theCUBE + NYSE Wired: Zero Trust Cyber Series | Andrew Rubin, Illumio

Clips
More from theCUBE + NYSE Wired: Zero Trust Cyber Series

Andrew Rubin

CEO & Founder

Illumio

play_circle_outline Micro-segmentation to limit breach blast radius, with visibility and observability

play_circle_outline Quarantines and Kill Switches: Dynamic Containment Against LLM-Powered Machine-Speed Asymmetric Threats

play_circle_outline Countering Agentic and Agent-to-Agent Attacks: AI-Driven Observability, Segmentation, and Signal-to-Noise Improvement

Info

Andrew Rubin, Illumio

Andrew Rubin

CEO & Founder Illumio

search

John Furrier

>> Palo Alto Studio Connection, Silicon Valley, and Wall Street. I'm John Furrier, host of theCUBE, here with Dave Vellante, my co-host.

Gemma Allen

>> Welcome back to theCUBE Studio here at the New York Stock Exchange. I'm Gemma Allen with NYSE Wired's Cybersecurity Leaders. And joining me now for a conversation on micro segmentation is Andrew Rubin, founder and CEO of Illumio. Welcome, Andrew.

Andrew Rubin

>> Thank you so much for having me.

Gemma Allen

>> So it is a fascinating time in the world of cyber. There's a lot happening. We just joked off-screen there that we could both do with a scotch sometimes and we read some of these headlines. But let's just start with your company, Andrew, because it's operating in a very interesting place. Talk to me about exactly what it is that Illumio does.

Andrew Rubin

>> Sure. So the shortest answer would be we deliver network micro-segmentation for our customers and the visibility, and the observability necessary to achieve micro-segmentation. A slightly longer answer is this. For 40 or 50 years, cyber has been focused on really one mission, keeping bad things out. And generally speaking, it's done a pretty good job. As much as we have breaches, we have many days without breaches. But I think the one thing that everybody's figured out the last decade or so is we are going to live with breaches and we seem to be having more of them and they're getting bigger and more expensive every year. And that's just a reality. We have to accept it. Micro-segmentation was designed not to stop the initial breach. It was designed to limit the blast radius so that when a breach occurs, it's a small problem instead of a catastrophic one. And that's been the mission that Illumio's been on since day one.

Gemma Allen

>> So when you say that this industry has done a pretty good job, some challenge that, right? They say that companies are spending more money than ever before. Cyber spending could reach 377 billion by 2028, that's nearly 2X what was expected in the last decade. And actually the problems feel scarier, less predictable, and maybe less controlled than ever before, right? So maybe let's talk to that for a second. When we think about why that is, why companies are spending more, is it because they can't really fully predict the level of risk, they can't get ahead of the level of risk? What sorts of vectors are you seeing? Maybe bring that problem to life for us a bit.

Andrew Rubin

>> It's a fair question. And I definitely did say we did a pretty good job, and I used those words on purpose. I think if we look at the last 50 years, we would say in general we've done a pretty good job. Now here's the counterpoint to that. If you look at the last 10 years, every year the following things have been 100% true. The industry invests more money in innovation. Venture capitalists and investors pour more money into cybersecurity. There are more cyber companies and customers spend more money every year. And what's happened? What is the only number that's gone up faster? The number of breaches and the cost of the breaches. So when I say over the long run, we did a pretty good job, I think generally speaking, that's true. The counterpoint to that would be, but unfortunately the model we've relied on for all these years seems to be getting less and less effective while getting more and more expensive. And that trajectory should have everybody running scared. And of course all of this is before we bring up the word Mythos. And so I think it is fair to say and question, is the cybersecurity model that we built and relied on for a long time the right one going forward? And I've been very public about the fact that I think that cybersecurity is now broken. It doesn't mean it's always been broken, but it is now broken. And the data, all those facts that we just talked about prove that we're on a path and a trajectory that if we don't change it, we're probably going to end in a very bad place eventually.

Gemma Allen

>> So when we think about Mythos, it has gotten so much headlines, hype, concern, right? There's critics that say it's a great marketing exercise by Anthropic. Others say that there's devs that haven't slept for weeks. We don't really know exactly where the truth lies, right? But we do know that we saw fable, we saw the recant of the rollout of that model, which demonstrates there's a lot of concern, right?

