CRN Interview: Andre Yee, NFR Security

Intrusion management vendor NFR Security is putting more emphasis on the channel, expanding its partner program with new programs and initiatives. The company also appointed former vice president and CTO Andre Yee as president and CEO. Yee sat down with Senior Editor Christina Torode to talk about his top goals for the security vendor and the importance of the channel.

CRN: What is at the top of your agenda now that you're the CEO?

YEE: One of the things we've done is invested a lot in our research and development so that we can be the technology leader in the intelligent intrusion-defense space. The second piece is to continue our transformation in terms of sales and marketing. Our key goal over [the] last nine months was to really rebrand the company and launch the company anew. We've had this grass roots following among the technical community, but we haven't always done a good job with presenting ourselves to the CTO-CEO-[chief security officer] crowd. So one of the things we've done is engaged a new director of marketing, and we've been able to spend significantly more on our marketing activities. We've done a complete rebranding of our visual identity. We've launched a new Web site. We've launched a new partner program. So we've done a lot from a sales and marketing standpoint.

Finally, the last initiative is to really take our customer service to the next level. One of the things we're doing to improve in this area is we formed a customer advisory group of our top dozen customers, and we are spending more time with them. They help direct where we want to go.

CRN: How do you see your technology evolving? You're known as an intrusion-detection player, but you're using a different term now.

YEE: I embrace the thought that intrusion detection has to evolve. My only concern is that we've narrowed it to a singular issue around prevention. In fact, intrusion detection needs to evolve into a more intelligent intrusion-defense system,a system that encompasses smart detection,because if we don't solve the problem of false positives, we're not going to be able to take intrusion detection to where it needs to go. So the detection engine and methodologies need to be a lot smarter. Second, you need to have the ability to deliver enterprise manageable systems. A lot of vendors are struggling to get their products to scale at this level. We think the real challenge is not simply to get it to scale, but can the systems be managed once they're scalable? Finally, we believe the next generation of prevention systems will incorporate innovations that allow it to be deployed in a trusted fashion that will not drop or block legitimate traffic. We're working on trusted in-line intrusion-prevention systems that will be out in the third quarter of 2004.

CRN: Why is there so much confusion around the intrusion-prevention space?

YEE: Prevention shouldn't be viewed as a separate category from what I would call an intelligent intrusion-management system. Prevention is really an added functionality, and you build prevention on top of detection. Some of the analysts have come out strongly decrying the limitation of IDSes. They said IDSes are dead and IPSes are the new thing. Then they said IPSes are dead and the new thing is smart firewalls. The reality is the industry is moving toward smarter security appliances that involve both detection and prevention.

CRN: How important are channel partners to your strategy?

YEE: I have been exceptionally encouraged by what we've done in the channel with the launch of the new channel program. We've had an indirect channel working for us internationally and have been very successful. For better or for worse, we've [taken] a more direct approach in North America. Over the last couple months, though, we've launched this channel program, and we've seen a lot of traction. It's resulted in a lot of deals in our pipeline, and a lot of opportunities for us and our partners to make money. Perhaps most encouraging of all is our partners are saying working with us is a win-win, unlike some of the bigger players that suffer from channel conflict,we don't have that problem. We're not big enough from a direct perspective to create that conflict. We don't see our channel partners competing for business. We see them as true partners. The program is not an addendum to our strategy. If our channel program is not successful, then we're not going to be successful

CRN: What can we expect for the channel in the coming year from the program?

YEE: We will be doing a lot of comarketing events. We're going to launch an across-America seminar tour where we'll hit all the major markets in conjunction with our partners. It will be us and partners standing side by side with our customer advisory group, and we're going to build a community around our customers, partners and ourselves.