November 9, 2022
Ayal Yogev is the co-founder and CEO of Anjuna Security. Ayal has 20 years of experience in the enterprise security market, serving most recently as VP of Product Management at SafeBreach. Prior to that, he led the Umbrella product management team at OpenDNS, which was acquired by Cisco in 2015 for $635M. Ayal has also held senior product management positions at Lookout and Imperva, and he was part of Imperva's IPO in 2011.
Ayal holds an MBA with honors from UC Berkeley Haas School of Business and a B.Sc. Summa Cum Laude in Electrical Engineering and Computer Science from Tel-Aviv University.
Julian: Everyone, thank you so much for joining the Behind Company Lines podcast. Today we have Ayal Yogev CEO and founder of Anjuna Security. Ayal has 20 years of of experience in enterprise security market serving most recently as VPO product management at Safe Breach. Our Anjuna, excuse me. Makes the public cloud secure for business.
Software from Anjuna effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud. Y'all, thank you so much for joining the show. I know we were back and forth a little bit and scheduling and rescheduling, but I really appreciate you having you on. Really excited to learn about your.
Kinda expertise in the security field as well as your successes building startups, and I know you were part of a successful i p so we'll dive into all that good stuff. But before we get into all that, what were you doing before you started Anjuna?
Ayal: Yeah, so thanks for having me on Julian. Pleasure, pleasure to be here.
So as, as you said, I've been in enterprise security for almost well over 20 years now, almost 25 years. Happy to kind of go through my background, but just before in June, I was the, the VP of product at a company called SafeBreach, which is a another enterprise security company doing a breach and a attack simulation.
Yeah, and essentially all, all my career was, was an enterprise security. I, I started in unit 8,200, which is the Israeli equivalent of the nsa was a lot of security founders that yeah, from that background, And after a few years there, moved to the private sector and all my career was essentially in product management and enterprise security companies.
And as you mentioned, I was part of the IPO of Imperva. was leading the umbrella product management team at Open dns and we got acquired by Cisco. So I was, I've been part of an acquisition to Cisco and I was part of an acquisition by IBM my career as well. So yeah, I've been. Been a lot super interesting security companies.
Julian: Yeah, no. Describe the enterprise security process. You know, what are the things that enterprise companies focus on? What are the the testing that they do, the penetration, I'm assuming that there have, they have teams that deploy and, and run kind of different attacks on their own code base then to make sure that it's secure?
Were you a part of that system or were you building software to essentially you know, kind of protect the, the internal mechanisms that, that run in, in enterprise?
Ayal: No, that's a, that's a great question. So I was part of the, I was always part of the vendor side essentially. After, you know, I moved to the, to the, to the private sector side.
And I was part of always building security products, you know, that help increase the security of our customers. So, so this is, so the style I was on, but obviously within companies, within, you know, is gonna imagine within large banks, you know, healthcare organizations, essentially every organization today, if you're in any way connected to essentially anything, you're, you're gonna have to think about security.
Mm-hmm. So within every organization there are, you know, people, teams, or, you know, complete organizations tasked with the security. And that these are the people that, you know, you engage with when you're building security products.
Julian: Yeah, tell us a little bit about what ways are, are companies compromised or how they can be compromised?
You know, I, I had another founder on who was in the security space and he was talking about teams of, of for ransomware without deploy and essentially get company's data and didn't have a ransom for it, and they have to, you know, pay it or not pay. What are some ways that companies can get compromised that you've seen in, in your experience?
Ayal: Yeah. So yeah, Reservoir is definitely a big you know, a big area of concern. Yeah. But I guess, let me talk about sort of two, two breaches that happened in the last couple of years that I felt was, were particularly, particularly interesting. One that's essentially in the news now is is around, is Uber the Uber breach that that happened?
And what sort of happened? There was, it was, it was actually interesting. It started with a with a Phish email. And basically one of the employees there sort of got a Phish email. They, you know, clicked the link and, and what sort of happened is that the, the attackers used sort of phishing to bypass the two-factor authentication.
So I know probably a lot of people now know, you know, once you tried to log into something, there's another factor. It's not just sort of Yeah, people's talking about kind of the, what, you know, what you, you know, what you have or you know who you are in terms of having more than one factor to authenticate.
