Everyone's trying to mitigate their risk and this is a really, really hard problem. In fact, nobody's solved it yet. So every company is trying to understand how they fill in the gaps to mitigate their risk. Any vendor who's saying "we can solve the APT problem" is not telling the truth. No single point product can do it. So people are putting in tools to give them visibility into the problem and to fortify their security.
Most of my customers would tell me they have a best-in-class security stack that keeps the bad guys from breaking into their network. That stack would consist of a firewall, IPS, antivirus and some kind of SIEM to give them visibility into what's going on. And for traditional security protection, that's a good stack to have. But the adversaries are figuring out how to penetrate the network. Malware is one of the ways. I think malware is responsible for about 30% of the compromises, meaning if you just address malware you're exposed at 70%.
When we think about the problem, we think about the life cycle of the threat, which has four legs. There is infiltration, which could be malware or they can hack in, etc. Then there's communications with an external malicious command and control system. The third leg is the propagation leg, where they move laterally inside your network, looking for higher levels of authority so they can access what they want. Then there's the exfiltration piece, which is how we got into this business, because we are the top data exfiltration company in the world, based on what Gartner says. We can face the internal part of the network and make sure nothing leaves.
But the four legs of the life cycle are the things that are important and malware is one of those legs and represents only about 30% of the problem.
So you got your start with the exfiltration part of this, but today address all four parts?
We do. And that's an interesting question, because when I joined the company four and a half years ago we were then and today in the Gartner Data Leak Prevention Quadrant. But in those days DLP was just a broken business process. It was really inadvertent data leakage. Say a good guy trying to work on something over the weekend and sending a sensitive document to his Gmail account. That's what DLP used to be, because there were no nation-states trying to steal intellectual property, there were just good guys doing not-so-good things. And there are lots of good technologies to solve that.
But if you're a malicious insider or you're a nation-state and you can penetrate the network and you want to exfiltrate data, you're not doing it out Port 80, you're not doing it out of the email port, because somebody's watching that. You're going to bury it deep inside an attachment and you're going to send it out a port that nobody's looking at. And that's what we did better than anyone in the world. We're the only company in the world that can sit in the network and see applications and content and threats buried deep inside of the applications on all ports, inbound and outbound of a network.
Sign up for CIO Asia eNewsletters.