Innovating Fast To Meet Changing Customer Needs w/ Josh Bregman

ABOUT THIS EPISODE

Prior to 2020, Josh Bregman, Chief Operating Officer at Cyglass, and his team spent a large amount of time building out a SaaS multi-tenant architecture with containers, Kubernetes, and DevOps practices.

When COVID hit, that investment paid off in a big way because it allowed them to innovate quickly as the needs of their customers changed.

In this episode, we talk about:

  • How CyGlass has adapted quickly to changing customer needs
  • How DevOps and Kubernetes enables speed and agility
  • Advice for software leaders looking to innovate faster

Want to hear more stories from high growth software companies? Subscribe to Application Modernization on Apple Podcasts, Spotify, or check out our website.

Listening on a desktop & can’t see the links? Just search for Application Modernization in your favorite podcast player.
 

You are listening to application modernization, a show that spotlights the forward thinking leaders of higro software companies. From scaling applications and accelerating time to market to avoiding expensive license and costs, we discuss how you can innovate with new technology and forward thinking processes and save some cash in the process. Let's get into it. Hello and welcome to application modernization. Today we're talking to Josh Bregman about innovating quickly to meet changing customer needs. Josh Bregman is chief operating officer at side glass, a leading provider of network centric threat detection solutions. Side glass is used by small to medium sized companies to uncover, pinpoint and respond to advanced cyber threats that have evaded traditional security controls. In this episode, will discuss how Covid has impacted the business and learn how side glass has quickly adapted to the changing customer needs. Josh will share how side glass is well architected, containerized environment and develops processes allowed the company to quickly release new features to meet these changing needs and stay competitive. Here we go with our guest, Josh Bregman. Hi Ush, welcome to the PODCAST. How are you today? Good Ross A, thanks so much for having me on. Yeah, really excited to hear about your journey today. Let's start off with a little bit about side gloss. And what do you do? Yeah, sure. So side glass is network defense as a service, which means that we monitor customers networks for anomalies and threats. We do that through set of artificial intelligence and machine learning that we built out over the past decade. We think our...

...secret sauce is that we do all of this processing actually up in the cloud. We're actually deployed globally and six regions of actually eight reasons down of Amazon Web web services. Part of what we've learned, kind of I've been in a side glass for the last four years, is that, you know, getting this traffic from people's networks is actually quite hard. Networks are sort of complicated things. They've been built up over some period of time. In a lot of cases the person who built the network isn't even there anymore, and so just having something which which goes up without any additional hardware or software, which is really our kind of Aha, using a technology called netflow. Right. So netflow is a standard network monitoring protocol. It's invented by CISCO. It's been out there for a long time, but only recently really have people, ourselves include, have been using this for a nomaly detection and so it's sort of challenging data science problem which we can sort of talk about. But you know, really from a customers perspective, this is something that runs on their existing network, sends the traffic securely, confidentially up into our SASS application and then, you know, the machines do the work. We look for weird behavior, suspicious behavior, threatened behavior, and then we alert them or their sock team or their MSSP, and we can even take a remediate of action like disabling the user, closing up our wall, and we wrap all this in a really nice SASS experience, I'd say, headlined by some really it's going to sound nerdy, but it's really great reports. You know, with the one of the things that people forget is a lot of times these businesses run on reports that cybersecurity teams, particularly its small businesses, are trying to show people what they're doing, prove that they're doing a great job, comply with rules and regulations, and so just like building those reports typically, almost historically, has been really painful and so we just know that it's something that really resonates with customers. So the fact that it goes up easy, it's delivers value right away and then you keep them safe and then they can...

