this point in time that again it's like so smart of them to use this and I think in 2022 alone close to 3.4 billion were lost to Norton and some other companies due to this affiliate marketing fraud and the pop-up based attack that is happening. Now, what attackers are also doing is they know that the website will get scanned, right? So there are like a lot of point of presence around the globe, which are held by security companies and they're constantly scanning website from different location figuring out whether something is malicious or not and attackers the way they are evading that is by you know applying tactics such as they figure out the traffic is coming from data center so they'll suddenly change the website's behavior and show a very simple page that doesn't have anything malicious but now if the traffic is coming from a regular isp from where the user will be accessing they'll suddenly show the malicious website so this is one tactic based on again the origin of the request we show different behavior and this we are terming as like polymorphism or like polymorphic website it is popularly used in malware polymorphic malware they change their own behavior and this is exactly what is happening for the website in today's world another tactic is again they'll put a reCAPTCHA on top of their website now let's say a security scanner is scanning it can't go ahead bypass that reCAPTCHA only a human can so but again this way again the security scanner are unable to pick it up and a lot of these websites are out there in the wild for a long time. So even we tried you know reporting to Chrome and it takes them close to like even 16 to 24 hours to acknowledge and then fully take down the website and the process itself it could be possible that some websites are up till like you know couple of weeks to even months before they are finally classified as dangerous. So that's where again with SquareX the idea is that we sit on the browser we see what the user is seeing so we are acting on the last mile so let's see you go to a phishing site we can figure out that oh the sentiment is of login and the website looks like microsoft but it is not microsoft so and this could be like numerous number of indicators first is again the visual based on the text that we have similarly again checks on the domains so for example if it's a domain it's like very newly registered then it's a red flag now attackers are very creative they'll go ahead use a they'll purchase a domain that is already there in the market for a long time to evade this sort of check but in this case again we can perform checks such as again who is the owner of the domain and it looks like microsoft the website looks like microsoft but the owner is not the same as what microsoft would be generally using similarly again from where the traffic is coming in a lot of parameters across like you know what is the server headers who is related information what are the way the ssl certificates are issued who is the in a way signer of the certificate all these key metrics we are able to gather by sitting as an extension and based on that we can reduce that oh this is like a bit risky bit dangerous for a user to go to so a lot of like in a way intelligence is embedded right there on the browser extension and we are also having like some AI models that are packaged with like the Onyx model. It's a good thing that we can run on the browser. So all of those are packaged to go ahead, analyze the content that the user sees. And all of this is happening in a privacy safe way. More importantly, because we wanted to reduce the amount of data we'll be sending to the cloud. So most of this thing that I mentioned is part of our enterprise offering, how we are protecting the end users for businesses. And there again, the challenge is we can't send a lot of data to the cloud because again, it's corporate data. So the more detection we do on the browser, the more data we reduce, the more again, we are performant in terms of like cost as well as, again, in the whole user experience is much more seamless.

Yeah, that makes a lot of sense.

Developers, we've all been there. It's 3 a.m. and your phone blares, jolting you awake. Another alert. You scramble to troubleshoot, but the complexity of your microservices environment makes it nearly impossible to pinpoint the problem quickly. That's why Chronosphere is on a mission to help you take back control with Differential Diagnosis, a new distributed tracing feature that takes the guesswork out of troubleshooting. With just one click, DDX automatically analyzes all spans and dimensions related to a service, pinpointing the most likely cause of the issue. Don't let troubleshooting drag you into the early hours of the morning. Just DDX it and resolve issues faster. See why Chronosphere was named a leader in the 2024 Gartner Magic Quadrant for observability platforms at chronosphere.io

So, you know, you've talked quite a bit about, I guess, sort of learning and detecting from what is sort of happening from actions. And also you talked just there about, you know, being able to use models, AI models that again, run on the browser. There still must be some degree of threat intelligence that you have to be aware of and bring into the platform. I'm curious about that because, you know, if we look at sort of other security domains like attack service management, you know, I would say without naming names of companies, I would say that the leaders now are the ones who have, you know, internal threat intelligence teams who are able to bring that right into the product, you know, leading edge effectively. How are you guys sort of looking at that? Because, you know, as you just said, the attackers are the smartest people on the planet. And I would agree with that in the sense that they're very smart and there's no rules, right? So they can kind of do almost whatever they want and try whatever they want. So how are you guys bringing that into SquareX? So,

yeah, that's a great question. At this point in time, our idea is not to reinvent the wheel for some of the things. For example, we don't want to dwell into, you know, threat intel for malware analysis. We don't want to do that, that we are building our own full-blown malware analysis platform because the past two decades industries have established and a lot of big players are there. So we leverage threat intel for like some of the things that are already there. For example, we integrate with like CrowdStrike, Reversing Lab to get insights from them. And then our analysis runs on, let's say, parallely to catch the points that they wouldn't be analyzing. So in a way, again, a bit of our intelligence is there for based on our experience, right? So we are a bit disappointed that again, the big players, some of them are not doing that great of a job when it comes to like, let's say office documents and we did a full research publication on the same that google outlook all of the big players email vendors none of them are doing as aggressive check as they should be and we're able to demonstrate that a simple malicious office file can go through and virus total will only give like certain hits where everyone should be flagging up at that point in time so again leveraging the intel where we can plus again our own intelligence is built out similarly for web application we are leveraging the intels that are around provided by the big players because anytime let's say a malicious website has been classified by someone if it is malicious then we immediately block. On top of this what we are doing is we are building our own intelligence for the web because again the intelligence everyone has is a bit outdated. It is not capable of capturing the new attack that we are seeing out there. So that's where again the whole analogy of browser detection and response comes in. So we are the first browser detection and response solution and the idea is the same that we'll provide the threat intel for the web-based attacks that are happening any attacks that other vendors are not capable of you know detecting that is something the void we are going to fill and that's that's our positioning at this point in mind. So and slowly we'll go behind other vendors as well but we realize that there's a big market for us to capitalize on the whole browser security space and again once we do that at that point in time we'll definitely dwell into you know the limitations various vendors are having and maybe you know have our own analysis engine and all of those segments again

i'm