Dylan James: I’m here with Rob Greer, Chief Product Officer at ForeScout and Paul Nguyen, VP Product Strategy at FireEye. Rob, talk a little bit about ForeScout’s partnership with FireEye and how that’s important to you guys.
Rob Greer: FireEye’s been a ForeScout partner for a few years now. They have been outstanding at finding the threats that are out there in the wild. They’re considered one of the industry’s premier security companies that the largest organizations in the world look to. With their intelligence, ForeScout is able to take those indicators of compromise, or IOCs, and look for those devices that have been compromised or could be compromised. Essentially their intelligence feeds ForeScout to go look for devices that could be compromised or have been compromised.
Dylan: What were some of the biggest changes that have occurred in the cybersecurity industry over the last 2-3 years?
Paul Nguyen: I think the visibility at the board-level with our customers has been tremendous. I’ve been in the industry for 16 years and I remember we were the back-room guys that no one cared about, who always said no. I spent time as a CISO and it was impossible to get anything done. I think the intention and security of visibility at that level has created a lot of the current demand for cybersecurity solutions.
Rob: Over the last few years, we’ve seen more connected things to corporate and consumer networks unlike ever before. Just over the last few years, more devices have connected than in the first 25 years of the internet. So companies are struggling not just with physical devices but also virtual devices in the campus, data center, infrastructure service or cloud environments, and now on the factory floor, so operational technology. The world is pretty much aware of what cyber is and what good it can do but also what can happen if you’re not aware of what’s going on.
Dylan: Are we at a spot where boards are looking to have expertise on cyber directly from their directors?
Rob: We’re seeing the CISO having direct access to the board. Most of the time, for most of our customers. Whether they’re directly reporting into the CIO or not, they’re responsible for informing the board. The conversation are about risk, risk reduction, understanding what it takes for the business to be successful and how to protect their assets, much of which is their customers’ information. So, the visibility’s there but the question is what to do about it and that, oftentimes, is what the boards are looking for: just advice. How vulnerable are we and what do you need from us to make us less vulnerable?
Paul: Certainly, the role of the CISO has evolved over the last 15 years. A lot of times they were network admins or host admins. Or just hey-you-need-someone-to-do-security-how-about-you-take-the-job, versus now we’ve cultivated the skill sets over the last decade where you have really seasoned security professionals who come from the incident response side, the operations side, and I think those skill sets are of more value today. Whereas security started very much compliant-centric, we’re evolving into how do we do real security, how do we protect ourselves. Before it was a check box: are we compliant? Great. Now the question is, are we actually safe and how do I avoid name-your-headline breach that happened? It’s created a sense of urgency that didn’t exist before.
Dylan: Rob, you mentioned the proliferation of connected devices just over the last decade or so. What do you think we’re going to see in this industry in the next 10-20 years?
Rob: Well, clearly the power of cyber has been demonstrated many times. Just look at Mirai: if you project that out, I think we’re going to see more and more nation-state warfare actually leveraging cyber for real destructive means. It’s going to need technologies and services like what FireEye and ForeScout have to help mitigate that and protect more than just our internet experiences.
Paul: Ten years from now? I’m hoping I’m still around. I can see that day but the Utopian view is, hopefully at that point I’ve got a self-defending security capability so I can just sit back and watch movies. I see commercials with self-driving cars and it’s amazing what we’ve been able to do from that standpoint. It’s no different in security: reality of telemetry, making decisions, and taking action. I hope to see that someday. If we program games to go compete against humans and beat some of us humans, I’d like to see the cyber industry evolve to that point.