...show people that it's a good use of time and money has really resonated for the small medium enterprise customers that we've that we've been targeting. Right. So, working at a company and I receive an email and click on it and it's ransomware. Is is that an example ample of something that you can help people with? Yeah, absolutely right. So all of these things are the sort of what's been happened. ransomware is the thing which has been making the news, but the reality is is that the over the last year, particularly the time of Covid, we just see a huge spike in sophisticated attackers, you know, going after you smaller and smaller companies. Right. So, if you think about being a very large enterprise, a very large financial services institution, that company might have, you know, five hundred or a thousand people and their information security, their cyberscurty function, they might run as many as two hundred and fifty tools and they've got twenty four by seven monitoring they've got a sock. I mean this is a serious endeavor from a cyberscurity perspective, because they have to other highly regulated and they've got, you know, trillions of dollars in assets. So, if you are a bad guy, would you want to like go after that, or would you go after, you know, the local county, right, or would you go after the regional bank? Or would you go after the small manufacturer? Because, to be honest, those companies just don't have the same resources available to them. They're just, honestly not as big, the teams are smaller, and so, like a lot of the tools that have been built really, I've been honestly, been build for these huge companies and so it's really left what we always saw is the opportunity at side lass was to go help these small, medium enterprizes solve this ever increasing threat. So your ransomware, you know what...

...you talked about as effectively a fishing attack, right, where I get an email, efficient emails getting me to click on it. Right. The whole idea there is that in general companies have a set of perimeter defenses, not firewalls, you know, etc. VPNS, and you're trying to get behind them to get to the soft belly of the network and get to the good stuff, right, the good stuff meeting the critical customer information or, on the case of something like ransom where the sensitive information that you're willing to pay money to get back from right. So fishing is one way that people get behind there. The thing about modern ransomware and the end these attacks is, you know, like in the movies, they happen like, you know, like that, but the reality is, if you're an attacker and you stumble into somebody's network and your mission is to find their sensitive information in crypt it, send it, you know, basically encrypted in such a way that you don't get noticed and then hold it for ransom, that whole process doesn't happen in like eight seconds. Right. That might take, depending upon you know, which study you read, thirty days for you, days, sixty days. It takes days, right, because they show up on your network and they don't really know where, you know, the the good stuff is. Right, the fiscal example there would be imagine, you know, if a burglar was breaking into an office and they had to find the right file cabinet. I mean it would take a while. It was a big office. You know. And so what that provides is lots of opportunities, if you're actually monitoring that network, to say, well, that's all. You know, well, that's weird. I've never noticed that machine talking to that machine before in that way or over that protocol. You know, one one thing that we've learned from analyzing sort of what bad guys do. It's, you know, sometimes like they'll use other security tools that are normally used by good...

...guys to do bad stuff. Right, so security tools running it weird times or running by people who aren't authorized for in most companies. What they're really trying to go at. The goal there is to go after the act of directory, the domain controller, because the domain controller to get privilege credentials right, become an administrator and then go at and then go to the main controller and then from the domain controller you can basically do anything. And so looking for anomalous activity on that Active Directory Server, I like all of these things, if you're actually watching it, can give you the opportunity to stop it before the ransom happens or honestly, even earlier, because now what's happening, unfortunately, with ransomware is it that's sort of double threat. which is basically hey, I've got your stuff, pay the ransom and you're like no, we're not going to do it. They're like okay, that's cool, but I've got all your customer data and if you don't pay the ransom, I'm going to release your customer data. And, Oh, by the way, it's HIPPA. So each customer records got a huge fine. So it's sort of it sort of puts companies in an impossible position. So the idea here is that by, you know, using artificial intelligence machine learning, it's actually really great application the technology because even in a smaller company, these networks are massively complicated. You'll see my previous comment about how they're set up and you know, so for a person to sort of, you know, look at stuff and look at alerts and try to understand what's normal and respond is just impossible. It's a really thing. That's not a recipe for like, you know, personal success, career growth, happy employees. So people don't do it right. So what we're doing is we're monitoring this network basically twenty four by seven for you, and looking for the types of things that attackers would do if they were going to do a ransomware or more and more, these supply chain attacks. I think everybody sort of Hurd solar wins, where just people are coming in through weird ways and because we know normal on your network,...

