Patrick Spikes [0:00]

Okay, hello everyone. Welcome to another edition of Redapt replay. We're recounting an event we hosted up in Woodinville with some of our security sponsors, and one of those joining us today was at the event is Menlo Security.

We're joined with Victor Manga from Menlo, and he's going to go over some of the conversations that came up at the event. The theme of the event was uncorking AI data risks and, of course, vino we hosted at a winery, had a great evening of hors d'oeuvres and wine, and had a lot of people chatting about this stuff and so their real sweet spot is protecting against browser based threat.

So I want Victor kind of going to recap of what he seeing out there and what came of it conversationally at the event, and I'll just turn things over to him and Andrew. Likewise, what's Menlo security doing these days?

Victor Monga [0:41]

So we'll start with this one great event. By the way, great conversations and a common theme after the conversations that we were able to categorize is still the cost. Yes, I've been in the industry 20 years and still the conversation has cost that CIO CSO they're concerned about the cost of the tech stack, and now they have to prove their justification, ROI. So it still remains the same problem.

Stay in conversation at the CIO, CSO level. How do we reduce the cost and get the most out of it? Second, you mentioned data risk and data privacy. That's becoming a more and more problematic conversation for lot of organizations because in order to say that I'm protecting my data, first I need to know the data and then goes back into the conversation of data classification, asset discovery, which has been a conversation since I can remember.

How Menlo is looking at it? Someone actually posted this meme on my LinkedIn and I understood what they really mean by it. Where if we look 20 years ago, operating system was everything corporates when they were actually issue endpoints or laptops or PCs, they would have a checklist. I know I had a checklist when I worked at admin that I had to make sure that this is installed. That's turned off. This is all those things, group policies and everything is managed.

20 years Fast forward now. I honestly treat my operating system as the underlying way where I don't care the operating system browser is where I am 95% of the time I'm spending I'm spending more than 95%. But I know an average user in an organization, they are spending 95% of the time in a browser and the meme is browser. Is the new operating system.

So if that's the case, then what are we doing about it? How do we make sure that the browsing the session from your end user going to Internet? Going to your enterprise application. Is that secure? What additional policies are you applying it? So that's where the conversation that's where Menlo comes in and we look at these things a little bit differently. Where browser is a place where attackers are actually looking at the most because it's not where organizations have spent a whole lot of time.

There's not a whole lot of agent that you put on the browser and that approach of replacement browser never took off because everybody's so used to their own browsing and browser and their custom to it. So replacement browser was never a choice. Companies tried it. Organizations fell for it. Customers feel that they were deceived into it, but that was never a good choice.

Mello takes it complete differently. Customers, organizations, users, you continue using your end browser, endpoint, browser, whatever. You're used to it, we will make sure that we protect the session going to Internet. We will make sure we secure your application. Enterprise application access. That's where the real value here is, and obviously 2018 and onward everyone is talking about BYOD, remote workforce contractor use case and they had a game.

Back to if you think about 20 years ago, VPN was a big thing when it came out the technology people were like, yes, VPN is a great way to actually connect your organizations. But my question and again the conversation we had at the event - where how many applications are actually running on a server at a central location for your company? That's a question you wanna ask yourself, but due to the application you're using today, are SaaS based or deployed in public cloud, so does it really make sense for a connection to come back to your headquarter or come back to your central point and then go out to Internet?

So that's one second VPN. Once I have access. Are you validating every request that I'm actually sending it to your enterprise application? So you're giving me unnecessary visibility into your network. Adversaries. That's what they want.

Takes a completely different and we'll talk about more zero trust personal. So again, Mello's taking this approach where we wanna manage. We wanna help you manage your browser. We wanna help you build the confidence and protect the users when they're going to Internet and wanna secure the applications that your enterprises are serving and hosting for day-to-day business.

Andrew Spottswood [5:21]

Victor, that's great. And that was at the event. We had several cybersecurity and technical leaders in the area attending and this was a hot topic talking, just narrowing down on where, where are the crown jewels? Where is critical data and who is accessing that.

And it centers many times around the browser as you outlined. And that's where it's often forgot we're looking outside the environment around the environment. But Menlo's approach to center on the browser it was is clearly key.

What are some of the like? How does Menlo? What is the approach that you all take to protect the browser? I know it's we talked about access based, we talked about ways of capturing when you know the wrong data is getting accessed. What's the secret sauce? What's the approach you'll take?

Victor Monga [6:27]

Very very simple. Zero trust. It's built into our DNA. That's a philosophy we have for our product, our internal systems, our internal processes. That's the same approach we actually encourage, educate, and talk to our customers. Zero trust again going back.

