Thought Leaders in Cyber Security: Dispel CEO Ethan Schmertzler (Part 3)

Sramana Mitra: Can you suggest areas that we should cover in this discussion that the audience that we’re speaking to should know about in what you’re doing?

Ethan Schmertzler: We’re not the only company that’s starting to explore the idea of using virtual machines as dynamic disposable environments for protecting assets. You can think of Moving Target Defense as a medical glove in the sense that you can put one on and then you don’t expose any risk of data being exfiltrated.

Having that dynamic disposability gives you a lot of flexibility in terms of allowing third party access but without granting that team the ability to exfiltrate information or expose you to any malware that might be living in their environment.

There are two main challenges for folks trying to do the same in the past. One of them has been the latency issues. We are bouncing traffic between different nodes. Physics is physics. The speed of light can only go so fast. Every single hop you introduce, it increases the latency involved in the network.

The other component is how robust the automation components are for being able to deploy these. Most people do set up these kinds of disposable environments on their own. If you then tell them to make the entry point to a large international bank, they’re going to say, “That’s impossible. That’s too difficult.”

That is the crux here. You have to be able to make sure that your engine can support this kind of automation. This is where we start seeing things like the automation tools that make DevOps so much simpler to deploy in these cloud-based environments. Those would be the two points.

Sramana Mitra: In your sphere, what are some of the open problems that you observe that are worth exploring for new entrepreneurs? What are some cyber security new business opportunities to solve some of those open problems?

Ethan Schmertzler: What we see a lot is older, static security controls being at odds with user access and user flexibility. It’s extra patience from the end users and the business owners for what the IT should be able to do. We see that all the time.

For example, strict lockdown firewall rules. In order to gain third-party access, you then have to start changing third-party firewall rules. Those two things are in conflict. They take time.

I would say it’s a perfect business opportunity for anyone who can reduce the level of friction between the security controls and then having to change those in a way that allows third-party access or integration with third-party vendors in a way that makes sense and keeps everyone sane.

Sramana Mitra: Tell us a little bit about your company. How long have you been around? What is the trajectory? What are the metrics of the company?

Ethan Schmertzler: We started in 2014. We did our seed round for $1.5 million in 2014 and a follow-on Series A in 2015. The team is working on this technology starting back as early as 2010 but got a working commercializable product a couple of years later. That’s when we started to build the company.

There were some very large institutions that said, “If you solve this problem for us, we’d be delighted to buy it.” Those are some of our original critical customers. Our company does over $10 million ARR. We’ve been growing the company organically using new contracts.

Typically, our sales are B2B; not so much B2C. Largely it’s securing remote access from third-party environments into your secure systems.

Sramana Mitra: What is the average deal size?

Ethan Schmertzler: They live in one of two buckets. Either they’re around $12,000 a year for a managed security service where we provide tools. Others require a large amount of customization and integration into their existing environments. Those start at $1.2 million.

Sramana Mitra: How many customers are we talking about?

Ethan Schmertzler: We serve tens of thousands of end users at institutions every day and those are serving hundreds of thousands of end customers at the end of the day. Those are usually concentrated in some very large institutions though. 

Sramana Mitra: How many B2B customers are we talking about?

Ethan Schmertzler: Those are numbers we don’t talk about.

Sramana Mitra: It sounds like you are building a capital-efficient company which is something we really like very much in our program. That is highly encouraged. Congratulations. Thank you for your time.

This segment is part 3 in the series : Thought Leaders in Cyber Security: Dispel CEO Ethan Schmertzler
1 2 3