FireEye has Disrupted the Security Landscape for Protection against Next-Gen Threats: Ashar Aziz
Sandboxing is actually a misnomer. Multi-vector execution is the right word to describe it, and FireEye is the only company delivering protections against multiple vectors of attack of file, Web, e-mail, and mobile.Ashar Aziz Vice Chairman of the Board , CTO and Chief Strategy Officer of FireEye
Ashar Aziz is the ‘new kid on the block’ when it comes to the IT security industry. Aziz is the founder of California-headquartered FireEye, one of the fastest growing security companies of today. Last year, Forbes recognized FireEye as “Silicon Valley's Hottest Security Start-up”. Aziz is also Vice Chairman of the Board, CTO and Chief Strategy Officer of FireEye which was established in 2005. During his recent visit to India, Aziz spoke extensively to CIO Magazine on why it has now become imperative for Indian CISOs to align with their company’s vision to fight next-generation threats.
FireEye has been in the technology limelight over the past couple of years. What is the company up to?
Enterprises across government, BFSI, and high-end technology—to name a few verticals—throughout the world have now understood and recognized the value of deploying FireEye solutions in their security architecture. A majority of Fortune 500 companies today run on FireEye. We are the only company in the world to protect enterprises against next-generation threats through a multi-vector approach, be it Web, file, mobile or e-mail. The USP that sets us apart from our competitors is that the security analysis happens on our appliances and within the network of the enterprises. At this point of time, we have 40 to 50 patents pending on different technologies in the security space, and there are many more to follow in the near future. We will continue to raise the bar in terms of innovation for next-generation threats, which is also reflected well in our current product offerings.
What are the short-term and long-term benefits for CIOs or CISOs in choosing FireEye, which in all fairness is a relatively new player in the market?
The benefit really is the comprehensive protection of network, IP, confidential personal as well as financial data. These are the most important things that CISOs need to protect. It is part of the security value they (CISOs) provide to their customers. We can demonstrate with POC that without FireEye technology, they are not only vulnerable to attacks, but also continually exposed to instances when security can be easily compromised. Also, the value of a brand falls if they fail to protect their customers’ data. Take Sony for example. They lost a huge market cap due to the massive security breach. The value we bring in the enterprise network is the very basic protection from all types of threats, especially next-generation ones like Zero Day attacks and APTs. ALSO READ: FireEye Outlines India Strategy to Secure APT Landscape
What would your advice be to CISOs of Indian organizations? What pitfalls should they avoid to reduce complexity in their company’s security posture?
The first unbiased advice I would offer any CISO is to do his/her own research on the threat landscape. They have to look at the structure of attacks and how the attackers work. Only then can they think about what the defensive architecture should look like. Do not take a vendor’s claim of protection against threats at face value. Do your own homework, and if you feel that vendors are making similar noises about a technology, pit them against each other in your network. Compare them on daily count. We tend to win such comparison tests almost always because our technology is well-equipped and much ahead of competition to tackle next-generation threats. This again reiterates the fact that modern enterprises need an advanced line of defense against these threats.
Is sandboxing just a technology term hyped by most security vendors?
We have brought a whole new dimension of analysis capability into the enterprise network through virtual execution. Our multi-vector virtual execution (MVX) engine is the core platform which is again unique to us. Sandboxing is actually a misnomer. Multi-vector execution is the right word to describe it, and FireEye is the only company delivering protections against multiple vectors of attack of file, Web, e-mail, and mobile. And you need to virtually execute all of it.
India Inc. seems quite incredulous to invest a chunk of their IT budgets in security solutions to counter next-generation threats. What’s your take on this state of affairs?
I think the Indian market is catching up very fast because the kind of threats in the U.S. and Japan, for example, are looming large here too. The same kind of nation state attacks and same kind of cyber criminals are accessing important financial information here. It is a target-rich environment and is not immune to the threat landscape. If they (Indian organizations) want to upgrade their security architecture, they need to relook the threat landscape and take into account the next-generation threats.
India has proven to be a rich ground for product development for many companies. Is FireEye working on the same line?
We are definitely leveraging the technical skill set available in India as we have launched an R&D centre in Bangalore. The R&D experts here will work on existing products, and also play an important role in design/development of new product offerings. The plan is to invest $40 to 50 million for R&D in India over the next 5 years.
To sum up, could you please list FireEye’s top priorities for 2013?
Awareness and education in target markets with respect to threats is of high priority. If CISOs in India understand the threat landscape, it will become a key priority for them. Secondly, we want to build a distribution ecosystem, and work with partners to cover the country. As the first real year for FireEye in India, we want to have a critical installed base of reference customers for a much better follow-up year ahead.
Yogesh Gupta is the associate editor of ChannelWorld India. Send your feedback to firstname.lastname@example.org.
Companies investing in IoT technology need to understand the importance of the service and whether that type of service makes absolute sense for their company.
Decision-makers in enterprises often wrongly differentiate between the security requirements during the PC era as opposed to post-PC era. Consequently, mobile security does not feature high on their list of priorities, which I believe should happen ASAP, says Pekka Usva.
Content Security today requires a comprehensive multi-layered approach utilising multiple technologies, says David Wigley, CEO, ContentKeeper.
Combining great technology - that is well deployed, well maintained - with user base conscious of the threat landscape results in effective security posture, says Kris Hagerman, Chief Executive Officer, Sophos.