The Founder Formula
Every passing moment, a tech startup disrupts life as it was. In humanity’s pursuit of faster, better, and higher capacity, fresh companies are tackling old problems and modern complexities, all while pushing the bounds of the future.
The Founder Formula brings you in—behind the curtains and inside the minds of executives at Start-ups that have traditionally only been found in Silicon Valley—and the Venture Capital Firms that fund them.
The Founder Formula
Amir Ben-Efraim - Co-founder of Menlo Security
Menlo was founded, in part, because five cybersecurity experts were fed up. Security products should stop bad things from happening — but they didn’t.
Founding his second company on the premise of “Hey, we can do better” has taken this entrepreneur all the way to validation in Gartner’s Magic Quadrant within a decade.
In this episode, we interview Amir Ben-Efraim, CEO at Menlo Security, about lessons learned from the acquisition of his first company and the wild success of his second one.
Listen to this and all of The Founder Formula episodes through your favorite podcast platform or Trace3.com.
The combination of technology and business, I think, is what makes an entrepreneur. Really, at the end of the day, in high tech, you do need to innovate. You need to deliver a new sort of technology, but it has to solve a problem. It has to deliver value. It has to differentiate itself in the marketplace.
Outro:founder formula brings you in behind the curtains and inside the minds of today's brave executives at the most future leaning startups. Each interview will feature a transformative leader who's behind the wheel at a fast paced and innovative tech firm. They'll give you an insider's look at how companies are envisioned, created and scaled. We hope you're ready. Let's get into the show.
Todd Gallina:Hey, everybody. Welcome back to the show. My name is Todd Galena. And with me is Tony Olzak. He's the Chief Technology Officer here at Trace3. Tony, how are you? Hey, Todd. Good morning. Glad to be here. Thanks for having me on. You bet. I know you're really excited about our guests today and the space that they're in. So what I would love to do is quickly get into the interview with our guests. And then perhaps you and I can talk about this specific security space after we've parted ways with our guests at the end of the interview.
Tony Olzak:Yeah, sounds great. I love it. As you know, very personally passionate about cybersecurity in all its forms and really excited about today's guest. Let's
Todd Gallina:get into it. Okay, our guest is an entrepreneur and two-time founder. His first company, Altor Networks, was founded in 2007 and purchased by Juniper Networks in 2010 for $95 million. Shortly after, he co-founded Menlo Security, a company that protects organizations from malware. They're located in Mountain View, California. He has an MBA from UCLA and did his undergrad at Stanford, possibly the most mentioned school on our podcast. Please welcome us in joining Amir Ben-Elfrine. Thank you for joining us, Amir.
Amir Ben-Efraim:Pleasure. Nice to be on the podcast. Thanks for inviting me.
Tony Olzak:Yeah, Amir, great to have you on. Appreciate you joining. We're kind of on a good security streak right now. We had Andrew from Illumio on the last episode.
Amir Ben-Efraim:I
Tony Olzak:know we're going to come quick at you today, so just dive right in. We would love to hear a little bit more about Menlo Security and why you started it.
Amir Ben-Efraim:Yeah, we started Menlo with five of us, and we've all spent considerable time in the security industry. And frankly, we're just getting tired of products not living up to their core mission. Security products, at the end of the day, should stop bad things from happening to you. They should stop malware. They should stop breaches. And measured on that basis, the security industry was simply not working back in 2013 when we started the company. And frankly, the next generation products that we're seeing coming around the corner felt like more of the same. I didn't feel that malware was evolving and becoming more and more sophisticated, and it felt like the security industry was falling further behind. So at Menlo, we said, hey, we can do better. Why don't we start a company that's focused on delivering 100%? Effectively, when we meet with a customer and they ask us, hey, I've purchased your product, am I done now? We wanted that answer to be, yes, you're done. At least with the traffic or the network connections that you let us handle, we can guarantee that those will be safe. And that's the origin of Menlo. We wanted to find a different sort of company. And the mission for us was to completely eliminate malware 100% and deliver a different kind of security outcome.
Todd Gallina:That's great. And from everything we're seeing, you guys are really successful, out of the gate, doing terrific. I wanted to talk a little bit about You, Amir, you did your undergrad at Stanford, which has a reputation of attracting technology entrepreneurs as students. Is this one of the reasons that you went there? Maybe you can tell us a little bit about your time there and a little bit about your background, your formative time at becoming an entrepreneur.
