Good afternoon, everyone. My name is Aashi Shah. I'm an analyst here at Sidoti & Company. Today, I have the pleasure of having Kimberly Pinson, the CFO of Intrusion Inc., and we have about 25 minutes, including the question and answer after the presentation. If you have any questions, I request you to submit them at the Q&A function at the bottom of your screen. With that, I will hand it over to you, Kimberly.
Hi, good afternoon. I'm Kimberly Pinson. Thank you for joining me today. What I'd like to do is to give you a little bit of background on the company, update you on the progress that we've made, and then, I will be happy to answer any questions that you have. Intrusion is a cybersecurity software company. We've been around approximately 25 years. We offer threat intelligence consulting services to the federal government. And also, we have taken our learnings over the last 25 years and offered a commercial product that we call Shield. And so we'll be discussing all of our product offerings during this time. Our software as a service is a software that blocks threats in real time.
Our appliance sits in a data center behind the firewall, and it acts as a fine-grained filter to things that are coming through the firewall that can be dangerous to your network. We also block call homes, which is something unique to our software that other security products don't do, is we block outgoing traffic. So if your network has been compromised, and you have a call home, something that is sitting in your network and wanting to call out and say... to a command and control center and say, "Hey, what would you like me to do?" We're extremely good at blocking the call homes. I mentioned we're appro..., we're approximately 30 years old.
The little mountain over to the right that you see is supposed to represent our proprietary database, and it is at least 100 times larger than any other blacklist or blacklists that other firewalls have. So we've been collecting this information over 30+ years. We've got IPs, domain names, behavior, and Internet Traffic that we've compiled, and we use all of that using algorithms, and determine whether something coming in or leaving your network is dangerous to your network. I mentioned we've been around 30+ years. We consider ourselves a 30-year-old startup in that we've been around a long time, but we launched our first commercial product several years ago, and since that time, Tony Scott, our CEO, joined the company.
He joined the company not quite a year after launching the first product. He joined because the IP is very unique, and he saw a lot of value in there. He's very passionate about cybersecurity. He joined, and we'll talk a little bit about his background next. Since joining, what we did is we have improved the first commercial product that was launched. There were a lot of issues with it in terms of reliability and the ability to utilize it, plus features, so we've enhanced that product. We also expanded the suite of products to include both cloud and endpoint solutions. Tony came to Intrusion with a long history of working with some companies that you may recognize.
Immediately prior to joining Intrusion, Tony served as a CIO for the federal government under the Obama administration. He also served as CIO for Microsoft for seven years. Prior to that, CIO for Walt Disney, VMware, CTO for General Motors. And he was actually inducted into the CIO Magazine's CIO Hall of Fame. So he's got quite a bit of experience in cybersecurity and IT, and joined because he saw our IP and knew that it was something special here. I see Tony, I think, is joining the presentation, so he may want to jump in and add a few things as we go through this. This is our leadership team. Mentioned Tony, myself. Joe Head is our Chief Technology Officer.
He's also co-founder of the company, so he's been with us for a very, very long time. Others on the management team, Blake Dumas, and Mike, and Paul. Blake and Mike have both been with the company for 10+ years, so they add a lot of tenure and knowledge to the company. Mike heads up our government consulting division. Reasons to invest in Intrusion. The single largest reason is our proprietary database and IP, and it's very unique. There's really nothing out there in the market that really does the same thing that our product does. We've expanded the offering, and we now feel that our offering will serve an enterprise's all of their needs in terms of data centers, cloud, and endpoint needs.
With having introduced our Shield solution, suite of products, we're moving from government consulting really more to a software-as-a-service recurring revenue model. And so and, we're doing that selling through resellers, managed service providers, managed security service providers. And we feel that that's a very... probably the best way to go to market, and very efficient. It allows us to really ramp our sales effort in a very quick manner. And Tony has joined. Tony, if you wanna talk about the growing demand for cybersecurity, I think you can add a little bit here.