So it used to be just a password, but again, if somebody kind of gets access to your password, then it's very easy to log into your account. So the two factor means it's not just a password, it also something that you have, for example. So if you have your phone on you, you get it, you know, text message to the phone, and you can put that on.
So it's, it's a better but the problem is, if. , if you get phish, if basically an attacker sort of reaches out to you, and so send me, you know from it, please send me the password you just received via text. If you send it to them, then there's a way to bypass that second factor. So that's what happened at Uber.
And once that happened, the attackers were able to get rude access to the system. And through that, once, one of the problems is once you have sort of rude access to a system, once you have access to the infrastructure itself, you just have access to everything. The, the, there's. Really, really, there are very, very few ways to, to kind of stop that.
And once that happened, essentially the attacks were able to get access to the information. Another super interesting one was the, the Capital One breach. And this was the, the reason it was interesting, this was, Capital One is a huge AWS customers, I think, is very publicly known. And what happened there was that a former AWS employee leveraged their sort of knowledge and, and access to, to, to AWS to essentially go and steal data from Capital One.
And that was just a super interesting use case because it sort of highlighted the, sort of the challenge the customers have when they're moving to the cloud. Which is when you're running in the cloud, it's somebody else's infrastructure, right? It's somebody else's managing the infrastructure for you, and suddenly you've kind of opened up the door to a lot of, you know, different potential issues that you just wouldn't necessarily have if you're running in your own data center.
And I'm not saying that the cloud is not more secure than on-prem, I think. To a very large extent, the cloud is more secure than on-prem, but suddenly there's this new, completely new, you're just bringing a third party to go manage this. And if the clouds get hacked, if the, an employee of the cloud, you know, wants to get access, if, you know, the government wants to come into the cloud vendor with a subpoena, which is something that a lot of, especially European companies are worried about under, you know, regulations like gdpr.
There's really nothing that you can do as a company to stop it. And I think that's one of the biggest reasons why companies don't move more workload to the public cloud.
Julian: you know, I hear a lot of this and conversation around the internet computer, you know, bringing kind of an decentralized approach to, to cloud infrastructure and replacing AWS to have a completely decentralized you know, kind of cloud system that, you know, you can host data, you can store data and, and have, have different protocols on there.
How do you kind of think about Web three and its involvement in, you know, cloud? And have you thought about it yourself and transitioning into those products. And then I obviously want get into end June and kind of what you're doing with companies right now, but I'm just curious about your thoughts on, on web three now that it's kind of moving or trying to move off of AWS into this internet computer and create kind internet decentralized with different nodes, kind of a cloud-based service.
What, what are your thoughts on that?
Ayal: Well, I think it's a super interesting idea and I, I see a lot of our, you know, We do have a lot of web three, you know, customers essentially. So I think that there's a lot of merit to the ideas, but in terms of security, Moving to this sort of the centralized cloud is actually a much, much bigger security risk, right?
Because there's, mm-hmm. If there's sort of one throw to jokes, so to speak, right? You have AWS or Azure, you know, Google Cloud, and you kind of know that they're in charge of the security. There's still a bunch of issues there, but at least you know, they're. Obviously doing everything they can to, to keep you safe.
When you have, you know, the sort of the centralized system where you just don't know where your code is gonna, is gonna be, you know, executed, that becomes an even bigger sort of security, security risk. Yeah. So it's, there's a lot of merit in terms of the sort of financial benefits of doing something like this.
Yeah. And there's a lot of excess compute. Out there that can be leveraged for this. But then security-wise, I don't think a lot of, you know, large enterprise are gonna be using this until the security of that is going to be solved. And it's something they're not even using the cloud as much as they should because of the security of the cloud.
This is at a whole new level of sort of security issues that you introduce.
Julian: Yeah. What, what are your, what, what is iAnjuna doing to kind of help, you know, the public cloud be secure so that, you know, companies don't have to worry about these different bad actors or attackers that are kind of working to get into their data?
You know, what are ways, and I'm sure you know, your experience in, in the in the military kind of, kind of helps with the different ways that people can. You know, certain data and, and, and different access points. But yeah. What is iAnjuna doing that? Really being helpful or kind of creating the security around?