Amir Ben-Efraim:Yeah, I mean, I ended up getting my master's in engineering from Stanford. Obviously, a great engineering school. I did my undergrad work at UC Berkeley, so just sort of around the corner in the bay, if you will. And I started out as an engineer developing software simulation tools. Stanford really helped me progress that. But at the time, after finishing my degree at Stanford, I had the opportunity to kind of go dive deeper into the tech world or go explore the business world. I ended up actually choosing to go pursue my MBA and wanted to learn more about the business side of the house. And I think that kind of set me out, set me on a track to become an entrepreneur, to really not just think about developing the technology, but really think more in terms of business outcomes, look for gaps in a certain marketplace. And the combination of technology and business, I think, is what makes an entrepreneur. Really, at the end of the day, in high tech, you do need to innovate. You need to deliver a new sort of technology, but it has to solve a problem. It has to deliver value. It has to differentiate itself in the marketplace. So I think that's what sort of, you know, how my formative years came about, if you will. It's that combination of business thinking and technology thinking and how can I leverage my technical background to kind of help solve, you know, significant problems.
Tony Olzak:Yeah, that's a great background. We've heard it kind of from both angles. We've had some founders on who started more in the business side of the equation and then, you know, went into technology. But I think it's definitely a valuable lesson of just having knowledge on both sides of the equation. It's not just technology. You have to be able to solve business problems.
Amir Ben-Efraim:Yeah, absolutely. I mean, at the end of the day, lots and lots and lots of tech companies looking for a problem. But I think those that really stand out and end up having successful journeys do it because they really are able to connect with customer value. At the end of the day, at least on the enterprise side of the house, it really is about delivering value and solving problems that customers care about. You know, that's the only recipe for success.
Tony Olzak:Hey, so you graduate, you get out into the business world, looks like you did a stint at Checkpoint. And then ultimately, at some point, you start your own company. I'd love to hear about how that first journey began. And then you guys sold pretty quickly. Was that always the plan? I'd love to hear just how that played out and what your thinking was at the time.
Amir Ben-Efraim:Yeah. So I mean, Checkpoint was a great opportunity. I joined in the formative years of the cybersecurity era, if you will, right? Firewalls were just kind of coming on and You know, the Internet was really getting established and people were connecting their private networks to this new thing called the public Internet. And clearly a firewall was needed to separate your private network from from the public Internet. And it was a real boondoggle at the time. And Check Point really had the right the right product at the right time. And you really got the experience, at least for me. the first time of being inside the tornado, if you will, right? The demand tornado. The phones were ringing off the hook. And, you know, it was really a special moment, if you will, and a special time to be there. I really fell in love with the cyber industry from that moment on. It felt like a real significant problem to solve. The adversaries kept evolving all the time. I mean, cyber is a bit different than the rest of tech in the sense that it's human versus human. If you can think of switching or routing, it's... sort of humans against packets, right? You're trying to kind of become more efficient at moving packets around. You can always do better there. But security, there's an equally smart bad person who's trying to cause damage, you know, thinking how are they going to defeat all of the security tools that are in their way. So it becomes a bit of a chess match, which is the part that I enjoy about cybersecurity. So I think that was kind of the early years is really kind of set out to... find gaps there i left checkpoint to start altor which was a virtualization security company and the gap was the emergence of virtual machines so as virtual machines were becoming sort of the new workhorses of the data center and all of the security was in physical boxes kind of outside of the virtual world but the workloads themselves were in virtual machines talking to one another completely invisible to the physical boxes that were delivering the security of the time we thought about building virtual security right into the hypervisor, if you will. And that was the genesis of the company we started called Altor Networks. And Juniper, you know, having a gap in their portfolio relative to that and recognizing all of the traction and the momentum behind virtualization came in pretty early in our journey as a strategic investor and then ultimately acquired the company, I think, on year four of our journey. So, yeah, it was... It was a pretty quick journey by enterprise standards, but we had a good partnership there with Juniper and thought we had a good home for ourselves to continue growing the business.
Tony Olzak:So we sometimes have people on the podcast who've done multiple startups and we're always very curious around things like, Yeah, I think...
