CEO Bipul Sinha: ‘Rubrik Is The Pioneer Of The Data Security Category’
‘(Rubrik is) partnering with traditional security vendors such as Palo Alto Networks, Splunk and others because they have access to infrastructure intelligence, and we are bringing the data intelligence around security, and the combination of the two is the Zero Trust security that every business needs,’ says Rubrik CEO Bipul Sinha.
Don’t call Rubrik a storage vendor.
Rubrik is typically included in lists of storage vendors, including CRN’s own Storage 100 list, because of its status as a pioneer data protection technology developer. And data protection is a big part of the storage market.
But Bipul Sinha, CEO and co-founder of Palo Alto, Calif.-based Rubrik, wants it very clear that his company is not a storage company, but instead is a cybersecurity company. And as he laid out during May’s Rubrik Forward conference and in a one-on-one meeting with CRN, his company does not sell software or infrastructure on which data is stored, but instead focuses on the security of that data.
Rubrik has a $5-million warranty for clients to back up its promise that their data, if properly protected, will not be hacked in a ransomware attack. Earlier this year the company extended that commitment to include data stored on Microsoft Azure via Rubrik’s Cloud Vault technology.
Rubrik has made protecting data against ransomware the key driver of its development going forward, Sinha told CRN.
“We released the first ransomware detection and recovery product in 2018, [and] we got the best security product ever [award at VMworld],” he said. “So, the market is waking up to this reality today. We have been on this trend for the last eight years.”
Even so, Sinha said, Rubrik has no plans to build the technology that would allow it to replace cybersecurity vendors, but instead is committed to working with them.
“Traditional security vendors are selling infrastructure or cloud security,” he said. “We are selling data security. Rubrik is the pioneer of the data security category. And we are partnering with traditional security vendors such as Palo Alto Networks, Splunk, and others because they have access to infrastructure intelligence, and we are bringing the data intelligence around security, and the combination of the two is the Zero Trust security that every business needs.”
So don’t call Rubrik a storage vendor. You can call it a data protection vendor, but only if it’s clear that cybersecurity is a big part of the definition of data protection.
For details, read on.
Rubrik is a leading cybersecurity company. We focus on data security to help businesses and governments around the world protect themselves and recover from ransomware, because data is the most important asset of any organization. When your data is down your businesses is down, and Rubrik is focused on securing the world‘s data.
You described Rubrik as a leading cybersecurity company, whereas I think most people would classify Rubrik as a storage or data protection company. You didn't mention storage in your definition. Can you talk a little bit about that?
We have never been a storage company. Rubrik never sold any storage product or any infrastructure product. We have always been around data, protecting data, securing data. And we are transforming this market that has been a very infrastructure- and storage-oriented market into a data security platform. That‘s Rubrik.
Several traditional data protection companies such as Rubrik have moved heavily into cybersecurity and making cybersecurity an important or the most important part of their drive going forward. Talk about this intersection of data security and data protection.
Traditional cybersecurity was infrastructure security and cloud security around prevention, detection, and investigation. So everything from firewall to IDS [intrusion detection system], IPS [intrusion prevention system], EDR [endpoint detection and response], XDR [extended detection and response], MDR [managed detection and response], access control technologies, and SIEM [security information and event management] logging. It was all designed to prevent attacks from happening, [but] attacks are still getting in, because attacks have become psychological.
So you need to think about fundamental resiliency. And resiliency comes from securing your data, because if your data is secure, you can rebuild the whole business, the whole system. So Rubrik is focused on securing that data.
And this is not a new trend for us. We released the first ransomware detection and recovery product in 2018, [and] we got the best security product ever [award at VMworld]. So the market is waking up to this reality today. We have been on this trend for the last eight years. We didn‘t take the traditional route of storage or legacy three-tiered software. We built a brand-new software focused on data security. And we did that from day one. And we are the only company that has taken that route. Because if you look at Veeam, that sells software, you have to buy storage from someone else. If you look at [Dell EMC’s] Data Domain, they sell storage, but you have to buy software from someone else. We have [developed] this one software that has data and metadata together, which secures the data in a Zero Trust manner and delivers fundamental data security.
Okay, so that's why you call yourself a cybersecurity company.
Because the thing is that cyber disaster has become the number one use-case for us. We are selling all our products only for recovery from ransomware attacks, cyber attacks.
Is there any risk to that strategy given that nearly ever security vendor now offers ransomware protection as part of their security technology?
It’s not a shift for us. We have been selling the data security and data protection, brand new software, from day one. Unlike other newer companies of our age, we never sold legacy software. We have been building for data security from day one. It’s just that the market was not ready for it.
And in the last two years, the market has come in our direction. So we have not changed. The market has changed. Traditional infrastructure storage vendors are now painting their solution with ransomware and data security, but they are not [focused].
