Q&A: ForeScout CEO DeCesare On Why This Is The Year For IoT Security To Really Take Off

ForeScout CEO On IoT Security

The security threats around IoT are becoming real, with recent examples of major DDoS attacks, ransomware, and more. ForeScout Technologies CEO Michael DeCesare said he believes that this is the year that customers will start to bet big on IoT security investments, as they realize the real-world impact unsecured devices can have when connected to their network. In an interview with CRN, DeCesare talked about the opportunity he sees for partners and vendors alike in IoT security, and how the security industry needs to evolve to meet this new, emerging threat vector. Take a look at what he had to say.

How have you seen the landscape change around IoT security since you started at ForeScout around two years ago?

This market is gigantic that we're in… You almost can't pick up the paper anymore and read something that has some level of IoT-oriented breach. You're seeing different approaches to security that are becoming very successful because the bad actors are innovating so incredibly fast that it requires a different architectural approach from the security companies to defend them… Our customers are all corporations and it’s the corporations that are dealing with this explosion of devices. I think it's one of the mega trends… That's the challenge that companies are up against: you have this huge chunk of this $30 billion industry focused on a piece of the pie that’s getting smaller and smaller and smaller every year. What's growing every single year is all of these other devices that are coming online… . I would tell you that it's the explosion of IoT devices into corporations that's going to make visibility the next big thing inside of the security space. That's the place we really play.

What sort of opportunity does that present to security startups, like ForeScout?

I was very committed on this job search to find something that has tailwind versus headwind. I don't know if I've had one of those yet in my career, but we certainly found it with ForeScout … There is definitely a new, a different breed of security companies that are going to start becoming the big security companies. In all my years in security, I have never seen the big incumbents more vulnerable to startups. It's because the threat landscape has changed so radically over the course of the last 36 months…The roles that we play in the area see, control, and orchestrate is that visibility is a new thing. If you think about this $30 billion security industry, the vast majority of that is focused on things that you can get agents on… But, if you look at the world of the IT landscape that is out there, we've gotten to about 10 billion connected things over the past 25 years… and Gartner calls it 30 billion devices by 2020… The entire approach to assuming that you can get a small piece of software on every device is not appropriate anymore. That's why we claim, and are such a major player, in the world of IoT because we are the only ones that help secure those devices because we don't require an agent to be on those devices.

Do you think 2017 is the year for IoT security? I feel like we say it's going to take off every year.

IoT has been happening… We're seeing a lot of momentum in our business. This is the only place I've ever worked where we see customers go from no installation at all to a full deployment of our product. We see deals that are over $10 million as the first transaction into a customer. If we go in to run a proof of concept and show them 30 percent more activity on their network [than they knew about], they typically don’t say they don’t need that. They want full visibility of what's in their environment… There's different ways to think about IoT security… You can have security sold into IoT devices. I think we have been really clueless on this, to be honest… It's pretty scary to think about the IoT manufacturers all being responsible for the security of their own devices. I will tell you that the level of interest that we're seeing among the corporations that we're selling into is pretty extreme… What I'm describing to you is companies are catching onto in a big way is if you put all of this money into this piece of the pie that's getting smaller and smaller as you're allowing all of these devices onto your network that have no controls on them to have the equal visibility on the network.

What sort of impact did you see from the Dyn DDoS attack last fall?

The bad guys are certainly starting to steer towards those other devices. I think it's almost every month now that we read about some sort of high profile IoT breach. When the Dyn attack happened, the first thing was we started getting quite a few calls from our customers. I thought they were going to be concerned about if their security cameras were involved in the Dyn attack. They couldn't care less if their security cameras were involved in the Dyn attack – that's Dyn's problem. They wanted to know if their security cameras were a danger to themselves. They are inside the firewall and on the network. Can you imagine if you took one of these large corporations that may have 100,000 security cameras, what if those security cameras were compromised in the Mirai botnet and turned around and focused on their own systems that they wanted to take down. Most customers don’t feel like they have anything close to adequate protections in those areas. That is right in our wheelhouse.

How are customer buying patterns around IoT changing?

I think corporations are really starting to wake up. I'm meeting a lot of CIOs and CISOs and they are all freaking out about what is their strategy to secure all of the billions of devices that come into their environments that don't fit the architectural approach that they've taken with every other device that they've ever let onto their network. I think they are starting to recognize that… What's crazy in 2017 is the majority of customer's strategy is fail open. If something doesn't meet the security standards, they are not blocking devices from coming in… Our thesis is give a customer full visibility of everything on their network, then give them the ability to do enforcement on whether a device should or should not be allowed on the network before it first connects… You asked if it is the year of IoT: if you believe Gartner's numbers, we will have as much growth in the next 12 months as we saw in the first 25 years of the Internet combined. As those volumes tick up, obviously we think IoT is going to be a bigger and bigger risk and focus area for corporations. We think we're in a pretty good position there.

When you look to be in the orchestration space, how are you pitching yourself to be that pivot point in a company's security portfolio?

It's so hard to answer this and not be super cynical. It's been a discussion for a long time. Every one of these large vendors, once you get to be the size that they are, they want you to buy all of their products and if you don't buy a product from them they want to be the ones that link all these things together. We're not an orchestration vendor. The only place that we can sell our orchestration value proposition is to someone who has already bought us for the other reasons, our visibility and control… Our competition… is this tiny little slice of Cisco and this tiny little slice of HP through the Aruba acquisition. Their approach to our space is if they own the switches and routers then their approach to our value proposition is to leverage their own switches and routers. We don't have that benefit of the switches and routers – we don't own those devices. We are fully heterogeneous… Whether they want to or not we have integration into all of these products and we give customers a ton of ability to be able to be able to steer those use cases and make use of those investments that they've made.

