Replying to Anil Mascarenhas of IIFL, Anil Bhasin says, “…Trends affecting the industry include the constant evolution and broader adoption of more and more complex technologies, including mobile and cloud computing which run the risk of compromising a company’s cybersecurity posture as attackers continue to look for available vulnerabilities that they can use to penetrate the network.”
Give us a brief overview of the network security industry. What are the changing trends being witnessed?
The sophistication of attacks across the globe has grown significantly, especially in the past couple of years, as have the number of targeted attacks, known as Advanced Persistent Threats (APTs). We expect this trend to continue and potentially become even more aggressive in the future. Cybercriminals are now better funded, organized and more professional than ever before, meaning that it’s never been more important to have the right solutions in place to protect your assets, across the network, cloud and endpoints (mobile devices). More enterprises are realising that older legacy systems are no longer able to protect against increasingly complex and sophisticated attacks and are instead turning to security solutions which offer a “detect and prevent” architecture rather than the existing “detect and remediate” posture which is simply not good enough.
We are also seeing the rise of cyber wars for economic gain, with the silent theft of property and other assets on the rise as businesses and nation states compete on a global scale and hackers continue to rake in exorbitant amounts of money for their efforts.
Other trends affecting the industry include the constant evolution and broader adoption of more and more complex technologies, including mobile and cloud computing which run the risk of compromising a company’s cybersecurity posture as attackers continue to look for available vulnerabilities that they can use to penetrate the network.
Lastly, as more and more devices get connected to the Internet (IoT), these become great entry points for cybercriminals to get into the network - whether it’s connected cars, smart cities, telemedicine, the digitalisation of all of our information – business and personal. All of these are tools that hackers can use to launch a targeted attack.
With the rise of iOS security and OS penetration, what are the opportunities and challenges in the industry?
Enterprises today want to break free from the conventional IT world of physical networks to virtual networks thereby harnessing the power of cloud, mobility, social and analytics. First, the applications went of the network (SaaS), then the users went of the network (mobility) and now even the network is off the network (cloud computing). This paradigm shift allows enterprises to become even more agile and flexible whilst enabling key business imperatives.
The adoption of mobility/ BYOD is therefore becoming one of the key initiatives that organizations are driving today. The challenge however for the CIO/CXO is to retain a fine balance between users’ personal digital freedom and their professional role within the enterprise which gives them access to the business applications running within the enterprise. This trend is driving a very strong focus on strengthening security in mobile devices / endpoints which covers all types of operating systems as well as the applications that run on them. As a consequence, customers today are strictly evaluating “next-generation security platforms” that not only provide visibility and control of known and unknown threats within the network but also across all endpoints. Palo Alto Networks is uniquely positioned to provide a “true enterprise security architecture” through its “next-generation platform” approach.
Comment on the threat landscape in Asia Pacific / India.
Cybersecurity is not just a global issue but it is also fast becoming a boardroom discussion. However many enterprises in Asia Pacific and India are still not showing the urgency that is being witnessed in developed markets like the Americas and EMEA. While the cybersecurity threat landscape is similar across the globe, the Asia Pacific region is increasingly seeing attacks from cybercriminals due to the high number of internet users in the region, particularly in emerging countries (including India), where there is high adoption rates for new technologies, but where awareness of cyber threats may be lagging behind the early market adopters, thus making them more vulnerable. Security even today is being implemented tactically, though the concern may sound strategic.
In addition to this, key financial hubs, like Singapore and Hong Kong, are attractive targets for cybercriminals looking to target businesses with larger assets.
What do you make of the recent news like Microsoft XP, Heartbleed Bug etc?
The Microsoft XP and Heartbleed Bug was big news earlier this year, seeing many enterprises and users being caught off guard.
Threats such as these underline the need for enterprises to have a solution in place to identify and block both known and unknown exploits, in order to prevent an attack regardless of port, protocol or encryption.
The Palo Alto Networks security platform automatically develops protections against these known and unknown exploits, sharing them with all customers around the globe, and ensuring this shared intelligence will continue to protect customers from newly discovered attacks such as those highlighted by the Windows XP and Heartbleed bugs. For this reason, our customers were protected against these threats.
It is however also crucial as an end user to practice good Internet hygiene, such as not accessing public Wi-Fi hotspots, clicking on unknown links in email, or downloading and opening suspicious files.
The government under Narendra Modi has embarked on a digital push. What should governments and enterprises do to protect themselves in the BYOD / Android era?
Firstly, there is an urgent need by the Govt. and enterprises to recognize the problem areas and do a root cause analysis as to why these attacks are taking place despite their existing security infrastructure.
This is because the cybersecurity threat landscape has changed dramatically over the past five years and clearly legacy technologies are just not good enough to deal with this challenge. Secondly, Govt. and enterprises need to realize that a “detect and remediate” security posture is not working and they need to migrate to a “detect and prevent” architecture that will allow an analytical and automated response to both known and unknown threats. This means that Govts and enterprises can no longer afford having “siloed” products with a disjointed security architecture that don’t talk to each as this creates loopholes that are easily exploited by attackers. Enterprises are also sacrificing security for retaining performance and this too must stop. Earlier it was security at the cost of performance or performance at the cost of security.
Our game-changing security platform natively brings together all key network security functions, including a next-generation firewall, URL filtering, IDS/IPS, and advanced threat protection. Because these functions are purposely built into the platform from the ground up and they natively share important information across the respective disciplines, we ensure better security than legacy firewalls. With our platform, organizations can safely enable the use of all applications critical to running their business, maintain complete visibility and control, confidently pursue new technology initiatives, and protect the organization from the most basic to sophisticated cyber-attacks, both known and unknown. We also have a next-generation endpoint solution which prevents day zero attacks on endpoint devices irrespective of their physical location. This is possible as our platform shares all threat intelligence seamlessly between the network and endpoints and vice versa.