Amir Ben-Efraim:You know, you just get better at all of it, right? If your first startup journey, you know, I mean, one fortunate to sort of have that one end in a great success at the time, we raised very little money for the company and it got sold for a little over 100 million, right? So it ended up producing a nice outcome for, you know, the employees. The team was only around 40 people. You know, the founding team was quite small as well. So it was a good outcome. Certainly not one of these multi-billion dollar journeys that people are on today or even that Menlo is on at the moment, but a great outcome for the time. But again, the company was only 40 people. We're just early into our sales journey. And frankly, the product team as well was kind of less than 20 people. So you start to sort of figure out how to put the pieces together. You can see the early parts of scale, but not kind of the full journey there. So I think... The main things I learned from there is look for large markets, look for large opportunities, make sure that you have a good run on your own, that there aren't really going to be any gorillas around the corner that can turn around and crush you. In our case at the time in virtualization, the big gorilla was VMware. They owned the hypervisor, if you will, and started building security capabilities into their own hypervisor, which made it a lot more difficult for us to continue to you know, deliver our own success. So, I mean, I look for these patterns when I wanted to kind of go after something else. I wanted to pick a big, difficult problem, such as the one we just discussed. Again, at Menlo, we set out to eliminate malware from web and email. Those are 90% of malware comes from web and email. So, we wanted to pick a very big journey, a big problem, and then go make a dent in that particular problem and and really deliver a different sort of outcome. And I think that was the biggest learning is pick your markets really well, pick your teammates well, and pick people around you can scale as the organization continues to grow.
Todd Gallina:That's great. That's a great way to recalibrate how things go the second way around. Let's talk a little bit about surrounding yourself with the right people. I'm sure being in the industry as long as you were, when you started Menlo, you had a great opportunity to pick a great team. You guys are one of the rare examples of a woman-founded tech company, so I know you have Parnima on your team. Do you want to talk about building out that founding team for Menlo?
Amir Ben-Efraim:Yeah, I mean, I think I'll chat a little bit about the founding team and Parnima. So, I mean, first of all, you know, I look for like-minded people who shared my frustration with the failing approaches to cybersecurity that we discussed earlier. and a real passion for building something truly revolutionary. These enterprise journeys are long journeys. We were started in 2013. Today is 2021. You can see kind of eight plus years into the journey. We're still going strong, right? So people truly need to be committed to this mission, you know, because it's not... It's not an easy journey, and it's not a short amount of time. And I think that's what sort of keeps us gelled together. I mean, our founders, for the most part, are still in the company because they do share this passion and want to kind of deliver that better outcome that we discussed relative to helping enterprises eradicate malware. So I think that's a really important glue. It also helps that we've all worked together before. So we knew we can get along. Oftentimes, you can sort of maybe share the passion. But then as you start walking some hard yards together, you discover that you don't get along as well as you thought you would. And again, talking about the number of years that it takes to make this come together, you can think of it as a bad marriage, if you will, right? It's just hard to stay in this for a long haul like that. So we're fortunate again, having worked together before, we knew we got along well. And I think that's, you know, something to speak about Pranima in particular. I've known her for over 20 years. We met at Checkpoint Software. She ended up joining my business development team over at Checkpoint. And when I left Checkpoint to start Altware Networks, she ended up taking over the team and eventually joined me there. So we... Already knew we got along well. I had great respect for her technical acumen and great respect for her leadership style. She's just a terrific leader and gets stuff done. I guess the ultimate compliment is when you can hand something off to someone and know that they're going to do it better than you can. Right. They always say hire people who are better than you around you. And, you know, while that sounds like a cliche, you know, I really feel like I've achieved that with Purnima. You know, someone that you can really look at as a co-founder to kind of take on big, you know, difficult problems and do a great job at solving them. And I think that's kind of the ultimate the ultimate value is someone you can trust in to get the job done. And very fortunate to have ended up with her as a co-founder at Menlo.
Tony Olzak:That's great. That's a great endorsement. Amir, we've been following you guys for a very long time with our research innovation team. Back when I used to lead directly the security team here, we've been huge fans of you guys for a long time and really big fans of the approach, the technology, how you guys actually do what you do. Just wondering, last year through the pandemic and then this explosion of remote and hybrid work, I got to imagine that this has become kind of like all the stars have aligned and the opportunity in front of you has got to be pretty tremendous. Can you just talk us through what's going to happen over the last year and where you see the company being embraced and some of the techniques that you guys use?
