FireEye Founder, Vice Chairman and CTO Ashar Aziz discusses the company’s transition to an as-a-service model – and his vision for the impact of a “cyber-geddon” – with Security Advisor Middle East.
What are your thoughts on the recent drastic – 19 percent – drop in the company’s stock price?
We don’t react to drops in stock price. There are factors which you can never fully control, so as executives of a business, our focus always has to be on the business itself. How do we grow the business, what’s the right strategy and how do we execute that strategy?
We’re investing in our go-to-market strategy around our product portfolio, and are making good strides. If there’s anything we need to do more of, it’s explain that our model is becoming subscription-oriented versus up-front product-oriented.
Tell me about your new FireEye-as-a-Service platform. Introducing it must be a transitional phase for you.
There are a lot of attractive features to FireEye-as-a-Service. One is that it comes with a team of security professionals that have the insight and training to react appropriately with contextual knowledge. It’s not just a case of the product, you also have to recruit, train and retain a whole team to understand sophisticated cyber-attacks and to make sure that the kill chain analysis and the remediation and follow up is done exactly right. We take care of all that. FaaS is unique in that respect, that it’s our technology as well as our people, utilising our own intelligence and providing that as a 24/7 service.
Increasingly, customers are choosing to consume SaaS-based form factors, which explains why we are investing in FaaS. We are transitioning our product portfolio and our business model as a result of that reality.
Based on your discussions with customers in this part of the world, do you think FaaS will be fit for smaller organisations?
Absolutely. We’re providing skilled personnel, who are difficult to recruit and retain, and that’s especially the case for SMEs. Even for larger organisations, it’s hard to find skilled professionals.
In 2011, you said that “cyber-geddon” was a possibility, but couldn’t define what that was. Do you have a clearer idea of what it is now?
I’ve always had an inkling of what it meant, but I don’t know when it will happen. It’s a very sophisticated and coordinated cyber-attack concurrently launched on multiple critical infrastructures. We’ve seen concurrent attacks in the physical space, but we have yet to see them in a destructive nature in cyberspace. The question is: why haven’t we? The reason has to do with the ability and skillset to inflict such a sophisticated and coordinated attack. This is in the hands of nation states. They have the means, but not the motivation. Those that have the motivation today don’t have the means.
However, the clock is ticking down on the latter. When that happens, I believe cyber-geddon will occur. Think about terrorist groups. They don’t think twice about bringing down towers or killing random people. If they had a weapon that could affect millions of lives at the same time, would they hesitate to use it?
Why is Kevin Mandia ideal to take the company forward as CEO?
Kevin is one of the world’s leading security executives, and understands the services, product and technology spaces very well, and so it‘s the right time and decision from the board to nominate him. It’s not as if this was done suddenly, this is a process that has been in the planning phase for over a year.
Is cybersecurity now more important than it ever has been?
It’s a very important part of being a business, whether you’re an IT business or one with many touchpoints in cyberspace. The increase in these touchpoints means our legacy architectures need extra care.
The risks have become very apparent over the last few years. It’s always difficult to make predictions, but I think the trends over the last five to seven years have shown the importance of having a robust security plan in place.
How do you think the US and the world in general perceives the Middle East as a cyber-threat?
While the Middle East is a cybersecurity venue, it’s also a region of conflict, and any hot zone in the world, including the Middle East, will manifest in cyberspace, and is an extension of human society. Any conflict that exists in human society will exist in cyberspace.
Conflicts, whether they are economic competition or military escalation, manage themselves as cyber espionage or cyber warfare. The Middle East has a lot of non-state hacker groups pretending to be state hacker groups, you have state hacker groups who are at odds with each other, who have reason to strike each other. As long as these hostilities stay or increase – and everything we’ve seen points to them increasing unfortunately – we should expect to see lots of spillover into the cyber domain.
On the other side of the coin, is the Middle East a target for cybercriminals?
It’s not weaker than any other part of the world because organisations have vulnerabilities everywhere. It’s just that there are a lot of high stakes organisations here. Critical commodities emanate from this part of the world, so the motivation for destruction or commoditisation of these events will always be high on an attacker’s list, so it is vulnerable across a number of different dimensions.
Commodities, energy and banking infrastructures are all targets. The most troubled parts of the Middle East bank in Dubai and governments themselves who are coordinating are at risk.
Would you say it’s more vulnerable to financial crime or hacktivism?
It’s vulnerable to both. If I had to pick, I’d say financial crime.
Which type of threat has the potential to cause the most harm now and in the coming years?
Attacks on critical infrastructure. A large, energy-producing company in Saudi Arabia was targeted and taken down and that was just on their IT infrastructure, it didn’t spill over into their refinery controls. That would’ve been an escalation, and I think that kind of escalation could happen. Why would hackers confine themselves to refineries and production, when they could go after electrical grids, water supplies or natural gas infrastructure? Those would all be fairly destructive. You could also bring down the stock exchange or a major bank. These are all critical vulnerabilities in any nation’s architecture.
Are top figures in organisations responsible for cybersecurity?
They’re aware of it, but I wouldn’t say they’re responsible for it. It should be directed at appropriate people to take action for it.
Will new acquisitions play a big part of your strategy in the coming year?
We have a two-pronged strategy in order to have the world’s best product and services portfolio. One is organic development, of which we have a substantial amount across the organisation, including our cloud-based components. We’ve inorganically acquired certain assets, including the Mandiant capability around incident response. We will continue on the organic development front, and as and when M&A opportunities arise we will be keen to pursue them. We’re now rapidly gaining share in network forensics as a result of our hugely successful nPulse acquisition. Our acquisition strategy has shown itself to be pretty sound.