Sure, and I apologize for being late. The Internet connection here at the hotel I'm at went down, and we were without power even for a few minutes, so I apologize for joining late. In my career, every year, I found myself spending more, and more, and more time on cybersecurity-related issues, whether it was as Federal CIO or as early as the time I was at General Motors. More and more time and money, frankly, spent on this, and it's brought about because of a couple of things. The tools for cyber criminals and even nation-states have become widely available. And it's easy now for even a high school kid or, you know, somebody with a, you know, very little talent to actually launch some form of cyberattack.
On the defensive side, as a company, or an institution, or a city, or a school district, or whatever, you have to be right 100% of the time, or you're gonna suffer from an attack. That's created this imbalance that, you know, has cost us dearly in our economy and everywhere else. Theft of intellectual property, all kinds of different things are going on there. But it's now a, you know, worldwide global problem, and the tools on the defensive side have gotten a little bit better, but it's hard to keep up with all of the folks that are working on the other side. As a result, what you see is a large and growing spend on defensive measures.
What we think at Intrusion is that we have a very useful tool that can add a better layer of security and is complementary to the tools that are being used today. Here's some examples of, you know, how bad this has become. It's not a question of when you're gonna be attacked, it's, you know, how quickly and how soon. If you're an organization of any kind or even an individual, you're gonna be targeted. There's two problems really that happen. One is, even with the best of tools, security teams are plagued by false positives and false negatives. This is the equivalent of, you know, everybody calling 911 and having the police respond whether there's actually a crime going on or not.
So security staffs are overwhelmed. They're understaffed. They're really worried about getting blamed if there's actually a successful attack. It's just... it's a crisis of, I would say, very large proportions today. Then the nature of the attacks is changing as well. It used to be that it was fairly predictable how a set of cybercriminals or a nation-state was gonna launch an attack. There was a long history of, you know, knowing the tools that they had and the ways that they approached things. But as I mentioned earlier, the tools have just gotten readily available, and now these polymorphic attacks are more and more and more frequent.
So if the bad guys wanna come after you, they'll launch multiple forms of malware attacks at you. They'll attack your phone, your computers, your network, even any of the social media accounts that you might be associated with, your websites, all kinds of different things. And now, an increasing trend is, I think we have the statistic here: 34% of successful attacks use malware-free techniques, which means most malware prevention schemes rely on some sort of fingerprint or other known tactics or techniques that you can say, "If you see this, you know, block this particular activity on the network." But 34% of attacks now come from, you know, these attacks that don't have any known fingerprint, no known embedded malware and what have you.
And that makes our job even harder. Let's go to the next slide. So we have customers in all of the above mentioned or below mentioned institutions, including financial, medical, hospitality, and government. And you might ask, why are these kinds of targets, you know, being attacked more than others? Financial institutions are being attacked because that's where the money is and where there's a lot of data around people with money. Medical community, hospitals, healthcare organizations are... I'd call it a Petri dish for being attacked. They have very diverse networks. They have a complex supply chain. Everyone who participates in healthcare is coming into their institutions with phones and other devices that may already be infected, and some of that transfers over into the environment, the medical environment.
Hospitality, again, you've got a bunch of distributed assets, complex networks, and also you have typically an inability to hire the kind of cybersecurity professionals that even finding cybersecurity professionals and affording the cost of a team that's competent enough to defend against attacks is really hard across all of these, and that includes government as well. Local city, state, school districts, special districts like fire districts and so on, are among those that are being attacked regularly. And they're also the ones that historically have made the decision to pay ransoms when there's ransomware, versus trying to figure out how to recover. And so we found our technology is especially useful by these kinds of organizations. Next slide.
Let me talk a little bit about why we're different. Our CTO, when the Internet started, started collecting information about the Internet, IP addresses, domain names, the behavior of the persons, organizations, and institutions behind those IP addresses and domain names, and started writing, in those days, algorithms, and that was followed by machine learning, and now includes artificial intelligence. And, through that, we've created this global threat intelligence database that is, as far as we can tell, the largest such database. It's 100 times larger than any that of any of the competitors in the firewall space or intrusion detection space, or what have you, and we're constantly updating it. And I think the beauty of this is we have 25 years of experience of knowing what works and what doesn't work.