Because you know, the last thing companies want to have to deal with is a security attack because not only does it cost money, it kind of halts all production and within their internal, you know, workings with their engineering team and, and everyone. But what is Inju doing to kind of help kind of secure cloud?
Ayal: Yeah. Yeah. As I sort of mentioned, the, the sort of the core, I'd say, security problem there was just never, there was never a solution for it, is the fact that once somebody gets access to your infrastructure, they just have full access to everything you do on top of that infrastructure. And there's really nothing that you can do to, to stop them from just accessing everything.
And if I go just one level deeper, it's, it's, it's essentially because when an application has to process data, it just has to decrypt the data loaded into memory. And at that point the data is completely exposed. There's just nothing you can do to to, to stop it. There was nothing you could do to stop it in the past and a lot of how the security industry was built was essentially a bunch of these sort of band-aid solutions to try to solve that sort of core problem that was never, that was never solved, right?
And that's why we have all these sort of perimeter security solutions to make sure that nobody can even get access to, to infrastructure. And you have solutions around detection. You know what happened if somebody does get access, how can I detect that they have access and at least know that something bad happened?
And that's why you have a lot of sort of these patching, you know, make sure everything is patched because if there's some. , you know, zero day vulnerability on the operating system. Somebody can use that to get, you know, higher a level of access. So a lot of it was sort of patches to the fact that if you have access, there's like game over, right?
You just have access to everything. There's nothing you can do to stop it. And what sort of happened in the last you know, in the last few years is that the CPU vendors, and you kind of needed the hardware vendors to go and solve this core problem because any, any security, any software solution can be bypassed if you have root access.
But the CPU vendors have built hardware to finally solve that problem. To kind of build a solution that even if you have full access to the infrastructure, you have rude access, physical access, whatever level of access you have, you're just not gonna have any access to the data. And this was a change in the harder level.
And what we do is, this is very similar to what happened in virtualization which was this extremely powerful technology to, to essentially run. Anything virtualized, but nobody was really using it until VMware built a softer stack to make it easy. And that's exactly what we do for this new concept called confidential computing.
This is an extremely powerful change in how this is essentially a new hardware architecture to some extent. It's a very, very big shift in that architecture, but it's extremely difficult to use and kind of got veer to virtualization We're doing to, to confidential computing. We build a softer stack to make it super simple to use this with anything.
Julian: Incredible, incredible. And, and you know, I think offering that level of security not only kind of helps production, I'm sure go more quickly, but, you know, a team's building without having to really you know, think too, too, too deeply into who might attack them or take their data. I'm, I'm curious because, you know, this is not your first successful company.
You've been a part of a lot of great teams in the past. What, what's different between. Kind of teams as they grow and build versus, you know, the teams that you've seen. You had a successful ipo, you were at some larger companies as well. What are the mechanisms that make companies great? And, and what I mean by great is, you know, that run efficiently, run effectively, hit metrics, hit goals.
But also go through the different ebbs and flows of, of what companies go through, which is, you know, lows in customer acquisition or, or you know, product development, what have you. What kind of makes the difference in, in those companies that run well versus those that don't?
Ayal: Yeah. To me, and again, I'm sure you're gonna hear probably, you know, if you talk to 10 people are gonna hear 10 different you know, answers to this.
To me, what I think has always been the, the big differentiator is, is culture. Mm-hmm. . And if you have the right sort of culture in the company and you have the right sort of, You know, people working together, you know, wanting, you know, believing in the mission, believing in what they do enjoy, they enjoy working together.
They enjoy, you know, spending time with one another. That's, that's sort of what kind of makes companies really, really great. And that's how you kind of, you know, every company's gonna have, you know, things are gonna go, you know, sideways in, in some cases, right? Like, you're gonna have. Not everything's gonna be up to the right all the time.
Sure. You have the right culture. When people enjoy, you know, working together, they, they really believe in what you do. That's where you can kind of survive this and kind of come out stronger, you know, on the other side of it. Whereas companies that have, you know, not great cultures, you start getting a lot of, you know, turnover.
A lot of people, you know, basically saying, I, you know, I'm not sure I wanna be a part of this.
Julian: Mm-hmm. , what are some ways that you kind of maintain a strong.
