Managed.IT issue 66

24 01732 759725 INTERVIEW With Sandeep Johri, CEO of Checkmarx, and Richard Hinson, Regional Sales Leader, UK, Nordics and Benelux Checkmarx CEO Sandeep Johri’s recent visit to the UK gave James Goulding the opportunity to find out more about the enterprise application security leader’s cloud native platform, Checkmarx One. He was assisted by Richard Hinson, Regional Sales Leader, UK, Nordics and Benelux, who was on hand to provide a UK perspective. We started out by asking for a quick overview of Checkmarx’s area of expertise and target market Q&A typically targeted at open source. Supply chain is typically targeted at malicious code, and then there’s IaC security, API security, container security and so one. We are one of the only companies to have all these capabilities built on a single cloud native platform, which allows us to take all alerts and vulnerabilities identified by these individual engines, correlate them and put them in context. Sometimes by putting them in context, you can eliminate them or see that they're not relevant. There's a lot of benefit in that. Correlation is called ASPM, application security posture management. You look at all your vulnerabilities and figure out which ones are relevant and prioritise. That's what we do, and we are recognised as one of the leaders in the category. We have been in business for around 15 years. About 55% to 60% of our business comes out of the US, about 35% out of Europe and 5% to 10% out of APAC and the rest of the world. Within Europe, the UK is our largest country, with around 100 customers. Worldwide, we have about 1,700 customers, including 40% of the global top 100, 50% of the top 50 banks and 100-plus government agencies in the US. We tend to focus on larger enterprises with more complex needs – some of our customers have literally billions of lines of code. JG: The platform you mention is Checkmarx One. Is that a recent development? SJ: Fifteen years ago, when we started, we had a couple of point products and they were on-prem. About four years ago, we started building out a modern cloud native platform. We launched it about Sandeep Johri (SJ): Checkmarx is a leader in the application security space. We help developers make sure their applications are secure before they are pushed out into production. We look for vulnerabilities in code or malicious code that might have been put in applications inadvertently. We check to make sure that there aren't any vulnerabilities in code written by developers and highlight ones that we think are critical; we highlight vulnerable code in open source tools that developers are increasingly using; and we check for malicious code that hackers have put into open source packages. That's known as supply chain security. Then, when you package it and put it into the cloud, there are APIs involved, there are infrastructure configurations that need to be set up, and there could be vulnerabilities there as well. So we test that too. Once an application has gone through all this testing, you can put it into production safely. Everything I described to you has a different acronym, and there are companies that cover each of those acronyms. One acronym is SAST, static analysis; another is SCA, software composition analysis, three years ago and last year was the first year we led with that platform. This year, we are actively migrating some of our on-prem customers onto the platform. Last year, 80% of our business was on Checkmarx One, with usage on the platform increasing 40x. We went from scanning two and a half billion lines of code in January to about 100 billion lines of code by December. Today, we scan about 130 billion lines of code on the Checkmarx One platform. We have invested over $150 million in the platform and we expect all of our customers eventually to move to it. JG: So, a customer that's using one of your point products now would use that same product on the platform but have the option to add new capabilities. SJ: Yes, they could have just that single engine, but typically when a customer moves to the platform, they use more – 80% of customers on Checkmarx One end up with multiple engines. That’s one of the main benefits of a cloud native platform. Richard Hinson (RH): It’s a consolidation play. The customer is thinking ‘I’ve got these myriad tools. I am using Checkmarx for SAST, for example, as one product on-prem. If I go to the platform, I can take out a number of different players and consolidate down to one platform, and also get consolidated results so I really know where my priorities lie’. In the UK specifically, we've moved 32% of our customers across to the new platform. By the end of this year, we'll be up to about Sandeep Johri

RkJQdWJsaXNoZXIy NDUxNDM=