James Thew - Fotolia

Visibility key to stopping cyber adversaries, says security veteran

Companies are beginning to accept that they will be compromised, so the demand is growing to know just how often and how deep, says ForeScout CEO Michael DeCesare

Most security technologies are unable to deal with current cyber adversaries, according to Michael DeCesare, chief executive officer at continuous monitoring firm ForeScout.

“Cyber adversaries are typically organised, well-funded, persistent, sophisticated and notably more co-ordinated by the year, but most firms are relying on technologies that were not designed or built to deal with this kind of threat,” he told Computer Weekly.

Successful cyber attacks on companies such as Sony and Target, which are well resourced and well invested in security systems, are evidence of this failure to cope.

DeCesare believes the security industry is in the process of a “massive transformation” in response to fundamental changes in the nature of cyber attackers.

After leaving his role as president of McAfee – now Intel Security – the industry veteran said he chose to join ForeScout because visibility is key to defending critical information from attackers. “You can’t stop what you can’t see,” he said.

DeCesare also welcomed the opportunity to be at the helm of a fast-growing startup that he believes can make a difference by collaborating with the security industry rather than being a competitor.

“The great thing about working with a startup is that you are not stuck with legacy product, culture and processes, and it is easier and quicker to make strategic decisions,” he said.

According to DeCesare, the forced transformation of the security industry means that a significant chunk of the market is “up for grabs” and he believes ForeScout is well positioned to take advantage without competing with any incumbents because of its strategy of universal integration.

“Companies are beginning to accept that they will be compromised, so the demand is growing to know just how often and how deep, and we can enable that by being the ‘Switzerland’ of the information security industry,” he said.

ForeScout is agentless technology that operates at the network layer and does not rely on a piece of software on every endpoint to identify and scan everything connecting to the network, which means it can integrate with, and add value to, every security system there is by enabling total visibility, said DeCesare.

This, in turn, enables communication between the different security systems in an organisation that is essential for rapid detection of malicious activity on all devices connected to the network and automation of responses to mitigate the impact.

“ForeScout owes significant growth in its business to the fact that it enables companies to apply security to employee-owned devices with the increased adoption of bring your own device [BYOD] policies,” said DeCesare.

Read more about continuous monitoring

Once the industry transformation is complete, he thinks the market will be dominated by five to 10 security suppliers that have proved their ability to deliver effective defences against the new order of threats and threat actors.

He expects this group to include the likes of Palo Alto Networks, FireEye, Splunk and, hopefully, ForeScout.

Like others in the security industry, DeCesare sees cloud computing and the internet of things (IoT) as the two greatest challenges, but also sees them as opportunities for companies like ForeScout.

“Cloud totally changes the game because now employees are able to connect directly to enterprise networks through cloud-based applications without going through a VPN [virtual private network] connection or going through a firewall,” he said.

Just as customers of a bank expect greater security for their money than they would be able to provide at home, users of cloud services should expect greater information security from service providers than they have within their own organisations, said DeCesare.

“Most people expect cars to come fitted with airbags and advanced braking systems as standard, and there should be a similar expectation when it comes to security as a standard part of cloud services,” he said.

IoT poses challenge

IoT represents a significant challenge to security because, according to analyst firm Gartner, the number of internet-enabled devices could grow to about 30 billion by 2020, and each one represents a potential route into enterprise networks, said DeCesare.

“Unlike the past 25 years, when enterprises have had to secure a handful of operating systems, there will be literally thousands of proprietary operating systems, all potentially connecting to enterprise networks,” he said.

Given that connections to enterprise networks from cloud-based applications and IoT devices are only likely to increase, DeCesare sees both as potential drivers of business for ForeScout’s agent-less network activity monitoring technology, particularly as IoT devices typically do not allow companies to install software agents on them.

“IoT security is often dismissed as an exclusively consumer issue, but it is not, because ForeScout typically reveals 20% to 30% more devices connected to Fortune 100 networks than expected and, on average, 60% of all connections are not traditional or company-supplied devices,” he said.

ForeScout technology is aimed at enabling companies to identify everything that is connecting to their network and apply controls automatically using something like Qualys’s vulnerability management system to allow an employee-owned PC to connect only to a guest network until that PC is compliant with company security requirements.

According to DeCesare, most of the devices being added to enterprise networks can be classed as IoT devices, and these include equipment such as wireless printers, internet-connected TVs, point-of-sale (PoS) systems, cash machines and air-conditioning systems.

“The challenge of securing IoT is fundamental to overall security, and if the number of IoT devices does reach 30 billion in the next four years, it will be a substantially larger issue,” he said.

General Data Protection Regulation

Network visibility in the context of privacy, and data transmission and storage, is set to become vitally important in the next two years in Europe as companies prepare for the enforcement of the recently agreed EU General Data Protection Regulation in early 2018.

For this reason, Europe is a key focus for growth for ForeScout, but DeCesare said the company’s sales and marketing capability in this region was not up to scratch with its US operations when he took over as CEO in March 2015.

Since then, he claims to have assembled “an unbelievable cast of characters” who have been tasked with scaling up ForeScout’s European operations to match those in the US under the leadership of Myles Bray, vice-president of sales in Europe, Middle East and Africa (EMEA).

According to Bray, ForeScout has done a good job in the US, but he is keen to tap the potential in Europe as well as the Middle East and Africa.

In Europe, he sees IoT as a particularly good opportunity. “Many European government organisations have still to address security in this space,” he said.

Bray plans to focus initially on deepening and expanding partnerships in Western Europe in countries including the UK, France and Germany.

“The network visibility we can offer is the most profound point of value that potential customer can see, particularly in Europe now, because many of them just don’t know what devices are connected to their networks,” he said.

The technology also helps organisations to improve their security posture, said Bray, with multi-supplier orchestration for information sharing and automated policy enforcement.

Read more on Network security management