Ayal: Yeah, it's funny that to me culture is a lot companies have these sort of 10, you know, this is our culture, 10 things on the wall that like, I don't think that's what creates culture, right?
It's, it's not about what you say, it's about what you do. To me, culture is the, you know, thousands of little decisions that you make every day, and that's what really defines the culture of the company. And if you have these sort of, you know, I just don't know how many companies and some companies that, you know, I've worked for, you had these sort of 10 things on the wall, but when you actually ask what the culture is, it's, it has nothing to do with those sort of 10 things on the wall.
So to me it's essentially that those. You know, it's those thousand decisions that you make and the, the, you know, everybody, you know, the executives in the company and the managers, everybody kind of make, you know, every day being, and then, you know, the employees essentially everybody makes, you know, when they're part of the company.
And it all, I think it all comes, you know, it's all, this is a culture is something that's very top down, right? People kind of look at their managers to see what they do, and managers look at their, you know, the executives and the executives look at me to kind of see, you know, how I make decisions. And I can tell you kind of the, the.
The way I think about culture is, and I kind of stole this from Eric q1, the CEO of Zoom, who I think thinks about this the exact exactly the right way. And we kind of use the same thing and, and we use one word, which is care. You know, caring about, you know, caring about the, you know, the employees caring about, you know, sort of anybody around the company, right?
The, the, obviously the customers, you know, prospects, you know, that are in the. Interview process. People that leave the company, you know, how do you treat people? They're, you know, either they decided to leave or you decide, you decided to part ways with them. How do you treat them? Kind of treating them, you know, nicely and fairly.
Yeah. This is how you build culture and there's. You know, instead, a thousand decisions you have to make every day. And I'm trying to think through all these decisions through that lens. Mm-hmm. of what's gonna be sort of how, you know, to, to, to care about, so everybody make sure they're treated, you know, fairly and nicely.
Julian: Yeah. I, I love the, the focal point on kind of one idea or. Kind of the, the, you know, I guess not the mission, but the value that drives a company and the, the decisions you make. You know, the company that I run with, my, my co-founder, we kind of think about transparency and communication as, as those, you know, transparent communication.
If, if we do anything right, that's what we do. And it really does kind of help simplify the decisions you make or the actions you take. And, and kind of connect you with your customers at, at, at a level that's consistent, which I think is where a lot of companies may not have the insight to do.
When you connect with clients and, and thinking about this customer acquisition process within the security realm, what is that like? Because I'm always curious, you know, we run a service-based business, it's, it's pretty straightforward in, in regards to, you know, how we. They're there are companies and culture, but I think a lot of what goes on with security companies is kind of under the hood, and you have to get to different stakeholders that know exactly that or have the expertise to know what's going on, to, to be able to adopt your, your technology with that process.
Like kind of if you, if you wouldn't mind uncovering go through this process with your customers to kind of help them you know, adopt your technology.
Ayal: Yeah. It's actually a very super interesting question, and I'm sure you guys have been through this part of essentially the sort of product market fed journey that everybody talks about is exactly figuring that out is what is mm-hmm.
you know, what is your distribution model? What is your essentially sort of, you. Go to market process that's gonna be a good fit for your specific company, for your specific product. And this was sort of the journey that we were on sort already on in the company's life, is kind of figuring that out.
Are we a sort of top down motion? Are we bottoms up motion? Who are we selling to? What, what type of customers are gonna be? Like, which, which verticals are we gonna, you know, are gonna be the, or the adopters of this, which, you know, who at the, you know, these companies are gonna care about this, right? So, so to me, this is the journey that every.
Every company has to go through. And to some extent, I think the distribution model, to some extent is more important than, than the product to some extent. Like again, I grew up in product, so I know the importance of product, but I think figuring out the distribution model is even more important for you to be, to be successful if you wanna build a large successful company.
Yeah. And we've tried a lot of things. I can tell you at high level in security, security, Very traditionally has been sort of a top down type of a sales, you know, model. And it's sort of the traditional enterprise security with, you know, people sort of on the ground, you know, whining and dining, you know, customers meeting with the, the cso, the chief Information Security officer with their teams.
