Q&A w/ Nasdaq, Forescout & Fortinet

Twitter: @spokedylan

Dylan James: I’ve got two incredible guests joining us: Pedro Abreu, Chief Strategy Officer with Forescout and Philip Quade, CISO of Fortinet. FSCT and FTNT on the Nasdaq, proud guy right here. Pedro, let’s start with you. Talk a little bit about the value of the partnership that Forescout sees in a great company like Fortinet.

Pedro Abreu: Forescout is able to see all the assets connected to networks. We believe visibility only becomes truly valuable when you’re actually able to share that information with companies like Fortinet, and all the other technologies that customers have invested in in their environment. Fortinet is one of our newest partnerships. We’re getting a lot of tremendous demand out of our customers. And what’s it’s really bringing together is Forescout’s device visibility and rich contextual information about the device with Fortinet’s network visibility and enforcement capabilities. When you bring those two together, customers can really reduce their attack surface, which is critical in this day and age.

Philip Quade: I’d like to say that Forescout and Fortinet have more in common than just a common surname. What we have in common is strategy when it comes to automation, integration, visibility. Especially the visibility piece. You can’t protect what you can’t see. So visibility is key. And we both embrace automation and orchestration because you have to address those types of techniques to address the problems of speed and scale.

Dylan: What are some of the biggest and most significant security challenges you’ve seen on behalf of customers?

Philip: The first one is keeping up. In order to address the problems of speed and scale, you have to brace the solutions based on automation and integration. That’s what we share as a corporate culture of our two companies. The second major thing that people care about quite a bit is the complexity problem. That is, there are too many point solutions out there today that are solving very, very narrow problems but they’re not well integrated. We have to help address the complexity problem by reducing the overload we’re putting on these network operators. By integrating and automating these different solutions.

Pedro: Yes, totally in line. One of the biggest challenges I see today is too many companies or security organizations trying to buy the next silver bullet. And really advising them against that until you really understand your basics. If you don’t understand what you have, if you don’t understand your traffic, there’s no sound strategy that you can build on top of that. You have to define the right pillars and understand what you have. And then build the automation, the integration between those technologies and build a sound security hygiene. And then you can start building tools on top of it, which are the point solutions we’re referring to. At that point, you can make those investments. You need to start with the foundational technologies.

Dylan: Let’s move to the role of the CIO. Is the role of the CIO pivoting away from just IT? Is it encompassing more things?

Pedro: I see the role of the CIO really changing. In the past, the CIOs were seen as the individuals who said no. And today we’re seeing the CIO transforming to the enablers of the business. There’s two massive transformations going on in the business. We see IoT as a massive business enabler and you see artificial intelligence, big data, as being just transformational for businesses. And CIOs are no longer just the members providing the technology, they’re actually helping the business transform itself from within. So, we’re seeing CIOs taking leadership roles within the organization and transforming their business. Those are the types of CIOs we love to engage with, to build our vision.

Philip: You’re right, the CIO of yesterday is not the CIO of today. The CIOs of yesterday used to be IT people. Today, they’re also data scientists, they’re privacy advocates, they’re security advocates, they’re risk officers. It’s more than just about IT. In pivoting off that, there’s a frame of technology, class of technology called Operational Technology: OT. OT of course is used to protect our critical infrastructures, industrial automation and such. Increasingly, the CISOs need to integrate IT and OT solutions across the security fabric so you can do security for your IT, and do security for your OT, seamlessly. Not only will that help reduce the complexity problem I talked about earlier, by holistically managing IT and OT, but it also creates more effective security by managing holistically.