WEBVTT 1 00:00:00.450 --> 00:00:03.090 Tom Field: Hi there. I'm Tom Field, senior vice president of 2 00:00:03.090 --> 00:00:05.910 editorial with Information Security Media Group. Topic of 3 00:00:05.910 --> 00:00:08.970 conversation is cloud native applications protection 4 00:00:08.970 --> 00:00:12.330 platforms. I am delighted to welcome to the studio, Ami 5 00:00:12.330 --> 00:00:15.300 Luttwak. He is the co-founder and chief technology officer 6 00:00:15.330 --> 00:00:18.450 with Wiz. Ami, thank you so much for joining me here in the 7 00:00:18.450 --> 00:00:18.900 studio. 8 00:00:18.930 --> 00:00:20.070 Ami Luttwak: Yeah, great to be here. 9 00:00:20.370 --> 00:00:22.290 Tom Field: So I want to start with this particularly big 10 00:00:22.290 --> 00:00:25.920 topic. It's a hot new category, cloud native application 11 00:00:25.920 --> 00:00:28.740 protection platforms. A couple questions. One, what's the 12 00:00:28.740 --> 00:00:30.150 problem that we're solving here? 13 00:00:30.000 --> 00:00:33.810 Ami Luttwak: I think it's all about the provenance. And so it 14 00:00:33.810 --> 00:00:36.960 starts from cloud. Cloud is, you know, everyone, is moving to 15 00:00:36.960 --> 00:00:41.460 cloud. It's the biggest thing ever. And part of that is that 16 00:00:41.460 --> 00:00:44.790 it's also the biggest transformation for security. 17 00:00:45.060 --> 00:00:48.930 Since we started doing security for organizations, it's a huge 18 00:00:48.930 --> 00:00:53.490 change. And CNAPP, the acronym, that you just mentioned, is 19 00:00:53.490 --> 00:00:57.120 basically this new approach, new operating model on how to do 20 00:00:57.120 --> 00:00:57.990 security for cloud. 21 00:00:58.470 --> 00:01:01.110 Tom Field: Now, you talk about the migration that's been 22 00:01:01.110 --> 00:01:04.380 unprecedented, overused word, but accurate over the past three 23 00:01:04.380 --> 00:01:08.370 years. How have adversaries taken advantage of organizations 24 00:01:08.370 --> 00:01:10.530 that have been doing this without adequate protection? 25 00:01:10.930 --> 00:01:13.600 Ami Luttwak: So adversaries are also using the power of cloud 26 00:01:13.750 --> 00:01:16.870 and power of automations. It means that if you make a mistake 27 00:01:16.870 --> 00:01:20.770 in the cloud, let's say you accidentally expose one of your 28 00:01:20.980 --> 00:01:25.060 access keys or maybe expose the database, within hours, 29 00:01:25.690 --> 00:01:29.440 attackers can find it, get the data, and you'll have your data 30 00:01:29.440 --> 00:01:33.490 on Twitter. Right? So the risks are that they also leverage the 31 00:01:33.490 --> 00:01:35.200 power of cloud, and you need to be ready. 32 00:01:35.760 --> 00:01:39.150 Tom Field: I've heard you say frequently, context is king. 33 00:01:39.240 --> 00:01:40.380 What do you mean by that? 34 00:01:40.840 --> 00:01:43.600 Ami Luttwak: So one of the key things about cloud security is 35 00:01:43.600 --> 00:01:46.960 that it is a team sport. All teams need to work together to 36 00:01:46.960 --> 00:01:50.530 fix the problems and prepare for any kind of risks that we make. 37 00:01:50.950 --> 00:01:55.150 Context is king because when I have context, I can explain to 38 00:01:55.150 --> 00:01:57.880 the other team why it is important. So I might have a lot 39 00:01:57.880 --> 00:02:00.760 of issues in the environment. But the context allows me to 40 00:02:00.760 --> 00:02:03.670 understand from business perspective, from a risk 41 00:02:03.670 --> 00:02:07.240 perspective that, oh, there's an entire attack path here. If we 42 00:02:07.240 --> 00:02:10.990 fix this, right, we can prevent an attacker to get in, get to 43 00:02:10.990 --> 00:02:13.900 our data, and actually exfiltrate it outside. So 44 00:02:13.900 --> 00:02:17.140 context is king