FireEye has Disrupted the Security Landscape for Protection against Next-Gen Threats: Ashar Aziz

Ashar Aziz is the 'new kid on the block' when it comes to the IT security industry. Aziz is the founder of California-headquartered FireEye, one of the fastest growing security companies of today. Last year, Forbes recognized FireEye as "Silicon Valley's Hottest Security Start-up". Aziz is also Vice Chairman of the Board, CTO and Chief Strategy Officer of FireEye which was established in 2005. During his recent visit to India, Aziz spoke extensively to CIO Magazine on why it has now become imperative for Indian CISOs to align with their company's vision to fight next-generation threats.FireEye has been in the technology limelight over the past couple of years. What is the company up to?

Enterprises across government, BFSI, and high-end technology--to name a few verticals--throughout the world have now understood and recognized the value of deploying FireEye solutions in their security architecture. A majority of Fortune 500 companies today run on FireEye. We are the only company in the world to protect enterprises against next-generation threats through a multi-vector approach, be it Web, file, mobile or e-mail. The USP that sets us apart from our competitors is that the security analysis happens on our appliances and within the network of the enterprises. At this point of time, we have 40 to 50 patents pending on different technologies in the security space, and there are many more to follow in the near future. We will continue to raise the bar in terms of innovation for next-generation threats, which is also reflected well in our current product offerings.What are the short-term and long-term benefits for CIOs or CISOs in choosing FireEye, which in all fairness is a relatively new player in the market?

The benefit really is the comprehensive protection of network, IP, confidential personal as well as financial data. These are the most important things that CISOs need to protect. It is part of the security value they (CISOs) provide to their customers. We can demonstrate with POC that without FireEye technology, they are not only vulnerable to attacks, but also continually exposed to instances when security can be easily compromised. Also, the value of a brand falls if they fail to protect their customers' data. Take Sony for example. They lost a huge market cap due to the massive security breach. The value we bring in the enterprise network is the very basic protection from all types of threats, especially next-generation ones like Zero Day attacks and APTs. What would your advice be to CISOs of Indian organizations? What pitfalls should they avoid to reduce complexity in their company's security posture?

The first unbiased advice I would offer any CISO is to do his/her own research on the threat landscape. They have to look at the structure of attacks and how the attackers work. Only then can they think about what the defensive architecture should look like. Do not take a vendor's claim of protection against threats at face value. Do your own homework, and if you feel that vendors are making similar noises about a technology, pit them against each other in your network. Compare them on daily count. We tend to win such comparison tests almost always because our technology is well-equipped and much ahead of competition to tackle next-generation threats. This again reiterates the fact that modern enterprises need an advanced line of defense against these threats.

Is sandboxing just a technology term hyped by most security vendors?We have brought a whole new dimension of analysis capability into the enterprise network through virtual execution. Our multi-vector virtual execution (MVX) engine is the core platform which is again unique to us. Sandboxing is actually a misnomer. Multi-vector execution is the right word to describe it, and FireEye is the only company delivering protections against multiple vectors of attack of file, Web, e-mail, and mobile. And you need to virtually execute all of it.India Inc. seems quite incredulous to invest a chunk of their IT budgets in security solutions to counter next-generation threats. What's your take on this state of affairs?I think the Indian market is catching up very fast because the kind of threats in the U.S. and Japan, for example, are looming large here too. The same kind of nation state attacks and same kind of cyber criminals are accessing important financial information here. It is a target-rich environment and is not immune to the threat landscape. If they (Indian organizations) want to upgrade their security architecture, they need to relook the threat landscape and take into account the next-generation threats.India has proven to be a rich ground for product development for many companies. Is FireEye working on the same line? We are definitely leveraging the technical skill set available in India as we have launched an R&D centre in Bangalore. The R&D experts here will work on existing products, and also play an important role in design/development of new product offerings. The plan is to invest $40 to 50 million for R&D in India over the next 5 years.To sum up, could you please list FireEye's top priorities for 2013?

Awareness and education in target markets with respect to threats is of high priority. If CISOs in India understand the threat landscape, it will become a key priority for them. Secondly, we want to build a distribution ecosystem, and work with partners to cover the country. As the first real year for FireEye in India, we want to have a critical installed base of reference customers for a much better follow-up year ahead.

Yogesh Gupta is the associate editor of ChannelWorld India. Send your feedback to

Join the CSO newsletter!

Error: Please check your email address.

Tags data securitysecurityVirus & VulnerabilitiesFireEyeSecurity ApplianceIT/ITeSsecurity softwareCybercrime & Hacking

More about FireEyeInc.Sony

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Yogesh Gupta

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place