've accepted the fact that compromise will happen.
Scott:39:33
It's a matter of, okay. Are you gonna station everyone? Are you gonna station a bunch of knights outside of the castle? Well, no. We put a bunch of big dragons inside the castle to where if you ever get in, you're not getting anywhere.
Scott:39:47
That being said, I I do see a lot of I I do see a lot of potential in, in kind of that preventative space. We just launched dark trace prevent. So
Max:39:59
What is dark trace prevent? And please don't tell me that you're scanning the dark web for, you know, like, whatever, like, names and stuff there because I'll I'll yell at you. But
Scott:40:08
So there's a couple different tools that we're using. We have attack surface management where, ultimately, we're looking at every single scope of a company's brand from the outside looking in and saying like, hey. You know, this is an area. This is a hole you could plug. This is a hole you could plug.
Scott:40:26
We're seeing this on your network as a potential, you know, as a potential weak spot within your network or just within, like, your brand as a whole. We like to call brand protection too. There absolutely is a dark web component of it and stuff like that, but the biggest area is called it's called prevent end to end, and that is both internal and external. So what it's doing is when you do, like, a phishing test for your company or, you have a certain amount of employees that have, you know, maybe clicked on some bad links, nothing happened. But I think a perfect use case for that is, like, hey.
Scott:41:02
You're using dark trees for email. A bad link got sent. We sent a new one to redirect them. The employee clicked on it. Maybe that's a good, maybe that's a good employee to start some user awareness training on and stuff like that as well.
Scott:41:16
So it kinda takes the, it it's a tool that's meant to help with preventative measures both from on the outside of a company's infrastructure and from the inside.
Max:41:27
So I associate what I'm hearing from you as part of this being vulnerability scanning penetration testing mixed with some additional layer, basically. It's kind of, you know, how my my brain
Scott:41:40
It is, continuous AI pen testing within the company's environment. That is correct. And then on the end to end on the end to end product, that's more of internal, like, hey. Employees on the inside, what could they be doing better, to help make sure that they are, you know, again, not clicking on that link or not downloading that file or something along those lines as well.
Max:42:02
To SIM or not to SIM? You know, there's there was this big thing for a long time of, I mean, when I say a big thing for a long time, I mean, it's like the SIM becomes like, oh, you've got all these platforms. You
Scott:42:13
have to feed all these
Max:42:13
platforms into your SIEM. And, you know, if you wanna use this MDR service, you have to use their SIEM. Or if you have film now Sentinel. Right? Or will the MDR will integrate with Microsoft Sentinel and use Microsoft Sentinel as the SIEM.
Max:42:25
I I haven't heard you talk about SIEM at all within this. Do do they need a SIEM, or can the SIEM go bye bye, you know, with dark trace rolled out?
Scott:42:35
We never say, hey. Get rid of get rid of anything. But I I do I I definitely do see customers and and opportunities that that we are working where the the customer does no longer has one. I've you know, I think I think this kinda compares well to, like, our CrowdStrike partnership. Right?
Scott:42:56
We have a big integration, big partnership with Splunk.
Max:42:59
I you know, I'm I I kinda hear part of this of, like, you know, do no harm. Of course, you don't wanna have an initial interaction with a customer and be like, oh, throw out all the stuff that you bought because you don't need it. Maybe maybe you should have it.
Scott:43:10
Get rid of it.
Max:43:10
It's all it's all junk. You bought all junk. Now get rid of the junk, and you know it's junk, but it's okay. Get rid of it. Maybe that should be new new tagline.
Max:43:16
Throw out your junk. You know, but I mean but then so the the thing is is, you know, if the SIEM is there because it's collecting of, you know, information has integrations, like, you know, why not just go attack those integrations directly and say, okay. You know, obviously, we need to get, you know, data from AWS and Azure, you know, in in in CloudWatch or CloudTrails or whatever your integration point is with those. We should actually talk about that next. You know, like, why feed data to a SIEM and not just to Darktrace directly?
Max:43:47
You know, it's like it feels like if it's going to the SIEM and then going to you versus just saying, okay. Great. You know, Shovel this data this way now directly to us, and we can do something with it.
Scott:43:56
Yeah. I I think that's a great point, and that's that's definitely something we're we're seeing more of right now. I think especially as companies are looking for ways to and I never obviously, I'm biased. I work in cybersecurity. I I'm never gonna advocate for cutting costs in cybersecurity, but but I think but I think we do have a lot of customers that, once they kinda go through that proof of value process and they're thinking about, you know, getting rid of their SIEM or or whatever they have in place, we we just we we are often just seeing situations where that does where that does happen.