And we're starting to see at bottoms up motions starting to emerge a little bit in security. I, I don't think the transition has been sort of completed yet, but we're starting to see more companies that are starting to build the bottoms up motion. And I think today a lot of it is not necessarily a, like the entire motion is bottoms up, but it's mostly used as almost like a lead generation tool where if companies can figure out a way for, you know let's say a developer, somebody to kind of come on, you know, download something, kind of use it, and then you can kind of come in with your top down sales.
That's a model that I think is starting to emerge more. There's a lot of sort of conversation security space. Is this going to go to kind of full bottoms up motion or not? But we've seen very, very few companies being able to really build a sort of a true bottoms up motion. Yeah. For us, what's, again, as I said, we tried a lot of things when we're in early company to kind of see what makes sense for us.
And I think this is sort of a. Every entrepreneur sort of has to go through to figure out what makes sense and you're gonna have an idea what you think might make sense coming in, but you're gonna end up maybe in a very, very different place where you thought you were gonna end up. And for us, we, for us, it's definitely a top down, like the traditional enterprise sales motion, top down.
We, we've tried different things. There's a lot of benefits to, to, to a bottoms up motion. But it was just very, very clear for us that for us it's, it's stopped.
Julian: Yeah. Yeah. And tell us a little bit about the traction. You know, who, who are you working with, what are you excited about? What are the how have you effect effectively, if you have any percentages or numbers?
Do you want to boast about, this is the time but how have you been able to kind of give companies the, the comfort and security that your product offers? Tell us a little bit about that. Traction.
Ayal: Yeah, so it's funny, but we started seeing production with essentially, I'd say a few. There's a few verticals where we see a lot of traction.
One, one is sort of traditional financial services. You can think of large banks, these, these types of organizations. And, and, and it's sort of like people don't think of these organizations early adopters, but we're enough in security. They, they usually are early adopters just because these large.
organizations are usually, they're both targets because obviously they handle a lot of money that people want to get to. And also they're very, very regulated, so they sort of have to be at the cutting edge of anything security. So really enough, they are early adopters for a lot of, for a lot of security stuff.
A lot of security product. We've been definitely seeing a lot of traction with, with. Then I think this is, goes beyond the, this goes into, you know, actual production environments there and, and to get to production environments with these large financial services. That's not, that's not an easy task and it's a relatively long sales cycle.
But again, because of sort of the, the type of product that we've built, we've seen successes there. Another one is we see a lot of traction on the SaaS side of the house. So SaaS companies, which basically the value prop there is they want to tell their customer. You know, we don't have access to your data within our environment, and this is something that we, we can help with.
I, I mentioned web three companies. That's sort of a subset of that. They, they're sort of in the intersection of financial services to some extent and, and, and SaaS vendors. So we see obviously lot of traction there. And the last one we've seen traction with With governments and, and one that I can talk about because they're public reference.
I think it's one of the, probably one of the best examples is Israel Ministry of Defense. And they're essentially using us to move to the commercial cloud essentially for, you know, for the first time. And this is an organization that you'd, you know, You'd never think would ever be able to move to the commercial cloud.
But with the level of security and privacy that we provide, they can move to the commercial cloud with the security and privacy of the Go cloud, which is super, super interesting. And what I really like about, and why I like mentioning them is that this is probably one of the most sophisticated organizations on the planet, you know, in terms of their security, in terms of being able to validate security products and the fact that they, you know, and we've definitely, this, the validation process was extremely like, it was deeper than anything I've ever experienced, you know?
In my career and the fact that they came to the other side saying, Yeah, this is secure enough for us to go move to the public cloud with, and you know, this is, you know, we're willing to publicly talk about this on top of this is just, it's just been phenomenal.
Julian: Yeah, it, I mean, it's incredible that you're able to work with government and I was talking to another, another guy who was directly working with, with government, and he was doing something in particular around different bids that, you know, that they go through and, and kind of contracts that, that governments offer because of the level of sophistication, the amount of decision makers that are in there.
It, it's a long sales cycle and it's a lot of relationship building, but it's also a lot of integration and figuring out ways that your product will work within that system. What are the biggest challenges? Engine faces today.
