Startup ProjectBuild the future
Subscribe
← All transcripts
Podcast Transcript

Transcript: Securing The World's IoT Devices with Asimily

In this episode of The Startup Project, Nataraj Sindam interviews Shankar Somasundaram, Founder & CEO of Asimily. They discuss the unique challenges of securing IoT devices in critical infrastructure like healthcare and smart cities. Shankar shares insights on combating ransomware, navigating regulations like HIPAA, and the journey of building a cybersecurity startup from the ground up, from landing the first customer to differentiating in a crowded market through deep innovation.

2024-07-01

Host: Hey Shankar, welcome to Startup Project.

Guest: Thanks for having me here.

Host: So, I mean, on the podcast, we like to feature interesting companies that are you know, solving problems, that are solving big problems, and in different in in interesting sectors.

And you're obviously, I think, in two intersecting sectors, one is security, and one is sort of Internet of Things. Um and I think it would be a great useful session for our audience to talk to talk about what problems you're solving.

And I think it will make for a great conversation. So, thanks for coming on the show. Uh just to level set for the audience, uh can you give a little bit of introduction about yourself and your career till now?

Guest: Yeah. Thanks Natraj again for having me here. So, I'm Shankar. I started Assembly a few years ago. Um and just as a context, Assembly is focused on helping provide visibility and security for medical IOT and OT devices.

So, we work across verticals like Healthcare, Smart Cities, universities, manufacturing, and so on, healthcare being a prime vertical where we started the company from, right? And then, we have expanded to other verticals.

Prior to Samaan prior to Assembly, I used to run the IOT business at Semantic, where I worked for a few years. That's where I got exposed to IOT. That's how the journey started.

And what is interesting is before I even started the business, I actually did a full strategy project for Semantic. I was in the corporate and Visdev where IOT was the focus for Semantic on what should that focus?

How should Semantic expand into the IOT vertical and what it should do? So, my journey in IOT has been going on, I don't know, for 13-14 years now.

First, yeah, as like just a strategy project and then that went into a couple other things and that started with the business that Semantic started and asked me to run, that grew and then I reached a point where I wanted to start assembly, and so on.

And then prior to that, I have a product and engineering background. I built the iPhone 3G modem many years ago, then I built some of the early chip sets in Qualcomm, some of the algorithms around that.

So, I've been mostly on the product and engineering side, and that's how my journey started.

Um so, you know, I like this space where I am in, because there's a lot of innovation possible, which is what something we have driven, and so it aligns with some of my previous experiences.

In fact, very well aligned with everything I have done so far to lead me here.

Host: Uh so, to just go back a little bit. Um you know, what was the idea when you were first thinking about starting assembly, and like what was that forcing factor and what was that opportunity, that big problem that you saw that you were trying to solve?

Guest: Yeah. So, when I was in Semantic, I saw the Healthcare so the opportunity the idea initially was focused on healthcare um and so that's where we did a lot of work for many years.

And the big problem then was, you know, when you look at Healthcare, it's a very complex environment.

Healthcare is a very heterogeneous complex environment, and I call Healthcare a system of systems, because it's not just, you know, what's happening inside the organization, it's the suppliers, it's the vendors and it it is the one environment that singularly contains all kinds of devices.

Medical devices, IOT devices, OT devices. I don't think of any other environment which has everything. And so, in that kind of environment, how do you really provide visibility? How do you provide vulnerability management?

How do you provide detection? How do you provide like all kinds of operational metrics and in an environment which is very constrained, which is very very uh fairly regulated, and where there are severe patient impacts if you get it wrong.

It is the most challenging environment I know among all verticals, and I saw the space and I said, you know, this is a big area.

But when I saw a couple of players in the space, I thought, okay, they're taking a very IT approach to the problem, but there is has to be a completely different approach, bottoms up to solve for these di for these unique devices, medical IOT OT devices in the Healthcare environment.

And I said, okay, we'll go solve this problem in Healthcare. We'll we'll do it well, we can do it as, you know, better than anybody else, and that's how the company began.