Scott:44:31
And to your point, it's kind of, you know, maybe, like, why why have a middleman? Why not go directly to the source? Right? And give give the team one less thing to have to manage and keep track of as well, especially for smaller IT teams. So, yeah, that's definitely something that's that's definitely something that's really interesting.
Scott:44:50
Just kind of, you know, just previously I I I've worked for masergy previously, and there were absolutely a lot of conversations where, you know, we would come in trying to sell, you know, our MSP and SOC services and stuff like that, and a customer is like, well, I have a SIEM. Do I get rid of it? And we're like, no. No. No.
Scott:45:08
No. No. No. Like like, keep it. Keep it.
Scott:45:10
Keep it. We're not saying that. But, and, again, we never advocate coming and saying, you know, to your, you know, to your point earlier, hey. Get get rid of all your junk. But it has definitely been a conversation that I'm that I've been seeing more often just amongst our our partners and our sales team.
Max:45:26
There is so much money going into roll ups for MDRs right now. I mean, it's incredible how many of these company and and they're and and a lot of money. All of a sudden, it's like, oh, you know, we're a 300 person operation, you know, overnight, basically. That's a lot of investment. What I wonder about with these things is, you know, there's a certain amount where it's like everybody claims to do something, but nobody actually does it well.
Max:45:47
And so there's always opportunity for for upstarts because if they just do what they say they do, like, they actually have a leg up against everybody. It's kinda like if you're interviewing for a job, if you just show up on time, you're already ahead of, like, 90 percent of your your competition in that candidate. Right? Just, like, really basic stuff.
Scott:46:02
Okay.
Max:46:02
Let's talk about your cloud services. Lot of point solutions now overlaying on top of these different cloud platforms.
Scott:46:08
I think the biggest goal out of it is just with the mass adoption of AWS and Azure. We're trying just to provide customers as much plug and play visibility into that as possible. We're really kind of taking our our technology that we've used for our detection response tool for so long. We're just looking for abnormalities, within any of those environments. We're looking for we're looking for, you know, users that, you know, again, just maybe they're doing things that they shouldn't be doing, you know, cloud accounts being compromised or anything like that.
Scott:46:44
And it's not just for, it it's not just for AWS and Azure, but, you know, we can plug and play within Salesforce, within within Office 365, within, you know, a lot of these other cloud applications or cloud environments as well. So it's really just kind of taking everything that we've done for the network that we've done well for so long. And our cloud product's been around for, you know, for for a hot minute. I mean, again, still pretty young company, 8, 9 years old. But that is probably when it comes to a solution that a new brand new Darktrace customer uses right off the bat, that is definitely a tool that I'm seeing more and more of, especially, you know, when a new partner comes in.
Max:47:29
So so I'm hearing that from you. So now when we go and we start talking about, the hyperscale clouds. Right? So the AWS just let's just use AWS, but we'll use it interchangeably for all of it. So we'll say cloud.
Max:47:40
So the public cloud so then so that would then apply as well where you start talking about identity and configuration management of, you know, do we have public s are you getting that level of granularity of, like, do we have s 3 buckets that are being created that are public to the world? Or is this, you know, hey, there's an I'm policy that's been created, you know, alert. Like, a user was created that has these permissions, and is that okay or not? Or this looks strange. Or
Scott:48:02
Yeah. Definitely. Yeah. Definitely the latter. It's it's definitely taking that same approach to just like the network or the inbox.
Scott:48:08
And we're saying, hey. This is normal. This is not normal type of an approach. So, yeah, it's if if it is connected to the network, if you know, we we had a customer ask us one time. I'm not on customer calls that often, but I was on this.
Scott:48:27
Maybe I should get them more because I kinda learned something from this. But, there is customer saying like, hey. What if someone comes in and they and, you know, and they're uninstalling switches that are on our environment? You know? That's a physical device.
Scott:48:43
Do you see that? Anything yeah. It was, like, a really weird example, but I was like, I've never like I was like, that's weird. Like you know? And our engineer was just like, if anything that Darktrace is currently overseeing, if anything, whether it's cloud or on prem, if it is being connected or disconnected from the environment, or if any type of activity is happening within that cloud account as well, we are seeing it.
Scott:49:08
And we are applying that rule of is this normal or not normal kind of to to that as well. So when you talk about, hey. You know, creating s 3 buckets within AWS, then, yes, that is that is absolutely something that we're seeing.
Max:49:21
What you just said there is a is a real problem, though, in security of, you know, things not being deployed. You know, companies signing contracts for tools and then the tool never actually getting deployed fully and being used. And I and and, you know, so let's let's sidetrack. Let's talk about process. Right?
