FirstWave Cloud Technology Limited (FCT) Earnings Call Transcript & Summary

Good morning, good evening, good afternoon, wherever you are in the world. There's quite a good group of us on this call. And for those who don't know me, I'm Danny Maher, the CEO of FirstWave. I won't be talking a lot on this call. I'm going to introduce our VP of Products, Sharon Hunneybell, in a minute. But first of all, I'll just quickly run you through what we're going to talk about today. So we're going to give today, there's quite a lot in today. We haven't done a technology update for a while. You'll be hearing by quite a few leaders within our company from a technology perspective over the upcoming months. But first of all, we wanted to introduce Sharon. She'll be talking about quite a variety of things, which means it's limited detail. But in particular, she'll be talking a little bit about our AI vision, including what we have and where we're going with it, our product direction, and in particular, about how we're heading towards compliance and control. She'll be talking about some standards that we align ourselves with [indiscernible] some of our core strengths, and our commercial pathway for our free users. So we have around 150,000 organizations that we estimate use our free products, and we're always looking to add commercial value to them so that they get more value out of what they're using and that it's worth paying us for, of course. And then we'll have some Q&A. I did want to note before I introduce Sharon that we do have quite a variety of people on this call. It is a product technology-focused call, and it's targeted at our free user base and our commercial clients. So I know I've seen some shareholders join, welcome. I've seen some staff join. Welcome. You guys might have some different types of questions, which are not really designed for this audience. So just keep that in mind if you do happen to ask some questions. So, on that, I'll introduce Sharon, and we'll get on with it. So welcome, Sharon. Sharon joined us on April 1 as our Vice President of Products. She was actually previously with Opmantek, and she was an executive there, and she played a key role in the strategy and commercial expansion of Opmantek, which was eventually acquired by FirstWave. So she's very familiar with the technologies that came from that Opmantek side, but also with the FirstWave technology. And so in a lot of ways, it's a bit of a welcome home for Sharon. So it's great to have her back. She's got 20 years' experience as a tech leader and business analyst. She's particularly good at leveraging -- emerging technologies to deliver impact for all you guys. She's recognized by the Australian Financial Review, which is one of Australia's leading publications, newspapers that's one of the top 100 women of influence in technology from Australia. She's a member of the Queensland Government's Innovation Advisory Council, and she's an industry fellow of a leading university, Bristol University, where she targets the commercialization of technology. That's just a few bullet points. She's got a ton of awards and a ton of different experiences. But I'm going to hand over to Sharon. Many of you know her, and for some of you, she'll be new. So I'm going to hand over to Sharon to run us through today's presentation. Thanks, Sharon.