Andrew Rubin

>> Yes.

Gemma Allen

>> From your perspective, you're operating not necessarily in prevention but in containment.

Andrew Rubin

>> Yes.

Gemma Allen

>> It's not getting in. It's what happens once they're in. And another interesting fact is that they're saying that these incidents can go from minor to absolute major in 30 minutes flat, which is I think an increasingly scary statistic in the world of cybersecurity and enterprise threat. Talk about what your company does in those 30 minutes. Break that down a little bit.

Andrew Rubin

>> So I think there's a few points there. First of all, I think that everybody right now is talking about the Mythos problem, but I actually think the better way to describe it is the model problem. Mythos was simply the first thing that the world learned about where all of a sudden this new tooling and capability pointed at cyber reminded us all how vulnerable we actually have always been and what happens when a tool and a capability like Mythos enters our world. It's not about one model. We know this is where the science and the technology has been taking us for some time. Mythos was just the first thing that made it real. I think we also understand that the problem that we're all going to face is really not just a technology problem. It's not what the models can do. It's the speed. We've lived in a cyber world that's moved at human speed life to date. And what I mean by that is attackers move at human speed. Defenders move at human speed. We've been fighting what I'll call a relatively fair fight. I'm not saying that it necessarily has been a good fight, but it's been a relatively balanced fight. When you enable and democratize attackers with models that move at machine speed, but an enterprise says, "We still need six months to patch a server." That fight is no longer level. It goes asymmetric immediately. And so I think when I say the cyber model is breaking and things like Mythos are going to break it all together, it's not just the technology problem. It's the entire operating model of how we defend things. Where micro-segmentation comes into that is we're going to need the ability to very quickly contain things. We're going to need things like dynamic quarantining. Some people say the kill switch because we're going to be vulnerable in ways we've never been before and resilience and reaction are going to end up prioritized in a way that in the past we didn't think about it. We're going to have to contain things. We're going to have to think about recovery much more than we have in the past. And micro-segmentation, as you said, was designed from the very beginning to contain things, not to prevent them from first happening, but to make sure that when they do happen, they're small, not catastrophic.

Gemma Allen

>> I mean, we hear a lot about the ways in which or the format of which we can see breaches happen is changing vastly, right? Agents to agent breaches, all sorts of ways in which you can have a breach that's written into your code. We know this stuff, but truly it's kind of been happening for a while, right? I think this agentic conversation has just accelerated the fear and the reality around how quickly this could happen. When you think about how you operate under the hood, your technology under the hood in these organizations, how do you stay ahead of threat factors? Because once they're in, I assume that the modularity of which they move also changes quite rapidly in the world of agentic, right? What sort of new threats are you building for that you weren't four years ago?

Andrew Rubin

>> Absolutely. So first of all, we think that AI will be in every sense of the word a tool and that tool will be like all tools in the hands of good folks and bad folks, attackers and defenders. A lot of it is how they use it. A lot of it is how quickly they can deploy it. Generally speaking, attackers do have a leg up because things like rule of law, ethical and moral boundaries that defenders live within, attackers don't by definition. I think one of the things that we're seeing and hearing from our customers every day is more observability, more visibility, finding things that are either malicious or sometimes just anomalous and finding them much faster. We talk about signal-to-noise in cybersecurity all the time. You can show me lots of things, but how much of it is noise and how many of those things are really the needle in the haystack that I need to pay attention to. So for us, we're looking at AI and we're looking at everything that everybody's so excited about and saying, where can we put it into the product to do things like detect the signal faster? Where can we use it to help suggest how to dynamically quarantine things when unusual or malicious things occur? For us, it's all about how do we get people safer faster. And in our world, safer equals micro segmentation. So we're looking at better observability, faster segmentation, more suggestive policy as opposed to having to figure out what the policy should be. And obviously we think everything's going to be dynamic because that's one of the benefits of AI is the speed it delivers, but that means as a defender, we have to be much more dynamic than we've been in the past.

