ArmorCode Turns 4: A Message from CEO Nikhil Gupta
ArmorCode turns 4!
“The people who are crazy enough to think they can change the world are the ones who do.” —Steve Jobs
It brings extreme joy for me to share that what started an impossible dream of securing the way we live, work, and play in the middle of the Covid pandemic continues to be ArmorCode’s vision and guiding principle.
Dear ArmorCode Community – customers, employees, partners, investors, and friends,
Today marks four years since a small group of us took on a really big idea: cyber security needs to fundamentally rethink risk in the digital age. We believed that the decades old process of securing siloes of vulnerabilities in a whack-a-mole mentality was creating a fragile, inefficient and dangerous environment. And that the challenges every business entity is facing in terms of securing their business and people needed a different approach.
Today this new approach now has a name and is called Application Security Posture Management, and it addresses these challenges and promotes a new model of risk management. It is a new, vendor-agnostic governance model for all digital-first businesses—integrated into the broadest set of security tools, providing prioritization and remediation, all without bias. ArmorCode, with the help of all of you, is defining and leading this new category. And I’m incredibly grateful for the progress we’ve made as a company and community! We are far from the early steps of simply aggregating tools, and are quickly becoming the risk management layer across apps to infrastructure, legacy systems to cloud and AI. And why am I so excited today, four years into this journey?
First – the best and brightest are choosing ArmorCode. Leaders in media, financial services, security, healthcare, industrial production, IoT, dozens of Fortune 500 companies, and cloud-first businesses leverage our platform to manage their security posture differently. They use ArmorCode to address deep operational complexity… different business units with different programming languages and infrastructure (old mainframes to cloud), requiring a plethora of diverse security tools. And the challenge is much more than technology - it is ultimately about people and how they operate. One customer recently shared, "We are a 125 year old company with 125 year old processes. Technologies come and go and no one can predict the future and the next wave of technology that will disrupt business." However, business risks are business risks. When a breach happens, the Board and leadership want to know whether their business is impacted or not, whether the application was built on a modern stack or on the cloud or using AI. Which is why our customers are proving the model that broad vendor agnostic governance with simple guardrails for remediation is the answer for navigating today’s threat landscape. These customers don’t want another scanner; they want a governance layer built to leverage best of breed technologies available today and tomorrow.
Second – ArmorCode is operating a global, enterprise-scale platform. In service for just three years, the scale of the ArmorCode system is truly impressive: a volume of data from billions and billions of findings, a variety of data across more than 240 scanners from our ecosystem partners, validated across millions of workflows leveraged by thousands of security professionals and tens of thousands of developers. All creating an intelligence layer to help security practitioners and leaders make the best informed decisions across a diverse set of use cases including AppSec, RBVM (Risk Based Vulnerability Management), Compliance, etc. Enterprises need a single security and best practices governance layer and hence our platform approach is winning.
We actually see the need for two enterprise scale platforms. One platform that takes the scanning and vulnerability data from myriad different sources such as application security scanners, infrastructure vulnerability scanners, XDRs, EDRs, and others (i.e., platform players such as Palo Alto Networks and Crowdstrike). But given the nature of the beast and large organizations growing inorganically with M&A, you’ll need to have best of breed security scanning tools and keep the conflict of interest separate as scanners will not be open to sharing their data with other competing scanners. The second platform is a vendor-agnostic independent governance layer that will ingest the findings from all these platforms and run and manage the policies. The vendor agnostic governance platform, the ArmorCode approach, enables enterprises to embrace their existing processes and the best of breed technologies to accelerate positive business outcomes. ServiceNow is an example of this second platform, but for IT.
Third – the ArmorCode approach future-proofs Gen AI. The most disruptive technology in generations, Gen AI, is both exciting and scary. Every customer I meet with wants to adopt this technology fast, but do it in a way that doesn’t create unnecessary exposure. ArmorCode was built for this. By launching ArmorCode with an architecture built to address modern software development and sources of disruption (cloud, open source, DevSecOps), we became an accelerator for adopting new technologies. Nowhere is this more exciting than how we are helping customers embrace AI. Our AI-powered ASPM platform both uses this new technology in helping to do more faster and smarter, and with a solution that allows our customers to navigate the threat associated with embracing AI. We’ve recently launched core AI functionality to address correlation, and will extend this to remediation and triage in the coming months. AI for security, and security for AI.
The road ahead for ArmorCode and our industry is bright. And, again, today I want to acknowledge all of our customers, employees, partners, and investors who helped us through year four, and are committed to solving the biggest risk concerns in the days, weeks, months and years ahead! Here’s to many more years to come, onward and upwards!!
Thank you,
Nikhil