Netskope CEO Sanjay Beri: We Are ‘World’s Largest Cloud Network’ For Security

In an interview with CRN, Beri says Netskope’s technology can provide the ‘most granular view’ of user activity available in the SASE and SSE market, offering a major enhancement to security.

Beri On The Record

Among the three leading vendors in the security service edge (SSE) market, Netskope ranks the highest on both vision and execution, according to Gartner. And notably, the company has accomplished this without the visibility advantage of being a publicly traded company, unlike its two SSE leaders quadrant rivals, Zscaler and Palo Alto Networks. During a recent interview with CRN, Netskope Co-Founder and CEO Sanjay Beri said that the company currently has no need to go public for financial reasons, but may still pursue an IPO in the coming years to help with “continuing to grow our awareness.” At the same time, “our customers [already] know that this is a large, global company that services some of the largest companies in the world,” he said.

The exact size of Netskope’s business would be one difference that comes with being privately held rather than publicly traded. The company hasn’t disclosed dollar amounts or specific growth numbers for its revenue, but Beri said that Netskope has historically been growing in the vicinity of 50 percent a year. In January, Netskope did its “public round privately” by raising $401 million through a convertible notes offering, he said. Netskope was last valued at $7.5 billion in 2021 in connection with its $300 million Series H funding round, which has placed it among the highest-valued cybersecurity unicorns.

On the technology side, Beri has a lot more to say — contending that the company’s SSE and SASE (secure access service edge) platform offers a number of “fundamental differences [from] Palo Alto Networks or Zscaler.” Among those differentiators is that Netskope operates “the world’s largest cloud network from a security vantage point,” which gives a major boost to performance and a significant reduction to user latency, he said. The company also offers enhanced security capabilities by providing the “most granular view” of user and device activity available in the sector, Beri said.

In the interview with CRN, Beri also discussed Netskope’s investment in its channel partner program, which has included “amping up our enablement” of partners. In mid-July, subsequent to the interview, Netskope announced a new MSP program that serves as an “extension” of the company’s Evolve Partner Program, and offers a new “as-a-service business model framework,” the vendor said in a news release.

What follows is an edited portion of CRN’s interview with Beri.

What’s the main thing you’d want people to know about Netskope and your opportunity right now?

We’re in a great spot. A lot of the trends in the world are accelerating the movement to what we do. Customers are accessing cloud, they’re mobile, they want to save money and consolidate, they want to protect their data — all of the stuff we do. I feel like we’re in the bullseye of where the world’s going.

And so whereas [customers] used to walk in, and they’d go, “What the heck is SASE?” — now they’re like, “We’re moving to SASE. It’s a journey. So let’s figure out how to do it.” And so I think the maturity of conversations on SSE and SASE have dramatically increased. The fait accompli that people want to end up in that architecture has dramatically increased. We view ourselves as the founders of SASE, and now we’re the leader in the [Gartner Magic] quadrant in it too — those are all big accelerators to what we do.

We did our [latest] investment from the big public market investors — the big pension funds and the big banks — last year. We did our “public round” privately. We didn’t necessarily need to do that. But frankly, having an even bigger balance sheet is great so we can be opportunistic in things we may see. But also, if you look at our site, we’re hiring. We have hundreds and hundreds of openings. I’ve never believed you take your foot off the pedal in innovating on R&D. So we are pouring investment into R&D, and [into] enabling how we go to market — which is through our channel partners and our ecosystem. We are amping up our enablement of them.

In terms of SASE, do you think a large number of customers are actually interested in the full offering, or are a lot of customers just looking for the security elements through SSE?

Some are and some aren’t. In SASE, you have the SSE component, and then on the other side is the SD-WAN component. And there are many companies who make separate buying decisions. That’s why we’re a big proponent of being open. You don’t have to buy both components from us. We make sure we integrate. I’m a big believer that any of those companies that try to do everything, and make it hard for you to ever do something other than them — they’re going down a road of hurting the industry. They’re hurting CISOs and CIOs.

Our goal is we’re going to be the best at SASE. We’re not going to develop everything else in security. Otherwise, you kind of end up with the best of nothing. Within SASE — I think the latest stat I saw was like 30 percent — that want a single vendor for SASE. We’re one of the only ones who can deliver the full thing. But when we do it, we don’t just deliver it as a price-list integration, which is what many do. We are truly integrated. Our SD-WAN that we announced at RSA, it’s available on your endpoint. You don’t even need a hardware device. Over half your users are remote. Why can’t they get the advantages of the SD-WAN when they’re sitting in their hotel room or at home? We released that on the same [software client] footprint we already had. So you can just upgrade. You can do CASB and SWG and firewall and private access and everything — and now [you] can also, on that same software client, do SD-WAN and endpoint DLP. Customers can get value by having that integrated story when they buy the full SASE [from Netskope]. But we also support multi-vendor.

So you’d say that most customers do want full SASE capability — it’s just a matter of whether they’re going to come to a single vendor for it or not?