Amir Ben-Efraim:Yeah, I think COVID has been very interesting. So first of all, what we're seeing COVID do is really accelerate digital transformation. So cloud-based applications are growing like there is no tomorrow because people have figured out if my workforce is all remote, It's easier to connect to a cloud-based world than it is to connect back to the enterprise data center and overwhelm existing VPNs and so on. And the cloud, you know, has proved resilient through COVID. All of the SaaS world remained up and running and, you know, delivered sort of low latency connections and a great experience for users, you know, from their homes or no matter where they were, they were getting a great experience. In the world of security, it sort of created a bit of a challenge because most of security resides inside the corporate data center, if you will. Yet the application stack is moving outside the corporate data center into the world of SaaS. So what we've seen with COVID is an acceleration of moving security to cloud-based services. Menlo, of course, is a cloud-based secure web gateway, which is really kind of at the forefront of allowing people to connect to all of these different SaaS applications. So we were, you know, cloud native, if you will, founded on that cloud principle back in 2013. So, you know, absolutely the right form factor for COVID. On top of that, what we're seeing in sort of the latter part and sort of the more recent months is an acceleration of malware attacks. We've seen the Colonial Pipeline attack and the meat plant and just late last year, the SolarWinds attack. Even though the world would like to sort of forget about cyber, you know, it's always there. And, you know, the bad guys rear their head and sort of cause some untold amount of damage just reminds all enterprises how vulnerable they are. So this combination of supporting digital transformation by shifting the form factor from on-premises to cloud, plus when you do that with Menlo, you achieve this sort of perfect security, if you will, right? If you let us handle your web sessions, we guarantee. In fact, we offer a $1 million warranty. that you will not be breached if you use Menlo. And that's something none of our other sort of competitors or peers are able to offer because they just don't have the deep technical stack that we have, you know, an isolation-based core that delivers this type of outcome. So the combination of better security and a cloud form factor has really been, you know, allowed us to accelerate through COVID. We had, you know, our best year under COVID and grew almost 100% year over year. So yeah, I guess to some extent, we're fortunate to be resilient through the difficulties of this pandemic.
Tony Olzak:It's amazing every time you think that the industry might slow down a little bit, you just get that free advertising because some major event happens out of the blue.
Amir Ben-Efraim:Yeah, I mean, that's cyber, right? Like I said earlier, everybody would like to forget about it, but the problem is always there. And just when you least expect it, it rears its ugly head. So I mean, enterprises have no choice but to continue to Think about how to build better and better defenses and how to remain resilient because it's a guarantee that the next attack is a round and corner.
Todd Gallina:Yeah, we had, as we were talking earlier, Tony mentioned, we were speaking with Andrew Rubin and he basically said, assume breach. You know, he was defining zero trust, but this all falls into the same kind of discussion. You just have to assume it's going to happen and you need to surround yourself with the right protection. You guys are really validated by Gartner. You guys are in their quadrant.
Amir Ben-Efraim:We're in the secure web gateway magic quadrant.
Todd Gallina:Okay. So how involved are you with those discussions? Can you talk a little bit about, you know, validation from somebody like Gartner?
Amir Ben-Efraim:Yeah, I think, look, analyst validation is always helpful. When you do something special, it sort of helps to spread the word, if you will. And certainly, you know, a big part of the market looks for analyst perspectives because it is crowded and analysts kind of help to sift through that, you know, the noise and help sort of narrow down the field a bit. We've been a visionary with Gardner for three years. I think that the best validation actually is from the marketplace, right? It's from customers and word of mouth. You You know, we started our journey, you know, one of our first customers, we're fortunate to get JP Morgan as a customer. It's very early on, you know, in the life of Menlo. I think, again, we started the company in 2013. I think we ended up with JP Morgan as a customer in 2015. So truly one of our first customers. And they helped spread the word about Menlo and the outcomes we were delivering for them. At the time, they were blocking big swaths of the web because they're worried about risk. With Menlo's unique way of accessing the web, again, we delivered the secure web gateway powered by web isolation. We're able to let them go anywhere they want on the web risk-free. So it ended up helping their various business associates access wider parts of the web and deliver better services to their clients. And at the same time, actually improve their security. So they kind of looked at us as a strange animal. They said, mostly security takes rights away. You guys are unique in the sense that you make security better and you actually allow people to do more. And they went ahead and shared that story throughout the financial industry to the tune where now eight out of the 10 largest banks in the world are all Menlo customers. And a big chunk of our revenues comes from the financial sector. So I think that customer validation and word of mouth is actually the most important thing you can ever have for yourself as an enterprise company. Of course, analysts like Gartner are extremely influential, so you have to sort of spend time and energy on that world as well. So I think it's that combination. I really personally enjoy most the customer validation. I think that working well with the analysts is clearly important as well.
Todd Gallina:Yeah, that's a tremendous theory. Keep your big customers happy. Let them spread the word and the validation will come. That's a great story, by the way. We always like to hear great customer stories. I appreciate you sharing that with us.
Tony Olzak:Hey, Amir, as you start to think about what comes next, and we're always curious, those with an entrepreneurial mind, you founded multiple companies. Are there other ideas you'd like to chase later in life? Or are there things that you're really pondering right now? Give us a glimpse inside your mind and what you think is next for you. We'd love to hear how the future plays out.