And Semantic wasn't as interested then in going after this problem, and I said, okay, if they're not gonna do it, I'll do it. Uh and that's how Assembly was born. So, today, like uh what does Assembly?

Um you know, how does ha Assembly help its uh customers? Like is a product like uh primarily security based? And one of the problems in Healthcare is, it's such a interesting space in terms of software, right?

So, how how do you connect the hardware monitoring to the existing software that is being used in Healthcare?

Guest: Yeah, so our system, uh whether it's Healthcare or like we have some work done some work with cities now and then we are working with universities, wherever it is, um manufacturing as well, it's the principle is the same of our system, but we have these and Healthcare of course, we have done a ton of work whether it's in US, international, so on, where what we do is, we put our hardware in we have a hardware appliance that we put inside the environment, that connects to the network.

It collects data and then using that data and then it extracts data, and then we extract the device related data.

So, we can't remember in Healthcare because of HIPPA regulations or GDPR or any other regulation, you cannot transmit patient information outside. There's a lot of restrictions around that.

So, we transmit uh device related information to up cloud or we also have an on-premise version we can do, and there the data gets processed. And it's not just cybersecurity, we do provide visibility, we do provide operational metrics.

Uh we are adding some new capabilities which go beyond cybersecurity as well, which is coming in the next couple of months, which is much deeper. And in the data we collect, we then integrate with other systems.

So, that's how we operate with the rest of the environment.

So, we have APIs with a lot of systems, whether it is uh you know, they are configuration management systems, their CMDBs, they are uh you know, asset management systems, or their vulnerability scanners, whatever it might be.

SIMs, Nats, firewalls, you name it, it's all there.

Um and so our system does a ton of work by itself, but we interoperate with other systems in the environment, and so it becomes an integrated view for the for the health system or for the city or for the manufacturing plant, whatever it might be, it becomes an integrated view.

Um and we provide a high level of granularity of data and visibility, and a very deep capability around vulnerability management and incident response, which then uh improves their overall posture whether it's visibility or security as well, and improves the other systems as well, because those other systems don't have the context of these kind of devices.

So, it enriches the overall environment beyond just what we provide to the customer.

Host: So, um you as Assembly you mentioned you have a hardware product which collects you know, data from rest of the devices. Uh how are you interacting with the rest of the is because you're interacting with the firmware on the other hardware, or are you uh?

Guest: Yeah. So, just to be clear, we are not necessarily. We are a software company. The hardware we buy is just a commodity. So, we can put our work our collector as a virtual machine in their in their environment as well.

But this is uh purely network data that we are collecting.

We have other mechanisms, we have the ability to collect manufacturer documents and so on, in the back end we have some other non uh network mechanisms, but the one that I'm talking about is really what we call passive, where the data is fed from the network side into our box.

And so, we don't have to interact with the hardware because we are not necessarily uh interrogating these devices, because at least for medical devices, you cannot interrogate them, it's very risky.

For certain kinds of IOT devices, you can interrogate them. And then, for certain kinds of OT devices, you can interrogate them as well.

Um because for OT devices there are ways to do it, but you mostly are not interrogating, you're getting the data from these devices on the network, and then based on the data that's fed from the network, you are acting on them.

So, you're not necessarily interacting with the firmware or on the hardware.

Host: I mean, Healthcare I feel like is notorious uh for security attacks, or you know, in general like are prone for hacking, and you sort of hear pretty often that you know, some Healthcare organization has been hacked and um you know, someone you know, is you know, asking ransom for all the data to be unlocked.

Like uh so, do you see that as a common pattern and that's what you're helping solve in a way, or these uh or I'm in a different way to ask the same thing is what types of uh issues are you solving the customer?

Guest: Yeah, so look I think cybersecurity is a multifaceted problem, right? There's no one silver bullet, but everything adds a facet.

So, our focus is on this IOMT, IOT, OT devices in the environment, which if we are not implementing, then it's left open. And ransomware attacks have become a lot more common because health data is so much more costly than credit card data.

Uh I think it's a 100x or 1,000x more than a credit card data and cost. So, because of that, this is here to stay.

