Exploring Leadership and Innovation in Cybersecurity
Sumit Dhawan, Chief Executive Officer of Proofpoint, joins theCUBE's Gemma Allen at the New York Stock Exchange studio as part of the Cybersecurity Leader series. This insightful discussion is part of theCUBE's collaboration with NYSE Wired, focusing on innovation and leadership within the evolving landscape of cybersecurity.
During this engaging interview, Dhawan discusses their career journey from the pre-cloud era to the current AI-driven domain of cybersecurity. The conversation examines their strategic initiatives at Proofpoint, emphasizing the shift toward deep, specialized solutions in AI and data loss prevention. Gemma Allen of theCUBE guides the discussion with additional insights from theCUBE Research, adding depth to the conversation.
Key takeaways include the increasing volume and complexity of cybersecurity threats, necessitating sophisticated AI models for protection. Dhawan emphasizes that addressing human-centric security risks with advanced technologies is crucial. The conversation concludes with a look into the future of cybersecurity, highlighting the integration of AI and human-centric security development at Proofpoint, anticipated by 2026.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: Zero Trust Cyber Series. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: Zero Trust Cyber Series.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For theCUBE + NYSE Wired: Zero Trust Cyber Series
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for theCUBE + NYSE Wired: Zero Trust Cyber Series.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: Zero Trust Cyber Series. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: Zero Trust Cyber Series.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to theCUBE + NYSE Wired: Zero Trust Cyber Series
Please sign in with LinkedIn to continue to theCUBE + NYSE Wired: Zero Trust Cyber Series. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Sumit Dhawan, Proofpoint
Inna Tokarev Sela is the CEO and founder of Illumex. The platform enables companies to extract value from structured data, creating a virtual semantic graph for users to interact with in natural language. Illumex focuses on contextualizing data in real-time and offers built-in governance features. By partnering with major data platform providers, Illumex has increased data usage for customers. The company has raised $13 million and has a diverse workforce. Inna's leadership style is described as empathetic. Illumex envisions a future where data interactions are seamless and efficient. Overall, the company aims to lead the industry towards a more streamlined application-free future.
>> Welcome back to theCUBE, here at our studio at the New York Stock Exchange. This is our Cybersecurity Leader series that we are creating in conjunction with NYSE Wired. And joining me today is a leader who is no stranger to the wave of innovation surrounding enterprise tech. Sumit Dhawan, CEO of Proofpoint. Welcome, Sumit.
Sumit Dhawan
>> Well, great to be here.
Gemma Allen
>> So, tell me, you have had a fascinating career, right? You have been in the pre-cloud, on-prem era, the era where everyone worried about perimeters, the cloud era, VMware.
Sumit Dhawan
>> Making me sound old.
Gemma Allen
>> Successful, I would say. Your time at VMware, the world of cloud and virtualization. And now, with Proofpoint, you're in this mad world of AI, right? It's hard to actually really come up with one particular catchphrase to summarize AI. But tell me, what from there brought you here? What's the through-line for you on this journey you've been on from Citrix, VMware and other very successful companies to the world of cybersecurity?
Sumit Dhawan
>> I think there are two things that have been common. Firstly, I've been involved with technologies that touch people and not just something that sits in the closed walls of the data centers. Anything that touches people has an element of an experience, productivity, just how business impact of the technology. And then, secondly, there have been waves of transformation. Now, that's quite common in the world of technology and I enjoy it, I flourish in it. And I'd say those two things have been common across different experiences I've had and I've been blessed with them.
Gemma Allen
>> Wow. And this time you've had a Proofpoint, I think you've come in, you've made some significant changes within the company. You talk a lot about honing in on spaces and areas that you were really, really, really good at, right? Complete efficacy and excellence, and maybe making changes or removing or reducing focus in other areas. Tell us a little bit about the main changes that you've made and how those are playing out. And also, what bets you see ahead.