because it allows all of the teams to 45 00:02:17.140 --> 00:02:20.020 cooperate and focus on what's really important to fix. 46 00:02:20.070 --> 00:02:22.440 Tom Field: That makes sense. Now, CNAPP is a new category, 47 00:02:22.440 --> 00:02:25.350 but you've had the chance to see it evolve. What difference would 48 00:02:25.350 --> 00:02:27.060 you say that CNAPP is making now? 49 00:02:27.810 --> 00:02:31.860 Ami Luttwak: CNAPP is not just a technology. CNAPP is a whole new 50 00:02:31.860 --> 00:02:36.210 approach of how to do security in this highly dynamic, 51 00:02:36.360 --> 00:02:40.050 complicated, agile world of cloud. And this is a highly 52 00:02:40.080 --> 00:02:43.890 complex problem. It's not just because of cloud moving fast. 53 00:02:43.890 --> 00:02:46.350 It's also because of change of responsibility, right? 54 00:02:46.440 --> 00:02:49.590 Developers are building the cloud. Security team, many 55 00:02:49.590 --> 00:02:53.580 times, is left behind. The difference CNAPP is making is to 56 00:02:53.580 --> 00:02:57.960 help companies and help security teams effectively use cloud. But 57 00:02:57.960 --> 00:03:01.020 without impacting their security and risk profile. 58 00:03:01.480 --> 00:03:03.370 Tom Field: You've had a chance to work with organizations on 59 00:03:03.370 --> 00:03:07.060 their CNAPP journeys, their experiences. What lessons learn, 60 00:03:07.060 --> 00:03:09.910 would you say you have gained from their experiences? 61 00:03:10.290 --> 00:03:13.830 Ami Luttwak: So I think in many senses, that's what we need to 62 00:03:13.830 --> 00:03:16.680 understand. It's not just about a feature or a technology that 63 00:03:16.680 --> 00:03:19.740 you implement inside your company. If you use cloud and 64 00:03:19.740 --> 00:03:22.410 you want to be secure, it's not enough to deploy a CNAPP 65 00:03:22.410 --> 00:03:26.430 platform. It really is also about culture. It starts from 66 00:03:26.430 --> 00:03:29.940 the top and goes to the bottom, the management is to say 67 00:03:29.940 --> 00:03:33.150 security is important. Engineers need to understand we are 68 00:03:33.150 --> 00:03:36.240 responsible, also in this journey to make sure what we 69 00:03:36.240 --> 00:03:40.080 build is insecure. And what is key and that's what I see in 70 00:03:40.080 --> 00:03:43.380 organizations that actually make a difference is not just 71 00:03:43.380 --> 00:03:47.310 deploying the CNAPP platform, but also understanding across 72 00:03:47.310 --> 00:03:49.680 the organization, from management to the different 73 00:03:49.680 --> 00:03:53.460 business units, that we are all working on this together to make 74 00:03:53.460 --> 00:03:57.570 sure that environment is secure. I'm not going to say "Oh, that's 75 00:03:57.570 --> 00:03:59.760 the security team's responsibility." I don't care 76 00:03:59.760 --> 00:04:02.520 about that. No, the only way it can work is that if you deploy 77 00:04:02.520 --> 00:04:05.160 the right platform. It gives visibility, gives the context 78 00:04:05.160 --> 00:04:08.370 for everyone. But also all teams actually work together and 79 00:04:08.370 --> 00:04:12.240 cooperate. Developers taking responsibility, security helping 80 00:04:12.240 --> 00:04:15.540 them to decide what to do. When everything works together, it's 81 00:04:15.540 --> 00:04:16.020 music. 82 00:04:16.320 --> 00:04:19.140 Tom Field: So I introduced you as a co-founder of Wiz. Talk 83 00:04:19.140 --> 00:04:22.020 about the organization, the company, and how you're helping 84 00:04:22.020 --> 00:04:23.250 your customers today. 85 00:04:23.790 --> 00:04:27.030 Ami Luttwak: So, you know, Wiz is the fastest growing 86 00:04:27.090 --> 00:04:30.780 cybersecurity company in history. One of the key reasons 87 00:04:30.780 --> 00:04:31.020 for that ... 