Ayal: Yeah. I'd say, well, the sort of, the more, you know, obviously the economic situation we're in is not helpful, I think to, to such any company, right? Yeah. And then, you know, we feel like the. Like everything is becoming a little softer, right? Like the, you know, cell cycles are getting, it feels like they're getting a little longer than they used to.
And the, you know, the amounts that people are willing to, to spend seem like people are more sort of aggressive asking for, you know, larger discounts, right? Like, we're seeing things that are softening up in the market. But I think that's something that's probably shared across everything specifically with us.
I think the, in general, and it's sort of a, I think it's a bad thing and a good. What we do is essentially so we're creating a new category. Yeah. And by category creation, like we're sort of teaching the market, there's sort of a new better way of doing things. It's not like another, you know, a NextGen, whatever, right?
The NextGen file, NextGen n virus, Like this is a really, sort of a new way of doing things. The, the, the good thing about that is that this is how you build like extremely large companies, right? Salesforce was a category, like they created the category of sas, right? This is a category creation and you know, obviously they've been extremely successful.
You know, VMware was a category creation. They sort. You know, educated the market. There's a new way of running workloads. So every time, actually this example that I, that I love using, it's from a book called Play Bigger, which is a phenomenal book talking about category creation. And they say that the category creator usually takes 90% of the economic value of the market, and they give, they use an amazing example with the iPhone.
And obviously Apple created, you know, the smartphone. Category, and there were things before then, but they were the ones that we, you know, created in a major way and kind educated the market. Mm-hmm. . And they're not the biggest, like, they, they own what, 20 10% maybe of the global smartphone market. But they own, but they have about 90% of the economic value of that market because Android is free, you know, in these you know, the, the hot.
You know, the, the Samsung and these hardware vendors essentially have very thin margins. App was the one capturing most of the economic value. So that's sort of the opposite of creating a new category and we are creating a new category. The downside is that this is a much, you know, tougher thing to do than this coming saying, Yeah, I'm, I'm also, you know, I'm doing the same thing, you know, cheaper, faster, you know, a little better than what you.
That's a much easier sort of sell because everything is well defined, right? You have a, you know who the buyer is, you know what, they already have a budget for this. They know how to buy, you know, solution. Like everything is a lot simpler. But yeah, you get a lot less sort of, the, the potential outcome is much, much smaller if you sort of are in Me Too product.
So that's sort of the, the, you know, pros and cons of what we're doing.
Julian: How are you in particular? Market because I, Are you still there? Yeah, yeah, Yeah. Okay. How are you in particular educating your customers and your market? Because it's category creation is such a fascinating topic. Cuz like you said, a lot of a lot of companies are in that, you know, similarity where, where they're able to compare and contrast to different things that they're using.
And I think there's, there's a way to, you know, hedge. The herd. Or there's enough market share. You know, for instance, if, if the recruiting company there's so many people hiring some in, in any given time that there's enough market share for everyone. But this is kind of blue ocean. So how are you kind of educating your customer base?
What are the strategies you use? Are you, you know, getting out, doing talks? Are you blogging? Are you you know, are you kind of going through referral networks? How does somebody create a category?
Ayal: Yeah, so there's extent, it's, it's, it's everything that you do just to sort of get the word out there. And this is just a, I'd say a lot of it's, it's sort of the, kind of the, what you think about is sort of the traditional marketing you'd have to do, but you sort of have to amplify that because things sort of take longer for it's.
Marketing tends to be sort of both, you know, leader, demand generation, as well as sort of the burning exercise and kind of getting the word out there. If you're coming into a space that's very, very defined, I think the focus has to be very much in sort of demand generation, right? Just finding, let's find the people that are buying this now, get in front of them and you know, mm-hmm.
go sell this when you. When do category creation, it can't just be there. There's not gonna be that many people out there looking for something that just they don't even know exists. Right. So, So a lot of it is just sort of educating, you know, the market, right? Yeah. Doing, you know, podcasts, Right. Doing, you know, speaking, speaking engagements, You know, getting in front of you know, getting in front of people that, and sort of educating them that there's a new way of doing things.
Yeah. To some extent. Luckily for us, this topic of confidential computing is becoming, Very, very important in the sort of battle between the clouds, that the clouds are putting a lot of effort behind this because they feel like this is the one thing that's gonna enable people to move sort of everything to the public cloud.