Sumit Dhawan
>> Proofpoint, we focused on... I believe in the world of cybersecurity, while there's certainly need for, you can call it consolidation, some call it platformization, whatever you want to call it, as in fewer strategic partners to build an overall cybersecurity stack. There's no doubt about it. There's need for that. However, you can't do that by not going deep enough and just going too broad and not having the depth because cybersecurity requires the depth of the solutions to be best-in-class when it comes to efficacy of protection. And without compromising the experience, especially for technologies that touch end users. And I saw that we were falling into the trap of trying to do too many things and not going deep enough into what we were doing. And so, that's the first thing we have done. We went deep into making sure that as these AI created threats were growing and threat volumes keep growing, we have to have more sophisticated AI models. We call it Nexus, which is this fabric of AI models that we run to protect against these new defenses. I'm quite proud of how the team has really made, at this point in time, these ensemble of four different models in addition to classic ML that are defending with higher efficacy. Even though the volume of threats have gone up, our efficacy of advanced threats have gone from 99.3% to now 99.7%. So, more inbound threats, but higher efficacy of protection, okay? Secondly, we went deep into data loss. I saw that as a human problem. It's people who lose data. Data doesn't just walk out of the doors from an enterprise on its own. And that required a different approach in terms of data loss solutions, not just looking at content-based rules as legacy first generation DLP providers did. We now look at context, we look at human behavior, and we look at content rules and combine them together, which reduces the cost of operations, doesn't create this overload of alerts and cumbersome end user experience. It's a lot more adaptive. And in both cases, we now have Gartner claiming we are the Magic Quadrant leader. We've always been market share leader. Our customer satisfaction has been high. Our financial profile of the company is much better than where we were, which gives us ability to now invest into, if we have to broaden our solution, into an area with, again, the same degree of focus and depth, versus trying to dilute ourselves into doing too many things, but not with depth that's needed.
Gemma Allen
>> And when you talk about the human layer of protection and security, which I know you do quite a bit, and the world of AI, in terms of collaboration and data, and how those two worlds seem to come together almost perfectly in the generative AI world that most of us have come to know quite well, quite quickly. How do you see those threats and those risks really infiltrating the enterprise space?
Sumit Dhawan
>> I mean, if you think about the world of how people work. Today, we all digitally work on three or four things. We email and collaborate with other people. We look at data and we look at applications. That's our workspace. It's gradually or maybe even already changed for many of us where we have assistants that are AI assistants and AI agents. And let's just assume the world stays where human is at the top of the pyramid and is always instructing assistance and agents and through prompts and other means in terms of what they should be doing. But they're always working on email collaboration, data and applications. That stays the same, okay? In that world, we call it agentic workspace, if you really step back and think about what are the risks, what are the added risks that come in? AI is supposed to mimic humans. It's just designed to be the intelligence of human, just done through technology. So, the risks that AI has are very similar to the risks of humans. AI can be prompt engineered just like humans can be socially engineered. AI can lose data just like humans. AI can run bad code, just like humans can run bad code. So, the two risks are similar, they just manifest themselves in a different way and the technology that's required to protect against it is different. And so, as I look into the future, I feel this new agentic workspace will require an enhanced form of collaboration and data security. Okay, we need to make sure that today's human-centric security platform gets extended to tomorrow's human and agent-centric security platform and that's what we are extending our solution in. We already have depth of protection for humans. We're building the depth of protection of AI agents, but doing so in a way so that this platform can be a single platform for our customers for both protecting humans and AI agents.
Gemma Allen
>> And what sorts of changes are you seeing in the threat landscape around AI? Has there been a mass increase in very unique and unusual threats from unusual locations around the globe? Are there any patterns that cause you and your team particular concern or that you feel like every CISO should know about that may not be in the public domain, per se?
Sumit Dhawan
>> I think there are three trends we are seeing. Firstly, volume, okay? Volume is significantly higher. Just to give you an idea, just in the last 8 to 10 months, we are seeing advanced threats double year-over-year. So, the volume has gone up. Secondly, we are seeing clearly more and more language and currency is not a barrier. In other words, if you have been in a location where language was difficult for threat actors to create new threats, that's no longer an issue. If you are in a region like Middle East, maybe parts of South East Asia or even India, where currency was a barrier to create fraud, no longer an issue, because now with crypto, which is where fraudulent actors are really trying to do ransomware, it's easy to attack any economy and any business anywhere. And then, third, we are starting to see that there is this attack vector of attacking copilots that's starting to emerge. It's early days, okay? In other words, what's happening is that because there's an assumption that copilots and humans are going to work on the same information. So, if you create an asymmetry of context between a human and their copilot, then a human can instruct copilot to do something, but copilot could have been trained to ignore that instruction and do something different. So, there is a new AI exploitation threats that are starting to emerge. Those are the three patterns we are seeing, okay? Outside of that, there are always going to be new campaigns, and that's our job to stay ahead of those campaigns and make sure we tackle them. And these campaigns are changing... They can easily work around semantic protection. You can't just have keywords-based protection anymore. You really need to be able to understand the intent. And that's what we have invested in, which is now models that you can keep rewriting a message and sending it to Proofpoint defense. It'll understand the intent remains the same, doesn't matter what words or languages or patterns of the... It'll protect it, which is very easy to do if you're a threat actor using generative technologies to keep rewriting. And it's easy to do if you have a model that's sophisticated enough to be able to detect the intent. It just needs to run it in a high-efficiency, low-cost fashion, because we're processing trillions of messages a year. You can't cause delays and add a bunch of cost, which we know models can cause.
