WEBVTT 1 00:00:00.450 --> 00:00:02.010 Michael Novinson: Hello, this is Michael Novinson with 2 00:00:02.010 --> 00:00:05.400 Information Security Media Group. I'm joined today by Yaniv 3 00:00:05.400 --> 00:00:09.930 Vardi. He is the CEO at Claroty. And he joined Claroty in July 4 00:00:09.960 --> 00:00:14.820 2020. Since that time, he has raised $540 million in two 5 00:00:14.820 --> 00:00:17.820 rounds of funding, and spearheaded the acquisition of 6 00:00:17.850 --> 00:00:21.810 Medigate last year. Yaniv and I are going to take a look back at 7 00:00:21.810 --> 00:00:26.460 2022, this was to look ahead at what to expect in 2023. Good 8 00:00:26.460 --> 00:00:27.480 morning, Yaniv. How are you? 9 00:00:28.080 --> 00:00:30.420 Yaniv Vardi: Hey, good morning, Michael. Very good. Thank you. 10 00:00:30.990 --> 00:00:33.270 Michael Novinson: Thanks so much for making the time here. Want 11 00:00:33.270 --> 00:00:35.490 to start off with something I just raised, that being the 12 00:00:35.490 --> 00:00:38.400 acquisition of Medigate. I know it's been roughly a year since 13 00:00:38.400 --> 00:00:41.250 that acquisition was announced. What has that done? What does 14 00:00:41.250 --> 00:00:44.760 that mean for Claroty and its customers, bringing Medigate in? 15 00:00:45.920 --> 00:00:50.030 Yaniv Vardi: Sure. Obviously, the market that we're addressing 16 00:00:50.060 --> 00:00:54.350 is the cyber physical systems and Claroty, prior to the 17 00:00:54.350 --> 00:00:57.980 acquisition, was focusing on critical infrastructure, 18 00:00:58.250 --> 00:01:02.840 industrial manufacturing, and the biggest differentiation for 19 00:01:02.840 --> 00:01:07.190 us was our domain expertise. We're really focusing on helping 20 00:01:07.190 --> 00:01:11.030 these organizations securing all the physical assets that are 21 00:01:11.030 --> 00:01:15.860 connected. The health care side of things was also under attack, 22 00:01:15.860 --> 00:01:20.510 and still is, unfortunately. And so health care being a market 23 00:01:20.750 --> 00:01:25.430 with great needs was one that we wanted to address as part of the 24 00:01:25.430 --> 00:01:30.230 strategy of addressing the physical world. And hence why we 25 00:01:30.260 --> 00:01:34.820 decided to acquire Medigate and combine and merge the two 26 00:01:34.820 --> 00:01:39.290 companies together to really secure the cyber physical 27 00:01:39.290 --> 00:01:43.850 systems in the critical infrastructure. Since then, we 28 00:01:43.850 --> 00:01:48.470 merged the two companies, we came up with xDome, our Cloud 29 00:01:48.470 --> 00:01:53.000 offer that combines the benefits and capabilities for the 30 00:01:53.000 --> 00:01:57.080 industrial manufacturing, healthcare and commercial 31 00:01:57.080 --> 00:02:02.210 enterprises. Since then, we're not only now addressing all the 32 00:02:02.420 --> 00:02:07.130 industrial control systems and the related assets, the IIoT 33 00:02:07.130 --> 00:02:11.930 (the industrial IoT), the IoMT, on the medical device, the 34 00:02:11.930 --> 00:02:16.610 clinical assets, but also the enterprise IoT. And so combine 35 00:02:16.610 --> 00:02:22.250 it all in one platform over the cloud, to take advantage of our 36 00:02:22.250 --> 00:02:26.960 domain expertise, and take it to the next level, providing 37 00:02:26.990 --> 00:02:31.010 unmatched visibility, because that's what we learned is one of 38 00:02:31.010 --> 00:02:35.420 the biggest challenges that our customers in the market is going 39 00:02:35.420 --> 00:02:40.490 through, vulnerability and risk management with the mitigated 40 00:02:40.490 --> 00:02:45.590 actions that customers need to take, threat detection in real 41 00:02:45.590 --> 00:02:49.910 time, and secure remote access, all following the holistic 42 00:02:49.910 --> 00:02:52.820 approach in a unified platform. 