Amir Ben-Efraim:Yeah, on that front, look, Menlo is an all-consuming journey. And I do have... you know, I guess ideas. I'm kind of a product-oriented founder, if you will, right? Having been raised as an engineer, right, from the ground up and sort of spending my initial years in that realm. So I think in terms of product, but it really tends to be focused on our current mission here at Menlo of kind of eradicating malware from web and email and finding better and better ways to do that. So I'm not really thinking beyond Menlo. I'm not sort of looking around a corner and going, well, what is going to be my next journey? I feel my next journey is Menlo. I feel we're still in these sort of, you know, I don't know what you want to call it, early innings of the potential. Our last round of financing, you know, we raised $100 million in our Series E. I think we came out with the valuation of that. It's just shy of a billion dollars. Our public sort of competitors, if you will, the likes of Zscaler and so on, are out with a market cap of $25 to $30 billion. So I feel there's a lot of value creation still ahead of us as we illustrate to the world that we're truly a better company than those and can deliver better outcomes. And that's really the goal is how to kind of put our best foot forward and our best thoughts and innovation into continuing that independent journey for Menlo and developing Menlo into the next great cybersecurity company.
Tony Olzak:Yeah, that's great to hear. I mean, we've seen you guys grow from the very beginning and just excited to see the journey, excited to see the growth. We've heard from some others, and I believe this wholeheartedly myself as well, is that in order for something to succeed, you have to put everything behind it. You can't split your attention between competing priorities and pour everything you've got into the thing that is the most important to you. So glad to hear that that's still burning the entrepreneurial fire and the curiosity and what you guys are trying to do next, because big hopes for the future for you guys
Amir Ben-Efraim:appreciate that and yeah i mean i think it does take tremendous dedication on these like i said the long journeys and and you always need to learn you know the industry around you adopts as well and you always need to remain creative and innovative i think that you can't kind of rest on on something that you might have come up with five or six years ago because the world around keeps changing so yeah it keeps keeps it all fresh
Tony Olzak:Hey, so Amir, you know, we mentioned, you know, the Gartner Quadrants and you talked about where some of your competitors are going in that space. You know, we've seen a lot of startups come and go who were, you know, maybe near what you guys are trying to do, different isolation technologies or different other kinds of platforms. And we've seen some of the classic, maybe larger companies try to grow into your space a little bit. How closely do you guys track competition and what do you do with that information?
Amir Ben-Efraim:Yeah, I mean, I think we're in a very exciting market. So as I mentioned earlier, with COVID, you really are seeing an acceleration of on-premises security moving to cloud-based security services. We're in perhaps the most exciting part of that. When you look at cloud secure web gateways in particular, That's been, you know, classically, that was a pretty stagnant space. But, you know, in the last five or six years, this is really where a lot of the innovation has been coming from. So cloud secure web gateways are enabling now zero trust private access. So they're redefining VPNs. Essentially, you use these cloud gateways to connect to your corporate resources in a non-VPN sort of way. On top of that, you know, we're seeing a convergence of capabilities. secure web gateway and data leak prevention is getting converged into the secure web gateway and firewall as a service you know for all ports and protocols not just web is getting converged into what was the secure web gateway so in a way you know it's a very dynamic part of the market that's starting to consolidate you know many many billions of dollars of annual spend so we're Very excited about that opportunity. I think anytime you have something this disruptive, it creates just amazing opportunity for new vendors to emerge. And we feel that Menlo is going to be one of these new vendors. The market is crowded. There are certainly a lot of vendors, new and old, kind of all vying for this opportunity. Maybe another sort of acronym that I'm going to throw at you that's kind of hot, if you will, is SASE. secure access service edge. That's a term that Gartner had defined and, you know, it's sort of echoed back to us that it's the hottest movement or hottest area of interest we're seeing at Gartner in the last decade is SASE, which is really the sort of combination of capabilities that I just described into a single cloud gateway. So Juan, excited about that journey. It is a very crowded market, but we feel that Menlo is super well differentiated relative to that security outcome that we spoke of. We're the only ones out there saying, hey, if you use Menlo for your cloud journey, we'll eradicate malware from your web sessions 100%. We'll eradicate malware from your email sessions 100%. And we can guarantee it because we pioneered this web isolation technology that no one else has that works at our scale and our level of efficacy. So I'm very confident that this differentiation matters to a lot of customers. We've spoken about our traction with large customers and the you know, kind of eight out of the 10 largest banks and, you know, and, and railways and airports and airlines and hospitals, you know, I can share that the United States department of defense is a big Menlo customer as well. They've actually chosen Menlo as their, as their basically way to access the internet for all 3.5 million personnel at DOD. I can share that because they've come on, they've, they've noted that publicly. So it's very exciting.