Ransomware attacks in healthcare will happen, and so helping making sure that you secure all these other devices is one big step towards preventing and protecting yourself from ransomware attacks. That's point number one, right?

So, we are one piece in the puzzle, one big piece in the puzzle, where if you're a hospital and you're saying, how do I secure ransomware attacks? Okay, you know, I have my firewall for my IT systems, I have my DLP, I have my email gateway.

But what about my medical IOT OT devices, because two pro problems. One is what if they're connecting externally, how do I protect against that? Second, even if they're connecting internally, how do I protect them against my internal threats?

Because you have to assume that some threats will pass your perimeter and get inside your network. And when they get inside the network, how do you protect the devices? First, you know what the devices are? Do you know where the attacks can come from?

We do a ton of work around attack analysis, where the attacks can come from. Do you know what what are the ways in which the vulnerability IOT, medical IOT OT devices will be taken advantage of.

Do you know like what kind of lateral movement could happen in the network? Or do you know when it is happening in the network? Are you going to be able to collect data for forensic analysis?

All of this is something we help solve for these kind of devices. And this in turn really helps you protect against ransomware attacks because there's a big percentage of the network.

Remember, you're a hospital, medical IOT are the core, bread and butter of your operation. And so, protecting the core heart of the system is what we are doing, same with the city.

I mean, if your traffic processing is non all failing then what use is the city? Like you can't be sitting at a traffic light and saying, nothing is working. Imagine no traffic light in the city is working, how much chaos would that create.

So, protecting the core of the system of the organization is something we are doing, and that's how we are protecting the organization from ransomware attacks. That doesn't preclude the need for an email gateway or a firewall.

Those are still required on the IT side, but we are the big piece on the medical IOT OT side protecting against that piece from ransomware.

Host: Yeah, and so security is not just you know, cannot be solved with just one tool or one Yeah. approach right? You have you sort of have to protect yourself 360 degrees. Um so you brought up smart cities.

I feel like we've heard this phase of smart cities and we've passed the hype cycle. Yeah. Um from your observation, what does it mean today as a uh you know, to be a smart city? And like and where does Assembly fit in that picture?

Guest: Yeah, so I'll rephrase the word smart cities, because the word smart cities has been used so many times in the last 20 years. Every city will be so smart. You'll walk around, the traffic signals will just uh operate.

Like the parking lots will just may magically tell you where it is. All kinds of things have been thrown around. I think the concept of smart cities is much more simpler than that.

I think what is happening is more devices are getting connected, it's as simple as that. And you can call that city smart city, but for example, wastewater plants come under the purview of a city.

Now, wastewater plants are fairly connect many of these devices are connected. What if your wastewater plant gets attacked or goes down? Like imagine your sewage water is not flowing anymore.

How would that feel if you woke up in the morning and that doesn't work, right? That will be a nightmare for houses. Uh you walk, you go to the city, all these traffic signals, they are connected.

They are connected to a central thing, the central controller. They are able to remotely fix them, debug them. What if some of them fail or some of them get attacked.

So, the concept of smart city that I am talking about is not the futuristic one that has been uh touted off for the last 20 years on how the world will change. It will change, but not the way the people have been saying, but it's much more simpler.

All these devices, whether it's traffic lights, whether it's the sensors, you know, there are sensors in all across the city, whether it's the wastewater plant. All of them are connected.

And how do you really understand what is there in the environment? How do you protect them? Similar problems, protection, visibility, operational metrics. How do you get all of that information? That's what we are talking about here, right?

And that is already happening. And I think the difference between then and now is there is a lot more focus on critical infrastructure today. Maybe one reason is connectivity has risen.

If you go back 10 or when I started this strategy project as semantic, there was very limited connectivity in many verticals. So, you know, if you have only 5% connectivity, it doesn't really matter. Yes, it matters, but how much?

How much is it in the list of priority? But when you reach a third threshold 25, 30, 35, 40%, it starts to get important, because now a significant percentage of your devices are talking on the network, and you got to provide visibility.

