Q&A: FireEye CEO On Apple-FBI, Critical Infrastructure Attacks And Why We're At The Biggest Inflection Point In History

FireEye CEO Discusses Evolving Industry

Since the beginning of the year, FireEye has been investing big in threat intelligence, acquiring Dallas-based iSight Partners in January, and adding new features to its platform. CEO Dave DeWalt sat down with CRN at the RSA Conference, held in San Francisco a few weeks ago, to talk about why those investments are so critical in today's climate of emerging critical infrastructure attacks and growing complexity in security that threatens to cripple customers. DeWalt also addressed the ongoing debate between Apple and the FBI. Facing evolving attitudes and conditions around privacy and security, as well as changing demands from customers, DeWalt said the industry is at "the most interesting inflection point in mankind's history." That's a shift that FireEye plans to be in front of, he said. Here's how.

Where do you stand on the Apple-FBI debate?

We need balance. … I feel like two sides are digging in, and it's a shame. At the end of the day, mankind should have a mission to solve problems for the world. Taking positions that deeply is probably not going to get us to solve that mission. Privacy and security need balance. … I use examples, like, if you have a safe deposit box at a bank, who has the keys? You have a key and the bank has a key. That's just like encryption. … When I ran McAfee, we had a large business called Safeboot, where we encrypted hard drives, a hundred million of them. I would give access to the information under court order. I wouldn't give a backdoor to it, but I would give the data under my own lab in an adjudication process such that I could cooperate if there was child molestation on my drive or a crime committed. … That's a corporate responsibility. That balance, I think, is what we need to seek to get to. … It's really interesting, where all these tangential areas have already solved this problem, and here we are without a resolution. We're making it a war in a way that [it] doesn't need to be.

What are the larger implications of this debate?

I think this is the most interesting inflection point in mankind's history. For the first time, corporations are bigger than the government. … They have more lobbyists and more money. … Right now, you're seeing the first signs in this 21st century that corporations are bigger than the government and more powerful than we've ever seen before. You look at the money and cash reserves of Apple, and you look at the power shift and, maybe, what ultimately happens is the 51ststate of Apple. Or the 52nd state of Google. You have that scenario brewing where they become the island of their own law. What's next? Repatriate cash and pay an extra fee? They don't agree, so they don't do it. … Where do you draw the line? … It's a really fascinating window, where a corporation is challenging the largest government, and the shift of power is changing. I think you're going to see this for the next five or 10 years, and finally, ultimately, you will have a significant shift in who drives policy. … It's fascinating what is to come.

What other trends do you see changing the security landscape?

When I think about this week from a FireEye lens, from a macro, what I saw really exciting to me was this movement to an "as-a-service" model and the momentum of that. … We have almost an untenable situation in cybersecurity. If you look at what's happening in the big picture, there are thousands of vendors now and everyone is trying to sell you some little thing. If you're a customer, … it's an impossible task. … Security has to go through this [consolidation]. It's just an untenable scenario for a customer today. What vendors can come along with a simple lineup? I think that's the change that we're going to go through. … At least for one company here, our greatest resonation with the customer is that we've tried to create an as-a-service model that packages the people and the product together as an insurance to the customer. We help them do it for them and simplify the noise that's in these customers' systems to the point where they can keep the breach from happening.

Talk about orchestration -- how does that play in?

I draw this analogy to the help desk market, a market that ServiceNow completely changed: What did they do? They made an automated help desk platform because companies were drowning in help desk requests and tickets. … Over time, I think that movement to as-a-service was the biggest thing that resonated with our clients, with what we call FireEye-as-a-Service. … At least from FireEye's viewpoint, we try to do as much high-fidelity intelligence, through our acquisition of iSight, to orchestrate as much as we can, through our acquisition of Invotas, and help customers automate this with people, FireEye-as-a-Service. My vision for solving this big-picture problem is: Simplify and really make it easier to run a security operation.

What about the threat landscape -- how do you see that evolving?

Everyone can see ... this growing threat in the (operational technology) world and the worries there. … When you look at these two waves that are upon us -- one wave hit us already and one wave is about to hit us. The wave that hit us already was this massive assault by the Chinese military on America and the Western world. … The wave that everyone is conscious of this time but struggle to stop is a terroristic wave on our infrastructure. … The capability and motivation are here, and we're not prepared? Shame on us. … The last couple of months I've been meeting with the biggest leaders in the OT world. … All of them said the same thing: They are seeing a lot of activity, most of which have not seen the light of day. … The activity pickup is clearly occurring and people are trying to prepare but they don't know what to do. … I think over the next six to 12 months, this will probably be the biggest thing you write about and readers will probably want to read about.

What role does threat intelligence play in spotting those critical infrastructure attacks before they happen?

When I first started doing due diligence on iSight a few months ago, that's what opened my eyes to it. They had formed a SWAT team and a very specific industrial controls intelligence group. … The Mandiant team (Mandiant was acquired by FireEye in 2014) had begun doing the same thing. When we had the Mandiant and iSight teams come together, there were lightbulbs flying everywhere. Ultimately, I think we can do a lot of both foreign intelligence gathering with iSight as well as victim responding with Mandiant in this world to be the tip of the spear. Ultimately, we will build product behind it to ultimately solve the problem. I think we're on the very leading edge of this.

Is that the vision overall for bringing together iSight and Mandiant? A more comprehensive threat intelligence?

Definitely. My mission here at FireEye is to build the most comprehensive intelligence infrastructure that I can possibly build. A lot of vendors will try to say they can build it with technology. I think the answer to that is: partially. But, human intelligence becomes as critical, if not more critical, than the machine learning actually is. Why is that? These attackers aren't stupid. They will test their attack before they do it, and machine learning isn't going to pick up on that. We end up having very unique zero-day attacks and ultimately you have to have humans to solve that problem. That's why we're building almost a replica of the (federal National Security Agency) or CIA model: You build the most powerful intelligence engine that you can and you build the most human intelligence engine that you can. You put those two together and you're creating a military-grade intelligence operation. What we want to be seen to have over the next few years is the most powerful in the world, military-grade-capability intelligence.

Can you actually monetize that threat intelligence? That has proven a challenge for many.

I think the answer there is somewhat unknown completely. … We've been trying to solve for the quantity problem here with a thousand vendors, but not the quality problem. … We take that intelligence and we make it very unique to clients. That is the key. … We are going to take Visa's intelligence, FireEye's network of just retail intelligence -- it's personal for them. I think that's how you monetize it. You will see us also vertical-ize a few other areas of intelligence. … They will pay for that. They want to know because if there is Victim 1 in the network, they don’t want to be Victim 2. The data is there. and with Mandiant collecting it, would I pay $100,000 a year to have that insurance to make sure I'm not Victim 2? The answer is yes. Would I pay millions of dollars? That remains to be seen. … I think we will monetize that way. … I think that's what makes it billions of dollars of opportunity.

Does it affect FireEye's ability to monetize it if other vendors are giving it away for free with their products?

It's the quality. What does Indonesia's intelligence agency want? Quality. What is China doing in Indonesia? What does the military there want to do? That's what they want to know. … That's [why I would take] quality over quantity, fidelity of human intelligence and the human capabilities to acquire, that's where the future of intelligence will be. Botnets and adware and stuff, it's interesting but people will not pay much. That should be almost free. What you pay for is, what is happening in the terrorist cells of the Arabian Peninsula? Not many people are going to get that, and that's what you want to know if you're critical infrastructure.