43 00:02:54.380 --> 00:02:57.770 Michael Novinson: So, in terms of those different arms that you 44 00:02:57.770 --> 00:03:00.830 mentioned, is it typically the same customer who's turning to 45 00:03:00.830 --> 00:03:05.690 you for IIoT, IoMT, OT or are they typically different 46 00:03:05.690 --> 00:03:09.770 customers who want each of those capabilities? 47 00:03:10.620 --> 00:03:15.030 Yaniv Vardi: So, the customers - if it's an industrial company or 48 00:03:15.180 --> 00:03:20.070 a utility, or oil and gas company, will always have the 49 00:03:20.100 --> 00:03:23.700 IIoT, the industrial IoT with different sensors, like 50 00:03:23.700 --> 00:03:29.790 temperature, pressure sensors, but also OT assets. Think about 51 00:03:29.790 --> 00:03:34.980 PLCs and HMIs, and SCADA. But today, the CISA would like to 52 00:03:34.980 --> 00:03:39.540 make sure they also cover all connected physical assets within 53 00:03:39.540 --> 00:03:43.470 the four walls of a side, hence BMS (building management 54 00:03:43.470 --> 00:03:48.090 systems), and not just the industrial side of things, but 55 00:03:48.090 --> 00:03:52.080 also the BMS and the smart cameras and whatever is 56 00:03:52.080 --> 00:03:56.730 connected. Same for hospitals. It's not just covering IoMT, not 57 00:03:56.730 --> 00:04:01.740 just the medical devices, but the BMS, the elevators, the 58 00:04:01.800 --> 00:04:05.520 smart cameras and smart devices, everything that is connected in 59 00:04:05.520 --> 00:04:10.590 the network should be protected. And so to your question, today, 60 00:04:10.620 --> 00:04:17.070 the CISOs are trying to look at a holistic approach that cover 61 00:04:17.280 --> 00:04:21.480 visibility, for example, for all connected assets and not just 62 00:04:21.480 --> 00:04:22.770 one area or another. 63 00:04:24.630 --> 00:04:26.790 Michael Novinson: In terms of the Medigate acquisition, was 64 00:04:26.790 --> 00:04:30.420 that primarily bringing you into a new set of customers, notably 65 00:04:30.420 --> 00:04:32.460 hospitals and health care organizations? Or was there a 66 00:04:32.460 --> 00:04:35.940 need for that IoMT technology? Also, within your existing 67 00:04:35.940 --> 00:04:38.520 customer base, where there a lot of existing customers clamoring 68 00:04:38.000 --> 00:04:42.920 Yaniv Vardi: It's actually both right. So the differentiation of 69 00:04:38.520 --> 00:04:38.850 for that? 70 00:04:42.950 --> 00:04:47.810 Medigate versus others by far is the solution but also their 71 00:04:47.840 --> 00:04:52.490 market share, their customers - they have thousands of hospitals 72 00:04:52.520 --> 00:04:55.880 using them to protect their networks. By far, they're 73 00:04:55.880 --> 00:05:03.110 leading the market, winning best in class. The industry report 74 00:05:03.470 --> 00:05:06.920 year over year as the best health care cybersecurity 75 00:05:06.920 --> 00:05:10.850 solution that is out there. So it's actually both that we gain 76 00:05:10.850 --> 00:05:11.300 from. 77 00:05:12.980 --> 00:05:14.750 Michael Novinson: From the standpoint of the customer with 78 00:05:14.780 --> 00:05:19.700 the rollout of xDome in August, what's the tangible benefit for 79 00:05:19.700 --> 00:05:24.140 customers of having that single platform for that IIoT, for the 80 00:05:24.440 --> 00:05:27.890 OT, for the IoMT, for the connected devices? What is the 81 00:05:27.890 --> 00:06:06.710 need for customers to have this all on one platform? 