Gemma Allen

>> And how recursive is that development cycle for you, right? Because I assume that every day threats are changing. We see more and more better impersonation, persona development, all of these things that are happening across cyber industry. It must put a huge pressure on the speed of which any cyber vendor, including yourself, has to actually develop solutions. Are your O&G cycles faster than ever before? What are you kind of working on and seeing underneath the hood of your org that's again, changing as this dynamic changes?

Andrew Rubin

>> Well, first of all, I think it's a generic comment. And yes, it's very true at Illumio. I think the pressure to go fast is literally relevance or dead. I really do believe that. And I make that comment both about Illumio and the work we do, but I also think that that's now becoming the generic view in IT. You either move quickly, innovate, you want to make sure that if you can get to 80% in an hour versus 95% in a year, get the 80% in an hour. I think that mindset is now becoming plastered across our industry. For us, I was in Europe last week, I probably saw 30 CISOs in a week. The feedback loop in terms of the voice of the customer is unlike anything I've ever seen. And our job is not just to have that feedback loop, but to be able to then instrument that feedback loop, get it back to product and engineering, have them make very quick decisions. And then within the product, we have to be able to iterate and push updates sometimes in certainly I'll say hours or days, but no more waterfall releases that we talk about a year from now. Everything is talked about in a matter of days or weeks. Now, I do want to point one thing out that I think is important, which is there is an enormous benefit to going fast. There is an enormous benefit to real time innovation and iteration. You do still have to balance that with the fact that at least in Illumio's case, we're deployed in places like the swift backbone of very large banks around the world. We still have one true north star, which is, I say it's like the hippocratic oath. Your absolute first obligation is to do no harm. As fast as we're going and as much as we want to push the boundaries of innovation, we still have to deliver insanely reliable, resilient, scalable, and very safe software because the minute that we chip away at that in any way, we break all the rules and all the trusts that we've worked very hard to build with our customers over the years. That's the balancing act that companies like us have to make sure we don't forget we have to get both right.

Gemma Allen

>> And that's interesting in a world of kill switches, right? Which could lead to downtime, which could also lead to conversation around who activates that. If you have an agent replacing a human in a workflow, who fundamentally actually owns that signal, right? That also, I assume from a policy perspective, needs some working out. Illumio, talk to me a little about the company itself, the journey. You guys haven't had to raise money in quite a while, which is a wonderful signal, especially in a market like this one. Talk me to, I guess, the size you're at, the stage you guys are at, and I guess also what's ahead?

Andrew Rubin

>> Yeah. So there's a few things in there. We haven't raised money in over five years and I'm incredibly proud of the team for putting the company in that position. I remember many years ago, one of our early investors talked about this notion of controlling your own destiny, and at the time it didn't really mean very much. I assure you, the last five years, I now have a deep appreciation of that. Fortunately because of certainly the last few years, the acceleration and the awareness of micro-segmentation, it's now very publicly known that both Forrester and Gartner are going to be publishing very comprehensive reports, and Gartner's going to be putting out the first Magic Quadrant later this year on micro-segmentation. I think the awareness level has gone up and it's gone up very, very much in an accelerated way. It's been great for us and everybody in the industry. Mythos has been an absolute game changer in the speed, velocity and the breadth of conversations that we're having. And I'm sure, again, that's a generic comment for the industry. In terms of the company, we're a little over a thousand people. We've been hiring in every part and team within the company. We've been accelerating our growth the last few years, which has felt great, especially in light of not having raised capital. And in terms of the what's next, my message to the team every single day is get up in the morning, build great software, make sure that it works, innovate quickly, and make sure the customers get the outcomes that we promise them. And that's not a way of ducking that question under the question, which is, well, are you going to go public or what's the future of the company? But right now in this crazy market that you alluded to, being in a position to grow, accelerate growth, deliver real outcomes for customers that need them right now as opposed to wanting them, I think as long as we stay focused on that, the answers to the rest of those questions will present themselves. There is no doubt about that. And so, right now we are absolutely heads down focused on building every single day.

Gemma Allen

>> I love it. Focus on the fundamentals and meet this market moment where it's at.

Andrew Rubin

>> Yes, very much so.

