Unfiltered Security: TCV Industry Leadership Panel
Threat intelligence sharing, endpoint security competition and prevention vs. detection were among the big topics at this year’s annual RSA Security Conference in San Francisco.
“It has never been so critical for the security industry to come together,” said Tim McAdam, General Partner at Technology Crossover Ventures (TCV). “Security vendors, their customers, industry leaders, government agencies and other members of the security ecosystem need to collaborate to fuel innovation, create partnerships, and drive awareness about evolving threats.”
Jake Reynolds, General Partner at TCV, said organizations must build security into their entire IT infrastructure, not just at the perimeter, and find new ways to recover from attacks. “It is no longer a matter of “if” but “when” organizations will be attacked so we need to think about securing the enterprise from an entirely new perspective,” he added.
And who better to address these challenges than some of the leading executives in the IT security field today? TCV brought together high-profile enterprise practitioners and CEOs of bellwether solutions providers to discuss key issues facing today’s security vendors and end users. Topics included:
- Security Data Overload: How to cut through the noise to distill actionable security data
- The Talent Shortage: Attracting, retaining and growing the security workforce
- The Battle for the Endpoint: The changing face of today’s endpoint defenses
Moderator: Tim McAdam, General Partner at TCV
- Brian Cayer, Vice President, State Street — Corporate Information Security
- Randy Carter, VP IT Global Infrastructure Services & CISO, Thermo Fisher
- Stuart McClure, CEO, Cylance Inc. (Next-generation Endpoint Security Vendor)
- Corey Thomas, CEO, Rapid7 (TCV-backed company)
- Dick Williams, President and CEO, Webroot (TCV-backed company)
Tim McAdam: With the explosion of data, we hear a lot about data overload. How do we turn the deluge of available data into actionable threat intelligence and ultimately threat prevention?
Brian Cayer, State Street: Ultimately, data ‘in’ is easy, while getting useful data ‘out’ is hard. Operationalizing threat intelligence is a big focus for us right now as we own many vendors and deploy a lot of products, yet the big questions remain: Do we maximize use of those products? What do we do with all the tools? Are we chasing tools, or are we chasing a process?
Dick Williams, Webroot: The average time for an enterprise to discover there has been a compromise is 170 days. By then it’s too late to do anything proactive about it. To reduce this timeline you’ve got to be able to detect, block and automatically remediate everything. Webroot does this via contextualized threat intelligence and behavioral analysis.
Stuart McClure, Cylance: I have a friend at a large bank, and he often says, “We leave no product behind.” They buy every single product and service, which is great, but it’s also the problem. The challenge is that all the data produced by those tools becomes confusing. The key is locating where the 20% of security investment resides that gives me 80% of the desired return.
Corey Thomas, Rapid7: Most historical preventive technology has been awful with regards to effectiveness and efficacy. Prevention categorically cannot work in isolation. A company that is resilient to attack is focused on how well it manages its IT and the security programs associated with it. So if you have a company that deploys wonderful prevention technology but manages their IT and security environment poorly, that doesn’t solve the problem.
Tim McAdam: Finding and retaining talent is a big challenge for many security companies. What’s your advice on building a great team? And where are you recruiting your best employees?
Dick Williams, Webroot: It’s all over the map. We used to have 120 people in the Bay Area but now it’s only 20. We’ve done some acquisitions that have influenced where we locate talent today. We acquired a company in San Diego, and now have 52 employees there. It’s a very fertile environment and the bulk of those people are straight out of a university. We also have a major development facility in Colorado with more experienced people.
Corey Thomas, Rapid7: We’ve diversified our hiring strategy. We have a big R&D center in Cambridge, MA. We hire two-thirds experienced people and one third straight out of college. We have some people in Austin and a few in LA. A lot of our focus was on Belfast, Ireland as a lower cost R&D center where we have great relationships with universities and it’s more cost effective. Overall we’re hiring people earlier in their careers and developing them.
Randy Carter, Thermo Fisher: The challenge I have is being based in Pittsburgh. Even with Carnegie Mellon and its major security curriculum, it’s hard for me to hire someone right out of school since I don’t have the critical mass. The other concern is that you invest in people and by the time they come up to speed they are going to jump ship.
Tim McAdam: Marc Andreessen famously said, “Software is eating the world.” At TCV, in security we think, the endpoint is eating the security sector. So many endpoint strategies are gaining traction. Buyers, what do you think about the 1,200 security companies out there pitching you on an endpoint footprint?
Brian Cayer, State Street: One of the issues we have is that we have 16 agents currently sitting on our desktop. At what point is that overkill?
Randy Carter, Thermo Fisher: I’m seeing the same. My dream is to have one tool that does all that I need at that endpoint. When you look at Symantec or McAfee, they have a bunch of great components but my dream would be to have one tool that did it all.
Stuart McClure, Cylance: It’s the age-old challenge: best of breed or best of suite. I was CTO for McAfee and we focused on the suites. The problem is that the suite is only 30% effective in every single category and we can’t get to a 100% coverage with a 100% protection. It all comes down to what you want. Best of suite or best of breed?
Dick Williams, Webroot: I think we’re starting to get to a point where enterprises have to rip out legacy solutions. Then you have the opportunity for lighter weight solutions to solve both the problem of endpoint agent weight and also efficacy in a new, more advanced way.
Corey Thomas, Rapid7: This problem will be solved in 5 years. If you are looking for evidence, the network has had bifurcated technology that fit specific functions for a while, but we’ve had players like Palo Alto Networks that have added functionality and allowed you to get rid of stuff. Now, startups are filling huge gaps and my hope is that we can all work together.