Todd Gallina:Congratulations, by the way. That's amazing.
Amir Ben-Efraim:Thank you very much. So, So it's this kind of traction and this kind of word of mouth, which is powering our growth journey. And I feel like the opportunity is almost infinite, you know, and then, you know, will support us for many years to come.
Tony Olzak:Yeah, it's amazing when you think about what you guys do and how disruptive it is and how it changes the game of allowing people to do much more, but being much more secure at the same time. And not to get too down in the weeds of your guys' actual tech, but, you know, When I talk to security leaders, especially new ones, and they're typically very interested in, you know, how new technology might be changing what's possible and how they should be thinking about the world. I mean, I got to believe that step number one, if you're trying to manage risk is, you know, just deploy Menlo out of the gate. And this is like a free commercial for you guys, but like, how could you not consume what you guys do and just have that be like one of the first easy buttons you do to just get a handle on things?
Amir Ben-Efraim:I mean, I couldn't agree more. And I appreciate the partnership with you guys and spreading the word to the various enterprises out there. I feel like people do need to think about cyber in different ways and look for innovative new companies that can deliver these kinds of outcomes just to continue doing the same old stuff and continue to spend money with the same firewall vendor for 10 years. And and perhaps take outdated technology and move it to the cloud and feel like you've done something better, you'll get the same outcome that you've done before. So it really is challenging your vendors around innovation and how can you guarantee to me that when I use you, I'm not going to get breached anymore. Customers should be challenging their vendors to answer that question. If you don't like the answer and it just kind of sounds like the same answer you've gotten for the last few years or five years or 10 years, then you should probably think about someone else. And I think that's the opportunity we welcome at Menlo. And I agree with you that I feel that should be essentially the standard for how people access the internet is using technologies like web isolation to completely eradicate malware. Why take a risk?
Tony Olzak:Yeah. I mean, speaking of making it the standard, I know there's been some companies that have made the leap into the consumer side of the equation. How do you guys think about enterprise opportunity and focus versus consumer-facing products?
Amir Ben-Efraim:I think that they're really different kinds of companies. So first, the problem set is similar, right? Malware and phishing and ransomware and all of that stuff hits enterprises and also hits consumers. So the problem space, if you will, is similar. But the companies that go after it are quite different. If you're going to go after global 2000 companies and you build a sales force and the support infrastructure and everything that kind of goes into that and telling that particular story, that's a certain kind of machinery and engine that you've developed that is completely different from a go-to-market engine for a consumer company that needs to chase consumer channels and app stores and you know, viral marketing and, you know, all of the things that you use to kind of go after the consumer world, which frankly, I don't know very well. You can probably tell just by my description and I've been an enterprise guy for a long time. So you find very few companies that do both well. In fact, I'm not really aware of any. Some of the antivirus companies tended to do semantic McAfee, did both consumer and enterprise, but they've gone on to split their businesses. Semantic fragmented via being acquired by private equity and McAfee is undergoing that process right now. So if anything, it shows that the consumer side and the enterprise side are just really different kinds of companies.