Thank you so much, Danny, for that introduction, and thank you, everyone, for joining us here today. It's a pleasure for me to take you through our existing products and our vision for where we want to go. So, to start off with, I thought rather than going straight into features and benefits, I wanted to actually paint a little bit of a picture, a scenario of what it might be like for a customer to be using our products. So let's imagine that you just on boarded a brand-new team member and you ask them to perform a simple task, and they execute it perfectly, exactly when you ask, in line with policy, the first time, and then every time. Where can I find team members like that, you might say, well, this is what you can expect when you engage virtual operators. And all of our customers across the world are deploying them to complete simple tasks perfectly. FirstWave service, for example, you can predefine a full task sequence. You can do things like run diagnostics, evaluate the output, restart services, run post -- restart checks, archive the results of any tickets. So you get to stay in control, stay in policy, and avoid sort of having ad hoc fixes. So it's responsive and it's repeatable, and we're going to show you a little bit of that later on in the presentation. Another scenario, you're in charge of hardware and software asset management, and of the inventory keeping. And every day, you're dealing with new devices joining the network, people running updates, installing new apps, turning on old equipment. You run discovery reports, you issue regular reminders of policies to staff, but it's always reactive, not proactive. So this all changes when you use open order security dashboards. You set the policies, and it alerts you when things deviate from them, unlicensed software, unnamed devices. As soon as something is out of policy, you know. And another scenario. You have a client that keeps logging the same vague ticket every afternoon, saying that the Internet is slow. But they can't tell you when it happens, what applications are affected, or what other workers are doing at the time. Now, what if you are able to ask your AI agent, what time of day do we see the most performance degradation, which devices are effective, and in which -- in this particular location? And you just get the answer, no figuring out which report to run, they're digging through logs, they're stitching together data from all different systems. That's the power of opCharts. If you combine it with the soon to be released model context protocol server. It provides real-time insight delivered in conversational language when you need it the most. FirstWave, our goal is bold but simple. We want to be the trusted name for intelligence, compliance, network management, and audit. Our strength comes from deep technical capability, decades of real-world implementation, and a growing product suite that adapts to the complexity of modern IT environments. FirstWave has evolved a lot over the last few years. It began with a strong foundation in enterprise and government-grade e-mail and web security, and that gave deep insight into threat protection at the edge. But then, when Opmantek was acquired, it brought with it a powerful suite of tools for auditing, monitoring, gaining true operational visibility across complex environments. And the acquisition of SGM took us further, adding intelligent traffic shaping and application control to help manage the performance and policy enforcement in real time. Since then, we've been focused on one key goal to unify these capabilities into a seamless platform to not just secure infrastructure, that can make compliance intuitive, integrated, and intelligent. This evolution is what positions us to lead in intelligent compliance. So let's take a quick look at the product suite in a little more detail. So, at the heart of our network management product is NMIS, it's a complete network management system, which provides fault, performance, and configuration management as well as performance graphs and threshold alerts. NMIS is extended by opEvents, which enhances network reliability and provides proactive event management. It helps you to identify network faults before they escalate, ensuring smooth operations and minimal downtime. Opmantek is an essential tool for managing network changes and compliance. It effortlessly tracks configurations and maintains a complete history of changes. Opmantek is our scalability module that provides real-time monitoring, automatic redundancy, and geographic distribution, delivering seamless communication and enhancing resilience across your IT infrastructure. Our Open-AudIT allows you to discover everything connected to your network with its leading discovery, inventory, and auditing capabilities. We also have opAddress, which allows you to take control of your IP address management, opReports, which provides a range of different reports around performance. We have opCharts, which is our dashboarding tool that allows you to visualize your network effortlessly with an intuitive interface, which provides high-level overview while allowing quick access to detailed metrics for informed decision-making. opFlow allows traffic analysis and is able to transform raw data into actionable insights. And then we have Secure Traffic Manager, which allows you to monitor that user activity and traffic pattern and proactively manage and shape the traffic flow across your network. So that's our product suite. Now let's talk about where we're going. And everyone wants to talk about AI. So I'm going to spend a moment talking now about how we're approaching it at FirstWave and the practical steps we've already taken to bring real intelligence into the hands of our customers. So our vision [indiscernible] is powered by 2 key strengths. First, proprietary AI algorithms built into our products. These continuously learn and evolve, making our network and compliance systems smarter over time. and second, an open data approach. We want organizations to be able to interrogate their own operational data using the AI tools they already trust and rely on. This combination gives our customers something powerful. Intelligence is built in, but it's still flexible enough to work the way you need it to. I'm going to talk now a little bit more about the model context protocol. So for many years, we have utilized AI in the form of machine learning in many of our features from thresholding to anomaly detection and dynamic policy enforcement. FirstWave actually holds 2 patents in the area around image and traffic identification. But we see MCP as an exciting step forward. It's our way of opening up the massive data sets that FirstWave products collect and making them accessible to the AI tools you already trust. If you want to analyze historical outages by device group, find out which devices have been having the most issues over the last 3 months, you can do that instantly and conversationally through MCP. We'll be launching an MCP service shortly, initially leveraging the APIs within opCharts so you can interrogate inventory status and performance data. Okay. So we talked a little bit about AI. Now I'm going to move us back over to talking about compliance again. So FirstWave tools help organizations meet all kinds of internal IT policies, regulatory obligations and global compliance standards. Today, I'm going to zoom in on one particular thing called the CIS control, especially because it was recently -- we recently released -- or they recently released a new version 8.1. So these controls are globally recognized benchmark for improving cyber hygiene, and our products are really well positioned to help organizations meet these controls. In the slide, we've [ colored ] some of the controls and how they directly relate to many of the products that we have in our product suite. In the next few slides, we're going to explore those -- some of the key strengths in more detail. So CIS Controls 1 and 2 focus on maintaining a complete accurate inventory of all of your hardware and software because visibility is the first step of ensuring -- of securing your environment. And that's where Open-AudIT enterprise really shines. It gives you the powerful tools for automated discovery, auditing and inventory tracking, whether it's desktops, servers, switches or software installations, it captures the detail and tracks it over time. So you can stay on top of what you have, what's changed and where your risks might be. This level of visibility not only helps you to align with best practice, it gives you confidence that nothing is slipping through the cracks. So what we're going to do now is a very quick demonstration of device discovery within an Open-AudIT. So what you're looking at here is the summary dashboard, and this shows all the device types, operating systems, resources, and components that are on your network. Now we're going to have a look at the discovery data and how it gets populated. So we're looking here at a previously run discovery. We can see the details of that discovery, the options that were selected at the time, the various options for matching, logs that were generated, the IP