F-Secure expanded from its sole route to address and secure the infrastructure posture of service providers and telcos. The security company headquartered at Finland since past couple of years caters to the commercial segment.
How much ground has F-Secure covered in enterprise and SMB with well-established security players already in the competition? ChannelWorld India spoke at length with Christian Fredrikson, President & CEO, F-Secure Corporation on the product roadmap, company strategy, customer focus and other topics of security world.
“We are not mass market player but we really employ the high end of the market. Not the best brand, not the biggest brand but we have the best technical capabilities and that’s a real differentiator,” said F-Secure CEO on India visit.
What technology trends and customer environment will drive F-Secure business in 2016 and beyond?
We are launching new products in B2B space as there is a very strong shift to B2B proposition from our side. That was based on the market demand on the enterprise and SMB side where there is huge match with our offering, technology, competence and brand.
And combined with the huge amount of increase in advanced attacks. When the attacks become more skillful, we shine better towards the competition in tougher situation. Our innovation capabilities is more appreciated in terms of the changes in the cyber security space. It is not about mass market but who can really find and work with you in wake of tough environment and tough attacks. The trends are more advanced attacks and more money poured into cybersecurity and that’s impacting everybody.
2015 was the year of data breach. Can you stick out your neck on what’s in store for the security world this year?
All of those breach types in all likelihood will continue in 2016. Like ransomware will continue to be big part as there is huge money for criminals and hackers.
At the same time, we will see probably three key trends in 2016. The first sign has already happened - the real physical damage (equipment) by cybersecurity attacks. For example, Ukrainian power system was hacked some months ago as some part of the grid was taken down. In the freezing winters of cold countries, that is a massive death threatening impact when the heating systems go down. For the first time, we are now seeing those kinds of attacks as we spoke about them and there were government targeted attacks. But now we see the impact on other sectors.
We will see more advanced hacks to down the chain. You can copy software. But it is not possible with nuclear submarine but you can try to steal it. More advanced attacks because those grade attacks done by government that software and malware will go down the line to hackers.
The third one is ‘Internet of Things’ hacks. We will see more devices as the door into the network whether it is the light bulb or TV. We will see more of those hacks this year I would dare to say. Not because you want to hack the TV but you want the access to the network. Think about maybe hacking a pacemaker as a new mode of ransomware. IoT is a whole new, big and vulnerable world.
Which direction is the enterprise security world headed more towards – endpoint security, network security or both?
We are living in world of ones and zeroes and hence there is euphoric view especially for those who only have one solution or the other. They think it will solve all but it will not. You cannot dismiss endpoint security because the endpoint is always where that data is. It holds and beholds the network endpoints where the real access is. It is a dream world that they will do this or that (end point or network).
Endpoint security does not stop everything. That’s almost like washing the hands does not stop all germs, so we should stop washing hands. You will always need both ends of the security spectrum. There will be a massive hole if either one (network and network) is not addressed in security posture for companies.
Endpoint security does not stop everything. That’s like washing the hands does not stop all germs but we do not stop washing hands. You will always need both ends of the security spectrum – endpoint and network.
Is F-Secure focusing on network security too than its predominant end point security play ?
With acquisition of nSense (a Danish company providing security consultation and vulnerability assessment services and products to large enterprises in mid 2015), we now have tools for scanning and we are building tools into the network as well.
In the next set of enterprise offerings, we are using sensors. We are not anymore only in endpoint as we realized the need to be on both sides – end point and network. We also have services - F-Secure Cyber Security Services – included in the overall solution.
Are tech jargons like APT, next gen firewall a case of mere marketing terms for security companies? Next Gen Firewall is a firewall at the end of the day.
To an extent. You can say that firewall is like 2G, 3G, 4G wherein you add on the capabilities to make it next gen firewall. We are building a new ATP (Advanced Threat Protection) solution versus APT (Advanced Persistent Threats). These similar sounding terms can get confusing at times.
End point protection is protection and defense like shielding the whole house across all doors, windows are protected. But the advanced threat perception is when someone with enough money, persistence and capabilities and persistent tries to sneak into the network.
F-Secure ATP is like cyber security alarm system which is based on sensors inside the corporation. And then artificial intelligence, heuristic knowledge and ethical hackers (working for us), we know how the hackers work, hide and move. We are not only building end point protection, but the cyber alarm system goes off when the hacker motions into the network are captured.
ATP challenges are very much real for enterprises because there are rogue users with multiple ways to enter the network and you need to have a fitting response. Our ATP solution is more advanced as it goes inside the organization and senses when someone is moving around.
Security companies including you and your competition spend millions of dollars on R&D and innovative products but breaches haven’t halted. Why do hackers always stay ahead?
I suppose it has to do with the fact that you always have the first mover advantage when you are doing defense. And secondly - the amount of money being poured in the industry on governmental side and criminal side is so big.
We are in a way doing a ping-pong game on cyber speed in the cyber world where it is like this all the time. They attack and we defend. You are just always going to be in that situation. It is just the advantage of being the attacker versus the defender.
What are real brownie points of F-Secure for the companies to feel secure with your solutions?
They are actually quite simple. We have been awarded as best corporate protection award four years in a row from AV-Test. Twenty seven years of history and nobody beats us on technology and capabilities, our ethical hackers and our sales-services organization.
We are not mass market player but we really employ the high end of the market. Not the best brand, not the biggest brand but we have the best technical capabilities and that’s a real differentiator.
I believe we are the easiest to do business with for our channels. We have invested lot of efforts to make the complex technology much simpler. Our user interface (UX) and management systems are far better than the typical market solutions.
The security landscape changed in last half decade with Dell buying SonicWall, Symantec splitting, Blue Coat, Websense, riverbed going private, Intel Security exiting few business lines as few examples. It doesn’t get more confusing for channels and their end customers?
Information security market has always gone in bit of waves and now it is in hyper stage now. Companies are buying everything and selling something – left, right and center- and security startups continue to mushroom.
I can understand that it is extremely fast moving and quite confusing for channels and CIOs. We are trying to solve that by taking all that complexity and hiding it away in terms of skillful solutions that makes it easy for enterprises to deploy.
F-Secure has not bought many companies lately.
nSense was our major acquisition last year. We will look at buying other companies as well. We have lot of cash so we are also in acquisition mode.
We will introspect what to buy especially when you are short of talent. It is one way to access talent and also grow the company at the time.
What is your professional goal and your professional goal by 2017 / 2018?
We would be strong cybersecurity leader in Europe at least and very strong player in LATAM, North America and APAC. That would be a fantastic goal for us. We would be innovation leader launching new products to be seen a leader in not only revenues and growth but a hardcore security company. And continue to be the good guys.
On a personal level, I am in a dream job (joined four years ago as F-Secure CEO) and a dream area (security) of growth to be in today security. I want to grow this company into a better company that it ever was and importantly a sustainable business model. And then I balance my work with family time.
You literally breathe security 24X7. How painful it becomes for you as company CEO when your customer gets breached or attacked?
It hurts me. I always want to get personally involved to understand what actually happened for us. But then again I realize that nothing is hundred percent in this industry. I am more interested in how fast we responded and fixed it together. It is painful but it is also a great opportunity to learn for the next case and that’s how you save the customers.
We are in the phase that you cannot only protect the enterprises. But you need the rapid response team and the forensics to respond and find it faster and fix it faster than anyone else. And conduct forensics to help the customers stay better protected which makes a good case for us.