FireEye Outlines India Strategy to Secure APT Landscape

In an exclusive interaction, Stephanie Boo, regional director, South Asia Pacific, FireEye, articulates the huge business opportunity for channel partners across APT market.

CW: FireEye claims to be the world's only cross-enterprise, signature-less protection against Web and email threat vectors. Will signature-based solutions become passé?

Boo: Organizations cannot depend on signature-based solutions alone because APTs are unknown and zero-day, which are not the fundamental characteristics of those solutions. FireEye is focused to halt next-generation threats such as zero-day and APT attacks. These threats seep through traditional defenses, and eventually compromise over 95 percent of networks.

Seven years ago, IPS was expected to replace firewall. Today, organizations need both the security offerings. Many users do get compromised by known viruses. Therefore, signature-based solutions will not be passé. However, a robust security posture will need signature-less solutions too. Hence, FireEye is not replacing a firewall and IPS, but supplement or add another layer to signature-based firewalls, IPS, anti-virus.

CW: What arsenal does FireEye possess to overhaul bigger and well established vendors like Symantec, McAfee in India?

Boo: We are a company focused on advanced persistent threats (APT), which are serious concerns for most enterprises and security vendors. We do not replace conventional security solutions, but in stead complement them. We also have collaboration with security vendors like McAfee, RSA, Arcsight, and Blue Coat. Many analysts including Gartner acknowledge that traditional solutions built on signatures are not well equipped for next generation threats like APT.

For FireEye, the arsenal or what we call the secret sauce is our 'signature-less' technology. The Virtual Execution platform on our products delivers fast performance to emulate customer environment for detecting malicious threats. Another differentiator is Malware Protection Cloud, which offers global threat data sharing to stop emerging, zero-day threats. This is extremely beneficial for our 100 plus customers, mainly large MNCs, which have deployments globally through remote / branch offices.

CW: Then who are your real competitors in the security space?

Boo: Competition comes in different forms. The biggest challenge for us is to empower customers to understand APT and relate our differentiator versus traditional vendors. Many customers view it as a new jargon for malware, but the truth is APT is polymorphic and persistent than ever before. Apart from downtime and productivity loss of organizations, today's sophisticated APTs are untraced at the time of attack.

With McAfee, we also offer a holistic protection offering through joint sales call /marketing in some countries. FireEye complements RSA's NetWitness. Not many security vendors can offer an end-to-end protection suite on their own.

CW: How is FireEye building its India story from the market perspective and its partner roadmap?

Boo: After making a strong footprint in the U.S. and Europe, we are extending operations in APAC market this year. We are leading an Indian team as we hired two employees including N. Sridhar as national sales manager. The employee strength will triple soon as we target Mumbai, Bangalore, and Delhi. We plan to have a direct India entity within the next 6 to 12 months.

FireEye will remain a 100 percent Channels Company in India too as per its globally operated policy. We follow a 2 tier distribution model with Inflow Technologies as our distributor in India. Apart from major tier-1 partners, we work with auditing companies such as Delloitte, and PwC as well. Tier-2 partners including systems integrators are also part of our channel ecosystem.

CW: Do you cater to the enterprise segment only? How many partners are enough to cover the widespread geographic expanse of India?

Boo: The main focus will be enterprise and government spread across BFSI, manufacturing, tech companies, education institutions and others. For SMBs, we work with MSSPs as this segment does not have the luxury of full-fledged teams and resources to manage devices. We even work with service providers as they offer email hosting. For enterprises, it would be predominantly on-premise while cloud is apt for SMBs.

We will not sign hundreds of partners. APT is an extremely sensitive issue and the partner segment needs to educated well to do value-added selling. A closer channel structure will empower them to the highest level of engagement and hence help position FireEye correctly. Partners often presume us to be another Symantec or McAfee. After aligning closely, they realize our distinctive advantage to combat next gen security threats. We also provide demo boxes for partners.

CW: Would 'security appliances' perish as enterprises prefer non-capex solutions like SaaS or Cloud?

Boo: Because of technologies requirement, our appliances in big enterprise ensure minimal latency using virtual engine which runs up to 96 virtual machines simultaneously. All our hardware is proprietary and built from scratch. We are layer 2 security residing behind firewall and IPS. To strike a balance of protection and performance for a robust security posture, security appliances will not die.

FireEye products include Web Malware Protection System, Email Malware Protection System, File Malware Protection System, and Malware Analysis System. Government organizations and enterprises at large will not move to cloud as the adoption is still slow in India. APT is a sensitive issue. Hence, the companies will prefer detection and protection as on-premise. Appliance-based solution is the way ahead for APT.

CW: What are the new age security threats which CIOs should guard against in 2013?

Boo: The cyber world landscape will continue to change dramatically. It is no longer broad-based with virus, Trojan, spyware to name a few. The worldwide spam has dropped significantly as many enterprises already have an anti-spam solution. APT is here to stay as that industry is estimated to be worth a billion dollars.

APT earlier emerged mainly through email or website, but now the entry points have increased through file and extended usage of the BYOD trend. Social network and apps from mobile further pose a threat. Hence, it is imperative for CIOs/CISOs to deploy multi-vector protection across Web, email and file to adopt another level of security, which is non-signature-based.