Gemma Allen

>> Andrew, thank you so much for coming on of theCUBE.

Andrew Rubin

>> Thank you for having me.

Gemma Allen

>> I'm Gemma Allen here at theCUBE Studio at the New York Stock Exchange. This is NYSE Wired's Cybersecurity Leaders. Thanks for watching.

Andrew Rubin, Illumio

search

John Furrier

>> Palo Alto Studio Connection, Silicon Valley, and Wall Street. I'm John Furrier, host of theCUBE, here with Dave Vellante, my co-host.

Gemma Allen

>> Welcome back to theCUBE Studio here at the New York Stock Exchange. I'm Gemma Allen with NYSE Wired's Cybersecurity Leaders. And joining me now for a conversation on micro segmentation is Andrew Rubin, founder and CEO of Illumio. Welcome, Andrew.

Andrew Rubin

>> Thank you so much for having me.

Gemma Allen

>> So it is a fascinating time in the world of cyber. There's a lot happening. We just joked off-screen there that we could both do with a scotch sometimes and we read some of these headlines. But let's just start with your company, Andrew, because it's operating in a very interesting place. Talk to me about exactly what it is that Illumio does.

Andrew Rubin

>> Sure. So the shortest answer would be we deliver network micro-segmentation for our customers and the visibility, and the observability necessary to achieve micro-segmentation. A slightly longer answer is this. For 40 or 50 years, cyber has been focused on really one mission, keeping bad things out. And generally speaking, it's done a pretty good job. As much as we have breaches, we have many days without breaches. But I think the one thing that everybody's figured out the last decade or so is we are going to live with breaches and we seem to be having more of them and they're getting bigger and more expensive every year. And that's just a reality. We have to accept it. Micro-segmentation was designed not to stop the initial breach. It was designed to limit the blast radius so that when a breach occurs, it's a small problem instead of a catastrophic one. And that's been the mission that Illumio's been on since day one.

Gemma Allen

>> So when you say that this industry has done a pretty good job, some challenge that, right? They say that companies are spending more money than ever before. Cyber spending could reach 377 billion by 2028, that's nearly 2X what was expected in the last decade. And actually the problems feel scarier, less predictable, and maybe less controlled than ever before, right? So maybe let's talk to that for a second. When we think about why that is, why companies are spending more, is it because they can't really fully predict the level of risk, they can't get ahead of the level of risk? What sorts of vectors are you seeing? Maybe bring that problem to life for us a bit.

Andrew Rubin

>> It's a fair question. And I definitely did say we did a pretty good job, and I used those words on purpose. I think if we look at the last 50 years, we would say in general we've done a pretty good job. Now here's the counterpoint to that. If you look at the last 10 years, every year the following things have been 100% true. The industry invests more money in innovation. Venture capitalists and investors pour more money into cybersecurity. There are more cyber companies and customers spend more money every year. And what's happened? What is the only number that's gone up faster? The number of breaches and the cost of the breaches. So when I say over the long run, we did a pretty good job, I think generally speaking, that's true. The counterpoint to that would be, but unfortunately the model we've relied on for all these years seems to be getting less and less effective while getting more and more expensive. And that trajectory should have everybody running scared. And of course all of this is before we bring up the word Mythos. And so I think it is fair to say and question, is the cybersecurity model that we built and relied on for a long time the right one going forward? And I've been very public about the fact that I think that cybersecurity is now broken. It doesn't mean it's always been broken, but it is now broken. And the data, all those facts that we just talked about prove that we're on a path and a trajectory that if we don't change it, we're probably going to end in a very bad place eventually.

Gemma Allen

>> So when we think about Mythos, it has gotten so much headlines, hype, concern, right? There's critics that say it's a great marketing exercise by Anthropic. Others say that there's devs that haven't slept for weeks. We don't really know exactly where the truth lies, right? But we do know that we saw fable, we saw the recant of the rollout of that model, which demonstrates there's a lot of concern, right?

Andrew Rubin

>> Yes.

Gemma Allen

>> From your perspective, you're operating not necessarily in prevention but in containment.

Andrew Rubin

>> Yes.

