Dylan James: I’m honored to be here with Pedro Abreu, Chief Strategy Officer with ForeScout, as well as Brian Kenyon with Symantec, Chief Strategy Officer. To kick things off, Pedro tell us a bit about the ForeScout/Symantec partnership.
Pedro Abreu: ForeScout gives customers that deep visibility to every device in their network. And that only really becomes valuable if you can share that with all the other technologies of companies that are really investing in their security strategy. The partnership with Symantec has been really focused around the endpoint protection. Symantec is a leader for endpoint protection as well as cloud and other technologies. What makes us unique is the really deep intelligence capabilities that Symantec has around the managed devices: PCs, laptops, servers, mobile, all those devices that companies manage closely, coupled with the visibility we can give companies to all the devices that are unmanaged: security cameras, all the IoT, BYOD, and other devices that are showing up in the environment. The two elements together really complete the picture for a company and provide that depth of visibility that they need to secure their environment.
Brian Kenyon: In 2018, this partnership between Symantec and ForeScout is really a lighthouse for the rest of our industry. What we really need to be focused on here is how we can collectively, as a set of manufacturers, work together to solve unique customer problems. If you look at what ForeScout and Symantec are doing today: we have two disparate technologies, and this is really unique, we’re not doing this with any other partners, where we’re sharing intelligence from one piece of our portfolio and our platform into ForeScout’s. That is really a real, good example of how this industry should be behaving long-term.
Dylan: Brian, what’s the biggest cybersecurity misconception that’s deceived the industry in your opinion?
Brian: Excellent question. You can look at it a couple of different ways. But I think one of the biggest misconceptions we deal with today is the concept of “best of vendor” or “best of breed.” It all started from a very simple concept called “defense and depth.” What’s happened over time is that concept of “defense and depth” has turned into “defense and vendor,” and has turned into “defense and approach,” or “best of vendor.” What’s ended up manifesting in front of the customers, now they’re dealing with a myriad of different tools, different systems, different capabilities that actually aren’t enabling them to deliver a better security posture. It’s actually reducing and eroding the security posture of the organization. Just because it becomes too complex to manage, too hard to really get the true visibility you need to deliver security. Over the years, we’ve learned that “defense and depth” is really taking different threat intelligence, different protection engines, and marrying those with the capabilities you have. Not bringing in a whole host of different vendors to solve a pretty simple challenge.
Pedro: The biggest misconception we’re observing in our customers environments has to do with who’s responsible for securing the Internet of Things world? It’s fascinating when I walk into some of the meetings and that simple question, “Who’s responsible for the security of IoT?” And there are blank stares and they look uncomfortable, feeling it’s not me, but I don’t know who it is. There’s a misconception that the vendor who is selling them those products is going to solve that security problem for them. And the reality is, we’ve been in the IT industry for years, and Microsoft hasn’t solved that in the new Windows OS. Apple has done a great job but it’s not yet a solved problem. So why would you expect a vendor, who’s doing the first connected device in their life, does not have the IT skills, doesn’t have the budget, likely doesn’t have the margins in product to build security from scratch, to solve your problem? When people started really thinking that way, they’re like, “Oh… I’m responsible for the security of this device.” And then finally you can start a conversation. But that’s a misconception that still exists in almost every customer conversation I’m having today.
Dylan: Are you seeing the role of the CIO evolving to other things besides traditional IT?
Pedro: One, we have the best CIO in the industry, Julie Cullivan, so I’m very confident with ours. If you look at the CIOs, real CIOs out in the industry, they’re starting to become the Chief Enabler Officers. I call them Enablers because in the past, you have the business goal and then decide what needs to get done, and at the end you tell IT, “Can you put this together?” Today, a lot of the technologies that are being put in place that are going to change business models start with technology, and start with IT: big data, Internet of Things, Artificial Intelligence. So, we’re seeing CIOs really stepping up and instead of being more on the reactive, receiving end, actually stepping up to the front and saying, “This is something where we can transform our business. If we take the data that we already own, here’s how we can change/build new business models, new services, new ways of making more money, and cut costs.” Those are the modern CIOs and that’s what the boards are expecting more of.
Brian: Well, I’d like to start by saying we have the best CIO, Sheila Jordan. If I took a look at the CIO in today’s world, I think of it slightly differently, but very much in line with what Pedro has mentioned. Which is, if you think about technology and business in the ‘80s, the question posed to most CIOs is, “Can IT run my business?” Then as we moved into the ‘90s and 2000s, it became, “Can IT transform or scale my business?” Now you look at it and it is, “Can IT run at the speed of data?” And that is a completely different thought process than what’s ever been asked before. It changes the way we architect, it changes the way we think about producing IT capabilities, and it certainly changes the way we think about securing those capabilities long-term.
Dylan: That’s fantastic, thank you both.