82 00:05:30.460 --> 00:05:33.879 Yaniv Vardi: Sure. So first, unmatched visibility. It's not 83 00:05:33.954 --> 00:05:38.414 just one set of devices that you identify, but all connected 84 00:05:38.489 --> 00:05:43.024 assets are being identified. Like I said, from the OT, or the 85 00:05:43.098 --> 00:05:47.558 IIoT, the industrial IoT, to the BMS, to IoMT, all connected 86 00:05:47.633 --> 00:05:52.391 devices are now visible, mapping the network, understanding what 87 00:05:52.465 --> 00:05:57.074 you have and how these assets are connected is a must for this 88 00:05:57.149 --> 00:06:01.386 organization. And then we get into vulnerability and risk 89 00:06:01.461 --> 00:06:06.070 management. We get into network policy management, the ability 90 00:06:06.144 --> 00:06:10.754 to perform network segmentation, we get into continuous threat 91 00:06:10.828 --> 00:06:12.910 detection, all in one class. 92 00:06:12.000 --> 00:06:14.820 Michael Novinson: Wanted to talk a little bit about the market 93 00:06:14.884 --> 00:06:18.665 landscape. And what we've seen, most notably Forescout also 94 00:06:18.729 --> 00:06:22.126 extended to the health care security space with their 95 00:06:22.190 --> 00:06:26.100 acquisition of CyberMDX. How do you feel the combination that 96 00:06:26.164 --> 00:06:30.009 Claroty-Medigate combination stacks up against Forescout and 97 00:06:30.073 --> 00:06:33.150 CyberMDX? What makes your combination different? 98 00:06:34.290 --> 00:06:36.570 Yaniv Vardi: Sure. Look, these companies are also great 99 00:06:36.570 --> 00:06:41.160 companies, without a doubt. The differentiation we look at 100 00:06:41.190 --> 00:06:45.810 Claroty and Medigate together combined is really covering all 101 00:06:45.810 --> 00:06:50.850 assets without domain expertise. The proprietary protocols that 102 00:06:50.850 --> 00:06:56.310 we address, the domain expertise that we have, the relationship 103 00:06:56.520 --> 00:07:00.360 with the device manufacturers, if it's Rockwell Automation, 104 00:07:00.360 --> 00:07:04.140 Schneider, Siemens on the industrial side, or if it's the 105 00:07:04.140 --> 00:07:07.320 device manufacturers on the medical device side of things, 106 00:07:07.500 --> 00:07:10.350 the relationships, these proprietary protocols, the 107 00:07:10.350 --> 00:07:14.160 domain expertise is really what differentiates Claroty and 108 00:07:14.160 --> 00:07:17.010 Medigate, the merge, from others. 109 00:07:18.390 --> 00:07:19.860 Michael Novinson: And want to get a sense, because they know 110 00:07:19.860 --> 00:07:23.730 your business spans industrial commercial healthcare. What's 111 00:07:23.730 --> 00:07:26.910 been the fastest growing area, the fastest growing technology 112 00:07:26.910 --> 00:07:29.460 within Claroty portfolio this past year? And why? 113 00:07:30.800 --> 00:07:33.650 Yaniv Vardi: Sure. It's a good question. Look, first, it's 114 00:07:33.650 --> 00:07:40.940 definitely clear for us that connectivity and the race for 115 00:07:40.940 --> 00:07:46.880 connectivity is accelerating big time, you know, talking about 30 116 00:07:46.910 --> 00:07:52.880 billion devices, IoT devices, connected by 2025, the race to 117 00:07:52.880 --> 00:07:56.990 connectivity by far outpaced the ability to secure it for these 118 00:07:56.990 --> 00:08:01.040 companies. And so, we see that on the industrial and 119 00:08:01.040 --> 00:08:04.490 manufacturing side, all critical infrastructure are really 120 00:08:04.490 --> 00:08:09.140 pushing forward, all legacy devices being connected, and 121 00:08:09.140 --> 00:08:13.610 also adding more and more IoT devices. Same for health care, 122 00:08:13.640 --> 00:08:17.360 we see more and more hospitals are connecting devices to be 123 00:08:17.360 --> 00:08:21.170 more effective, more efficient. You know, these verticals are 124 00:08:21.170 --> 00:08:25.220 really pushing forward as they need to be more productive, they 125 00:08:25.220 --> 00:08:31.340 need to be more competitive. But like I said, they're creating a 126 00:08:31.340 --> 00:08:36.050 bigger exposure and kind of expanding the attack surface by 127 00:08:36.080 --> 00:08:40.640 going after this connectivity. And all these verticals, I can 128 00:08:40.640 --> 00:08:45.290 say that one vertical was, you know, accelerating more than 129 00:08:45.320 --> 00:08:49.160 others, all verticals accelerated all critical 130 00:08:49.160 --> 00:08:52.670 infrastructure. And at the same time, unfortunately, were 131 00:08:52.670 --> 00:08:57.260 attacked. There's a huge percentage of companies who are 132 00:08:57.260 --> 00:09:03.530 impacted by ransomware between 2021-2022. And so these 133 00:09:03.530 --> 00:09:08.690 companies, not only they are accelerating connectivity, but 134 00:09:08.690 --> 00:09:13.280 at the same time, also getting aware to all these attacks, are 135 00:09:13.280 --> 00:09:16.100 getting impacted by these attacks. And we need to make 136 00:09:16.100 --> 00:09:18.740 sure they have a solution in place to mitigate the risk. 137 00:09:19.850 --> 00:09:22.160 Michael Novinson: Of course. Let's get into the crystal ball 138 00:09:22.160 --> 00:09:25.400 here for a few minutes. Look ahead to 2023. For starters, 139 00:09:25.400 --> 00:09:27.860 wanted to get a sense of the biggest market opportunity that 140 00:09:27.860 --> 00:09:30.140 you're hoping to tackle at Claroty in the year ahead. 141 00:09:31.380 --> 00:09:33.930 Yaniv Vardi: Yeah, so we'll continue to focus on critical 142 00:09:33.930 --> 00:09:37.170 infrastructure, industrial manufacturing health care, 143 00:09:37.470 --> 00:09:43.230 because by far, this is the most attack an impacted market today. 144 00:09:43.740 --> 00:09:47.820 But at the same time, the market is increasing and accelerating 145 00:09:47.820 --> 00:09:51.840 connectivity. We'll continue to focus on that market. We're also 146 00:09:51.840 --> 00:09:56.640 starting to serve as the public sector. And so obviously with 147 00:09:56.640 --> 00:10:01.410 the Biden administration, executive orders and the 148 00:10:01.410 --> 00:10:06.120 different regulations that are coming with the latest cyber 149 00:10:06.120 --> 00:10:09.990 performance goals that were published by CISA. We have more 150 00:10:09.990 --> 00:10:13.440 and more companies that are not only being aware, but also 151 00:10:13.440 --> 00:10:17.280 taking actions. And so, we are starting to service the public 152 00:10:17.280 --> 00:10:20.760 sector as well, not just the private sector, both on the 153 00:10:20.760 --> 00:10:26.070 federal, but also the state and local governments levels, and we 154 00:10:26.070 --> 00:10:28.440 are starting to service this market as well. 155 00:10:29.710 --> 00:10:31.660 Michael Novinson: I see that's very interesting. A two-parter 156 00:10:31.660 --> 00:10:35.890 for you. So first off, what are the most significant differences 157 00:10:35.890 --> 00:10:38.530 between the needs of the public sector, whether it be federal or 158 00:10:38.530 --> 00:10:41.680 state or local, versus the private sector organizations 159 00:10:41.680 --> 00:10:45.160 you've traditionally served? And then secondly, what do you see 160 00:10:45.190 --> 00:10:48.070 Claroty fitting in terms of the needs that these public sector 161 00:10:48.070 --> 00:10:49.030 organizations have? 162 00:10:50.680 --> 00:10:53.200 Yaniv Vardi: I mean, the needs for the public sector are very 163 00:10:53.200 --> 00:10:57.040 similar to the private sectors as far as - first, get to 164 00:10:57.040 --> 00:11:00.880 understand and map the network, right? So, visibility is the 165 00:11:00.880 --> 00:11:04.630 number one step that the public sector, state and local as well 166 00:11:04.630 --> 00:11:08.650 as federal, will have to go through, start to monitor these 167 00:11:08.650 --> 00:11:12.910 