++ Action Item: Mr. Haynes joins a slate of Global Leaders who are Converging on Ottawa (November 12-13) to discuss Cyber Security and impact to Canadian organizations: Interested in Cyber Security? then please review the details of the Cyber Security Forum, Roadmap for the future and Peer Network at:
Q+A Session, with eSentire CEO J. Paul Haynes, also member of CATA’s Leadership Council, on the ever-evolving world of cyber security
That ‘it won’t happen to me.’
It’s actually like the stages of grieving. The first thing is denial; most people are stuck in denial, and when it does happen, they try to negotiate that it’s not going to be that bad. And then, when they come to realize that it is going to be that bad, there’s a degree of acceptance, and then they get angry.
The elephant in the room is that people believe that all the security they have – the anti-virus software that was patched a year ago and the firewall that’s never been looked at – is good enough.
It’s naïve to think that it won’t happen to you.
There are two categories of companies: those that have been hacked and those that will be hacked again.
There’s a high probability we would have acted on the signals, because we act on those types of signals on a regular basis.
However, a lot of what Snowden was doing was permitted, whether they were his credentials or the credentials of his colleagues who shared them with him, which was bad employee behaviour. The large volumes of data leaving to thumb drives and the other ways he was extruding the data are the types of signals that we respond to.
It was all permitted behaviour; there was no malware in there.
Yes. Insider threats are among the most serious.
Let’s say we could have detected the signals and acted on them. The NSA themselves did not encrypt their data in the way that, if you go to any security conference, they always talk about. If you encrypt your data when it’s at rest where it’s stored, and somebody is able to hack in successfully, to pull that data out without being able to have all the decryption capabilities [makes it] white noise.
The NSA did not do that, so the NSA suffered from what all of the commercial world suffers from – security is expensive and a pain in the butt, and they didn’t encrypt their data, [as opposed to] our world, where we have to defend customers from those situations.
Encryption also causes other challenges; you can’t get the indexes working as effectively; it’s slower access and there’s a built-in latency.
Our main customer base is all in finance, and the need for speed has never been greater with high-frequency traders and all that.
Under 100, but we’re rapidly growing and we’ll probably be between 150 and 170 this time next year.
It’s under $10 million, but it will be well over that next year. Our whole business is built on getting a recurring revenue stream. So, our recurring revenue stream going into July will be in the double-digit millions.
Security is a very crowded field, so we often compete for share-of-wallet, but we’ve carved out a space called active threat protection.
Active threat protection is a little bit different in that we assume you’re network is already hacked. So, we sit on the inside and look for those behaviours that are indicative of that.
There’s a whole other market of perimeter defences, which, while we compete for share-of-wallet, we actually encourage our customers to put that in, because it makes our job easier. So, the better hygiene you have in your network, the less run-of-the-mill bad stuff we have to deal with, and then we can focus on the meaty issues.
Having said all that, Gartner now has a category called “breach detection” or “advanced threat detection capabilities.” And we’re not only detection; we’re also defensive.
Say your workstation is getting compromised and we see those events unfolding in real time. We’re putting active mitigation in place, so we’re drawing a fence around your machine so it can’t do any more harm.
One of the things that Target had, as an example, was indicators, and they didn’t act on the indicators, and it spread and spread and spread. If they’d acted on the indicators, they might have been dealing with .
In military jargon, we’re forward deployed, we’re in theatre, we have the safety off, and when bad things happen, we terminate that traffic. Sometimes we terminate the traffic with less than 100 per cent confidence that it’s nefarious, and that happens a couple of times a month, but within the minute, there’s a phone call and we let it go. But would you rather be hacked?
We have to be very careful in our customer market, in environments where they’re doing trading platforms, so it’s not lightly that we’ll kill traffic with minimal information. But we usually have to have a bunch of indicators to help us.
Yes, and we are expanding into other markets, but as of April 15, the SEC has announced cyber security examination criteria, and they’ve got a 28-point checklist, which has scared the pants off our customers.
We help them with about 80 per cent of it. We give them a positive, affirmative answer on 80 per cent of their questions. So, we’re probably going to double down on financial services, because it’s ours to lose; we’re the big dog there.
We’re securing, in the U.S., roughly 35 per cent of the hedge fund category of financial services, so it’s ours to lose. And that’s based on asset base, so that’s $800 or $900 billion in assets.
We started here, founded by two University of Waterloo grads, and our talent base is here, and our analysts are here. We like it here because we don’t have a lot of competition for cyber security talent.
If we locate where the concentrations are – in Silicon Valley, or now, the highest concentrations are in the Baltimore-to-northern-Virginia area, where all the agencies are – the staff turnover there is like a revolving door, and there’s a high requirement for getting to a certain degree of confidence, and then actually getting productive with that level of confidence.
So, we don’t want to compete in there if we can avoid it, but the reality is, we are; it’s a global market and we hire people from all over the place. Here, we have a great thing going, and for our foreseeable future, we can get all the talent we need locally.