So, I think that's the difference that has happened. The futuristic vision of smart cities I I don't say how long that will take. But the present reality is there are devices getting connected. They have been connected. Connectivity has risen.

There are benefits to connectivity and with that comes all of this requirements, visibility, cybersecurity management. That's what we are solving.

Host: You know, you mentioned I mean, uh you know, catering to clients in or customers in Healthcare and then you talked about smart city. Both are you know, more I would say regulation centric or more focused on regulating.

Um and when you mentioned HIPPA I almost got PTSD from my last job where I worked at Epic and we had to deal with HIPPA and I know how complicated that could be.

Uh so what what was your experience like dealing with two sectors which are, you know, highly regulated in a way?

Guest: Yeah, so the good news is, and we are working with other sectors is regulated, manufacturing, you know, there are some regulations there. University is not regulated, but you know, is fine.

But my our thing is, we touch the um we touch the data, the device data, and so there's not much around that. Like the regulations focus on patient data for example.

The regulations focus on uh you know, certain kinds of like PII data in smart cities for example, the regulations focus on certain kinds of confidential information in manufacturing.

And so, we are not touching that, we are really touching device data, one. So, it's simpler, and the architecture we have built where we are not sending all the data to the cloud.

We are only sending certain kinds of device data to the cloud, helps that. And then when there is a very critical kind of environment where you know, certa some customers will never ever say it, allow you to transmit anything to the cloud.

Maybe they will, I won't say never ever, there's always a possibility, but they will not allow you to transmit uh any meaningful data at least today to the cloud.

So, we also have the on-premise version where we could do everything on prem so that they don't have to do anything on the cloud.

So, because of these architectural capabilities, because of the way we actually work uh with the system, and because regulations focus more on the PHI, PII, PCI data, it doesn't directly impact us in that.

So, we have been able to with our architecture, with what we are solving, not be really impacted.

But I would say because these are more regulated environments, you know, there is a far more scrutiny on the technology, on the product, and you have to have an enterprise great product, which is something we have built.

So, that's how we have managed to as well. Like there has to be certain levels of quality, certain levels of assurance that you have to provide in these verticals, which is something we have been able to do.

Host: You mentioned that, you know, you you first started uh with Assembly because you were writing the strategy paper. Um so, when you decided that, okay, I'm going to start this myself, and I see this big opportunity, what were those initial days? How did you bring together the team uh, the founding team that can go and actually work on this? Like what was your process then?

Guest: Yeah, it was pretty challenging. You know, when you leave a large company where you're running the business, and then all of a sudden you're all by yourself, and there's nobody around you, it's a little challenging.

But uh, you know, the initial steps of course is I was lucky um that, you know, I had some core built some core advisors. Uh, I had some relationships who could end up becoming.

For example, I I I say that, you know, one of the ex SEOs of Semantic Mike Brown, I call him, like he's an advisor to the company, he's also an investor. I say, you are our first co-founder.

Through Mike, my co-founder, he didn't he's not a co-founder in the perse, but he was one of the first ones who say, you know, spoke to me about it and saying, it's a good idea, you should go do it, even gave me a check. So, I call him my co-founder.

One of our investors Ashmith, he became my first check. Uh he took a bet I didn't have anything. It was me and some slides and he took a bet on me. Um you know, purely at that point, what else? No product.

So, Ashmith uh you run engineering capital, he became like uh I would almost call Mike and Ashmith, Mike Brown and Ashmith Susanna co-founders.

So, I think I got a I got the backing of people either through my previous relationships who believed in me or you know, fortunately, one of the good things that has happened is we ran into Ashmith, and so we have been able to um we got a little bit of, I would say, good fortune at the beginning, and then I was able to reach out into my network.

I brought in um you know, Hitesh uh whom I had uh Hitesh Noma, one of our first guys to join who uh I had studied with at Rutgers and he's been with us ever since, he's still there.

And then we brought in uh some other people between me and Hitesh, uh some other people, and so and then we managed to, you know, expand the network from theirs.

So, you know, since then we have built a very strong leadership team uh who have come mostly a lot from Semantic and then from other areas.