...we can alert you and then we can take remediate of action. So that a little bit of a roundabout answer. But like there's a whole class of these things that bad guys have basically figured out how to get on your network. You can no longer just assume that you're going to keep them off, and so the game is, can I spot them once they're there quickly and take some action before they do real damage? Right? Right, so you got to be proactively monitoring your network to prevent these types of you know, ransomware. Yeah, I mean the only the only word I would parse theirs, I would say detect. So, like, okay, me, which is it's a subtle point, but you know, if you think about it from an information security perspective, there are always a set of protective controls, right, I'm never at people should have firewalls, right, they should have anti virus, like these are things that like stopp thing from happening. And what that effect we does? It just raises the bar for the sophistication of the of the attack. But unfortunately, just it's becoming easier and easier for less skilled people to launch more sophisticated attacks and therefore they're there. They're just targeting smaller and smaller companies, and so we just think it's what we've seen as the opportunity, unfortunately, is or really the need there is to is to provide this kind of sophisticated detection capabilities to the mid market. Got It. Got It. So when we smoke a fun earlier, you really should shed a story around the changing market place at the last twelve months with covid and walk from home, like, how has the market change and what is sidegloss done to quickly adapt to changing customer needs? Yeah, so you know, side glass, right, network defense as a service, and we were doing quite well with this. Like you know, network is a sort of interesting term. SISSA when they issue their alerts this as the Information Security...

Agency for the US, and they they're right. They say network defenders. Right, so network defenders the sort of a generic term for someone who helps keep a company's net we're saying, but I think the thing that we're we've all realized is that you know, what is a company and what is a network has sort of been shifting for some time. Obviously people have been using saspace services like officerr sixty five or sales force. People have been using infrastructures, a service like aws, as you're that that's all. That's all been happening for some period of time. When covid hit, you know, in the states here, like last March, I think, after the sort of initial shock, kind of through the summer, we just saw this massive acceleration of movement to the cloud, you know. So everybody was working from home and so they weren't in the office and so the places where sort of what the office was was was changing, and a lot of it. We saw a huge uptake in in a couple things, right. One was a VPNS, right. So you know last year the thing twelve to be fair, the first part of the year, the thing you wanted to be selling was laptops, right. I mean you and I work in technology. We think of course, you know, everybody's got a laptop. Everybody's just like working from home now. So that was the first thing you wanted to be selling. was like, you know, left like literally the the machines let you go work at home, and then you know anti virus and then you know remote working kind of connectivity software like office sixty five or vpns, because that was really what everybody was thinking about. And so I think everybody knew remote working or work from anywhere was was going to happen and the push the cloud was going to happen. You know, it just happened five years faster and it happened all at once, like you know, and so many industries where just the covid just accelerated trends that were already happening. And so this was a real challenge, right because we fundamentally had spent a lot of time making side glass work well with traditional networking equipment like, for the firewalls, Cisco...

Routers, Sofas firewalls, you know, Cisco Swhich is check point like like those types of things. Now it didn't mean that we weren't to wear of the cloud. Obviously part of our whole value proposition was we ran in the clouds. So we're, you know, we're keenly aware of the cloud, but just what we saw is the opportunity at that time was really about all these mid market companies who had these offices that couldn't be easily secured by existing solutions. But you know, all the sudde and all of these customers are now like hey, that's great, but we're working from home now. So how can you? Initially they're like, we're not doing anything but Survin, and now they're like, you know, how do you solve that challenge? Right? So the thing that sort of has happened when we think about the network going forward is that the center of the network used to be kind of up like physical space, like an office or a data center, but now the center of the office is as a person like. Really the company is a collection of people and they work however they work and wherever they work. So we had a whole suite of artificial intelligence and machine learning algorithms that were all about building baselines on activities. And so the main activity that we're building baselines on his network activity right this machine is so netflow is really like this Ip address talks to that Ip address for this period of time over this protocol, and it's like learning on that and finding anomalies and you know, to got data scientist who knows stuff better than idea, but that's basically what they're they're learning on and they're saying, well, that's that's strange, in this complicated in clever way. So the first thing that we had to do is to say, well, well, okay, well, we can no longer be learning solely about networks and IP addresses, because that's not really where the night because those anomalies won't mean anything anymore. Because, you know, if somebody comes over of the VPN, like, what's their IP address like?...