Gemma Allen
>> Huge. And this whole space of intent, how do you qualify that? How do you truly understand what the intent is, for example, and where it's coming from?
Sumit Dhawan
>> I think you look for patterns like urgency, patterns like what have the typical communication patterns been between someone who's inside the organization or outside the organization. And you look at, which is context and content or action that's being performed. If it has a certain degree of urgency, which is non-typical, That's typically an indicator for our models that this looks like it's reached a certain level of risk, okay? Those are the two most common high-level constructs that our models are trained to look for. They're not any longer looking for only signatures or patterns. That's very old school. We obviously filter a lot of things based on it, but intent really goes into context and then what is the specific action in that context that someone is asking an employee to do via email or other forms of communication that our models are able to detect? And by the way, our models can't write Shakespeare, they can detect that.
Gemma Allen
>> Not yet.
Sumit Dhawan
>> We don't want them to.
Gemma Allen
>> Absolutely not. And it's interesting because in that zone, you're really trying to understand the behaviors and thought process of the original human, right?
Sumit Dhawan
>> Yes, we are.
Gemma Allen
>> To really identify what it is that's unique about this particular incidence versus previous behaviors.
Sumit Dhawan
>> Yeah, because we know what the vulnerabilities of human behavior is and someone's trying to exploit it. It's usually you're leveraging trust and you're creating urgency with an action. Those are the three things that threat actors use. You make yourself look trusted or you actually compromise someone with not enough privilege and become trusted. Then, you create urgency. In other words, create something that's important. And then, you make them do something that leads to compromise. And that's what our intent-based models are looking for. Is this a compromised person? Which is leveraging trust by stealing identity. Is this a compromised urgency because of the urgency, and is this a compromised action? So, that's the indicators we're looking for.
Gemma Allen
>> So, talk to me a little about what AI means for the cybersecurity industry generally. I think there was definitely an agreed consensus for quite a while that cyber, as a space, is going to see mass consolidation, right? Gartner also said recently that an average enterprise has 76 security tools. So, there's certainly room, I think, for some level of simplification and streamlining, but it seems as though AI also makes it easier for potential entrepreneurs or innovators to become cybersecurity companies and to create an interface for cyber. Technically, you now need a couple of engineers and a GPU bill to make anything happen, including cyber. So, how do you think about that? Do you think that in one sense there's going to be a continued mass consolidation? Or do you think we're going to see a little bit more fragmentation as disruptors, per se, spring up?
Sumit Dhawan
>> I think both. I think that consolidation is bound to happen. There were a lot of venture-funded companies that are still not profitable. There are these five to six large companies, say over $2 billion in software revenue that are providing critical technology platforms and us being one of them, and we hear from customers, their preference in them wanting us to provide richer platforms that consolidates the functions that the customers have had to procure through point products that need to consolidate. And I think that will make room for both in terms of just time as well as money for customers to be able to invest in newer tools and I don't expect disruption of existing tech platforms easily done by AI. I'll tell you why, because if someone had to build a technology like ours by AI, it may be easy, but then training the models, they need all of this threat intelligence and the data that we get actually powers our models, which is why, at this point in time, none of the other security solutions that provide email security have the same degree of efficacy. AI to some extent give incumbents a little bit more benefit in having their models for providing efficacy to become richer and richer at a faster speed. Like to give you an idea, every two and a half days, our models update. Once a quarter, a new model is released by us. And that is very difficult if we didn't have the right data by serving one and a half trillion messages and filtering out more than half of them as threat information, we would not be able to train the models with the right degree of efficacy or cost because models are designed to become smaller, to run at low cost so that the margins can be passed. And with the margins, you can run the business at the right profitability as well as value for customers. I think that's hard to have disruption. Having said that, AI creates a new surface area of risk and we are starting to see more and more cybersecurity players funded for securing AI. And there will be novel ideas, there'll be novel startups that will get started. And I do think that while consolidation takes place among customers on more traditional set of tools that they have procured, they will likely, again, maybe splurge in embedding new tools for more protection of their new stuff that comes in due to AI, and I think that's going to be a new cycle that'll likely emerge.