Yeah. So we've seen, you know sat the Sea of Microsoft did a, you know, two minute product video about Azure Confidential computing, which is a partner of ours. And, and, and again, it's phenomenal when Saudis talking about this, you know, obviously a lot of people listen you know, Steve Schmid the see of.
I said in a video interview that confidential computing is the future of data security and privacy. And again, Amazon is another partner of ours. You know, AWS is part of ours and that's great. When you know someone like this says this interview, people pay attention. So that's, that's really helping us you know, Get the word out there, obviously, and, and get people to, to think about this.
Julian: Yeah, yeah. No, it's incredible when the, the categories, you know, kind of going in the direction that you are. So you kind of, you can kind of work in tandem with that to educate, you know, your mates market kind of. It, it's such a tricky situation and, and it's awesome to hear that you're in a situation where it's kind of working with you, which is fantastic.
If everything goes well, what is the long term vision for end?
Ayal: Yeah, Generally where I think this is going is so, so when you kinda think about security, every time there was a security solution that had no performance impact and was super simple to use, it just sort of became the default. And you can think of sort of the, you know, firewall is a great example, right?
When the first firewalls came out, only sort of these large, you know, banks, these very large organizations gonna use them to protect their networks from the internet. But within five years, you know, every, like, it's sort of been insane to even connect your home network to the internet without a firewall.
I kinda look at where the, you know, the, the, the industry's going, you know, 10 years ago, like every website with HT htp right? Nobody was using HTPs. Yeah. And then the large banks started using this and, and now, you know, 10 years later, every website on the planet, it almost impossible to find a website not using HTPs.
And. And, and, and the reason is just so simple to turn it on, right? And you have, you know, websites like, you know, cnn.com right? Is using AC dpss, not because there's anything sensitive on a news website, right? Like it's all, you know, it's all public, but it's just so easy to turn it on and get security and privacy that everybody uses it.
Yeah. And you've seen the same on encrypting the, the disc. This description is now the default for everything. And it wasn't like nobody was really using it a few years back. Yeah. This is what we essentially do is protecting the data and use piece, the, the data while it's, you know, in memory. So again, I just, this is where I think this is going.
Everything is going to be running within a few years in a protected space, and we're essentially the company that enables this to happen. Yeah. But, but where I think this is going, there's sort of two aspects that I think are gonna be created by this one. Once you solve that core problem of security, which is how do you make sure that even if somebody gets access to your infrastructure, they don't have any access.
80% of the security stack becomes obsolete. Like you don't need to kind of stop you from getting on your infrastructure anymore because it doesn't matter. You don't have to patch everything you know all the time because it doesn't matter. Even if some, there's a zero in the operating system, it's not gonna affect you.
A lot of the monitoring that you do, a lot of the detection, like none of that matters anymore because again, if somebody's on their infrastructure, it's not gonna affect you. So I think 80% of the security stack is going to be obsolete or going to have to change once you have this, this in. And that's one very, very big shift that's going to happen in security.
And the other big shift that's gonna be even bigger than that is security's always been an enabler for bigger things, right? Without the right level of, like, if you don't. Have security in your bank, like you're not gonna put your money there. Right. Without security, like the banking industry wouldn't have existed, you know, if you didn't have security online, Amazon wouldn't have existed.
Like nobody would give their credit card online to buy on Amazon. Right? So security's always been this enabler for, for bigger things. And what this essentially enables is sort of a new phase of compute. This essentially enables you to run your code and your, and put your data, you know, anywhere. And I think the first phase of what this will enable is just to move everything to the public cloud because this solves sort of the core security issue of the public cloud.
But longer term, I think where all the code is going is things are moving closer and closer to the edge. And, and you know, you can think about like, you know, think about a Tesla, right? A Tesla is sort of at the edge. You have enough compute power. There is probably as a small data center on the Tesla, but you don't wanna run code and store sensitive data there because what you don't want happening is if Sony breaks into a Tesla that they're gonna have access to your personal information.
Yeah. So that's why everything is sort of sent to the cloud to be safe. But if you have the ability to. Code and data in a way that even if somebody breaks into your card, they're not gonna have access to your data. Suddenly you can do a lot more on the edge. Yeah, and I think that's the even bigger shift that's going to happen is it's going to allow you to just run code anywhere.