Max:49:42
So, you know, company comes to you. Right? Let's just assume that they're being proactive and not reactive, but they're coming they come to you. And, you know, they have a phone call and maybe a demo and go through your fancy slide deck, which we didn't do yet. And say, okay.
Max:49:59
Like, we're gonna go through this. So they go through a POV process. So, you know, walk me through, you know, like, just just I mean, we don't have to talk about, like, contract negotiations, obviously. You know, like, they hit the POV. They say, great.
Max:50:10
They sign a contract, and they go to deploy. But, like, what how how does this actually roll out? What are the teams like, what's the engagement between Doc Trace and the company? What does a company what does a customer actually have to expect and bring to the table? Like like, what kind how quickly can this all happen?
Max:50:25
What's normal? You know, like, how how does this what's what's what's real world here?
Scott:50:30
Typically, how I see it is we're, you know, we're working with a partner that says, hey. I have customer that has need a, b, c, x, y, z. Can we hop on a call? You know, have the conversation about them. And then on that second call from there, we have a, we have, like, a scoping call just kinda figuring out, hey.
Scott:50:48
How big is your environment? It's 30 minutes long figuring out, like, alright. If we're gonna move forward with the POV, how big of a device do we need? What type of a deployment are we looking at? Are we looking at network and email, network email endpoint?
Scott:50:58
Are we doing everything? Are we doing one thing? And that just kinda determines who who and what resources we're gonna have involved in that. After that, we ship out the device. Takes about a week, week to 10 days to kinda depending on where it comes from.
Scott:51:15
Device takes 10 to 15 minutes to install. And then over the next 30 days, we have 4:4 to 5 calls where we're going over what are called threat intelligence reports. And on those reports, we're saying, you know, typically the first, I would say, 7 to 10 days, it's just learning. Right? There's a lot of noise, which our team manages.
Scott:51:36
We're kinda filtering out all of the what's, you know, the what's normal, the what's not normal. And then by week 2, we're finally getting, like, a real glimpse of, you know, what is exactly is happening. So our team is going over those threat intelligence reports of saying, like, hey. We picked up this from this tool. We picked up this miss from your email gateway.
Scott:51:56
Or, hey. We detected this gap within your cloud environment, or something along those lines. And then, typically, when it comes to the end of the period, the device is fully installed. It's fully learned, and then the customer kind of decides, like, hey. This is something we wanna move forward with or not.
Scott:52:14
There's no and I know people have hard time believing this, but there's no financial commitment or contractual commitment at all from from the customer. And I thought that was normal until I heard about other providers saying, like, well, we need you to sign it, but if you don't like the POC, you can opt out of it. There's nothing like that, which, you know, I can kinda hear, like, well, that's too good to be true. It's like, no. That's like how we run it.
Scott:52:34
It costs us 15 to $20,000 to run a POC. That's what it is. I would say commitment from the customer, maybe 4 hours over the course of a month total.
Max:52:45
If the customer has gone through and selected that they wanna do detect and respond for their network and for their endpoints and for their email and for their cloud, that's all being integrated as part of the POV. So there's no additional integration at the end of the POV that takes place. Like, they're already in a live state at that point.
Scott:53:02
Yeah. And and we will see sometimes, like, you know, maybe they wanna evaluate those 4 things from the get go. But to start, they only wanna contractually move forward with network and email.
Max:53:13
What do you think happens with cyber now? I mean, it's beginning of 23. You know, next 2 to 3 years of cyber coming down the pipeline. I mean, you know, it's, stats for dwell time were phenomenally huge a few years ago, you know, over 200 days. Now they're been compressed down to almost immediate immediate, you know, launches of attacks.
Max:53:33
Cybersecurity, cyber insurance is kind of like, you know, could go one way or another. There's lots of players coming into the market. There's different tooling. There's lots of services. You know, but but at the same time, there still feels like, a very small percentage of companies actually have meaningful cybersecurity.
Max:53:49
And then when you get down to this, you know, the small to medium or medium enterprise or even down to, like, the SMB space, there's effectively 0. There's almost nothing deployed in the wild.
Scott:53:59
Yeah. I mean, I I think it's gonna continue to grow at at a rapid clip. I think I think when the pandemic happened, that really jolted everything ahead to a little bit because I think now a lot of people weren't prepared for that. A lot of people weren't prepared for every single one of their employees to go remote and have secure measures in place to allow them to work remote. But as much as that jolted it forward, I'm still shocked to your point.