Do some of Rubrik’s cybersecurity capabilities overlap those of more traditional security vendors?
Not really, because traditional security vendors are selling infrastructure or cloud security. We are selling data security. Rubrik is the pioneer of the data security category. And we are partnering with traditional security vendors such as Palo Alto Networks, Splunk, and others because they have access to infrastructure intelligence, and we are bringing the data intelligence around security, and the combination of the two is the Zero Trust security that every business needs.
How deep do those partnerships go? Do they include the co-development or co-selling of security technologies?
We are actually integrating deeply with them. For example, look at the IR [incident response] tool or the XSOAR [security automation] Palo Alto Networks got when it bought Demisto. We have built a fully integrated incident response solution with Palo Alto Networks so that people don‘t have to figure out how to go recover data, how to go get the full intelligence from network entry points all the way to data. We have really created this comprehensive end-to-end data security, and really brought ITOps and SecOps together on a common platform.
We are integrating XSOAR as a tool for a SecOps team and incident response team. And we have fully integrated – which actually brings the ITOps teams and SecOps teams together on a common platform.
Does Rubrik have partnerships with other traditional security vendors similar to what you're doing with Palo Alto?
Yes, we are doing this with a number of others. We also have integration with Splunk. They have a [security orchestration] platform called Phantom Cyber. We have been doing integration there. They‘re integrating with other XDR and EDR providers to get YARA rules and really do end-to-end discovery. This is a very active area of work for Rubrik.
We are applying machine intelligence to the actual customer data, what we call data observability. Additionally, the cybersecurity industry used to do data observability on the secondary or tertiary data such as machine log or access log information. The cybersecurity industry didn‘t have access to actual customer business data, which Rubrik does. So we are applying machine intelligence to the actual business data to derive security intelligence out of it. And that is needed for customers to really have trust and integrity of their data. Because all the other things that businesses are trying to do with their data, whether it’s AI, ML, or business intelligence stack, will be of no use if the data doesn‘t have integrity.
So what we are doing around data security [is] applying machine learning to understand the nature of attack, the extent of attack, and the sensitivity of the content, and layering that with data resiliency. Which means that data has fundamental air gaps and immutability plus the ability to recover good content and quarantine bad content, really delivers end-to-end data security.
Is it going to be Rubrik’s strategy going forward to continue on these lines? Could you see Rubrik maybe adding more of the traditional cybersecurity tools to its toolbox?
Look, we have two dimensions to our business. We sit at the intersection of data and security. We are going to go secure more and more data, whether it lives in the enterprise cloud or SaaS, and then we are going to use AI, ML, and other newer technologies to derive security intelligence out of that data. So, these are the two vectors that we are going to innovate on.
Rubrik has made a few acquisitions in the past, right? Do you have an acquisition strategy?
We have done two acquisitions in the past. In December, 2020, we bought this company called Igneous. They had a data security solution for unstructured data. And the other company we acquired was in 2018, called Datos I/O, that was a data security solution for NoSQL. So as you can see, we are expanding the data vector to secure more and more data. And then we are building fundamental data security capabilities using AI and ML data classification and others to drive security intelligence from the point of data.
Do you do you have plans to make more acquisitions in a similar vein?
So as a company, we continue to do both organic and inorganic kind [of] growth. Obviously, we are an innovation driven company, and organic innovation is a huge part of Rubrik. But we are also continuously in the marketplace looking for themes and technology and products that can accelerate us in the marketplace and focus on those who are compatible with Rubrik’s own vision of the future and architecture of the future. In fact, we have done more than two acquisitions. We acquired this other company, Opus AI, for its file content intelligence AI platform. So we continue to evaluate newer technologies, continue to look at teams and products, and we‘ll follow the combination of organic and inorganic [growth].
Rubrik remains a channel-only company. What does Rubrik look for in terms of recruiting new channel partners? What are some things that make a good channel partner for Rubrik?
From my perspective, we want to work with selected channel partners and go deep with them. We have a tremendous opportunity. Customers have challenges around data security. And we want to make sure that the partners we work with are educated and experts on Rubrik technologies, helping customers understand their data security risks, solve their data security challenges.
And so we look for partners who have deep technical expertise, deep customer relationships, trust, expertise in the programmatic ways that customers are now running their environment, things like that.
Does Rubrik have any plans for an IPO?
As I have discussed in the past, in the long term, we want to be a public company. We are watching the market and also preparing ourselves, and we will go public when the time is ready. But we definitely want to be a public company.
So have you started the filing process yet?
I can‘t confirm or deny. But as I said, we have a desire to be a public company, to build a long-lasting company. And we want to ensure that we are a great public company. We’ll work towards that.
Finally, how are you feeling about being onstage in front of live people again after a couple years of COVID?
It was wonderful, man. You have like a room full of people. We had a standing room space. So it was fantastic to kind of get the energy back from the crowd.