Gemma Allen
>> And tell us a little bit about the relationship with the buyer persona for cybersecurity at Proofpoint, right? Because I think it's an interesting space in that, in some ways, cyber has that old-age paradox, you only really know about it when it's not working, right? Like within the tech ecosystem in general. And no company really wants to lead with fear either. So, the relationship, I'm sure, is somewhat strained by the fact that you don't necessarily know how many dangers or what it is exactly that you're protected from at any given time.
Sumit Dhawan
>> Yeah.
Gemma Allen
>> So, how do you manage that? How do you manage making sure that CISOs are aware that this world is changing fast and there are some real threats? And then, also, I guess just doing everything you need to do behind the scenes to make things work silently?
Sumit Dhawan
>> It's a little bit tricky because like you mentioned, our technology is supposed to be working in the background, silently, keeping itself updated on all the new threats and campaigns. We can't be educating the customer. Every day a new campaign ships. We set up three to four times a day, new rules to protect against new campaigns. None of our customers know about that. They just can't. They're doing all the other things. That's why they have our technology to protect against this emergence of new threats and campaigns that are happening on a regular basis, whether it's gift card fraud, which is basic these days to QR code launches or some phishing attempt to steal credentials. It's happening all the time, okay? So, it's very tricky because that's not how cyber teams operate. They don't want to know about it, but they do want to know at a certain frequency. So, we have built these customer reviews where we provide information on who are your most attacked people? What are the campaigns? How did they change? How is the efficacy of the solution? What is it changing? And what is the new threat intelligence and campaigns that have emerged? And how do you compare to your peer groups? How has your human resiliency evolved? And many of the CISOs take the materials that they have and put them into their board decks to the risk committees and cybersecurity committees that they have with the board, because they appreciate that level of intelligence to showcase how the resiliency when it comes to human risk is evolving and changing and improving over time because they want to make sure that that's continuing. And they lean on us in providing that information. More and more of that, we believe is going to become agentic, where we don't have... Our people provide that information through reports, but it's agents that our customers, whether it's CISOs or security ops leaders, can just ask and agents can do that in a more tailored fashion that make more sense for every enterprise. They don't need to look at our format, our approach. They can ask the right level of questions. So, earlier this year, we announced this thing called MCP Access. MCP has become the protocol, which is agentic to speak to systems like ours and build agents to get information that they need, and which is essentially designed to do that where our enterprise customers can use agents to talk to a system like ours as assistants of theirs to get this information on demand or in the format they want and can really make sure that our systems are doing the job and holding us accountable through agents because they can't hire people to do that. So, I think that's how it's evolving.
Gemma Allen
>> Fascinating space.
Sumit Dhawan
>> So, the relationship is becoming a little more agentic over time, but I think it's for good.
Gemma Allen
>> Yeah. And the information is needed, right?
Sumit Dhawan
>> And the information is needed.
Gemma Allen
>> We talked so much about speed. We also need to talk about risk and that dialogue and that factual data around what's actually happening. It needs to be in the, at least, enterprise decision-making domain, right?
Sumit Dhawan
>> It's needed and it's going to be more important in the world of AI because think about it, what's going to happen with AI is the three teams are going to work together. There's going to be IT security, there's going to be cybersecurity and there is GRC or risk and compliance. All three of them, and in most boardrooms and most even CEO conversations I've had, they're unsure where the responsibilities lie. And the reality is all three have to play a role because cybersecurity has a more SOC component to it. IT security has a more implementation of the technology component to it. And GRC is making sure it's highlighted as a risk. Because from a governance perspective, AI, if not done right with the right guardrails, can bring the whole company down. It can become the biggest element of the risk register going forward.
Gemma Allen
>> For sure.
Sumit Dhawan
>> So, I think all of them have to play a role and this visibility that only can be created through all these parties through agentic technologies, because there's no human interactions that can happen.
Gemma Allen
>> Wow. Well, Sumit, I could talk to you all day. We've gone a minute over, so tell us, last question, close us out. What's ahead for you and the team at Proofpoint? What are the big bets for the year ahead? And is there anything in particular we should be looking to watch or excited about ?