Scott:54:26
How many companies still just don't have it? And they're just like, they're just waiting on they're they're just waiting on an event, or or they're leaning back on the cyber insurance, you know, safety net, so to speak. I actually heard about, a board meeting that happened in evaluating Darktrace, and someone voted against it because they said, well, we have cyber insurance. We don't we don't need Darktrace. If we get hacked, we'll just get paid out.
Scott:54:55
And, like, that approach to me is just, like, still so baffling. And maybe it's a generational thing. I don't know. But I think as we kind of continue to I think as this kind of new generation starts to take these leadership roles in security, I I think while security is still very understaffed, I think it gets better in the next 12 to 24 months. I think I think a career in cyber security, no matter which direction you go, is an amazing career.
Scott:55:26
You can I have learned so much, and I'm by no means anyone that's technical? But I think it's an industry that's gonna continue to grow, but I still think we could be sitting here in 24 months, and there's still gonna be a lot of big corporations that are still not taking it seriously. And I think hackers continue to evolve and continue to use more artificial intelligence in their hacks and their breaches. And I think we're gonna continue to see stories, unfortunately, of companies getting attacked and, but but but I do think it gets better.
Max:56:02
I thought for a long time that cyber insurance or government regulation was going to push the needle for cybersecurity adoption. I really did believe this for a long time that we would see it coming from. I've seen the most uptake by, supply chain mandates. In order to do business with us as a vendor, you have to adhere to these standards. I think, actually, that has been the has moved the needle forward in certain industries more than anything else because it was required.
Max:56:30
If you want our money and you wanna make money and you wanna do business with us, you have to do these things. Now, you know, some of this becomes check the box exercises. But if you go from 0 to, like, you've checked a bunch of boxes, you're in a much better place just to begin with. I don't wanna end this on a down note. So, I would say, say, Scott, what have we not talked about that I should know?
Scott:56:52
I think right now when it comes to everyone's looking for something a little bit different in the security space. You know, I I would just say our stuff is really cool. It's it's really it's really unique. And I'm not gonna sit here and say I'm the biggest, most seasoned vet in the space, but I I think just kind of from, like, what I've seen, you know, and you actually made a good point on kind of the, like, the logistics industry right now is really big for us.
Max:57:19
How much of that is they're looking for something different, and how much of that is what they currently have and what they are promised didn't actually work? And and now there's a certain degree of, you know, distrust that comes out of this.
Scott:57:32
I think it's I think it's a combination of all that, but I'm also seeing and maybe we can end on an up note. But I'm seeing more now more now than ever, and I and I don't think it's still enough. Companies are starting to get a little bit more budget for security. Not necessarily more headcount, a lot of budget, but I think what we're seeing a lot lately is like, hey. You know, this event maybe happened to one of our peer companies or, hey.
Scott:58:01
You know what? We just got a new CSO, and we've never had a CSO before, and now we have this budget. We've heard good things about Darktrace, but have never been able to purchase it in the past. So now we wanna take a look at it more. I I think that's a space that's I think that's something that will continue to grow.
Scott:58:17
That is kind of, I think, the environment, the space we're playing in. It's, you know, it's exciting. It's I'm never bored. But, yeah, unfortunately, it's it's a lot of those situations that we currently
Max:58:28
Years ago, I, started riding motorcycles. I don't anymore because of children. You know, a friend of mine told me it's not if it's when. It's not if you have an accident. It's when you have an accident and how bad it's gonna be.
Max:58:38
It was basically, you know, the layout. Like, there's 2 types of people on motorcycles, the ones that have been in the crash and the one and the ones that haven't been in the crash yet. And I I if I think about that language and that that conversation a lot with cybersecurity for companies, it's not if it's when and just how bad. You know, bad very quickly can turn into, like, out of business events. I I I don't know what like I said, I don't know what, like, really drives us forward aggressively, you know, and becomes a norm.
Max:59:03
I hope we hear better stories this year. I hope 23 is the year that we hear better stories in cybersecurity.
Scott:59:09
Same here. It's, yeah, it's it's an ever evolving industry. Things are they're always changing. I mean, I've only been a a couple of years, and just our approach on how we talk to organizations and talk about our solutions. It's it's different.
Scott:59:25
It it's it's it's gonna be different every year because it's something that's always evolving and changing. And, yeah, I I I think I agree with you in a sense of there's gonna, you know, how much is enough, and there's gonna be a lot of, I think, a lot of scar tissue.
Max:59:40
Yep. Scott, thank you very much for the time. Yeah. Thanks.
Scott:59:42
Thank you very much. Have a
Max:59:44
great day, and look forward to talking soon.