Thirdly, there should be a strict focus on making security OEMs more accountable to their solutions by asking for strict response times, especially in case of protection against the increasing number of “day zero attacks”.
The above approach will help organizations, governments and enterprises to protect themselves in the BYOD / Android era.
What is your approach to network security?
Unlike legacy vendors that bolt add-ons to their firewall to keep up with new technologies and cyber threats, Palo Alto Networks innovative security model stays ahead of today’s use of the Internet offering a new generation of applications and devices. The Palo Alto Networks platform natively brings together all network security functions so that each security function performs better by benefiting from the information and actions automatically provided by other functions, providing security teams 100% visibility (no unknowns) and better information to take action.
The unconventional approach ensures that there are no compromises in security posture or business performance when new technology initiatives, like cloud or mobility, are adopted. It also means that our customers are able to stay ahead of today’s use of the Internet via the new generation of applications and mobile devices. More than this, it also sees the elimination of gaping holes in the enterprise’s cybersecurity posture by freeing organizations of fragmented and siloed security approaches. In short, even the most innovative point solutions cannot be as effective as our platform approach because they either do not have full visibility into all traffic, and/or have to compromise between performance and security.
Our partnership with VMware and the release of the Virtual Firewall Series (VM-Series) has also allowed us to extend our leadership in security services for private, hybrid and public cloud. Unlike most other security offerings on the market, the VM-Series allows customers to experience the full agility and flexibility promises of cloud without compromising on security. It is capable of securing public cloud and VDSs against sophisticated cyber threats by detecting and preventing known and unknown cyber threats before these they compromise an organization’s virtual data center. The VM-series also allow organizations to choose from the public, private or hybrid deployment architecture. We also have ambitious and aggressive plans for Traps, our advanced endpoint protection solution we acquired with Cyvera and our newest addition to the platform.
You had done a US $200m acquisition of Cyvera. To what extent have you managed to integrate the same in your operations?
The integration of Cyvera into our current operations has been going very well. We have completed proof of concepts with major customers who have expressed strong interest in the unique exploit prevention capabilities in the offering, especially with the added integration with Wildfire which is the market’s only advanced persistent threat detection and prevention offering.
Cyvera developed a unique method of performing real-time prevention against all core attack techniques at the endpoint during the exploitation phase, before the malware has a chance to run. They use a simple approach - to understand the techniques attackers employ then laying out a series of roadblocks and trap to prevent an attacker from successfully exploiting vulnerabilities. While patching software can provide an element of protection, it does little to protect organizations against vulnerabilities that have not yet been discovered by the software manufacturer. Simply detecting the presence of malware is also insufficient since malicious activity may have already been initiated and evasion tactics employed to evade detection.
What is your India strategy? Comment on your product and marketing plans.
Our priority for the India market is to become the preferred cybersecurity partner of choice for our customers who are continuing to face increasing threats and attacks to their business and brand reputation.
In India, we are seeing sustained growth and continue to expand our client base. India is a strategic market for us and we have a presence in all major cities including Mumbai, Bangalore, Delhi, Chennai and Colombo. We currently more than 150 channel partners across the country and are rapidly acquiring new customer logos every quarter. So far, we have already acquired approximately 250 customers in India across all verticals and industries.
We have a world class Global Technical Assistance Centre (TAC) in Chennai and have our RMA depots in Delhi, Mumbai and Bangalore. Besides this, we have Authorised Training Centres (ATCs) and Authorised Support Centres (ASCs) in India.
Our strategy is India is to continue to invest aggressively in our NextWave partner program. We look forward to working closely with our channel partners who are strategically aligned to our goals and reward them accordingly, using enhanced deal registration and the other tools that we rolled out during our fiscal 2014.
A lot of smart cities are being planned in India. You have some activities in Singapore. Do you see India replicating or matching the Singapore model? Or is it more to do with factors beyond technology.
India still has a long way to go in terms of cybersecurity, with an extremely vulnerable security architecture, including the lack of a comprehensive end to end cybersecurity solution for its government. This was a topic discussed during the recent G20 summit, and recent reports have revealed the government’s intention to work with Israel to strengthen its positioning in this regard. There is still a lot of work to be done however, both in terms of the implementation of technology and levels of awareness around cyber threats targeting the country.
Comment on your financials.
In Palo Alto Networks most recently reported quarter (Q4) of FY14, revenue grew by 59% year-over-year to approximately $178.2 million. Our fiscal first quarter billings rose 52 percent year-over-year to a record $240.5 million.
Our fiscal first quarter product revenue grows 34 percent year-over-year to $101.5 million. We have seen our services grow by 71 percent to $90.9 million and recurring subscription revenue by 72 percent year-over-year to $90.9 million.
What is your employee strength in India? Are you planning any ramp-up?
For the expansion of our sales operations in India, we have hired around over 15 sales and presales professionals in the last 12+ months and they are all from distinguished MNC organizations with reputed background. This rapid expansion demonstrates our commitment to our customers and partners in the India and SAARC region. This ramp up will continue as we drive growth in this region.
What would be the triggers for growth for your sector?
Cybersecurity has evolved in the past few years, in many ways becoming more sophisticated and targeted than ever before. Cybercrime, and in particular data theft is now a multibillion dollar industry, which has been felt by enterprises across the globe. This in itself has been a major trigger for growth in the cybersecurity industry, which has seen the topic moving from being a priority for the CIO alone, having now graduated to a boardroom / CEO level discussion.
As threats evolve and more threat vectors are opened up as technology develops, so too will cybersecurity become increasingly important for enterprises, governments and individuals alike. It is this driver that sees our research and product teams working hard to stay a step ahead of black hat hackers.