Sumit Dhawan
>> I'll tell you what what we are really excited about. We think that company has gone through one major evolution in the past. We started and pioneered with email security and we took it to human-centric security, which is collaboration and data security done with a human-centric view as we went through. We see the workspace evolving yet again. It's evolving with this agentic workspace as I went through with humans, agents, data and apps all coming together in one way. And our goal is to extend our platform of human-centric security to human and agent-centric security. We've announced some really cool new products and technologies and extension of our platform, all of those become available in 2026. And I think this starts a new evolution of the company and I'm really excited about it, I'm looking forward to it. And it's not going to happen overnight, but 2026 will be the kickoff for it.
Gemma Allen
>> Well, we're excited to watch and thank you so much for taking the time from your busy schedule to join us here at theCUBE.
Sumit Dhawan
>> Well, thank you for having me.
Gemma Allen
>> I'm Gemma Allen, here at theCUBE Studio at the New York Stock Exchange. This is our Cybersecurity Leaders Program with NYSC Wired. Thanks so much for watching.
>> Welcome back to theCUBE, here at our studio at the New York Stock Exchange. This is our Cybersecurity Leader series that we are creating in conjunction with NYSE Wired. And joining me today is a leader who is no stranger to the wave of innovation surrounding enterprise tech. Sumit Dhawan, CEO of Proofpoint. Welcome, Sumit.
Sumit Dhawan
>> Well, great to be here.
Gemma Allen
>> So, tell me, you have had a fascinating career, right? You have been in the pre-cloud, on-prem era, the era where everyone worried about perimeters, the cloud era, VMware.
Sumit Dhawan
>> Making me sound old.
Gemma Allen
>> Successful, I would say. Your time at VMware, the world of cloud and virtualization. And now, with Proofpoint, you're in this mad world of AI, right? It's hard to actually really come up with one particular catchphrase to summarize AI. But tell me, what from there brought you here? What's the through-line for you on this journey you've been on from Citrix, VMware and other very successful companies to the world of cybersecurity?
Sumit Dhawan
>> I think there are two things that have been common. Firstly, I've been involved with technologies that touch people and not just something that sits in the closed walls of the data centers. Anything that touches people has an element of an experience, productivity, just how business impact of the technology. And then, secondly, there have been waves of transformation. Now, that's quite common in the world of technology and I enjoy it, I flourish in it. And I'd say those two things have been common across different experiences I've had and I've been blessed with them.
Gemma Allen
>> Wow. And this time you've had a Proofpoint, I think you've come in, you've made some significant changes within the company. You talk a lot about honing in on spaces and areas that you were really, really, really good at, right? Complete efficacy and excellence, and maybe making changes or removing or reducing focus in other areas. Tell us a little bit about the main changes that you've made and how those are playing out. And also, what bets you see ahead.
Sumit Dhawan
>> Proofpoint, we focused on... I believe in the world of cybersecurity, while there's certainly need for, you can call it consolidation, some call it platformization, whatever you want to call it, as in fewer strategic partners to build an overall cybersecurity stack. There's no doubt about it. There's need for that. However, you can't do that by not going deep enough and just going too broad and not having the depth because cybersecurity requires the depth of the solutions to be best-in-class when it comes to efficacy of protection. And without compromising the experience, especially for technologies that touch end users. And I saw that we were falling into the trap of trying to do too many things and not going deep enough into what we were doing. And so, that's the first thing we have done. We went deep into making sure that as these AI created threats were growing and threat volumes keep growing, we have to have more sophisticated AI models. We call it Nexus, which is this fabric of AI models that we run to protect against these new defenses. I'm quite proud of how the team has really made, at this point in time, these ensemble of four different models in addition to classic ML that are defending with higher efficacy. Even though the volume of threats have gone up, our efficacy of advanced threats have gone from 99.3% to now 99.7%. So, more inbound threats, but higher efficacy of protection, okay? Secondly, we went deep into data loss. I saw that as a human problem. It's people who lose data. Data doesn't just walk out of the doors from an enterprise on its own. And that required a different approach in terms of data loss solutions, not just looking at content-based rules as legacy first generation DLP providers did. We now look at context, we look at human behavior, and we look at content rules and combine them together, which reduces the cost of operations, doesn't create this overload of alerts and cumbersome end user experience. It's a lot more adaptive. And in both cases, we now have Gartner claiming we are the Magic Quadrant leader. We've always been market share leader. Our customer satisfaction has been high. Our financial profile of the company is much better than where we were, which gives us ability to now invest into, if we have to broaden our solution, into an area with, again, the same degree of focus and depth, versus trying to dilute ourselves into doing too many things, but not with depth that's needed.