Todd Gallina:Well, you guys have done a tremendous, tremendous job in the space that you're in. You guys are a red hot you're you're the founder of a red hot company in a in a red hot space you guys are doing amazing and we can't thank you enough for for hopping on with tony and myself to to kind of share your journey with us amir this has been great
Amir Ben-Efraim:well pleasure and thank you guys for inviting me and look forward to continuing to partner with you and your team
Tony Olzak:yeah thanks amir it's been great all
Amir Ben-Efraim:right guys appreciate
Tony Olzak:it like he told us like why he started menlo and he told us it's like essentially what they do which is at an incredibly high level but like to me, the intriguing thing about what they do and why I've actually been very enamored with this company since the beginning. Essentially, how these guys started is, so imagine I launch my browser. In this case, it's Google Chrome is what I use. And I go to whatever website. What ends up happening is, in the background, Menlo is sending my web request through their cloud platform And their browsers are actually interacting with the content. And then they're just sending me the screens. So why that matters is because any kind of attempt to compromise my machine through that web session hits them and doesn't hit me. And I'm only getting like the images and being able to interact with like the presentation of the website, not actually the data of the website. So it's shielding me from like everything that could come through, which means like whether it's healthy or not, no one cares because as soon as that session is done, they destroy that container and spin up a new one. And like no one's the wiser and no one was able to touch me. Like literally they're creating an environment that we've isolated the web session. It can't touch my computer. I'm just getting a glimpse from the outside of what that session looks like and nothing touches me. When you start thinking about email in the same fashion where if I open up an attachment, it opens up inside their platform and I just get to see it. I'm not actually interacting with the file, which means if there's malware in the file, if there's scripting in the file, it's not actually touching my machine, it's touching them. And so... One attempt at this, like when you think about endpoint protection, endpoint protection is where like things are opening on your machine and it is trying to detect those things and prevent them from happening. And then they're constantly battling the sophistication level of the adversary. What if the stuff never touched your machine? It still looked like it was touching your machine. You still interacted like with the files, with the PDFs, with the Word documents, with the website, but it wasn't happening on your machine, but it still appeared as if it was. And that's their whole value prop. And when you think about that, you're basically like shrink wrapping a computer and saying this computer is not ever really going to touch the internet. but it's going to appear like it is. And therefore we will give you a million dollar guarantee that like you will not get breached through the web or through email if you use Menlo. And when you think about what that does to your user base, like think about how many times every week, like assume breach, like all this kind of stuff. Well, what if like 90% of the stuff that creates those assumed breaches were just wiped out? And so, yes, assume breach at some point in time because some savvy person is going to find some way in. But make it so that all the easy ways to get in are just 100% eradicated.
Todd Gallina:Yeah, it sounds like to just a regular person, that whole session is kept in a container and destroyed at the end. And you never interact with the actual person. Does that create lag?
Tony Olzak:Well, I mean, you think about the ways they've matured over time. So you're already, I mean, think about it like this. They're being hosted in places like AWS cloud data centers. Those are the same places where all your other content is hosted. So to put it back through their process and it's so lightweight and they've perfected it over time to where you would never notice. And I've seen bake-offs and tests with their technology in play. And as an end user, you would not notice. You would not notice that whole process taking place. Even some things that they will protect you with then as well. Here's the next way that people pick off credentials all the time. Like when we were, you know, doing pen testing a lot or, you know, you do like different kinds of like penetration tests or, you know, social engineering and stuff like that. You send people to different kinds of web interfaces that replicate company websites or other kinds of sites they might use and you get them to put their credentials in. None the wiser. You've just like picked off their credentials. You're kind of sitting in the middle of the transaction. Yeah. Companies like Menlo do other things too, which is now they see what you're submitting back because it has to go through them. And you could set policy like, no, you can't submit company credentials to... outside websites. Like, bam, it's just not going to happen. And so you think about all the ways that you can instantly protect your organization. It's pretty exciting. And it's no wonder that like DOD and other places are bringing them on.
Todd Gallina:No, it totally makes sense. And I can tell that you wish that they had a consumer-facing
Tony Olzak:version. I would deploy it right now. Like my family, you know, like the kids and my wife and stuff, you know, when it comes to cybersecurity, people... for the most part like they can't be bothered and anything that interferes with their life like they can't be bothered and they don't want to think like two more seconds about anything before they just like oh i gotta put my credentials in or gotta put a password in or no i'm trying to get to this website to do xyz or you know like the kids won't even read screens like half the time i'm troubleshooting something i'm like what'd that pop-up say oh i don't know what'd that box say i don't know like why are you clicking yes or okay through all these things like without reading like it's telling you something for a reason and so you have all that That kind of stuff happened. But the other thing is that I was having this discussion with some other security professionals over a Slack channel the other day, which maybe is not the most secure way to talk, but we're not talking about anything sensitive in nature. It was about how you control risk around certain kinds of things. And basically what it came down to is the consumers just don't care. A lot of security professionals care like, oh, this company just leaked 100 million records. What are we going to do about it? And how are we going to penalize them? And that's not right. And it's like, well, certain people care. But if the consumers don't care, then it's really tough to do something about it versus just like the little slap on the wrist and a fine that ends up happening to them. And like case in point, right? If a hospital loses a hundred million records and they get fined, you know, you can't shut them down. Like, And then do you think if I've got a critical situation, I need to go to the hospital? I'm like, not that hospital because they had a breach. Those guys got breached two weeks ago. Nobody cares. And probably the biggest one of all, I mean, think about that massive Target breach. It was one of those at the time that just made so much news. It was all over the place. If you look at their consumer spend, do you think my wife stopped shopping at Target because they got breached? Like, no,
Amir Ben-Efraim:not if you look at my bank account. There's clear proof
Tony Olzak:that no one cared. Like all the people who shop at Target, one, if they heard about it, they didn't really understand it. And two, even if they got the notice in the mail, it says like, oh, we lost all this information. We're going to cover you with free privacy services and identity services and all this stuff. They went right back to Target the next week and shopped again and didn't care. So- If the consumers don't care, it's a really tough spot to be in of figuring out what do you bring to bear and how do you make this stuff happen? But it's that consumers don't care thing that makes stuff like Menlo so valuable that I wish they would make a consumer version because yes, okay, people in general just don't care. Let's assume that they don't care and assume the worst and let's allow them to do things in a manner where they don't have to care and we'll still protect them accordingly. And how do we do that? And that's why I'm a big fan of the isolate techniques because you know all the bad stuff happens in someone else's container and never touches you and therefore like yeah have at it do whatever you're gonna do because you
Todd Gallina:know you're gonna do it anyway yeah and so in this in this case you would you would personally install it you know for your home or you would expect someone like an internet provider to to supply it and you toggle it when you log in or google chrome would supply it If it was a consumer product, how would folks be able to consume it, I guess would be my question.