Um so, initially it's a struggle but I was fortunate to have some advisors, some people I fortunately ran into um and then using my network as well.

Host: Um I'm curious, how did you uh get your first customer? Because when you work in big companies, what happens is there's always a whole big sales system, you know, that's working for you in a way. Right. your job like as a product builder ends at you know, maybe supplying all the information to marketing and sales so that they can pitch customers. Uh how did you get your first customer?

Guest: Yeah, it's a good question. I'm trying to remember how we got them. I think uh because I had some uh because I had been in the industry, because I had been doing IOT, I basically knew a few people, uh that helped.

Uh I was able to reach out to some partners and uh you know, some people in the industry, which is how I connected the when I because between Semantic and Assembly, there was a break, because I wanted to take a clean break before I go start something.

And so, there was a few months and then I started Assembly, but then I had built these relationships, I could reach out and get feedback.

And when I got feedback from some of these people, they said, you know, it's a good good idea, why don't you come back to us when you have a product, when you have something that you can show us.

And so, it took us uh a little bit of time to get there, but once we had it, I could go back to some of these people and show them, it was not easy at the beginning, because, you know, Healthcare has a very high bar all our initial discussions are in healthcare, there's a very high bar.

They don't a lot of healthcare doesn't just buy, you know, it's not like general enterprise, they don't buy half half big products, they want a more sophisticated product even in the first round.

So, it was a little more challenging, it took us a couple of iterations to get there, but uh you know, the product has had and still has some very core differentiators in it which is unique and differentiated from the rest of the market.

And so, that allowed us to get some of those initial customers um and then we were able to improve the quality to a point where it was enterprise grade.

And so, obviously, there's always a grind, there are always some details, but uh you know, we were able to through the contacts I had built, through the quality we had built and through the differentiators that uh we we built at the beginning and we have continued to evolve and still persist, we were able to land our initial customer.

Host: How how does the sales process look today? Like when you compare that to like what is your process of like?

Guest: You know, the very first thing was me. It was me, me, and me.

Uh, but now basically, we have uh that was like when I first did the very first customer, but now obviously, we have a full-fledged sales team, we have channel team, we have marketing team, we have solution engineers now, and we have partners.

Now, it's a very different kind of motion. Um you know, we have partners referring us, we are also the number one rated Gartner vendor in the thing that helps. So, people sometimes reach out internally.

Uh we are constantly doing customer feedback and sometimes we have very some very good strong loyal customers, they refer us. So, now our sales process is different. We are largely we are channel first.

So, a lot of our things come through our channel, and we want to be channel first, we want to encourage the channel, but we also obviously have grown. So, at least in Healthcare, a lot of people know us. We we go we get recognized.

In non-healthcare, we we do have a channel ecosystem in place. So, between our sales, channel, uh you know, our existing relationships that we have built and credibility that we have built, that's what's driving uh many of the leads.

So, right now, it's a proper, it's a more formal defined sales momentum, whereas the very first sale was completely ad hoc. Uh it was me through and for the very first sale with some of our engineers, of course.

Host: One more question related to sales. When you're talking to like prospective customers or clients, who are the decision makers usually uh whether it's, you know, either Healthcare or smart cities, like who's the decision maker?

Like for example, like if you're selling cloud, there are two types of decision makers, right?

One is like the CIO who's making a top-down decision, but there are also like developers who who are making a bottom-up decision of just buying a cloud that they want to.

Like in your case, like who's that role that is actually making the decision of buying the system?

Guest: So, it does depend. I think, but I would say 80% of the time it's the CISO.

Um Chief Information Security Officer, um could be or somebody in that uh area, like CISO, CIO, somebody in that area who really um takes care of the IT and the cybersecurity in the uh space.

But beyond that uh you know, it is there is some dependency on the vertical. Healthcare, it could be the chief clinical officer, the biomed. There is a 20% then they in uh in the smart cities, there could be somebody who manages the operations.

Manufacturer, it could be somebody who manages the operations. Um you know, so there is some nuance to every vertical, but I would say if you ask me, what's the common thread across all of them? It's the CISO. Got it, got it.