Gemma Allen
>> And when you talk about the human layer of protection and security, which I know you do quite a bit, and the world of AI, in terms of collaboration and data, and how those two worlds seem to come together almost perfectly in the generative AI world that most of us have come to know quite well, quite quickly. How do you see those threats and those risks really infiltrating the enterprise space?
Sumit Dhawan
>> I mean, if you think about the world of how people work. Today, we all digitally work on three or four things. We email and collaborate with other people. We look at data and we look at applications. That's our workspace. It's gradually or maybe even already changed for many of us where we have assistants that are AI assistants and AI agents. And let's just assume the world stays where human is at the top of the pyramid and is always instructing assistance and agents and through prompts and other means in terms of what they should be doing. But they're always working on email collaboration, data and applications. That stays the same, okay? In that world, we call it agentic workspace, if you really step back and think about what are the risks, what are the added risks that come in? AI is supposed to mimic humans. It's just designed to be the intelligence of human, just done through technology. So, the risks that AI has are very similar to the risks of humans. AI can be prompt engineered just like humans can be socially engineered. AI can lose data just like humans. AI can run bad code, just like humans can run bad code. So, the two risks are similar, they just manifest themselves in a different way and the technology that's required to protect against it is different. And so, as I look into the future, I feel this new agentic workspace will require an enhanced form of collaboration and data security. Okay, we need to make sure that today's human-centric security platform gets extended to tomorrow's human and agent-centric security platform and that's what we are extending our solution in. We already have depth of protection for humans. We're building the depth of protection of AI agents, but doing so in a way so that this platform can be a single platform for our customers for both protecting humans and AI agents.
Gemma Allen
>> And what sorts of changes are you seeing in the threat landscape around AI? Has there been a mass increase in very unique and unusual threats from unusual locations around the globe? Are there any patterns that cause you and your team particular concern or that you feel like every CISO should know about that may not be in the public domain, per se?
Sumit Dhawan
>> I think there are three trends we are seeing. Firstly, volume, okay? Volume is significantly higher. Just to give you an idea, just in the last 8 to 10 months, we are seeing advanced threats double year-over-year. So, the volume has gone up. Secondly, we are seeing clearly more and more language and currency is not a barrier. In other words, if you have been in a location where language was difficult for threat actors to create new threats, that's no longer an issue. If you are in a region like Middle East, maybe parts of South East Asia or even India, where currency was a barrier to create fraud, no longer an issue, because now with crypto, which is where fraudulent actors are really trying to do ransomware, it's easy to attack any economy and any business anywhere. And then, third, we are starting to see that there is this attack vector of attacking copilots that's starting to emerge. It's early days, okay? In other words, what's happening is that because there's an assumption that copilots and humans are going to work on the same information. So, if you create an asymmetry of context between a human and their copilot, then a human can instruct copilot to do something, but copilot could have been trained to ignore that instruction and do something different. So, there is a new AI exploitation threats that are starting to emerge. Those are the three patterns we are seeing, okay? Outside of that, there are always going to be new campaigns, and that's our job to stay ahead of those campaigns and make sure we tackle them. And these campaigns are changing... They can easily work around semantic protection. You can't just have keywords-based protection anymore. You really need to be able to understand the intent. And that's what we have invested in, which is now models that you can keep rewriting a message and sending it to Proofpoint defense. It'll understand the intent remains the same, doesn't matter what words or languages or patterns of the... It'll protect it, which is very easy to do if you're a threat actor using generative technologies to keep rewriting. And it's easy to do if you have a model that's sophisticated enough to be able to detect the intent. It just needs to run it in a high-efficiency, low-cost fashion, because we're processing trillions of messages a year. You can't cause delays and add a bunch of cost, which we know models can cause.
Gemma Allen
>> Huge. And this whole space of intent, how do you qualify that? How do you truly understand what the intent is, for example, and where it's coming from?
