Thought Leaders in Cyber Security: Dispel CEO Ethan Schmertzler (Part 1)

In this interview, Ethan discusses Moving Target Networks, a cyber defense technology. The company does about $10M ARR.

Sramana Mitra: Let’s start by introducing our audience to yourself as well as to Dispel.

Ethan Schmertzler: I’m the CEO and one of the Co-Founders of Dispel, which is  a cyber security and cyber defense firm that was founded in 2015. It’s based in New York City and Washington DC.

Sramana Mitra: How about the company?

Ethan Schmertzler: We focus on a technology known as Moving Target Defense. Its purpose is to outpace and maintain a higher operational tempo in terms of your cyber defenses that adversaries can launch an attack against.

Our team has grown from an original team of seven folks and expanded up to over 43 people across our offices. We are helping customers in utilities, finance, pharmaceuticals, and government allow third-party access to their internal critical systems without exposing an attack vector that can be exploited by an adversary.

Sramana Mitra: The next thing I’m going to ask you is to help us with an ecosystem map of where exactly you play in the cyber security space. It’s such a crowded space. Every time I bring somebody on to this series, I ask for an ecosystem map.

How do you see the world from your vantage point? Who are the players? Who are the adjacencies? Who are the competitors?

Ethan Schmertzler: I like to start these conversations because security network engineers always ask it. Where do we live in their security stack? We live on the DMZ, no matter how we talk about the end of the perimeter or becoming perimeterless.

If you’re going over the public internet, you have services that, at some point, touch the internet cesspool. That’s the DMZ. That’s where we live. We live outside of your firewalls, your heuristics-based defenses, and your signature-based defenses.

Our job is to take that perimeter-facing or external-facing part of your network and make it invisible to an adversary. That’s where the concept of Moving Target Defense comes in. Moving Target Defense is an application in the broader realm of software-defined perimeters.

It uses virtual machines in public cloud providers and dynamic routing so that an entry point to your network might be in one location in one moment. A couple of minutes later, it changes to a different IP address on a different cloud provider in a way that’s seamlessly transparent to the end user.

That way, authenticated users know how to get in, but an adversary would have to guess wildly by throwing darts at the billions of potential IP addresses. It’s highly improbable that they’d be able to guess. Even if they could, it will change in the next couple of minutes.

The idea of Moving Target Defense (MTD) has been around for a long time. The Navy of the United States was toying around with it in the late 1990s. You’re seeing more and more programs coming out for it.

MTD exists now in all processors that are used to dynamically change the network mapping. At the data level, you’re seeing some companies come out with capabilities for fragmenting and moving data around constantly. We live at the network level.

When you traverse the internet, being able to know where that environment is at any given point in time is what we specialize in. We’re pretty much the market leaders in developing this kind of technology in the commercial space. 

This segment is part 1 in the series : Thought Leaders in Cyber Security: Dispel CEO Ethan Schmertzler
1 2 3