Is it really about that IP address? Now it's right, it's actually really about that user. Or if I'm up in off this three hundred and sixty five and I'm looking for weird things, like it's about the user. So the whole notion, our whole idea about what a network was and what and what was the center and Network Change Right. And so we had this realization. And Look, we're not the only people had this realization. I mean this is the zero trust story, right. Zero Trust is really assumed that the network is hostile and orient everything around users, devices and services. So this is where we were certainly headed. But you know, I'm really surprised that like we had to do it this year, and so quickly. So what that meant for us in practice was was a couple of different things. Right, we had to go ingest new types of data, whereas before we were solwly focused on ingesting network data, and we had to analyze holding on build a whole new set of baselines around that data, a whole set of new UI's. I mean just, you know, kind of re Orient the whole product, you know, around users and you know, to be fair, we cat we kind of had to do it while we're still supporting these network pieces, because you fundamentally it's not. There are some companies that are a hundred percent like I, really see everything the network lands. There are some companies, you know, who see literally everything for the user land. But the realities most of the companies who you know, we're talking to. We talked about the smaller banks, O, those county governments, are those manufacturers. I mean they still have a physical presence that they care about, but they also have remote working and things like that. So so we have to do the networks up, we have the user stuff and now we have to also work on building your strong correlation between kind of what's going on in the network and what's going on in the users as well. So so it sounds like you needed to sort of add some additional features and functionality to your...

APP to support these changing customer needs. How will you able to innovate at such speeds to get these new features out to the market? Yeah, so I'm in a sidelass for for years. Right. So when I joined side glass it was really kind of a government research project and I would say they're I think it's a funny story, but you know, the the job I did before I was at seigoys was a company called conjure, and conjure was in the devop set, devop space, secrets management space, and we exited and got bought by cyber Ark. And so prior to joining sideguys, I've been spending all my time kind of a wash in sort of devops automation, because that was really the key and conjure was about machine identity at scale. And so I started at sideglass on my on my first day, and we had a mean it was a SASS application. I'll make it's a podcast because you can't see my air, you know, and I'm like, oh, that's cool, like you like cool clouds ass, like that's awesome. How can I help? I like to help. I like to learn, to like to dig in and it it was like a very I was like new here, I just want to kind of understand. So what you know, what can I do to help? Right, and so what I got back was, yeah, well, if you could just like ssh into each one of these boxes and get the log files and pull them down and see if there's any errors like, that would be like super health. And I was like like by hand, like literally go to like into these machines and like pull the logs down and like look at the sun, like, you know, honestly, like coming from from conjure, I mean I felt like I was a man from the future, you know. But you know, the reality was, you know, conjure was a leading edge start up. I was talking to all these sort of leading edge companies and you realize that, you know, not everybody, and it's going back. Four years ago was like Netflix, you know, like fully CICD or or any of that stuff. So we spent a lot of time prior to two thousand and twenty just...

...investing in building out a proper SASS multi tenant, you know, architecture, right. So we are in aws, but the vast majority of our processing is done in Coubernetti's. So I mean, so a question we get often is, you know, the Ai that you guys have, is that just sage maker some Amazon piece? So it's not. Actually it's our own sort of maybe our own algorithms, but our own sort of implementation and it's not just sort of off the shelf stuff. Is actually a hard problem, although that's probably a topic for the data science podcast. But so we've got all the stuff running basically, you know, in containers now in Coubernetti's and couple clusters that are running in Amazon it and we had and we had made that investment as a company to get to the point where we were delivering at a much higher velocity that were able to sort of we got a very solid devops team, we've got a lot of like really good monitoring capabilities in place and we've built strong capabilities in our CISHD pipeline, most of which Ankins, to to be able to kind of deliver software kind of independently and go pretty fast. I mean, I think the thing that you have to recognize that a lot of people in this space are actually physical appliances. So you know, I mean I wish my velocity was faster, but like we can deliver kind we can push stuff out pretty much on demand whenever we want, whereas I've got competitors in the space or literally shipping physical appliances to put physical appliances and people's networks and analyze the traffic. So like by that measure, you know, our Dev ops velocity is awesome. And so we've got everything and you know, we're sort of like always within striking distance. It's sort of like...

