Driving cybersecurity excellence
An exclusive interview with Forescout's CEO, Barry Mainz, on vision, strategy, and innovation.
You assumed the role of CEO in January of this year. Please outline your vision and strategy for Forescout moving forward.
First, I was a Forescout customer. In fact, during my tenure at two distinct companies where IT fell under my purview, Forescout was one of our reliable vendors. If you look at my background, you’ll find that I previously worked at Wind River, where we were primarily involved in powering IoT devices. This included developing software, operating systems, and middleware. Looking ahead, I believe there’s immense potential in the emerging field of IoT and OT and IOMT (Internet of Medical Things). We are on the verge of a significant opportunity in this space, and I’m enthusiastic about our prospects.
As we delve into this arena, starting with network access control and expanding into IoT and OT, I’m genuinely excited about our direction. A substantial part of our strategy is fortifying our existing relationships with current and large customers. We aim to guide them along their journey by addressing the various risks they may encounter. Essentially, our goal is to safeguard them from potential threats and challenges.
Have you transitioned to a recurring revenue model as well?
Our revenue model primarily consists of recurring income, accounting for around 90% of our total revenue. This represents a significant shift that has taken place in the past couple of years. While I can’t guarantee that we’ll reach 100% due to certain contract arrangements, I believe we’re moving very close to that milestone in the coming years.
Furthermore, I’m pleased to report that we have achieved profitability while experiencing steady growth. Notably, we are also generating positive cash flow, which marks a significant departure from our financial situation a few years ago.
Forescout has built a reputation for its emphasis on device visibility and control. You’ve recently introduced some enhancements to the platform. Please walk us through these changes.
That’s an excellent question, and it’s quite an interesting journey we’ve been on. Initially, our customers sought our solutions primarily for visibility – understanding what they had and where it was located. Then came the question of classification, pondering, “Do I know what it is?” and “Do I know where it is?” Now, we’re seeing a shift in their approach. They’re asking, “Now that I have this information, what are my risks and exposure? What should I be concerned about?” To address this need, we recently launched a new product called REM (Risk and Exposure Management), designed to tackle precisely that challenge.
Customers have also approached us about detection and response, seeking guidance on what actions to take. This led to the acquisition of a company called Cysiv that specializes in this area, which we’ve seamlessly integrated into our buyer journey.
Last but not least, it’s all about control. With insights into what and where things are and the ability to detect and respond, customers are now looking for ways to take control and integrate seamlessly with their ecosystem to solve their specific problems. You may have noticed our significant announcement regarding the Microsoft Intelligent Security Association (MISA), highlighting our substantial investment in building a robust ecosystem to facilitate collaborative problem-solving for our customers.
Regarding attack vectors, have you observed any new trends this year, or are you primarily encountering the familiar culprits such as ransomware, phishing, and credential theft?
I believe you’re correct regarding the attack surface target, and you’ve hit the nail on the head with the list of attacks you just mentioned. However, it’s equally crucial for enterprises to consider the broader attack surface, including all the other connected devices. Approximately a year and a half ago, IT devices such as laptops and phones were surpassed by IoT devices within the enterprise. This shift has prompted people to inquire about how they can protect themselves not only from the mentioned attacks but also from the expanding attack surface itself.
What is your strategy for addressing the security challenges associated with IoT?
During my time at Wind River, we developed a reference platform that numerous manufacturers in the OT sector, such as Siemens, KUKA, and Hitachi, would utilize. They would use software that was primarily designed for functional security but lacked a focus on networking security.
These days, it’s become increasingly important to examine these vulnerabilities and offer solutions to our customers that protect them from potential risks associated with connecting these devices. As I mentioned, we’ve developed a comprehensive set of solutions, and I’m confident in our value.
What distinguishes OT security from IT security?
We’re witnessing a significant shift in various industries where the IT and OT security domains are starting to converge. Leaders in these areas are recognizing the importance of acknowledging that their attack surfaces span both sides of the fence. As a result, they’re increasingly collaborating and working together to provide a unified view or share information with both teams. This collaborative approach represents a notable change from a few years ago when there was a clear division between IT and OT.
Additionally, the frequency of attacks, particularly breaches in the OT and IoT realms, is on the rise, making companies more attentive to these concerns. Just today, we engaged with two customers who have adopted our platform, and they inquired about our capabilities in IoT and OT security. One of them was a hospital, and the other was a bank. We already have well-established and mature proof of concepts in progress, which instills confidence in our ability to address these challenges.
I like to think of IoT and OT security as similar to yoga a few years back—everyone talked about its health benefits, but few attended yoga classes. Now, people are taking these concerns seriously, and some of the most significant deals in our pipeline are centered around IoT and OT solutions.
You also provide XDR, which is a highly competitive market. How do you differentiate your XDR offering?
Let’s start by addressing your first question. If I take a step back and consider the customer’s perspective and buyer journey, it becomes clear that we should focus on their needs rather than solely adhering to industry analyst terminology. Our customers typically begin with questions like, “What devices do I have, and how can I gain visibility into them?” This initial phase is followed by the need for device classification, where they seek to understand the nature of these devices. Subsequently, their concerns revolve around assessing the associated risks and honing in on detection and response capabilities. Ultimately, the goal is to establish control.
When we discuss our XDR capabilities, we’re essentially integrating detection, response, and functionality into our platform. This empowers our customers not only to identify potential threats but also to take effective action. We’re more focused on aligning with the buyer journey rather than relying on labels like XDR, TDR, SIEM, or SOC. In my opinion, the industry
is in the process of redefining what these terms actually mean, and in the next year or so, we may witness distinct definitions for the next-generation platform addressing network security, access control, and TDR.
Regarding XDR, it typically entails having endpoint visibility and control. To achieve this, we leverage partnerships, such as our collaboration with CrowdStrike, which provides us with access to the endpoint. Within our platform, we consolidate all the necessary functionality for detection, response, and control to offer a comprehensive security solution.
What steps are you taking to streamline the intricate cybersecurity landscape and make it more accessible for organizations?
Firstly, our approach revolves around embracing the ecosystem. Our customers rely on us to support heterogeneity. They understand that the strength of our platform lies in its versatility. We’re not confined to just one vendor; we understand that our customers have a diverse set of technologies in place. That’s where our sophisticated integrations come into play. We simplify the process of data integration by working seamlessly with all different vendors. Essentially, we take the complexity out of data integration and make it effortless for our customers to plug in their data. This is one aspect of our approach.
Another key element is our ability to discover devices regardless of their type or make. Our platform can automatically identify and catalog these devices, eliminating the need for customers to manually hard code integrations or modify our technology. We take on the task of locating and identifying these devices on their behalf.
Last but certainly not least, we’ve invested significant effort in enhancing the user interface of our platform. With our recent product launch, REM, we have introduced an executive console that offers an intuitive and visually informative way for users to make sense of their data. Whether it’s understanding their risk posture or tracking improvements and issues over time, our platform provides a user-friendly interface for effective decision-making.