enterprisesecuritymag

Simplicity-The Virtue Of Future Security Solutions

By Barmak Meftah, President and CEO, AlienVault

Barmak Meftah, President and CEO, AlienVault

What significant changes did the enterprise security industry witness in 2013? What did these changes mean to vendors and customers?

We saw our industry mature on two fronts:  First, it is becoming apparent to customers, analysts and vendors that protective security is not enough.  It will always be important to stand up a wall between the hacker and the assets they are targeting, however we now know that no matter how thick or high the wall, breaches will happen.  Moreover, these breaches are now targeting companies of all sizes not just the big, global financial institutions and government agencies.  We now appreciate the value of a comprehensive, affordable yet simple "detective" and "response" oriented security solutions.  Being breached is just a matter of time and sophistication of the attacker, however sophisticated and swift detection and response is in our control.  The second trend in 2013 revolved around threat intelligence sharing.  The idea that as victims of cyber crime we have not come up with an open and collaborative way to share our observed threats and breaches with each other so we are better equipped as a group to prevent these attacks by virtue of crowdsourcing what we see is unforgivable.  If we unite and allow each other to share our observed threats, we will finally put the hackers on the defense.  2013 was a huge year in establishing the importance of open and collaborative/crowd-sourced threat intelligence sharing.

What are some of the changes you had anticipated would happen in 2013 but did not happen?

I think the area of compliance needs much more sophisticated prescription. The intent of all compliance regulations is to prescribe ways for potential victims, especially ones who store sensitive and private data to put the appropriate security controls and measures in place to protect themselves and as a result their collective customer's information.  We have seen huge improvement in compliance around PCI, HIPAA, GLBA, etc., but there is tremendous room for more comprehensive (not complex) rules.  Another item that I was hoping would get a lot more attention is the importance of risk mitigation and overall security posture of companies and the elevation of it at the CEO and board level.  Often, security and risk issues are buried deep in an organization.  In smaller-size companies, we see the same group responsible for overall IT, also responsible for the security posture of that company.  Risk and security must be a board-level discussion and a specialized skill no matter how big or small a company.

Can you paint us how the enterprise security landscape will change in 2014? What are some of the broader trends you are closely watching?

We will see companies of all sizes (not just global enterprises) pay closer attention to their security posture.  In fact, one would argue that mid and small-size companies are probably more appealing to a hacker given their lack of sophistication and more porous attack surface.  From a vendor's perspective, we believe that security must become simple, complete and integrated yet sophisticated.  As vendors we have been guilty of complicating security.  We have sold too many point solutions that approach security very myopically.  We then require our customers to glue all these disparate solutions together, which is often a very expensive and complex proposition to the vast majority of our customers.  We must think like our customers do, put ourselves in their shoes as potential victims and provide an integrated solution that is easily deployable, much more affordable yet comprehensive and sophisticated.  

How will customers' spend change in 2014 for enterprise security? What makes you think customers will be buying more/less?

We think overall security spend will increase in 2014, however we also believe that companies will get smarter about their security spend. Companies will look at their risk level acceptance threshold and spend according to the amount of risk they are willing to accept.  There will never be absolute security.  Security will always be a function of accepted risk levels.  We believe that customers will demand more for less from security vendors.  We believe that our security solutions will get more sophisticated but, by virtue of better integration and simplicity, the need for spending unnecessary dollars for complicated solutions will decrease. 

What's in store for your company in 2014?

We have a big growth year ahead of us.  We provide a unified approach to detective and forensic security.  Our mission is to equip companies of all sizes, especially the underserved and often ignored mid market enterprises with a Unified Security Management (USM) platform augmented with an open and collaborative crowd-sourced threat intelligence network (known as "Open Threat Exchange" or OTX) to give our customers threat detection and response in an affordable, simple and complete way.  We will continue to spend heavily in innovation around simplicity, ease of use and completeness while improving the sophistication of each of our built-in security controls.  We strive to have our customers gain security visibility in minutes, not days or months.  We will also spend heavily in marketing and sales to service primary demand from our massive target market around compliance and overall threat detection and response.   We experienced incredible growth in terms of new customers and overall revenue in 2013.  We see that trend continuing in 2014.