Security should be aggressively RoI driven: Anand Ramamoorthy

Anand Ramamoorthy, Managing Director, South Asia, McAfee, believes the company has the complete enterprise security story for the discerning CISO.

What are the significant strides that McAfee has taken over the last 24 months?

I think what we have done this year in terms of momentum is, taking a lot of significant steps towards articulating the whole pervasive security connective platform story. It may take a while to translate to business for us; but that was never the intent. Business will anyways happen if we have the right product. We took a leadership call and this year saw us promoting and making open DXL.

You can download and you have your own software development kit so you can start developing the hooks and handles. We have got great appreciation from the customer base for what we are trying to do to make security a little more ROI driven. Security is, some way, like buying an insurance policy; you are paying premium and you want to be assured. If something goes wrong, these things will happen, but we will make sure nothing goes wrong. 

We have achieved great momentum in terms of becoming a thought leader in security. In terms of growth parameters, India continues to be an extremely very strong market for Asia pacific. We are a leading vendor in the Endpoint enterprise space which is a core of what we do. We lead in almost every other relevant technology be it network IPS, SIM, DLP, database security or security operations, where we are No.1 or No.2 by our estimates. 

We are also growing our India footprints. So essentially Bangalore collocates sales, engineering, support and lapse in one place. We have R&D facility, support, labs in India and that has unique advantage for our Indian customers. We do engineering modification with the engineers out of here. They are very close to building an engagement and I am proud of the momentum that came this year.

Awareness is at an all-time high. No C-level—CISO, CIO or CEO—wants to take a chance on the security front, because of replication on repetition, business and usual stuff. What we are trying to still do more is the transition from awareness to readiness. You can still be very aware and do nothing with it.

You mentioned security is like an insurance policy. But then what’s your take on cyber insurance? It’s a very cagey area. CISOs have a different take on this as well: They opine cyber insurance is a very grey area, and everything looks good only on paper. 

We have seen a little more of cyber insurance in banking—very compliance led. They believe if something goes wrong, we need some level of protection. Going back to my comment on ROI, you see insurance applies well, when you know the impact of the problem. You are trying to quantify loss and you put a value on it. But tomorrow if you are attacked on the Net/network or from anywhere, how do you determine the value of loss? Perhaps, using benchmarks such as downtime, brand value etc. And that’s the grey area. Sizing up is very difficult. It becomes an indicative way of buying something.

My argument would be not as a security leader.  I would conusel saying CISOs should rather spend more time protecting the landscape in a relevant way than having a comfort that there is cyber insurance to help you out. What people are doing though, as a part of practice, compliance model, they take over and above protection. It’s a developing area. We have a few customers in the stock exchange space who are actively looking at this. For them it’s much more about volumes. It’s almost like a requirement for them. 

What are your focus areas for McAfee India since the time you came on board?

I would define success for McAfee in South Asia, if we can do a good job of evangelizing and placing the most comprehensive, connected platform story that we have in McAfee. One thing we feel quite proud of is, we compete with different people in different sectors, in spite of having walked away from few areas of technology, and we remain most comprehensive. There are very few people who can actually do end point, IPS, SIM, DLP, WEB and parts of cloud. These are all very connected and no one does all of it together. That makes it easy for large enterprises to think of us as a critical mass provider. We focus on things we can do well. Whatever areas we walked out of in last few years, we were in No. 3 or 4 in that. It would be great if we can get this posture out and eventually become a trusted partner. 

Trust is measured when things go wrong and ensure how things go right. These are two variables, that’s where we success insider out, outsider in.  We are also an active proponent working with the government of India through multiple channels of insuring from a cyber-security policy stand point. You have a better chance of getting a job as a cyber-security guy then any normal IT person. No school prepares you for automation from day one. You have to sink your teeth and get it. 

We are on a good journey; we are the fastest growing in Asia pacific. We are in a good place and the market is at a good pace as well in terms of understanding elements of security and making rational choices and measuring ROI in a more meaningful way rather than in a traditional way.

There is one theory which suggests that end point is the most vulnerable; and then, there is the threat to the network; and of course, cloud security is another critical point. What are your views on where the threat intelligence should actually be focusing on?

We have had a crystalized thought on this. We take a matured look at the market place, the network itself is a little opaque, almost like an end point in the cloud. The traditional endpoint has moved into the network. The end point is not AV or agent sitting on a laptop. The network has moved in and the cloud is getting more pervasive and everything in between is almost opaque. Not to say that network is not critical; but we have ways in managing what traffic gets in, what gets picked, what gets sandboxed, what gets prosecuted, what gets thrown out. Those are important and we are very strong in the Dynamic Endpoint story and we are developing our cloud story in a very significant way. That significant way in future is often stated, we will look at all the options; we will look at in-house development. In spite of being an Endpoint leader, we have spent close to half billion dollars of organic spend last year, developing the new EndPoint 10.5 story. It is getting amazing reviews. 

Our view is, it’s going to be an endpoint cloud play, and everything else is going to be a subset of how you approach it. There are people in end point who are solving very specific problem statements. Examples are, you still have to take care of 95% of the volumetric attack that happen and we can’t say machine learning will solve everything. Machine learning will be helpful when you have smaller set of focus. A typical Silicon Valley startup takes a machine learning approach to endpoint and it is very inadequate. There are also lots of signatures out there, you take care of those signatures and noise has to be killed out.

We have very logically kept on adding incremental relevance. We have machine learning, dynamic endpoint containment, and we have advance active response system which are post infection. Our evolution and history helps us to look in very volumetric way and customers love that. They don’t want end point to be done by five different people. They want minimal agents to slowdown things. Those are areas of improvement; good technologies are not enough. We have this policy which is probably a unique innovation. None of our peers have it. We can manage through very high level console. 

What was the rationale behind McAfee's open source focus? Was it because everyone had to do it at some point of time or because this was the right way to go?

The open source is for the DXL fabric; what we are saying we have a nice little pipe which can attach all third party engines. It sounds very simple but we can get very close to that.

Customers can have non McAfee parts which can connect, and still be able to leverage our huge global database of threats. Third party fields  have the benefits of everything on our IP; but that will help protect everything they have on our fabric. Initially that fabric was closed fabric. We liked the idea of goodness coming from everywhere. You can’t live in denial. The day you are in denial with technology, you make systems closed and eventually your customers are going to penalize you for that because no one wants a close un-interoperable system, especially when it concerns security. It’s like if you don’t talk to each other, you are not helping your customer. In that sense, Open DXL is an amazing innovation in open technologies.

How has the dynamic changed for McAfee, particularly in India, from being an Intel company and Intel invested company? What has really changed and what is same?

This year is the year of transition for McAfee. We have moved from being an Intel company to an Intel invested company. For most practical purposes, there has not been any impact on normal business because no one knows who promotes which company. End of the day its more of a structural change at the top. It has certain benefits in mind. It is year of transition and it has also been a year of tremendous momentum across many areas for us. We are still a very strong brand. 

Firstly, the whole open fabric mentioned earlier is an engineering collaboration between Intel and McAfee.

Secondly, in our consumer business, we just launched CES, McAfee smart home gateway platform. The chipset is from Intel and we are building the software over and above it. There are numerous things in collaboration that would have happened even if we were not an Intel invested company. It gets accelerated because we are still Intel invested company. 

Thirdly, Intel has 49% stake in McAfee; historically I am not personally aware of Intel having that kind of share in any company. We would want to believe that kind of share is a validation of the strength of the company. We have an Intel member on our board, I think the meaningful collaboration is still around. The overwhelming market feedback has been from neutral to positive. So far, the journey has been good and we have finished two quarters of independent life.