Transcript
Hi Mike Matchett with Small World Big Data. We are here at RSAC 2025. We are live on the show floor talking to some very innovative cybersecurity vendors who are going to tell us all about their latest and greatest stuff I've got Legit here. I mean Legitimate, I'm sure that's great. Legit Security I've got live. How are you doing Liav? I'm doing great. Thank you. So Legit Security obviously in the application security space. But what does that mean? What should someone think about when they're thinking about Legit? So we are, uh, a category, a new category of tools called application security posture management. The whole idea is to finally create one platform that helps you do the entire life cycle of releasing secure applications. So today, in our modern world, where AI is being used everywhere and creating an application is super easy, super fast, but also super dangerous, you've got so many layers of application you need to care about their security. And then we are taking the journey from the developer when they write the first line of code until it's deployed to make sure all the boxes are checked, that your software is secure, it's Legitimate to run in the cloud. We're using a bunch of technologies, including AI, to help get all the vulnerabilities into one place, find or remediate them, and ensure that your your build pipelines are ultimately secure and producing secure software. All right. Is this something that happens in a CI CD space or in a in a IDE or across all those things? So it's across all those things. So it's it starts with the IDE then in the ci CD as code is being built. And then we also integrate with all the cloud environments just to make sure that what's running is actually vulnerability free. Okay. So so this would be something that actually is life cycle. You're following it all along there and continuously operating then on that um, who who sort of operates this. Is this a security tool then, or is this an application development tool who's sort of got the primary responsibility here. Yeah. So that's that's a great question. So that's this is a control center mainly for the security folks. Their application security are in most cases outnumbered by developers and the speed of of their, of their code creation. So they see the picture. They finally have visibility into the poster of the application, all the changes that are being made. Our customers make thousands or tens of thousands of changes a day, and they have no idea how many of them are actually introducing something like a new API, a new AI model. So they have complete visibility into the poster, but then ultimately they have to interact with the developers. So when we've got the means in our tool to send information to developer where they work, whether it's a JIRA ticket or their IDE or their pipeline or GitHub. So the security owns the control, but then they fire instructions and remediation guidance to developers. Yeah, I mean, I like that kind of model because you've got someone who's responsible at the at the high level for compliance and making sure everything's governed properly. But when you go to remediate, you're getting it to the people who actually can make those operational implementations. Let me ask you about the show. Right. So a couple of themes at RSA, see here. Obviously AI is a big topic. You mentioned you've got some AI things going on there. Uh, AI people are people are using AI for coding, uh, stuff like, uh, if you had to sort of summarize up like what AI is doing to application security, how would you do that? So I, I think for us is has the ability which hasn't been in the past has been very hard in the past to understand code really well and faster across all the tech stack. So we are leveraging the power of AI to understand first what are the most interesting or critical real critical problems the organization has through understanding the actual flow of the code, what's really exposed to the internet, what's really touches data. So we actually able to prioritize that 1% of of interesting risk through AI and then generate the actual remediation for, which is not just what a lot of other, you know, legacy products did, which was general guidance, go and upgrade a package. We tell them exactly to which version, exactly where, how to make the code compatible with the new package. So it's like creating they're like making the remediation so fast. So we believe like we're where this is going is that ultimately it's almost like an autonomous security that is a copilot for the developers as they work. I mean, that's great. Uh, if you looked around then and said, I want to give one message to the 25,000 people here to take away concerning application security and Legit. What would that be? I would say application security is hard. If you don't do this, you're moving fast. You're very, very insecure. If you try to do this the old way, there's frustration and you're slowing yourself down. There is a win win and it works. It goes with us with security. All right. If someone wants to learn more about Legit, you've probably got a website. But think of this RSA crowd. What would you point them at as a place to start? So just hit Legit Security comm. We've got demos, we've got materials. You can ask us for a demo. We'll be happy to show you what we've gotten and let you test this in real in real scenarios. All right. That's great. This is really interesting stuff that you can cover that whole space and operationalize it, not just say you're compliant with it. I think that's really the future tightening that, tightening that feedback loop and making sure developers can remediate things before they become a problem downstream. So thank you Liav. Thank you very much. Yeah. Take care.