Gemma Allen

>> It's not getting in. It's what happens once they're in. And another interesting fact is that they're saying that these incidents can go from minor to absolute major in 30 minutes flat, which is I think an increasingly scary statistic in the world of cybersecurity and enterprise threat. Talk about what your company does in those 30 minutes. Break that down a little bit.

Andrew Rubin

>> So I think there's a few points there. First of all, I think that everybody right now is talking about the Mythos problem, but I actually think the better way to describe it is the model problem. Mythos was simply the first thing that the world learned about where all of a sudden this new tooling and capability pointed at cyber reminded us all how vulnerable we actually have always been and what happens when a tool and a capability like Mythos enters our world. It's not about one model. We know this is where the science and the technology has been taking us for some time. Mythos was just the first thing that made it real. I think we also understand that the problem that we're all going to face is really not just a technology problem. It's not what the models can do. It's the speed. We've lived in a cyber world that's moved at human speed life to date. And what I mean by that is attackers move at human speed. Defenders move at human speed. We've been fighting what I'll call a relatively fair fight. I'm not saying that it necessarily has been a good fight, but it's been a relatively balanced fight. When you enable and democratize attackers with models that move at machine speed, but an enterprise says, "We still need six months to patch a server." That fight is no longer level. It goes asymmetric immediately. And so I think when I say the cyber model is breaking and things like Mythos are going to break it all together, it's not just the technology problem. It's the entire operating model of how we defend things. Where micro-segmentation comes into that is we're going to need the ability to very quickly contain things. We're going to need things like dynamic quarantining. Some people say the kill switch because we're going to be vulnerable in ways we've never been before and resilience and reaction are going to end up prioritized in a way that in the past we didn't think about it. We're going to have to contain things. We're going to have to think about recovery much more than we have in the past. And micro-segmentation, as you said, was designed from the very beginning to contain things, not to prevent them from first happening, but to make sure that when they do happen, they're small, not catastrophic.

Gemma Allen

>> I mean, we hear a lot about the ways in which or the format of which we can see breaches happen is changing vastly, right? Agents to agent breaches, all sorts of ways in which you can have a breach that's written into your code. We know this stuff, but truly it's kind of been happening for a while, right? I think this agentic conversation has just accelerated the fear and the reality around how quickly this could happen. When you think about how you operate under the hood, your technology under the hood in these organizations, how do you stay ahead of threat factors? Because once they're in, I assume that the modularity of which they move also changes quite rapidly in the world of agentic, right? What sort of new threats are you building for that you weren't four years ago?

Andrew Rubin

>> Absolutely. So first of all, we think that AI will be in every sense of the word a tool and that tool will be like all tools in the hands of good folks and bad folks, attackers and defenders. A lot of it is how they use it. A lot of it is how quickly they can deploy it. Generally speaking, attackers do have a leg up because things like rule of law, ethical and moral boundaries that defenders live within, attackers don't by definition. I think one of the things that we're seeing and hearing from our customers every day is more observability, more visibility, finding things that are either malicious or sometimes just anomalous and finding them much faster. We talk about signal-to-noise in cybersecurity all the time. You can show me lots of things, but how much of it is noise and how many of those things are really the needle in the haystack that I need to pay attention to. So for us, we're looking at AI and we're looking at everything that everybody's so excited about and saying, where can we put it into the product to do things like detect the signal faster? Where can we use it to help suggest how to dynamically quarantine things when unusual or malicious things occur? For us, it's all about how do we get people safer faster. And in our world, safer equals micro segmentation. So we're looking at better observability, faster segmentation, more suggestive policy as opposed to having to figure out what the policy should be. And obviously we think everything's going to be dynamic because that's one of the benefits of AI is the speed it delivers, but that means as a defender, we have to be much more dynamic than we've been in the past.

Gemma Allen

>> And how recursive is that development cycle for you, right? Because I assume that every day threats are changing. We see more and more better impersonation, persona development, all of these things that are happening across cyber industry. It must put a huge pressure on the speed of which any cyber vendor, including yourself, has to actually develop solutions. Are your O&G cycles faster than ever before? What are you kind of working on and seeing underneath the hood of your org that's again, changing as this dynamic changes?