That's a common thing for big companies, global companies. Contractors are the Trojan horses. How do you know when they're actually fixing something? They're not leaving a little back door for themselves. How do you know that's where Melo comes in? We know when they're actually typing in the browser accessing your application because we're right in the middle. Not only will give you accv view of it, we'll give you the HTML code, CSS code, or the javascripts. What what's being run on the browser.

That's priceless, in my view from SoC perspective. Is it a response perspective? Threat hunting. That itself is process, and all of these things. The tie back to one simple concept that I started this conversation: Zero trust. This is built into our fabric, our DNA, and that's what we are going with our product that we want to make sure we will help you advance, evolve your journey as a customer into zero trust.

Andrew Spottswood [11:32]

That's well said.

The journey that many customers that we've worked with with zero trust is it is a journey. It's a continuation and the piece that Menlo fits with that at the browser level is key.

So one question that came up, I wanted to ask and was around what browsers does Menlo work with? Is it specific browser? Or is it your own proprietary or how does that work?

Victor Monga [12:05]

We get that a lot. And that's one of the misconceptions again created by the early authors of RBI companies and vendors. Let me give you my browser. Let me give you my proprietary browser. Let me give you a replacement browser.

Companies tried customers really tried to adopt that because they want to get secure. They want to protect their users. They are concerned about their applications, but the whole notion of proprietary browsers replacement browser is is just doesn't work.

As an end user, if you ask me today that, hey, Victor, go ahead, change your browser and you have to use this new browser where the bookmarks are gone and the way you interact with the browser, the look and feel, the UI that you know from past 10-20 years is just gone overnight and then you have to use this on the name of security first.

I'm gonna push back if I fail, I'm gonna find a way to supplement it. Menlo is taking completely different approach. We're saying users should not suffer. We should not prevent business to do the business.

We are transparent in that process. Users customers continue using the browser that they use Chrome and Safari. All major browsers you can use it.

Our differentiator is we almost, we call it twin clone in the cloud Secure Cloud browser. When you go to cnn.com whichever website you want to go to I picked an example at cnn.com, but it could be Yahoo, it could be whatever the website you want to go to that connection goes to Menlo.

Menlo will actually go and browse Internet for you, so when you request cnn.com yahoo.com, whichever website you go to, the request will come to Menlo, and Menlo will actually go fetch and execute that in a secure cloud browser for you. We'll send that safe data back to you in your browser.

In this way, at the end of the day, end user, what do they want? I just want to see the content from the website. I don't care the behind the scenes what's happening because either way I don't see behind the scenes browser and web servers are doing that business for me already.

Menlo is adding that layer of security without stopping the business without adding a hop or any frustration for the end user.

And that's why a lot of time when people ask me what does it take to actually test Menlo or POV? Like, do you have a laptop? Yes. Do you have Internet? Yes. Do you have browser? That's all it takes.

That is all it takes. You don't need to install anything. You don't have to work with your IT to change DNS. You don't have to work with your networking team to change networking. None of that.

You have a computer. You have Internet your browser. That's all you need. That's my prereq. That's all you need, and that's the mind shift, right? That's where companies are realizing that.

All of that distractions and noise about replacement browsers and proprietary browsers. It was not effective. It is not effective. The future is where we need to help users.

We need to help end users do the day job and help them actually continue do the business. We are part of that process as a transparent security in between. And making sure that the other day the user is happy with what they're doing. Admins are happy 'cause now they're getting less complaints from the users, and ultimately we just build that confidence in the company that they can trust a vendor they can trust, a partner for security reasons.

Andrew Spottswood [15:51]

That's terrific. That was actually going to be my one of my last questions. As we wrap up was what do customers do next or what people that are interested in Menlo. And it sounds like it's a pretty quick process.

One we can set up time to meet and kind of quantify where Menlo's going to be a good fit and then it sounds like since you have the back end set up, it's just a matter of pointing. Tell us what would a customer expect once they initially engage?

Victor Monga [16:22]

www.menlosecurity.com, that's all you need. Go to our website and look for information you need and happy to set up demo for you. Happy to set up proof of value for you and if you wanna talk more on zero trust or application access, that's a hot topic among CSO and CIO that I don't know the application footprint right now.

How many SaaS? How many public cloud? How many private cloud I'm using? Happy to have that conversation and really cut the cost complexity for you so you can have your security engineer, security architect of the team reduce that fatigue that they've been feeling.

Andrew Spottswood [16:59]

Great. Well, encourage everyone to - we'll have a link at on this page and to visit Menlo. Thanks for the partnership, Victor. Appreciate the conversation today.

Victor Monga [17:10]

Thanks for having me.

Patrick Spikes [17:10]

Thanks for being with us today, Victor. I really appreciate it. That about wraps it for this edition of Redapt replay. Hope to see you again on another session. Make it a great day, everyone. Bye.