Yes exactly. It’s also about where the buying decision is within a company. Is it in networking? Is it in security? And so companies themselves have different groups. Traditionally, sometimes those groups have been pretty separate. And now with what’s happening in the world — digital transformation, security — they’re coming together. The decisions may have been made by different groups before. And so it’s also a little bit about, when do those groups collaborate and make a decision together?

What are the biggest differentiators right now between Netskope and the other companies in Gartner’s leaders quadrant for SSE — Palo Alto Networks and Zscaler?

So one of the fundamental differences between us and Palo Alto Networks or Zscaler is that we are what’s called a “layer eight” proxy. With SSE, one of the core components is a proxy — something that intercepts your traffic and decodes it in-line. We are a layer eight proxy, they’re a layer seven proxy. And by the way, we have a patent on this from nine years ago. We understand the language of the internet today. It’s all APIs, JSON. They speak the old language — which is web/HTTP/HTTPS. But the reality is that over 70 percent of your traffic today is no longer capable of being understood, if HTTP is all you understood. It’s much more granular. So one of our core differences is we give you the most granular view of what your users or devices are doing. We tell you, “Hey, that gentleman is on a non-corporate instance of Microsoft Teams on a public channel sending a credit card” — that’s a layer eight proxy. They tell you, there’s 500K of data going to Azure. And so, when you just turn us on, you’ll instantly see what people are doing in a language that you understand — and in a language that you can actually set policy on. So that’s the first — they are what I would call a legacy layer seven proxy, we are a layer eight proxy. The reality is we were built later — we understood what was going to happen in the industry. That’s the engine to your car — your proxy is the engine to your SSE platform. And our engine is that layer eight engine, versus what I would call a legacy layer seven engine.

Could you explain what “layer eight” means in this context?

I made up that term [but] the way to think about it is, the engine of SASE is the ability for you to understand, “What is this user or device doing?” Our capability to understand that transaction is much more granular. And the example is, would you rather know there’s 500K of data going to Azure? Or would you rather know that someone’s on a public, non-corporate instance of Microsoft Teams on a public channel sending a credit card? If you knew the second, you would know what to do — you don’t allow that. If all you knew was the first, you don’t know what to do. The capability we have is our proxy understands internet traffic in a language that you can understand — and that is much more granular. And that’s the basis of all security: How granularly do you understand the transaction and the user and the device, and what they’re doing? We give you that true understanding. And I think [competitors] have more of the legacy, older way of understanding.

The second differentiator is, ultimately what people want to do is protect their most sensitive asset, which is their data. And we are known as the best at data protection. You can look at the Gartner Critical Insights paper, where they rate functionality. And you’ll see these Zscaler and Palo Alto Networks are well below us on data loss prevention. And so understanding, finding and protecting your sensitive data — whether it’s on-premise, on the web or in the cloud — that’s the second big differentiator.

What does Netskope do that’s so different on DLP?

One is that our data protection is available everywhere. So could be the endpoint, could be from email, could be web, could be on-prem wherever. You watch the data no matter where it is. Most [competitors] don’t do endpoint — they will maybe just do it for web.

The second is our ability to find the sensitive data. That requires deep algorithms — how do I know that that is a credit card? We pioneered using machine learning and AI six-plus years ago to find sensitive data. So we have over 100 models. We have neural networks that will find if you’re stealing data and trying to stick it in an image. If you are trying to take a virtual whiteboard and use that to steal data, or if you’re trying to haze out a passport so no one can read it — we’ll find it. And so the second big reason is our depth of capability, and our use of machine learning and AI. Even though [AI/ML] is the fad now, we were talking about it five or six years ago for finding sensitive data. So I have over 100 data scientists, and all they do every day use neural networks and techniques to find that. So it’s the breadth and depth of data protection. And if you combine that with the context of our proxy, now you understand exactly what the user is doing. And you can understand very precisely what data they’re transacting. So it’s a powerful combo.

The third thing is we have the world’s largest cloud network from a security vantage point. So if you compare us versus Palo Alto, our infrastructure network would be four to five times faster. It’s similar from a Zscaler perspective. We’re 10 milliseconds away from anybody in the world. Our infrastructure is the most-connected and performant network now in the world. It’s designed in a way where the end user latency and response time is the best. So we will deliver the fastest, most-performant end user experience, because we have the world’s largest cloud network from a security point of view. It’s called NewEdge. And then the last is — especially for someone like Zscaler — they don’t have a SASE offering. They’re not a SASE player, because they don’t have the SD-WAN side.

Zscaler does integrate with SD-WAN offerings though.

Exactly. And while we do that, we now have our own SD-WAN. And we can offer that in a branch campus, a manufacturing floor — or I can just offer it on your laptop. I have customers now who don’t want any hardware — they work in their home. They just want acceleration. And we say, “Great — the same client you’re using to steer traffic to our web and SaaS and private access, it now does acceleration of Teams and Zoom.”

What are some of the differentiators of your ZTNA Next offering?

