INTERVIEW
SECURITY AT SPEED THE MERGER BETWEEN MCAFEE AND FIREEYE HAS YIELDED TRELLIX. RAJ SAMANI, CHIEF SCIENTIST AT TRELLIX, TELLS US WHAT THIS NEW CYBERSECURITY GIANT IS BRINGING TO THE TABLE.
Y
our tagline says ‘Living Security’. What does it mean? If we think about how threats have evolved, it’s a lot more dynamic than it’s ever been. Historically, security used to be quite static. We were able to put in static approaches to address a static threatscape. But now we are seeing an evolution from threat actors. A really good example that we see today is ransomware. Most recently, with this variant called BlackCat, there are so many different samples. And if you are a person operating this ransomware, you’ve got so many options to configure it. The static approach to security will not combat an attack like this. So if you think about the construct of ‘Living Security’, it is the ability to be able to dynamically keep pace with how threats are evolving and changing all the time. Is Trellix basically an XDR platform? No, I think that oversimplifies it. Historically, in the past, you could turn around and say, “We’ve got a point product with a point solution”. But taking the ransomware example, threat actors today have highly skilled affiliates. They’ve got a business model that encourages or allows other people the opportunity to find a way in. And these affiliates aren’t people who are just sending emails. They are using weaknesses in the configuration or architecture of systems; they are looking for unpatched systems; they are also directly phishing people and
30
CXO INSIGHT ME
MARCH 2022
using open source intelligence. Today, we’ve got threat actors actively going after people on LinkedIn. So if you think there is a single product you can install that can protect against everything, that’s a misconception. When we think about XDR, it is a wider construct where the X that stands for Extended would mean our ability to take inputs from various systems and develop a detection and response strategy accordingly. And, of course, there is a
MCAFEE ENTERPRISE IS, AND WAS, ONE OF THE LARGEST DEDICATED ENTERPRISE SECURITY COMPANIES, AND FIREEYE EQUALLY THE SAME. THE BENEFIT IS THAT WE HAVE A WIDE CUSTOMER BASE ON BOTH SIDES, AND BEING ABLE TO LEVERAGE THAT IS A UNIQUE OPPORTUNITY.
strong partner ecosystem. So it’s not that we say we have all of the answers, but we have partners that help develop that solution. With this merger, is there any overlap in the portfolio given that both companies are into endpoint security? From an outsider’s point of view, you could say there could be. But fundamentally what the opportunity it brings is a customer base and sensor network that complement one another. I don’t think you are going to see conflicts. You are going to see opportunities to collaborate, opportunities to be able to get a better purview of things. McAfee Enterprise is, and was, one of the largest dedicated enterprise security companies, and FireEye equally the same. The benefit is that we have a wide customer base on both sides, and being able to leverage that is a unique opportunity. Are you leveraging AI/ML and analytics in your XDR platform? The easy answer would be yes. You’ll hear many people talking about ML & AI as the ‘silver bullet’, but we have to recognise and appreciate that these Machine Learning models constantly have to adapt and evolve. And so absolutely! AI and ML will be a central part of everything that we do. But equally, making sure that we incorporate the best intelligence to make those models as effective as possible will be the heart of what we do. The focus of what we do is understanding the