Sumit Dhawan
>> I think you look for patterns like urgency, patterns like what have the typical communication patterns been between someone who's inside the organization or outside the organization. And you look at, which is context and content or action that's being performed. If it has a certain degree of urgency, which is non-typical, That's typically an indicator for our models that this looks like it's reached a certain level of risk, okay? Those are the two most common high-level constructs that our models are trained to look for. They're not any longer looking for only signatures or patterns. That's very old school. We obviously filter a lot of things based on it, but intent really goes into context and then what is the specific action in that context that someone is asking an employee to do via email or other forms of communication that our models are able to detect? And by the way, our models can't write Shakespeare, they can detect that.
Gemma Allen
>> Not yet.
Sumit Dhawan
>> We don't want them to.
Gemma Allen
>> Absolutely not. And it's interesting because in that zone, you're really trying to understand the behaviors and thought process of the original human, right?
Sumit Dhawan
>> Yes, we are.
Gemma Allen
>> To really identify what it is that's unique about this particular incidence versus previous behaviors.
Sumit Dhawan
>> Yeah, because we know what the vulnerabilities of human behavior is and someone's trying to exploit it. It's usually you're leveraging trust and you're creating urgency with an action. Those are the three things that threat actors use. You make yourself look trusted or you actually compromise someone with not enough privilege and become trusted. Then, you create urgency. In other words, create something that's important. And then, you make them do something that leads to compromise. And that's what our intent-based models are looking for. Is this a compromised person? Which is leveraging trust by stealing identity. Is this a compromised urgency because of the urgency, and is this a compromised action? So, that's the indicators we're looking for.
Gemma Allen
>> So, talk to me a little about what AI means for the cybersecurity industry generally. I think there was definitely an agreed consensus for quite a while that cyber, as a space, is going to see mass consolidation, right? Gartner also said recently that an average enterprise has 76 security tools. So, there's certainly room, I think, for some level of simplification and streamlining, but it seems as though AI also makes it easier for potential entrepreneurs or innovators to become cybersecurity companies and to create an interface for cyber. Technically, you now need a couple of engineers and a GPU bill to make anything happen, including cyber. So, how do you think about that? Do you think that in one sense there's going to be a continued mass consolidation? Or do you think we're going to see a little bit more fragmentation as disruptors, per se, spring up?
Sumit Dhawan
>> I think both. I think that consolidation is bound to happen. There were a lot of venture-funded companies that are still not profitable. There are these five to six large companies, say over $2 billion in software revenue that are providing critical technology platforms and us being one of them, and we hear from customers, their preference in them wanting us to provide richer platforms that consolidates the functions that the customers have had to procure through point products that need to consolidate. And I think that will make room for both in terms of just time as well as money for customers to be able to invest in newer tools and I don't expect disruption of existing tech platforms easily done by AI. I'll tell you why, because if someone had to build a technology like ours by AI, it may be easy, but then training the models, they need all of this threat intelligence and the data that we get actually powers our models, which is why, at this point in time, none of the other security solutions that provide email security have the same degree of efficacy. AI to some extent give incumbents a little bit more benefit in having their models for providing efficacy to become richer and richer at a faster speed. Like to give you an idea, every two and a half days, our models update. Once a quarter, a new model is released by us. And that is very difficult if we didn't have the right data by serving one and a half trillion messages and filtering out more than half of them as threat information, we would not be able to train the models with the right degree of efficacy or cost because models are designed to become smaller, to run at low cost so that the margins can be passed. And with the margins, you can run the business at the right profitability as well as value for customers. I think that's hard to have disruption. Having said that, AI creates a new surface area of risk and we are starting to see more and more cybersecurity players funded for securing AI. And there will be novel ideas, there'll be novel startups that will get started. And I do think that while consolidation takes place among customers on more traditional set of tools that they have procured, they will likely, again, maybe splurge in embedding new tools for more protection of their new stuff that comes in due to AI, and I think that's going to be a new cycle that'll likely emerge.
Gemma Allen
>> And tell us a little bit about the relationship with the buyer persona for cybersecurity at Proofpoint, right? Because I think it's an interesting space in that, in some ways, cyber has that old-age paradox, you only really know about it when it's not working, right? Like within the tech ecosystem in general. And no company really wants to lead with fear either. So, the relationship, I'm sure, is somewhat strained by the fact that you don't necessarily know how many dangers or what it is exactly that you're protected from at any given time.
Sumit Dhawan
>> Yeah.
Gemma Allen
>> So, how do you manage that? How do you manage making sure that CISOs are aware that this world is changing fast and there are some real threats? And then, also, I guess just doing everything you need to do behind the scenes to make things work silently?