Tony Olzak:Yeah, well, I think that, you know, that just speaks to business model. In the grand scheme of things, if I had no other option, I would just install something on everyone's machine. And that's just the model that you would go. As you think about how service providers are trying to evolve themselves and become more valuable, especially as people cut the cord and they try to develop more streaming services and other kinds of valuable services. It's not just a internet connection that you're buying. It's all these other richer services that come along with it. I mean, that is an example to where many service providers have added in security features into what it is that they do for you. This is yet one more to where, look, if you can't get a consumer version of it, well, you could have a partnership between Menlo and whoever your service provider is and service provider could just provide it as a service back to you And that would work too. Bottom line is how do you get more sophisticated security tooling and capabilities into the hands of consumers? Because we're doing an awful lot to protect enterprises and they still keep getting hit every single week. But you don't hear about all the people just at home with bad stuff happening to them every single day. And they have much less access into the savvier kinds of tooling that they need. And we kind of need it because if you think about the remote workforce, even if I had... you know all these tools you know sitting to like protecting me on my work machine but people are sending their their work machines at home and they're they're putting them in their home networks and their their home is getting whacked and then you know your kid is doing something and they get whacked and through their machine and ends up whacking your machine and it ends up hitting your work machine too which is just connected to your home network too and now you've got malware on that thing even though you know you were protected, quote unquote, through your company's access through the other direction. You kind of have to give thought to protecting the whole home if employees are going to work from home. And in a classic sense, way back in the day, we would have just sent devices to the home like, here's your dedicated router or VPN device with its own wireless and everything. And oh, by the way, don't ever connect your work machine to your home network, which everyone just did. Oh, by the way, don't ever let your kids use your work machine, which half the people end up doing. And just because if you've got a computer at home with internet access and it's sitting there, someone's going to use it and you can't prevent people from doing it. And there's like the classic security thinking of like, well, we'll put policies in place and that's against the policy and that's against these things and we'll put controls in place to prevent that from happening. And it's like, what I love about Andrew's talk from the week before was that same thing about assume breach. You just have to assume that these things are going to happen. It's fine to put in a policy that you're not allowed to do these things or you're not allowed to do X, Y, and Z, but you just have to assume that they are going to happen. And when you take that Jocko Willink approach, which is good, this is going to happen. Good. Now, what are you going to do about it? Because you don't have an option to fail. How would you think differently If you just knew it was going to happen, and then how would you think differently about protection? In today's world, you have to protect an employee's entire home because that is part of the attack surface. And you can't just ignore the fact that everything else in their house is going to be touched and or kids or spouses are going to pick up the work computer and do whatever they're going to do that may violate your policies, but it's going to happen.
Todd Gallina:Yeah,
Tony Olzak:no,
Todd Gallina:for sure. Way to bring Jocko into that. That was sweet. No, no, I think we have plenty. So I'll just close it out.
Outro:Trace3 is hyper-focused on helping IT leaders deliver business outcomes by providing a wide variety of data center solutions and consulting services. If you're looking for emerging technology to solve tried and true business problems, Trace3 is here to help. We believe all possibilities live in technology. You can learn more at trace3.com slash podcast. That's trace the number three dot com slash podcast. You've been listening to The Founder Formula, the podcast for all things startup from Silicon Valley to innovators across the country. If you wanna know what it takes to lead tomorrow's tech companies, subscribe to the show wherever you get your podcasts. Until next time.