addresses affected, the devices that were discovered, and any issues that were encountered during the scan. Now, if we have a look at the rules section, you can see here how we determine which devices are which. So these are the attributes that we look for when we determine a device type, and that's how they populate that dashboard. Now this is the main default dashboard, and we can see here that some new software was discovered today. And so from here, we are able to interrogate that device, see what it was, where it's been installed. [Audio Gap] On the main dashboard, we can also have a look here at devices by specific manufacturers and take a look at the group's devices that are associated with each one. And of course, you can see complete data and a range of other data related to each of those devices. Okay. So that was a little demo of the discovery function. Now I'd like to take a deep dive into the CIS Control 4, which is all about secure configuration of enterprise assets and software and making sure that everything from servers and endpoints to network and IoT devices are configured securely from day 1 and that they stay that way. This is a strength of ours. And with tools like Open-AudIT and opConfig, you can establish a secure baseline configuration, monitor the drift, and get alerted when things change. So, whether it's an unauthorized software install or a misconfigured device or even an unexpected patch rollback, you'll know about it fast and can take action. This is all about reducing risk, improving compliance, and maintaining control over a constantly shifting environment. CIS Controls 5 and 6 focus on managing user accounts for controlling and controlling access, 2 critical areas for preventing unauthorized activity. So, Open-AudIT -- provides visibility around Active Directory. It also has some very strong credential management capabilities to let you securely store and reuse credentials for device access, ensuring your audits and scripts run smoothly without creating new security gaps. This helps with visibility, control, and making sure access is managed consistently across the board. CIS Controls 9 and 10 are all about protecting your people from the constant stream of threats coming through e-mail and web browsers. And even though we've come a long way, that's still where most attacks start. So where CyberCision really shines is it gives you advanced protection across e-mail, web and DNS. It filters out malicious content before it hits your users. It's smart, scalable and already trusted by some of the biggest government departments in Australia. So you know it works at a serious scale. Whether it's phishing or dodgy links, sneaky downloads, CyberCision helps you to lock down one of the most targeted parts of your environment. The final control we're going to look at today is CIS Control 17, and it's all about having solid incident response plans and the tools to actually act on them in real time. This is where opEvents, opConfig and the opHA Message Bus come together beautifully. You've got automated alerting that flags issues the moment they happen, virtual operators that can take immediate action based on your policies and a real-time message box that keeps everything in sync across your environment. It means faster response times, fewer manual tasks and much more -- and a much more consistent approach to handling incidents, whether it's a system failure or a security alert. These tools are doing the heavy lifting, so your team can focus on the critical stuff. So we're going to have a quick demonstration now of some real-time event responses using virtual operators. Okay. So what we're seeing here is the East distribution network, a network of devices in New York City. And what we're going to very quickly do is actually use the virtual operator to run a task, which is going to essentially trick the demo system into seeing that these devices are offline. And we're doing this so that we can show you how the system would respond to a serious incident. So -- and specifically, we're looking at these 3 nodes here, which we are expecting will go offline. So if we dive into the current event screen, what we're expecting is these nodes that are currently showing up to show down and there we go, those changes have filtered through. And you can also see there's a location outage. So what happens within opEvents is if it recognizes more than 3 activities that are the same on a location, it recognizes that as a location outage, and it correlates and groups all of those activities together. So if we go into opCharts here, you can see that now the entire distribution network is showing us being offline. So we know that this has been a serious event, and now we're going to resolve that. The other thing you can see here that there's -- it's created around 7 events. But actually, in our current events where we respond to them, it's actually correlated them into, again, fewer events because it's recognized that it is a location outage. So here, we can take a look at the nodes that have been affected. And we can run some tasks on those nodes so we can ping them into a trace route to see if we get a response. And you can see there at the bottom in the script where those have been run and we can see that, yes, we definitely have a device down, not reachable. So now we're going to respond, and we're going to respond using a virtual operator. So we're going to run the virtual operator job. And through doing -- running the job, we can see that it has picked up a range of other conditions associated with the affected nodes. And now what we're doing here is we're very quickly letting the system know that these devices are now back online. And so back in the current event screen in the background, we should start seeing -- you can see them coming through now that the nodes are starting to come back up. And in the top section of the screen, you can see that the issues have cleared out. And if we go back into opCharts you can see everything is back online and coming along happily again. So the great thing about the virtual operators is that they are able to perform a series of tasks like regardless of the commissions that are provided to the actual user at the time. This makes sure that things get done quickly and efficiently. And behind the scenes, even though it looks like all you're doing is pressing a button, there's actually a range of tasks that are occurring, logs are being kept and tracked, and all of this gets archived against those events when they are closed. All right. So we're heading towards the end of the presentation now. And what I wanted to address now was the changes that we're now making in our user experience. So most of our users get started with our software via the free tier. They use it to discover and manage devices on their networks. And in many cases, this is a really good first step towards more intelligent compliance practices. So we don't intend to disrupt that experience, but we do want to enhance it. Our third big technology focus beyond AI capability and compliance is building simpler, smarter upgrade paths. We want to make it easier for organizations to explore and adopt the commercial features that best suit their needs when the time is right. And in parallel, our commercial offerings are evolving, delivering more value, more automation and deeper integrations without compromising what our users already love. So we've come to the end of my first technology update webinar. We've talked about the product suite, our strategy for AI, our focus on compliance. We've seen our technology in action around some of the key security and compliance activities. We talked a little bit about the UX improvements that will make our commercial products easier to adopt for free users. So where do we go from here? Well, if you're joining today and you have not used our products for a while, why not download the latest version of the virtual machine from our website and have a play around with some of those latest releases. Open-AudIT at the end of last year had -- now has 100 device free license bundled in with it. So there's lots that you can do with Open-AudIT Enterprise to be able to see its full capabilities. If you are interested in learning more about the NCP or you want to be notified when the server is released, please feel free to send me an e-mail. I'll put you on the waiting list, and we will send you updates. I also wanted to touch on a program that we've just rolled out called the Early Adopter program. Now this gives customers early access to beta software releases, and it also provides them with opportunities to codevelop new in-demand features. There are opportunities at the moment to beta test Kubernetes for NI. And there are also -- there's also an opportunity for expressions of interest for customers that are interested in helping us to design and co-develop some new features for Open-AudIT around vulnerability and risk detection. Again, if these are things that you're interested in, please feel free to send me an e-mail. So I'm going to pass back over to Danny now, who's going to be moderating any questions for around about the next 15 minutes or so.