...our idea. They're like if we had to like really go make that you faster, we could do it whenever we wanted. So we've got like a thoughtful approach to our like delivery pipeline. We've got it to where it's like more than fast enough to stay ahead of the of the competition. We've got an architecture which is basically SASS based, so don't have any real like heavy on premise deployment collectors. Yeah, when I when I got here, the thinking with there was like a physical box that we occasionally put in people's networks. We've really gotten away from any of that. So, you know, basically, by spending the last three years of getting us from a not so high velocity kind of delivery mechanism too much more of devops, continuous delivery SASS platform. When we started talking about all these changes, it was really just about me, honestly, how fast we could sort of think about what needed to be done and how fast we could sort of go and execute. There was very few sort of infrastructure or operational, you know, hurdles in our way. Probably the only thing that you know, was gated is some of the data science problems that we talked about, you know, and they're hard, right, and we've got an awesome team of data sign into this and they're very, you know, clever, and so they come up with sort of good solutions. But from US software delivery in operations perspective, we really were able to just kind of be like all right, you know, I got a Tweetingestin pipeline, so will put a different container and there like we got to scale this out like just there was nothing standing in our way and because we're already in the in the cloud, I think we're actually able to be quite responsive to what was a very dramatic shift in our market and the and the needs of our customer rights. You you had the technologies, the the processes in place to enable this speed to market during the last twelve months. Yep. So if I'm about software leader at a software, high growth software company, what advice do you have for them if they're looking to move...

...a little quicker than what they currently are? Yeah, I mean it's a sort of easier said than done thing. Obviously. I think what we've tried to do is to really cut down the distance between the engineering team and the customer. That fundamentally, engineers want to build stuff that people use and get value out of and like that. Certainly you know, certainly our team does. I think you know, most software engineers want to want to build something that people like and get and get value. I think sometimes there can be a disconnect, there could be a lack of understanding, not willful, just by the nature of Hey, I'm talking to more customers and your sort of whatever and you don't understand and why am I asking for that? You know. So what I've just tried to do is to try to get the end you know, the engineering leadership, the product management leadership, the engineers like as close to the customers as possible because I think ultimately they will do the right thing. I think they understand that. If, like they just understand, you know, what people want, they're going to go do that. So I think this was like such a profound change for us that, you know, we had to make a considerable effort to just like get people to sort of understand the types of customers. I mean, look in the early days, I mean the customer tollly shifted, right. We had set of people who are working at sort of like government research speed, you know, and that was like a huge change. And so some of that was just getting them to understand that they had to be building a comercial product. Is Definitely doing commercial government research. But as we sort of pivoted or shifted through this covid it was really about just getting them closer to so they could actually understand the problem. And now what I would say is the beauty of assass platform is that's not that hard, right, like all the Datas, they're like people are using the applicating we instrumented our application. We brought in a...

...customer success platform from another startup called Koala, where we sort of track, you know, what's going on and where are they going and where are they getting stuck? I mean, there's other tools of people can use there as well, but that's the one that we pick. And so I guess you fundamentally approached. There is. It's just like you gotta like get engineers bought into the thing. There's lots of ways to get them bought in. Engineers a lot engineers like data. I like data. So you know, like just show them the things, like they'll get it right, you know. And so it is change and it's hard, but I think you just have to trust that people, given kind of the same information that you have, would come to a reasonable I mean they may had, to be honest a lot. I mean, I'm not asking them to come the same conclusion I come to, but I just want them, I mean that's where we have great discussions, but I just want them to have some of the same information so that they can understand why we're doing it. I mean, I think also in a startup software company, like we're all on the same mission, right, so you just have to like, guys, the mission here is we got to make these customers successful. I think they then understand what those customers are like. Again, a lot of them, you know, if you're used to building software that's going to work for a huge enterprise footprint versus building software which is more sass based or maybe more user driven. There's a different set of assumptions when you think about the software and usability and things like that. So I just think it's like, you know, trust to people that you have tell them about the mission, make sure that they understand, get them sort of close to the customers so they can have to kind of see it from themselves and then, you know, you do after then say okay, guys, now, you know now we have to, you know, deliver and you know, at the end of the day, like we're just we're all at side glass to help keep these customers safe and I think we get a lot of sap stuff the bad guys, right. Yeah, I mean this is it is a scourge, right, this like cyber like the cyber criminals. At all the stuff which is happening. It is just...

