Sramana Mitra: So your investment thesis today, so to speak, is the timing?
Ray Rothrock: Absolutely. It’s the same product we invented 10 years ago. We have 200 customers. We’ve had sales of about $110 million in the past 10 full years. It’s picking up because of the value that we bring.
Sramana Mitra: Going back to my earlier question, what does the competitive landscape look like? If the timing is now right, is the market crawling with competitors?
Ray Rothrock: Yes, there is this company called SkyBoss, which is the same age and investment profile as us. There are a number of other companies that are moving into our space that have been mostly perimeter security companies and firewall management companies. They realized that having end-to-end understanding is very important. They’re encroaching on our domain. Business across all of these companies is picking up steam and speed in terms of growth. There are new investments out there for sure.
Sramana Mitra: If you want to do it with a use case, that’s fine. What I’d like to understand is, architecturally, how does this work? Where do the measurements fit? What are the pieces that it’s monitoring? How does it know what it knows?
Ray Rothrock: That’s a great question. The path which traffic moves on in a network is dictated by what’s called configuration files on routers and firewalls. Sometimes, companies store these in repositories and sometimes not. We access every configuration style of every traffic device on the network. We build a software model of your network. With that software model, I now have a configuration of your network. You may have thought that there was a connection between point A and point B. But I’ll tell you whether there really is or isn’t. That typically is where the problems occur.
Once we have this model, we take in the log files from all these other security software that you probably already own and use, scanners primarily. We take that information and combine it with the model. When you do that, I now understand the business of your network. I now understand what matters on your network. With that information, I can then tell you what’s at risk. The first output of a RedSeal analysis is a priority type list of what is most at risk and what you can do to reduce that risk. We actually tell you right down to the piece of equipment and what is causing that risk to happen.
Imagine a network that has 5,000 devices. It’s massive. No individual can know how the whole thing operates in any given time. In fact, the CEO or the CFO don’t even understand cyber. They are like, ” I’m spending money. I’m hiring engineers. Is this thing getting better?” We took our model and our vulnerability assessment, and we combine them.