ZTNA Next is a full VPN replacement that enables zero trust. What a lot of people had before was a VPN replacement, but it wasn’t enabling zero trust. And so why it’s unique is ZTNA Next can enable a least-privilege, zero-trust architecture, and cover all your VPN use cases. It can cover users and devices talking to apps, but it can also cover the reverse — a server or app initiating a connection to a client. So it can go both ways, and can do it in a way where it truly doesn’t give people network access. It just gives them access to only what they need, which is a concept of zero trust. So it’s really about, how do I enable zero trust while doing full VPN replacement? And by the way, on that same infrastructure, you can enable services like DLP and data protection. And so that’s really why we’re excited about it. It gives you full VPN replacement, but it replaces it with something that moves you to a zero-trust architecture.

Why are these moves important to your channel partners?

It’s because when you walk into a room with a CIO or a CISO, what’s talked about? They’re going to ask, how are we moving to a zero trust architecture? Are you enabling the company to move faster, be agile, enabling remote work, enabling cloud? Are you consolidating and saving money? And so when you think about what we do with SASE, we consolidate probably 10 to 15 different devices and systems into one. We enable them to do remote work — access cloud, use unmanaged devices and be agile. And we protect what they most care about their — IP and their data. That is a powerful combination. And that’s why in the partner community, we have been seeing so much traction.

We have a large partner ecosystem — over 1,200 partners globally. And we drive close to 100 percent of our revenue through our channel. We launched our global Evolve partner program in March [2022], and we launched our service delivery specialization in August [2022]. We have focused on enablement and education — our Netskope Academy is just cranking out people who are certified on Netskope. It’s not just about having the best platform — it’s what kind of programs and enablement you have for the channel. Allow them to deliver services, allow them to do consulting, implementation, managed services. And then enable them to get in front of that CXO with a powerful story that speaks to the initiatives that the CIO has.

Is an IPO still likely at some point for Netskope?

Netskope will always be Netskope. I’ll be here in 15 years. For a lot of us, this is our legacy. And we don’t need to go IPO for capital reasons. We’re a financially independent company. And as I told you, we did our “public round” privately. But one day, will we go public? Yes. But we don’t have a need to do so for capital reasons. It would be more just continuing to grow our awareness by being a public company.

Your two competitors we’ve been talking about are public companies?

Exactly. But we already have close to a third of the Fortune 100 as customers. We’re probably the largest processor of cloud traffic, from a security vantage point, in the world. Our customersA know that this is a large, global company that services some of the largest companies in the world. They just want us to innovate. They want us to keep pouring investment into R&D, and that’s what we do. And so that’s actually what they care about. But yeah, we’ll go public at some point. I don’t think anyone’s right now going public in the world today. But at some point, we will.

Are you expecting it to happen in the next few years — or could it be even further out than that, since there isn’t this financial pressure to do it?

There’s no financial pressure to do it. Would I foresee it in the next few years? Yeah, that’s that’s possible.

Can you say what your revenue growth has been?

We generally don’t talk about revenue growth. We generally talk about some of the big stats — we serve over a quarter of Fortune 100. I think we’ve mentioned historical growth of 50-plus percent.

So in 2022, you saw revenue growth of more than 50 percent?

We have traditionally always grown roughly in those rates. It’s roughly there. This is a $30 billion [total addressable] market. And most of that is still legacy boxes. And all of that will move to SASE. So we’re the beneficiary of that.

You’ve made several acquisitions over the past year or so, but on the whole there haven’t been as many acquisitions in the security space as some had predicted there would be. What are your thoughts on why that’s happening?

It always comes down to, what would you acquire for? And for us, we feel like we have the breadth of product and the teams. And we keep building organically. Generally when you acquire, from our vantage point, it’s more about talent? Is there very specific talent that fits the culture? And so we have done some of those. And I do look at those. I’m active in looking at them, and we look across the world. We have done a few of those a year. And I would expect to continue to do those.

Do you foresee that Netskope might do a bigger acquisition at some point?

We don’t acquire for revenue. There are a lot of companies who will acquire for revenue reasons. We don’t do that. Because with some of those very large acquisitions, they never get integrated. And so the customer never sees the value. Instead, they see a price-list that’s integrated. And I’m very cognizant that one of the things our customers love is we offer a single platform. It’s really operationally easy. You save a lot of money operating it. So I wouldn’t want to do something that makes that harder — when maybe I should just build that. Or maybe I already am building it. And I can leverage everything I already have — my infrastructure, the analytics, the data scientists, the console. So generally, we don’t go that route. I don’t think it always leads to the best customer experience. It’s more about finding very specific talent.

And then also, [finding] very specific technology — when we acquired Infiot last year, I scanned the world for the best technology in the next generation of SD-WAN. I looked at everything. And when we looked at what they had and how they were architected and developed — this is how we would have done it. It was a unique combo of an amazing team who had done something amazing [technologically] — and frankly, done it the way we would have. And it was very easy for us to integrate it. That was more than an acqui-hire. But that wasn’t something big with tons of revenue that wouldn’t fit well.

On the larger ones, you’re probably going to see less of those [in the industry] — especially with some of the antitrust concerns. But if you are evaluating for talent, many times you’ll end up with the smaller ones — who could never make it from a go-to-market perspective, couldn’t invest to really build out the product.

So to your question about why we don’t see more [acquisitions] — I think you probably will see more this year and next year. I would expect that.