Host: Um so, when I look at Assembly, like I think of it as a security company, but you know, security is such a broad term, right?

Like it's much more uh you know, nuanced and you can categorize security itself as an industry into different parts.

Uh can you give an idea of like how do you see sort of like who's capturing what value and sort of the layers in this industry and where do you position like Assembly in that?

Guest: Yeah, so I would say, I mean, we are focused more on the device related like I said, IOMP, IOT OT. So, security has different layers. There are some which is like data security and then network security and uh email security.

So, we are focused on the on the non IT side. So, in the non IT side, I mean, it's a different kind of um so, one I will separate out uh make two kinds of like dimensions.

One is I will separate out the traditional security, like I said, whether it's all kinds, network, endpoint, DLP, email gateway, all of those. Those focus on the IT side.

Now, you can apply them on the OT side, but they are not built for these kind of devices. Now, when you look at the IOT, OT, IOMT devices in these verticals, there is a different kind of value chain there.

There are like the uh part suppliers who effectively make different components where the full device suppliers, uh for example, somebody who provides the traffic light, somebody who provides the ultrasound, somebody who provides like a Scada controller.

Those are those suppliers. There are the system integrators because these devices are all different. You you buy one device from one manufacturer, you buy the server from completely different and you buy the router from a third.

So, somebody has to put the entire network together. So, there are system integrators.

There are people who manage them maintain, because unlike the world of IT, there's so much heterogeneity, who's going to maintain and these devices run for 10 to 15 years. So, there is an entire maintenance layer that sits on top of it.

And then, there is the IT infrastructure, networking, uh cybersecurity, all of those are overlays on top of it, on top of this layer, right? So, we effectively are coming in after these systems have been connected, right? From that perspective.

And so, we fall in that uh you know, IT, networking cybersecurity, even maintenance because there are some metrics we provide that actually will help with maintenance. So, that is where we fit in in the entire place.

And so, a lot of what is being done in these industries is manual, uh where they're manually collecting this data, manually going and figuring out what to do.

And our value proposition fundamentally is to automate a lot of which is done, bring them to a similar state uh of capability as what you have today on the IT side. And that's where we uh at Assembly see ourselves in the value picture.

So, some of our partners do provide maintenance, for example, for hospitals and they leverage us to kind of um to kind of provide some level of automation and add some extra services that they probably haven't done today.

And in some other cases, we add an overlay on the IT and networking.

Because if you have set up the infrastructure and the infrastructure is not working, one of our capabilities is is to figure out where there are bottlenecks in the network infrastructure on these medical IOT side, IOT and IOMT side.

So, there is we are the overlay on top of the network, but before that, there is the component manufacturer, the hardware, the system integrator, and then comes where Assembly sits in the value chain.

Host: Uh I mean you you mentioned you know, being number one in um in Gartner. And obviously, Gartner does a lot of competitor analysis and you know, makes its own decision, but uh how how do you think about you know, competition and sort of try to differentiate Assembly from the rest of the companies that are trying to do sort of similar stuff?

Guest: Yeah, it's a good question. So, you know, uh there are players in the space. Uh there are two parts to it.

One, I I feel like the space itself, like while people saying, you know, everybody's doing asset and anomaly, I feel first of all, there's a lot more innovation to be done in this space.

We are launching two completely net new modules now which are going to be around, you know, configuration control and something else which I'll talk about in uh which is pretty much about to get released and something else which coming in, which will be the first of its kind in the industry.

So, I feel like where the industry is is I would say 50-60% of where it needs to be there, and what eventually needs to happen is a much broader, wider set of capabilities and what exists and I actually see, you know, when I started Assembly, all people wanted was visibility give me visibility, visibility.

Visibility is still a big problem, but now people are asking for more.

Like people are asking for like we built some very core capabilities on vulnerability management which I'll talk about which is a differentiator, but people now, like the last few years they have started to recognize that, appreciate that.

And so, it's like a Maslow's hierarchy. They are actually asking for more and more with every passing year. So, and they want to manage all the devices, because you can't use IT devices. They want to have similar parity.