Okay. Thanks, Sharon. Nice you covered a range of topics there, and anyone who wants to go into more detail on any area can reach out to her directly or go to the website and the inquiry forms there. We do have a few questions coming through. So I'll just Sharon, if you need me to chime in on any of them, please ask. But yes, if anyone -- if there's any more people that have some questions, you can drop them little chat button [indiscernible] so you can click just type your question in there. And of course, if you think about something later, there's an online chat on the website. I'll just reach out to Sharon, and she'll make sure you get to the right person if it's not her.

Yes. Great question. We will probably have it there as a beta. So basically, the Early Adopter Program has 2 tiers. There's beta testing of things that we've already scoped out and developed, but that we're looking for feedback from customers before they launch to market. And then there's a co-development stream where we're getting a lot of demand for a specific feature, and we reach out, sort of hand-select some customers that we think we will be able to be able to give valuable insight, and they join on board. So with the MCP server, the first version of it has already been scoped out. But yes, we will probably be calling for beta testers. So if you do want to, again, like just register your interest, we'll be able to give you updates. And yes, you should be able to gain early access through that program. And the commitment is generally -- we obviously require feedback from you, and we love it if you give a testimonial, if you absolutely love it.

There's actually a second part in the chat as well, Sharon, yes, which is good. So there was a second part to that question: is there additional commitments? So you've answered that. Thank you. The next question is with the virtual operators, is that 100% software, so that I don't need any humans to take these actions? And then there's a second part to this question as well. I'll break it into.

Okay. Virtual operators, you probably saw on the little screen there that they can be scheduled. Or they can be activated on the spot. So they are -- it's robotic process automation sort of technology behind it. So yes, it's 100% software. All of the tasks are done by the operator, and you decide how you want it to run, how you want to be kept. So it's all specified and sort of mapped out by you, and then they become a set of regular tasks that either run daily for things that need to run daily, or hourly, or whatever you want to do, or they can be ad hoc tasks that you run when a specific issue occurs.

Okay. Great. Then we've got one here. In relation to AI, can you articulate the specific business problems you're intending to solve and the class of AI technology you're looking to utilize?

With the MCP, I think we're talking about here.