Andrew Rubin

>> Well, first of all, I think it's a generic comment. And yes, it's very true at Illumio. I think the pressure to go fast is literally relevance or dead. I really do believe that. And I make that comment both about Illumio and the work we do, but I also think that that's now becoming the generic view in IT. You either move quickly, innovate, you want to make sure that if you can get to 80% in an hour versus 95% in a year, get the 80% in an hour. I think that mindset is now becoming plastered across our industry. For us, I was in Europe last week, I probably saw 30 CISOs in a week. The feedback loop in terms of the voice of the customer is unlike anything I've ever seen. And our job is not just to have that feedback loop, but to be able to then instrument that feedback loop, get it back to product and engineering, have them make very quick decisions. And then within the product, we have to be able to iterate and push updates sometimes in certainly I'll say hours or days, but no more waterfall releases that we talk about a year from now. Everything is talked about in a matter of days or weeks. Now, I do want to point one thing out that I think is important, which is there is an enormous benefit to going fast. There is an enormous benefit to real time innovation and iteration. You do still have to balance that with the fact that at least in Illumio's case, we're deployed in places like the swift backbone of very large banks around the world. We still have one true north star, which is, I say it's like the hippocratic oath. Your absolute first obligation is to do no harm. As fast as we're going and as much as we want to push the boundaries of innovation, we still have to deliver insanely reliable, resilient, scalable, and very safe software because the minute that we chip away at that in any way, we break all the rules and all the trusts that we've worked very hard to build with our customers over the years. That's the balancing act that companies like us have to make sure we don't forget we have to get both right.

Gemma Allen

>> And that's interesting in a world of kill switches, right? Which could lead to downtime, which could also lead to conversation around who activates that. If you have an agent replacing a human in a workflow, who fundamentally actually owns that signal, right? That also, I assume from a policy perspective, needs some working out. Illumio, talk to me a little about the company itself, the journey. You guys haven't had to raise money in quite a while, which is a wonderful signal, especially in a market like this one. Talk me to, I guess, the size you're at, the stage you guys are at, and I guess also what's ahead?

Andrew Rubin

>> Yeah. So there's a few things in there. We haven't raised money in over five years and I'm incredibly proud of the team for putting the company in that position. I remember many years ago, one of our early investors talked about this notion of controlling your own destiny, and at the time it didn't really mean very much. I assure you, the last five years, I now have a deep appreciation of that. Fortunately because of certainly the last few years, the acceleration and the awareness of micro-segmentation, it's now very publicly known that both Forrester and Gartner are going to be publishing very comprehensive reports, and Gartner's going to be putting out the first Magic Quadrant later this year on micro-segmentation. I think the awareness level has gone up and it's gone up very, very much in an accelerated way. It's been great for us and everybody in the industry. Mythos has been an absolute game changer in the speed, velocity and the breadth of conversations that we're having. And I'm sure, again, that's a generic comment for the industry. In terms of the company, we're a little over a thousand people. We've been hiring in every part and team within the company. We've been accelerating our growth the last few years, which has felt great, especially in light of not having raised capital. And in terms of the what's next, my message to the team every single day is get up in the morning, build great software, make sure that it works, innovate quickly, and make sure the customers get the outcomes that we promise them. And that's not a way of ducking that question under the question, which is, well, are you going to go public or what's the future of the company? But right now in this crazy market that you alluded to, being in a position to grow, accelerate growth, deliver real outcomes for customers that need them right now as opposed to wanting them, I think as long as we stay focused on that, the answers to the rest of those questions will present themselves. There is no doubt about that. And so, right now we are absolutely heads down focused on building every single day.

Gemma Allen

>> I love it. Focus on the fundamentals and meet this market moment where it's at.

Andrew Rubin

>> Yes, very much so.

Gemma Allen

>> Andrew, thank you so much for coming on of theCUBE.

Andrew Rubin

>> Thank you for having me.

Gemma Allen

>> I'm Gemma Allen here at theCUBE Studio at the New York Stock Exchange. This is NYSE Wired's Cybersecurity Leaders. Thanks for watching.