So, there's a lot of capabilities to be built.

So, there's one level of differentiation which is innovation and I think this is the kind of space like AI where the the winners will be decided not in the two three year time frame, in a 10 year time frame, 12 year time frame, because the innovations will play out over time and as customers evolve, they will end up picking platforms that are more capable, more mature, and provide a and solve the problem holistically rather than piecemeal.

The other piece is where we are. So, one is breadth of capabilities which we are continuing to build in an innovative way. The other place is really depth.

So, for example, whether it is inventory, passive is one thing, but we have done a ton of work around active where the devices can take active IOT OT, vulnerability management.

We have some core differentiators around how do you find out you have a vulnerability? Yes, everything is vulnerable in the space of IOMT IOT OT, but which ones can be taken advantage of by the attacker for that device in that environment?

So, it's very contextual to the environment you are in and then how do you mitigate it if there's no patch? If all you're going to do is micro segment every device, it could take you 10 years to do that.

But how do you do it in a fast efficient manner that is not going to consume all your resources and not get you anywhere.

And while we avoid allow micro segmentation and so on, there are some unique things we do around mitigation and remediations which is very unique to our platform which we are continuing to build.

And there are some things we do around incident response, because how do you collect data? How do you analyze the incident? Everybody can tell you there's an anomaly, but what do you do next?

How do you go back and play out what happened before the attack happened. So, there are some things we have developed which are depth of capabilities which is unique, differentiated, which is how we win uh a lot.

But depth of capabilities, and I think continuous innovation in this industry is what's going to determine the winner, and so we are continuously keeping our eye on the ball.

We realize the product game is still only halfway there, and the winners will be decided in the next five to seven years as the industry continues to mature, as more capabilities are being asked by customers.

Host: I mean, uh what one of the things that you sort of imply is that you know, security itself as a category or even like just IOT or the device place is such a huge space.

Like if you have to look at some white spaces and say, hey, this is a white space that no one is you know, trying to attack or any founder who's interested in security and trying to start a new company, like is there any white space that that exists that is out there uh that you would suggest they look into?

Guest: You know, it's hard for me to say, because uh you know, I'm so focused on this, but then if there was a white space I go to RSA and there are already 10 companies attacking.

So, you know, like for a few minutes ago you would have said, you know, Gene AI is there, people are adopting it, what if Gene AI starts to misbehave. Now, I see five companies are doing Gene AI security and compliance.

So, you know, I probably probably this question is probably better suited to a VC uh who who probably is looking at all spaces and saying, there is a gap here, there is a gap there.

But I do think, you know, because uh you know, there is so much new products and technologies that are already coming in, new adoptions coming in, and these technologies continue to interact.

For example, we ourselves are continuing to innovate in this space with new offerings which by standalone could have become a small startup by itself, but we are launching it as new modules, because we think there's a lot of evolution happening in terms of connectivity, in terms of thing.

And so, in our space, in this IOT IOMT OT, we think there are a lot of areas that need evolution and we will continue to innovate.

Sorry, I don't want to list out all the roadmap items, but there's a lot of evolution happening, but beyond this space, I think there is a lot of things happening in AI. I think that opens up a ton of opportunity in security.

Gene AI security is just one aspect of it. There's an entire suite around data loss prevention around that. What if that starts leaking data? There's an entire suite of like uh sandboxing around that.

How do you make sure it only does what's expected to do? So, I think that will open up a ton of opportunity for sure, and I think the companies that I saw at least recently uh they are still scratching the surface.

So, there's going to be a ton of opportunity around security there. And then, there'll be something new that will come next year, and that will open up a Pandora box. So, you know, I I so that's my view.

I'm not obviously giving a perfect answer, but there's so much ambiguity here. So, I can't be certain. Yeah.

Host: I mean one follow-up to that is um you know, everyone is talking about Gene AI, and you know, there are a lot more sort of new tools that came up. I'm curious like not just as a business of using AI, but are you uh using Gene

Share:PostLinkedIn
← Back to all transcriptsListen to the episode →