So yes, so we've got our own AI, which uses machine learning, of course, to do automated thresholding and anomaly detection in particular. But yes, I'm assuming this is in relation to MCP. But yes, just to be clear, we already have AI in our products that does automated thresholding and assist with anomaly detection. And also, we have patents around AI in the image -- that particular patent, Sharon, is image detection.

Yes, that's right, yes same.

But I think -- I do agree. I think the question refers to MCP, so I'll let you answer that. Relational AI, can you articulate the specific business problems that you're intending to solve and the class of AI that you're looking to utilize?

Okay. So the MCP protocol is actually being utilized by a lot of different organizations at the moment. And essentially, what it does is it allows you to use your existing AI tools to talk to the APIs within our products. And so essentially, the problem that we're solving it's just an easier method of reporting and extracting data or a different method of reporting or extracting data. So yes, we've got some great reports, but not reports don't always have the information that you need at hand. Same with our dashboard. So some things you can see visually, and we do, do a great job of trying to make sure that outages and things can be recognized visually. But sometimes, if you're dealing with historical data, problems that are occurring over time, things like that, the use of AI will basically sort of allow that data to be interrogated quickly and for patterns and issues, and even suggestions to be sent back on what is actually happening in your environment. So, essentially, to start off with, for us, this is just a method of you having better access to your data and being able to draw more insightful information from your data.

Sharon. I'm just trying to filter through there's a few similar questions. It is an interesting one. Does your system encrypt it's extensive logs to protect against attackers removing evidence of their work. So how do we stop if it was our systems. So our systems are looking for attackers in many ways. But yes, if our systems themselves got attacked or detected something, how do we stop our logs getting modified?

That is a great question. If we've got one of our developers on the line, we may be able to get the answer to that.

On the line, just type the answer into the Q&A would be great. Good question. This looks like it's an investor, good initiative and good luck with the commercialization process, no better time to buy stock in this company. It has upside potential here. Thank you. Thank you. And yes, of course, I agree. Okay. Do your commercial products have APIs? I'm looking at both NMISand Open-AudIT.

Yes. So there are APIs across a number of our products. To start off with, we're going to be focusing on the APIs that are available through opCharts because they have a fairly extensive amount of data because they're already used to sort of present holistic information across your whole network through dashboards. And so it's a nice broad data set that can be used fairly quickly through the protocol.

Yes. And -- at our core, remember, we've got an open source core. There's no better API than open-source software. It's all completely open. The back end of the products that you're referring to are also big data, open data solutions. So yes, it's all very, very open. The main API into the network management suite is through opCharts.

There's extensive documentation around all of the different APIs in our Wiki as well, which you can access through the web page. So if you search in there for API information, you should be able to see some of the other options that are available. And we will be exploring all of these over time to see if they add value.

Yes. Marc, the Open-AudIT founder, just wanting to note that Open-AudIT has a complete API and there isn't anything that you can do in the joy that you can't do through the API. So everything that you're able to do in the product, you can do through the API. Another one here, you're making a big deal on AI, you should have a fuller story proposition. Well, we will. I mean this is just an overview of a few things. I would note that we have patents in AI and that we have had AI in our products for many years. So this is not new to us. And I also note that the MCP server itself only was released what a month, the MCP, the model contact protocol, was only released about a month ago. Is that right, Sharon?

Been around for a little while, but it's pretty new.

Bottomline, it's very new. And we have products that are used extensively and there's a lot of data inside them, and it's actually the release of the model contact protocol, which are going to give us a future to allow people to use their own AI clients and agents to interrogate the data inside our systems because that data is not on the Internet. It's on-premise inside their systems. So this is a really exciting development for us. We're talking about it now because we see this as a future direction, and we'll update you further as those plans evolve. That's all the questions, I think. Sorry if I've grouped you under something which I think was already covered in a different question.

Can you provide us update on security?

So, yes a log security, yes, it's all encrypted, and they have very tight permissions and are shadowed as well as the logs being monitored themselves with alerting for unauthorized changes to the logs. So answer the log encrypted. Thanks Tony. Okay. With that, I think we can wrap it up. Thank you very much, Sharon. I'm sure we'll get some more questions over time. And for the audience, we'll go into deeper detail about various streams that we have over upcoming webinars. We haven't done a public webinar for quite a while. So it's nice to get that kind of broad view for now, and we'll be able to go into more details on specific products and specific things that we're pursuing in upcoming webinars. So keep your eyes out for that. And thanks for joining this one, and thanks, everyone, for your various capacities of supporting the company.

Thank you, everyone.