88 00:04:31.020 --> 00:04:31.620 Tom Field: It is a big statement. 89 00:04:31.660 --> 00:04:36.130 Ami Luttwak: It is, I agree, it's quite an unbelievable 90 00:04:36.130 --> 00:04:39.550 journey that we've been doing with our customers. And we've 91 00:04:39.550 --> 00:04:42.730 been working with the largest cloud environments in the world. 92 00:04:43.120 --> 00:04:46.660 And I think one of the key things that we understand, and 93 00:04:47.260 --> 00:04:50.680 also what helps our customers embrace cloud is that really 94 00:04:50.710 --> 00:04:54.220 cloud is different, right? It requires a completely new 95 00:04:54.220 --> 00:04:58.150 approach to cloud security. And what Wiz focuses on is really 96 00:04:58.150 --> 00:05:01.750 building this shared platform that all of the teams in the 97 00:05:01.750 --> 00:05:06.880 organization can use. So engineers, DevOps, security, 98 00:05:07.000 --> 00:05:11.320 compliance risk, all of them have a single place. That gives 99 00:05:11.320 --> 00:05:17.110 them amazing visibility. Very, very accurate context. And 100 00:05:17.110 --> 00:05:20.440 exactly what they need to do in order to effectively reduce risk 101 00:05:20.590 --> 00:05:24.160 and detect attackers in their environment. This platform is a 102 00:05:24.160 --> 00:05:26.800 game changer for teams that actually embed it, because it 103 00:05:26.800 --> 00:05:30.670 allows them to actually change the way they operate on 104 00:05:30.670 --> 00:05:34.120 security. And I think, for me in ways, what I'm proud of, is this 105 00:05:34.120 --> 00:05:37.810 new approach that we enable companies to do, it's not just 106 00:05:37.810 --> 00:05:41.050 the technology. It is the journey to modernize your 107 00:05:41.050 --> 00:05:42.250 security in the cloud. 108 00:05:42.570 --> 00:05:44.370 Tom Field: This is a crowded marketplace. We're talking about 109 00:05:44.370 --> 00:05:47.280 cloud migration. Vendor communities are migrating to the 110 00:05:47.280 --> 00:05:50.010 cloud as well. What distinguishes you? What 111 00:05:50.010 --> 00:05:53.100 distinguishes Wiz in this extremely crowded marketplace? 112 00:05:53.130 --> 00:05:57.420 Ami Luttwak: So Wiz excels in providing amazing visibility, 113 00:05:58.200 --> 00:06:01.950 unmatched context, but more than that, also a great user 114 00:06:01.950 --> 00:06:05.760 experience for all of the teams they use with not just the 115 00:06:05.760 --> 00:06:10.110 security, also the developers, also the DevOps, the ability for 116 00:06:10.110 --> 00:06:13.140 everyone to immediately understand. Immediately means 117 00:06:13.140 --> 00:06:16.680 that it's seamlessly deployed but immediately also means that 118 00:06:16.710 --> 00:06:19.920 you immediately see what you have to fix. Why? Because you 119 00:06:19.920 --> 00:06:23.430 have the context, right? It's a platform that is easy to deploy. 120 00:06:23.640 --> 00:06:27.360 But also easy to understand. This ease of use is so 121 00:06:27.360 --> 00:06:31.350 important, because a complex system means that developers 122 00:06:31.350 --> 00:06:34.470 wouldn't have even the time to look at it. Ease of use and 123 00:06:34.470 --> 00:06:39.960 clear focus on what needs to be done is what sets Wiz apart from 124 00:06:39.990 --> 00:06:41.940 all of the legacy approaches to security. 125 00:06:41.970 --> 00:06:44.190 Tom Field: Very well said. Ami, thank you so much. Appreciate 126 00:06:44.190 --> 00:06:44.730 your time today. 127 00:06:44.850 --> 00:06:45.720 Ami Luttwak: Thank you for having me. 128 00:06:45.900 --> 00:06:48.390 Tom Field: Again, we just heard from Ami Luttwak with Wiz. For 129 00:06:48.390 --> 00:06:51.150 Information Security Media Group, I'm Tom Field. Thank you 130 00:06:51.240 --> 00:06:52.770 for giving us your time and attention today.