Is heterogeneousness your benefit of being a startup company, versus a legacy company?

Our chief competitor is Cisco – and Cisco does well with Cisco. Almost every one of our large six-figure deals is a Cisco replacement. Their product is big, clunky, hard to implement, and the reality is that no matter how large of a Cisco shop you are, you aren't all Cisco. The reason our customers like us is because we let them operate across different networks. As much as they might be competition, that means that the Junipers and F5's of the world become very natural alliances from us because they aren't in our space and they are competition of Cisco as well. You see that on both sides.

The cloud – Amazon and Microsoft don't run Cisco as their infrastructure. If you're a customer and you're trying to move things up in to the cloud, you're locked into a network vendor that requires their switches in their environment, that same technology just doesn't translate when you move to the cloud. Because we've been heterogenous from the start, our ability to bring cloud-based environments into our environments is really easy because we abstract ourselves from that layer of physical hardware.

Can the legacy vendors catch up if they open their architectures? Some are moving to do that.

It looks great in PowerPoint. Architecturally, it's the same thing. Anyone who is agent-based, going agent-less is not a small upgrade… Our IP at this company is that we can analyze billions of packages of data flying across all kinds of network gear and say what's on your network in real-time. It's not an insignificant move for an agent-based organization. It's worth pointing out that Cisco, Juniper and HP have agent-based solutions to the same problem… Can they catch up? There's a pretty major architectural change that would need to happen inside of those organizations before they start to be a real issue for us in the world of IoT, where you can't get agents. On the same token, we coexist with Cisco all the time in places where they might use their agent-based approach on the ones they can get onto and ForeScout on the ones that they can't… I actually see Cisco potentially being a bigger friend over time versus an enemy of ours... They have to make sure that as the world moves to software-defined networking, that they are still a major play as in a physical network like they are today… The things that Cisco really focuses on in security are some of the bigger areas that we have seen.

You're seeing a lot of security vendors move to integrate their technologies (yourself included) – what's the significance of that?

It's really hard to imagine the good guys winning if we don't get the security industry to collaborate… This security industry needs to come together. The hard part -what's so ironic about this – is that it can't be done in the traditional way… It can't be done by Cisco buying the entire industry or Symantec buying the entire industry – though they both seem to be trying. Best of breed is alive and well inside the security world. Customers are voting with their wallets. There's a reason that guys like us… are growing at such incredible rates compared to some of the big incumbents… It has to be done by collaboration. We have to figure out some way for there to be some level of information sharing among those companies in a much better way than there has been historically. I think we can play a really big role in this. I believe that we're going to be the backbone that integrates the whole security industry, one step at a time. We talk to our customers about this and they love what we're doing in this world of orchestration and they're placing some pretty sizable orders with us.

When you talk about integrating security vendor technologies, how do you balance that with competition?

This is one of the things I'm so excited about inside of ForeScout. I don't need the security industry to come together. If you're a McAfee or Symantec or Cisco or IBM or Palo Alto Networks, you put out this big organizing framework that you say is going to be the platform that is going to integrate the security world. Then, your business development teams have to go out to all the different security companies to get them to actually integrate to your security framework. That's where it falls apart… We don't have that challenge… We're not trying to go out to these companies and say "pick us" as the architecture for the organization. What we are trying to do is go to these organizations and say we have a killer, serious use case about how we can make your product and our product work better together in the environments we've already sold ourselves into.

The industry is trying to get the industry to want to sit down and sing kumbaya together. We don't need that – we just go out and solve problems one at a time.

What sort of growth have you seen at ForeScout?

When I left McAfee, I was very focused on what do I think has natural tailwind to it: what trends in the IT world did I think that companies that are in those spaces will be coasting downhill instead of trying to plow their way uphill? The obviously the biggest one I saw and decided to come here was this area I described to you around IoT security… I think this is going to be our year, that's for sure. Our growth is so strong at this company and so many of my employees have been here less than 18 months. As I get this workforce ramped and the sales organization ramped – we're hiring top reps from Tanium, FireEye, Palo Alto Networks, Splunk, etc. – as they get ramped and learn our technology and take this technology to the marketplace, the receptivity of customers is really strong for us… I do think this area of having confidence that you have 100 percent confidence that you have visibility into what's on your network and being able to take control of those devices, that that will become the next big thing. Obviously, we think we will become the next big thing as the result of that.

What other markets in security do you find interesting right now?

There are two others areas that I was equally as interested in… One is EDR… You see this battle of McAfee and Symantec with this traditional agent-based, signature-based AV approach that doesn't work anymore. I ask customers all the time: what do you think the effectiveness of antivirus is? I haven’t had a customer in the past year say more than 60 percent, but they also don’t say they're going to uninstall it… There's a new battle of the endpoint products… The question is: can you see the big guys innovate or will you see these smaller companies that will take market share.

Then, the next trend I saw was the evolution of SIEM… I think there's this really cool trend out there that is that SIEMs were always built to take data in but not to do anything with it in real-time, and every one of them from Splunk, McAfee, IBM, HP, all of them are trying to position themselves as a brain that can take in all of this information in, analyze it and correlate it in real-time, and then start to take action on that data out in the organizations. I think you're seeing this huge evolution of SIEM. I think SIEM is going to become a bigger and bigger and more important part of the equation than we've ever seen before.