assets, provide true asset management. And then on top of 168 00:11:12.910 --> 00:11:15.880 vulnerability and risk management and threat detection, 169 00:11:16.180 --> 00:11:20.350 what we see, obviously, you know, some of the differences 170 00:11:20.350 --> 00:11:25.810 are more on the on-premises versus cloud needs, or the 171 00:11:25.870 --> 00:11:31.600 willing to jump on the cloud versus the need to stay with the 172 00:11:31.660 --> 00:11:36.340 solution on-premises. This is, you know, the differentiation 173 00:11:36.340 --> 00:11:39.970 that we see between the different verticals and the 174 00:11:39.970 --> 00:11:44.350 sectors, we have this, we have both solutions - on-prem. and 175 00:11:44.350 --> 00:11:50.140 cloud. And also, obviously, the speed of moving along and 176 00:11:50.140 --> 00:11:56.140 addressing the needs. We also make sure to always partner with 177 00:11:56.140 --> 00:12:00.010 a service provider to provide a holistic approach for our 178 00:12:00.010 --> 00:12:04.330 customers. And so always a service provider together with 179 00:12:04.360 --> 00:12:08.380 Claroty and our technology will address the needs in a public 180 00:12:08.380 --> 00:12:12.910 sector to make sure that, you know, the service provider that 181 00:12:12.940 --> 00:12:18.970 already has the relationships and is already embedded within 182 00:12:19.210 --> 00:12:23.770 the business of the public sector agency or the state or 183 00:12:23.770 --> 00:12:28.990 local businesses that will benefit from the combination of 184 00:12:28.990 --> 00:12:32.200 the service provider with the technology from Claroty. 185 00:12:33.730 --> 00:12:34.900 Michael Novinson: What investments have you made at 186 00:12:34.900 --> 00:12:37.900 Claroty to capitalize on this public sector opportunity, 187 00:12:37.930 --> 00:12:40.300 whether it be at the federal level or the state and local 188 00:12:40.000 --> 00:12:40.690 Yaniv Vardi: Sure. So we are going through a FedRAMP 189 00:12:40.300 --> 00:12:40.690 level? 190 00:12:40.750 --> 00:12:41.920 certification, the highest certification that is out there. 191 00:12:41.920 --> 00:12:46.570 We're also investing in the entity that we have in the U.S. 192 00:12:46.600 --> 00:12:57.100 that is addressing the public sector. So the support, the 193 00:12:57.100 --> 00:13:01.150 services, the customer success, the technology in all the 194 00:13:01.150 --> 00:13:04.840 different functions we invested to make sure we are prepared and 195 00:13:04.840 --> 00:13:08.470 effectively and efficiently can serve the public sector. 196 00:13:09.760 --> 00:13:11.500 Michael Novinson: Of course From the standpoint of your 197 00:13:11.500 --> 00:13:14.980 customers, what are the biggest security related challenges you 198 00:13:14.980 --> 00:13:16.750 see them having to deal with the next year? 199 00:13:18.430 --> 00:13:22.630 Yaniv Vardi: Yeah, I mean, what we see is, first, a lot of, like 200 00:13:22.630 --> 00:13:27.880 I said, connectivity is only accelerating because these guys 201 00:13:27.880 --> 00:13:31.660 want to be more productive, more competitive. And so we see that 202 00:13:31.660 --> 00:13:35.860 the risk is being expanded, the attack surface is being 203 00:13:35.860 --> 00:13:41.290 expanded, right? We see one aspect of it is that the CISOs 204 00:13:41.290 --> 00:13:45.400 and the security executives start to understand the impact 205 00:13:45.400 --> 00:13:51.340 of that risk. The other trend that we see is consolidations in 206 00:13:51.340 --> 00:13:55.870 the market, meaning from a customer perspective, they would 207 00:13:55.870 --> 00:14:01.570 like to, you know, handle just the trusted advisor and a 208 00:14:01.570 --> 00:14:06.790 solution that is a unified solution and not too many niche 209 