And even with the best AI tools that are available today, you can't replicate that 25 years of learning, and in particular, the things that don't work. Let's go to the next slide. This is just an example of one of our dashboards. It allows you to see. We typically sit right behind the firewall, so we look at the traffic that's getting through the firewall by design, and we also look at outbound traffic, that is, traffic that's emanating from inside the network and going to places on the outside. And we make a real-time decision about whether that traffic is likely good or bad. And in the case of our tool being turned on to enforce mode, it's actually blocked.
If it's in report mode, we just let you know that we would have blocked it if, if we'd been in enforce mode. So you see all of this. It's a very automated system. It reduces the number of false positives and false negatives that a cybersecurity team has to deal with. And then, if you're interested in any of the activity, you can drill down and get very granular detail about what it was, why it was blocked, and the reasons for our characterizing that traffic that way. Let's go to the next. Then you can see that on a geographic basis as well.
If you're this particular client, you might say, "Well, gee, I wonder why something in my data center is trying to call China, or why is something trying to call, you know, a country in Nigeria, or what have you?" And so you can see where all of these blocked activities are coming from or going to. And we can represent the data in a whole bunch of different ways. But you know, at the end of the day, this gives you confidence that the traffic that's getting through is likely getting through for good business purposes or good purposes, and the bad stuff is being blocked. Let's go to the-
I think that's, that's the end of our presentation.
Okay. Yeah. So happy to take any questions.
Thank you so much for the presentation, team, and I have a couple of questions, but I would like to remind everybody on the call that if you have any questions, you can submit them on the Q&A function at the bottom of your screen. With that, I will take one of my first questions, which is: what is the primary revenue stream for your company? Like, is it subscription fees or one-time licensing, and how do you expect these to evolve?
At this time, the government consulting or the consulting revenues represent approximately 75%-80% of our revenues. I mentioned that we introduced our first commercial product roughly three years ago, and that is a software as a service product. We've expanded that suite of, that offering, not only, not only to include the appliance that sits behind the firewall in a data center, but also the endpoint in the cloud solution. So that, that is a software as a service. It's a recurring revenue stream, and that's where we really see all the growth going. And that is an ARR model, and it can be billed, you know, annually or quarterly in advance. And that, that fee structure depends on, on the solution that's being used.
If it's an appliance solution, that software is loaded on that appliance. It's in the, it's in the data center, but it is still software as a service, and that's based on bandwidth consumption. If it's the endpoint, then it's, it's a fee on a per, per endpoint, and the fee is dependent on the type of endpoint that it is. And then if it's a cloud solution, it's based on the number of instances. So, that's really where our energy and direction is focused because we think that's where the need is, and that's where the growth of the company is.
Right. And can you talk about... a little bit about your typical sales cycle, and what are the strategies in place to shorten this cycle?
Yeah-
So I think-
... typically, after, we're introduced to a company, we engage in a proof of concept, where we install our technology behind the firewall, and we let it run for a week. And then we produce a report showing the customer or the client, what we saw and what we observed. I'll say 100% of the time, they're quite surprised to see some of the nefarious traffic that they didn't know was getting through their firewall or the call homes that were occurring. And then from there, we usually enter into a cycle where we do some network assessment. We learn more about how they have their network set up, how many points of ingress and egress they have to the internet, and we come up with a joint plan for how to deploy Intrusion technology.
That can take several weeks, 'cause every organization is just different. There's no standard. And then, and then we get into the normal sort of contracting, cycle. So it, it can be, you know, several weeks to several months exercise from start to finish. And it varies by organization. Smaller organizations typically have less complex networks, and larger organizations have very complex networks.
Got it. No, that makes sense. Okay, that brings us to the end of our time today, but thank you so much for presenting and your time here at the Sidoti Conference. We really look forward to you having a great conference. Thank you so much.
Great. Again, sorry I was late.
No.
Thank you.
Thank you.