...so brutal and you know all the you know the cost of a ransomware attack and what it costs and things like that and you know, I know shadows Offtsa you know, small company to Awesome Company. You know, just imagine, you know what a several hundred thousand dollar, you know, blip and in a business does for, you know, companies these sizes. I mean it's just our governments. It's brutal. So I think we just see that as so like our mission, like what we're really trying to do here, and the engineers are bought into that and then we can, let me, get satisfaction out of, you know, delighted customers who are, you know, getting value out of the product, who are engaged in helping us make it better, who are honestly buying and renewing the software, you know right, helping us build something, you know, successful and sustainable. Yeah, I think you're in a very interesting market your you're saving a segment of that market that you know has been maybe neglected in the past. And as these attacks stop, you know, getting more and more intense than you know, these these smaller companies are going to need the help. So, you know, thinking about the next five year for cyclass and the Vision, where do you see cyclass, you know, in the market? Yeah, I mean I wish the answer was and all the cybercomes going to stop and we go find another job like that would be awesome. I mean right, but unfortunate. Right. So as seeing that's not going to happen. I think what we're hearing from our customers is the direction that we're on is right, that were delivering by bringing in the sort of network, by bringing in the users. I think what they would like to see us do is just kind of like more, right. So, bring in more threaten intelligence, bring in more endpoint data. Just, you know, help me simplify. I mean it's the thing that we've seen, which is amazing, is they just want help, right, tell me what to do, give me more at you know, give me your reports that are more actional. You make remediation more...

...actionable, and so, you know, I think we're just trying to make that. You know, we sort of that skinny shop. I'll make air quotes skin we talked this one great customer in Canady. He's like, I'm a skinny shop. My eyes can't be everywhere. That's sort of like, you know, and it's actually amazing. Ross, we talked to a guy the other day and he's like I am the shop. So if don't, don't tell me me and my team. It's like me right, the like small teams. Yeah, yeah, it's like I'm the guy, right. So we just keep that guy in mind or Gal and it's like what can we do to make that person successful? And so we just see a pretty wide open space here. As you said, it's been fairly neglected by a lot of these big, big vendors. The big thing which is happening overall in Cybersecurity is there's a bit of a like convergence. Right. So we started in the network lane. Now we're doing some user stuff. You know, we'll probably have to which, honestly, may I think all I ever try to do is just be humble enough to like listen to the customers, like hey, you, could you do this, could you do that? And you know, honestly, most time the antswery short, and we should. So what I hear from them is, help me get a few more logs into my system, like help me get my web application firewall logs in here. Help me get my cas be log you like a few more logs in here, my firewall logs? That would be helpful. Help you pull some more endpoint information in here. That would be helpful. So is that the you know, at that point? Are we still, you know, in this like network detecting response space? Are we in some other sort of detext response space? I'm not super hung up, to be honest, on those kind of labels. Those are more like gardener terms and honestly a lot of the people who we sell to aren't like super obsessed with those. We go with those labels and those and those market terms. So I think all that we're really going to try to do is delight those customers, like really just try to make sure that we're delivering a valuable service for them, that's...

...help them, keep them safe and just keep listening to them and to try to keep delivering a really great experience and, you know, a valuable product for them. Yeah, for your scump, because I'd be. The reality is there are so many of these, you know, smaller companies who neat it. We need something right and so we see a we see a fantastic opportunity for the company for years to come. Oh Josh, it's been a pleasure having you on our show today. You're doing some great work. You're really saving a market that has been under served for many years. So thanks for joining us. I really appreciate you time. Yeah, Ross, thanks so much for having me on the PODCAST application modernization is sponsored by Red Hat, the world's leading provider of enterprise open source solutions, including high performing Linux, cloud, container and COUBERNETTI's technologies. Thanks for listening to application modernization, a podcast for high growth software companies. Don't forget to subscribe to the show on your favorite podcast player so you never miss an episode, and, if you use apple podcasts, do us a favor and leave a quick rating by tapping the stars. Join US on the next episode to learn more about modernizing your infrastructure and applications for growth. Until next time,.

In-Stream Audio Search

NEW

Search across all episodes within this podcast

Episodes (25)