00:14:06.790 --> 00:14:10.990 players and point solutions, right? Too many solutions to 210 00:14:10.990 --> 00:14:15.010 handle, too much integration going on, too many service 211 00:14:16.270 --> 00:14:19.630 providers are in the game here. And so they really want to make 212 00:14:19.630 --> 00:14:24.160 sure there is a consolidation going on with a trusted advisor 213 00:14:24.160 --> 00:14:29.050 that can serve them. At the same time, we see consolidations in 214 00:14:29.050 --> 00:14:33.520 the market with more and more M&A. As you'll see more of the 215 00:14:33.520 --> 00:14:39.880 big players are actually getting in to acquire niche players that 216 00:14:39.880 --> 00:14:43.780 are more focused on verticals and territories that are smaller 217 00:14:43.780 --> 00:14:48.310 in size. Again, because of the market, the conditions that are 218 00:14:48.310 --> 00:14:51.640 going on today. You'll see more and more consolidations in the 219 00:14:51.640 --> 00:14:57.730 market. That will also impact the cybersecurity market next 220 00:14:57.730 --> 00:14:58.060 year. 221 00:14:59.380 --> 00:15:01.240 Michael Novinson: Of course. Wanted to ask you finally, 222 00:15:01.480 --> 00:15:03.790 gazing at the threat landscape as well, what are some of the 223 00:15:03.790 --> 00:15:06.670 most interesting or notable developments that you're seeing 224 00:15:06.670 --> 00:15:10.630 that will affect customers in the spaces that you plan? 225 00:15:11.530 --> 00:15:14.800 Yaniv Vardi: Sure. So first, we see the technology stack 226 00:15:14.800 --> 00:15:19.240 expansion, meaning the ability to cover more than before, as 227 00:15:19.240 --> 00:15:22.960 the attack surface is being expanded, right? We see the use 228 00:15:22.960 --> 00:15:27.610 of remote access growing significantly. COVID-19 really 229 00:15:27.610 --> 00:15:32.230 impacted that significantly, where, you know, customers are 230 00:15:32.230 --> 00:15:36.820 now allowing remote access by their internal users, but also 231 00:15:36.820 --> 00:15:42.970 third-party vendors, more than before. I think it was published 232 00:15:42.970 --> 00:15:46.900 last year that 40% of the U.S. economy moved to a hybrid 233 00:15:46.900 --> 00:15:51.160 approach where they allow remote access. And so securing remote 234 00:15:51.160 --> 00:15:54.790 access is also critical for these companies that are now 235 00:15:54.790 --> 00:16:00.340 allowing internal users and third-party vendors into the OT 236 00:16:00.340 --> 00:16:03.400 environment, into their networks, into their sites. 237 00:16:04.510 --> 00:16:09.070 Related to the public sector, we see collaboration that is being 238 00:16:09.070 --> 00:16:12.730 done between the private and the public sectors, understanding 239 00:16:12.730 --> 00:16:16.420 the needs, understanding the cyber performance goals, 240 00:16:16.600 --> 00:16:19.690 understanding the regulations that are coming up and 241 00:16:19.690 --> 00:16:23.620 addressing it. So that's another trend that we see that is coming 242 00:16:23.620 --> 00:16:29.320 up next year. And like I said, also the consolidations that we 243 00:16:29.320 --> 00:16:34.420 see today, I think we'll be accelerated big time next year. 244 00:16:35.710 --> 00:16:37.570 Michael Novinson: Of course, all very interesting things to 245 00:16:37.570 --> 00:16:39.880 watch. Yaniv, thank you so much here for the time. 246 00:16:40.570 --> 00:16:41.980 Yaniv Vardi: Thank you so much, Michael. 247 00:16:42.760 --> 00:16:44.590 Michael Novinson: You're very welcome. We've been speaking 248 00:16:44.590 --> 00:16:48.370 with Yaniv Vardi. He is the CEO at Claroty. For Information 249 00:16:48.370 --> 00:16:51.760 Security Media Group, this is Michael Novinson. Have a nice 250 00:16:51.760 --> 00:16:52.060 day.