Sumit Dhawan
>> It's a little bit tricky because like you mentioned, our technology is supposed to be working in the background, silently, keeping itself updated on all the new threats and campaigns. We can't be educating the customer. Every day a new campaign ships. We set up three to four times a day, new rules to protect against new campaigns. None of our customers know about that. They just can't. They're doing all the other things. That's why they have our technology to protect against this emergence of new threats and campaigns that are happening on a regular basis, whether it's gift card fraud, which is basic these days to QR code launches or some phishing attempt to steal credentials. It's happening all the time, okay? So, it's very tricky because that's not how cyber teams operate. They don't want to know about it, but they do want to know at a certain frequency. So, we have built these customer reviews where we provide information on who are your most attacked people? What are the campaigns? How did they change? How is the efficacy of the solution? What is it changing? And what is the new threat intelligence and campaigns that have emerged? And how do you compare to your peer groups? How has your human resiliency evolved? And many of the CISOs take the materials that they have and put them into their board decks to the risk committees and cybersecurity committees that they have with the board, because they appreciate that level of intelligence to showcase how the resiliency when it comes to human risk is evolving and changing and improving over time because they want to make sure that that's continuing. And they lean on us in providing that information. More and more of that, we believe is going to become agentic, where we don't have... Our people provide that information through reports, but it's agents that our customers, whether it's CISOs or security ops leaders, can just ask and agents can do that in a more tailored fashion that make more sense for every enterprise. They don't need to look at our format, our approach. They can ask the right level of questions. So, earlier this year, we announced this thing called MCP Access. MCP has become the protocol, which is agentic to speak to systems like ours and build agents to get information that they need, and which is essentially designed to do that where our enterprise customers can use agents to talk to a system like ours as assistants of theirs to get this information on demand or in the format they want and can really make sure that our systems are doing the job and holding us accountable through agents because they can't hire people to do that. So, I think that's how it's evolving.
Gemma Allen
>> Fascinating space.
Sumit Dhawan
>> So, the relationship is becoming a little more agentic over time, but I think it's for good.
Gemma Allen
>> Yeah. And the information is needed, right?
Sumit Dhawan
>> And the information is needed.
Gemma Allen
>> We talked so much about speed. We also need to talk about risk and that dialogue and that factual data around what's actually happening. It needs to be in the, at least, enterprise decision-making domain, right?
Sumit Dhawan
>> It's needed and it's going to be more important in the world of AI because think about it, what's going to happen with AI is the three teams are going to work together. There's going to be IT security, there's going to be cybersecurity and there is GRC or risk and compliance. All three of them, and in most boardrooms and most even CEO conversations I've had, they're unsure where the responsibilities lie. And the reality is all three have to play a role because cybersecurity has a more SOC component to it. IT security has a more implementation of the technology component to it. And GRC is making sure it's highlighted as a risk. Because from a governance perspective, AI, if not done right with the right guardrails, can bring the whole company down. It can become the biggest element of the risk register going forward.
Gemma Allen
>> For sure.
Sumit Dhawan
>> So, I think all of them have to play a role and this visibility that only can be created through all these parties through agentic technologies, because there's no human interactions that can happen.
Gemma Allen
>> Wow. Well, Sumit, I could talk to you all day. We've gone a minute over, so tell us, last question, close us out. What's ahead for you and the team at Proofpoint? What are the big bets for the year ahead? And is there anything in particular we should be looking to watch or excited about ?
Sumit Dhawan
>> I'll tell you what what we are really excited about. We think that company has gone through one major evolution in the past. We started and pioneered with email security and we took it to human-centric security, which is collaboration and data security done with a human-centric view as we went through. We see the workspace evolving yet again. It's evolving with this agentic workspace as I went through with humans, agents, data and apps all coming together in one way. And our goal is to extend our platform of human-centric security to human and agent-centric security. We've announced some really cool new products and technologies and extension of our platform, all of those become available in 2026. And I think this starts a new evolution of the company and I'm really excited about it, I'm looking forward to it. And it's not going to happen overnight, but 2026 will be the kickoff for it.
Gemma Allen
>> Well, we're excited to watch and thank you so much for taking the time from your busy schedule to join us here at theCUBE.
Sumit Dhawan
>> Well, thank you for having me.
Gemma Allen
>> I'm Gemma Allen, here at theCUBE Studio at the New York Stock Exchange. This is our Cybersecurity Leaders Program with NYSC Wired. Thanks so much for watching.
Gemma Allen