And you asked about the sort of data center or the sort of, you know, distributed cloud where everything is sort of running, you know, anywhere. This is the level of, this is the level of security that enables that if, let's say some large bank has access computer in the data center, they can go sell it to somebody else and have things run there.
If you have data, if that's closer to where the cus you know, the data needs to be, you can go run it and you know, somebody's home closer where you need the data. This is just sort of opens up the door to this next phase of, and the next evolution of compute.
Julian: Yeah, I mean that's incredible. I love the example of being able to, you know, run. On your device and not having to, you know, push them out to somewhere else that's more secure. And I can only see the amount of capabilities that companies and products that will have and, and how that will just trickle down to advancements. And so, so exciting to hear that little soundbite right there because I, I really think if we take anything away from, from this episode, it's the ability to, to build anywhere and run things anywhere, which is fantastic.
I know we're coming up closer time, which is I hate this part, but I always love to ask this question selfishly, but also for my audience as well. What books or people have influenced you throughout your journey?
Ayal: Yeah. So I'd say the, the two that I think are worth mentioning is, or I guess three. One is the, the book that I mentioned play Bigger.
Mm-hmm. , I think there's a phenomenal book about category creation that I think sort of everybody, everybody, you know, should read. Yeah. Another one is Peter Teal's Zero to One. That, that was a, just a phenomenal, phenomenal book to think about. Yeah. You know, Starting companies, and I know I'm not original saying that.
And the last one I really liked Ben Horowitz's book. Hard hard Think about hard Things. I think this is a phenomenal, phenomenal book. And one, I, I love sort of Ben's story about his company and kinda what he, he went through. I think this is just a super interesting story. But then the second half of the book is just like, basically sort of a playbook for, you know, starting and, and running companies, which I thought was.
Extremely, extremely insightful.
Julian: Yeah. Yeah. No, thank you so much for those. I love those little pieces of research, not only for the ability to have some insights, but I feel like a lot of those, you can get some, some things that are actionable whether it's, whether it's a quote or something inspirational or actually tangible to, to, you know, strategize with, and, and use in your company.
So I always love to ask that question. Final question here is, is there anything I asked you or is there anything I didn't ask you that I.
Ayal: No, I think this was a, this was a great conversation. I again, thanks for, you know, inviting me to be on and kind of sharing, you know, my, my journey and my story and You know, kind of the, the, where I sort of see the, the future, I think the, you know, you talked about quotes, it just reminded me that one of my favorite quotes is, you know, the best way to predict the, the future is to, to create it.
Yeah. So I, I think this is what a lot of entrepreneurs are doing and yeah, thanks for me to be on.
Julian: Yeah, no, it was, it was a pleasure learning not only about your experience, you know, with successful companies, but how you kind of envision the product development and, and what your your motivation is behind what you're building.
I think that's, and also category creation, cuz you know, I think I have a lot of founders on here that are working within a space that's already built, but category creation is so fascinating because it, it really. I'm sure you're overwhelmed by the ways you can go in the direction. But it, it takes a little different level of insight and creativity to be able to have something new adopted to, you know, a space.
And I, I really love the point about about it being so easy to kind of build into whatever any company's building like ac, tps. All these different you know all, all these different things that firmware or firewalls, well all these things that we, I guess now take for granted, but are so necessary for us to feel secure and safe or, or build the way we want to.
So, you know, thank you so much for being on the show. I hope you enjoyed yourself. Last little bit is where can we find you? Where can the support and security give us your LinkedIns, your Twitters? Where can we be a part of the.
Ayal: Yeah, so obviously we're on LinkedIn, Twitter, you know, we can search, you know, Anjuna security our website is on anjuna.io
so feel free to, you know, we have a form there. Feel free to email me ayalanjuna.io yeah, happy to happy to help in any way I can.
Julian: Fantastic. Well y'all, thank you so much for being on the show. I hope you enjoyed yourself and, and I'm, I can't wait to share this with my audience, but thank you for taking the time to be on Behind Company Lines
Ayal: yeah, thanks for having me.
Julian: Of course.