FireEye's VP worldwide channels and alliances, Steve Pataky

11.08.2015
FireEye's global channel boss, Steve Pataky, discusses his company's transition to a channel-led security organisation, and how it is pushing its partners to sell its services in new ways, to non-traditional customers.

Tell us a bit about your history with FireEye

I've been with FireEye for two years, but have spent 25 years plus in various channel roles across the technology space -- always in the networking and security sectors. I cut my teeth at 3Com Corporation back in the early years, then a variety of startups before I went to Netscreen Technologies. We were then acquired by Juniper, and part of what they wanted to do was use the nucleus of the Netscreen channel business as a way to launch themselves into the enterprise, because at that point they were predominantly service provider infrastructure company. So that provided me with a huge canvas to try and create a global partnering strategy.

I spent nine years at Juniper, and obviously I knew FireEye pretty well from the security space in Silicon Valley. I knew their executives and their VPs, so when I joined, just before the IPO, Dave De Walt [FireEye chairman and CEO] told me that channel was something they really wanted to work on. How they could better partner, and leverage the channel to achieve the company's targets.

I was lucky enough to be brought in to lead that transformation in August of 2013.

You've said that historically FireEye hasn't had the strongest partner programme, what's changed

FireEye had the nucleus. It was always a partnering company, but as is the traditional trajectory for high-tech companies, they have to build that direct sales presence first. Especially in our space, it was unknown, it's a completely new technology, and its unbudgeted for most of your customers. We had to have a very evangelical sales approach in the early days, but we observed there was a lot more value that partners could get if they evolved along with us. It's a 'give to get' situation.

We've been in a transformative mode for the last few years. The traditional model is not really an interesting model for most partners. The margin for them lies in finding opportunities, honing those opportunities and adding as much value as they can to that.

When I joined, it was basically Web and email. Now we've got mobile solutions, datacentre solutions, we are moving to a more fully virtualised Cloud environment.

What that's going to do is it will allow us to take a lot of that success we've had in larger enterprise, and allow us to move downmarket, into the midmarkets. So much of the Australian and New Zealand markets fall into that.

You've gone from minimal market presence to all guns firing in just 12-18 months. Why has FireEye had such a sudden impact here in Australia

For better or worse, we tend to benchmark any market's success against the US market from a maturity perspective. Australia is now getting a more mature security market.

Also, Phil [Vasic] who has now been working here for over two years is really starting to see the fruits of his team's labour.

In terms of thinking globally, after the US, A/NZ and Western Europe are kind of the next stop for us. The level of awareness amongst customers is really accelerating. The hint of legislation surrounding disclosure, even the hint of personal liability or exposure, and the horrific news and information surrounding what happens in these breaches, whole boards, whole C-Suites get cleaned out.

Its like anything in tech, the pace of innovation quickens rapidly, and so too the awareness. Who hasn't heard of a cyberattack, of hacking, of breaches But the impact on the business, and the reality of the cybersecurity situation is becoming a lot more tangible for businesses.

Is it a cultural issue as well We are already seeing more realistic depictions of cybersecurity and cyberwar in TV shows and movies, and these breaches are gradually moving towards the front of mainstream news publications...

Definitely. awareness is at an all time high, thanks to the big breaches last year. At the RSA show in the US, a huge security conference, they had a documentary filmmaker following Dave De Walt and Kevin Mandia around the show. They're actually going to make a documentary about it.

It's out there in the zeitgeist, its in mainstream culture -- you see it in movies, see it on TV, its not just a techie thing anymore. Its in day to day life. For example, my family and I have lost three credit cards to various retails breaches in the last 12 months.

What are some of the key differences you see in A/NZ versus other markets

Read more:Gigamon ramps up Australian investment

Firstly, the size of the channel. Secondly, the number of partners that have a very deliberate security practice. In the US for example, I've seen the move from pure-play security providers, to security covering the entire industry. If you're doing compute, or datacentres, if you don't have security baked in, or as a piece of a solution, you can't do business. You have to have an answer.

Security itself is now such a focus area and such a driver of all the other technology decisions.

New Zealand and Australian partners are a lot more hungry for the education, about how they can leverage advanced threat protection and APT into their security practice. How big it should be, how should I build it out Can I find the skillset to build it out That's what I think a lot of the local integrators are working at.

Are there any particular attacks or vectors in A/NZ that are more common Do we have any unique threat characteristics as a market

The attacks are now ubiquitous. The attacks occur across every vector. 80 per cent of malware is only used once. Its tightly focused on an objective. They're smarter, they're better funded, the tools are more available, you can go online to websites and buy malware. Standardised, commoditised malware -- when they're targeting an enterprise, its one and done, then they're onto the next thing.

They are run like startup businesses. Malware-as-a-Service. They are really well funded. They have CFOs, they are well oiled machines. They guarantee their malware, for example, so if it doesn't breach the company, you get your money back.

The vectors have been standardised. Its now more about how they customise the attack, to go after an individual in an organisation, to go after some specific piece of information is what is so startling.

The patience and professionalism is astounding. One of our clients was talking about a German automobile manufacturer, that was targeted over time with the aim of capturing plans on a new automobile. It really compromised the launch of that automobile outside of their home country. Because all the IP, all of the designs, everything, had been exfiltrated over a period of 10 years.

The retrospective angle is interesting -- do you work with any Big Data or business analytics partners Looking back at old data patterns and finding threats or fraud

Read more:Queensland child safety IT bungle worsens

My organisation is about developing alternative partnering routes to market. For example, the opportunity we announced with Visa is really interesting. What's at stake for them and their 100,000s of merchants. Obviously they're in the business of providing financial merchant services, but for them, security is paramount. Its not the business they're in, but as an adjunct, if they can secure those transactions in a different way, or a more comprehensive way for their merchants, then that creates a competitive advantage for them in their space.

I imagine for a company like Visa its as much intangible, reputational damage as it is financial, nevermind what a big hack would do to things like their insurance premiums...

Great example. We've actually been developing a new program with the world's largest cyber defence insurance company, both the underwriters and brokers. Imagine if you now had to rewrite the policy for Target, as an example, or indeed any company How do you even assess the risk And how do you create a policy and what kind of a premium do you charge

We've just announced some very specific cyber insurance companies who now want to create a more comprehensive risk profile for their customers, so they can do a better job.

Put frankly, we are soon going to see a day where having some level of protection, whether that's the services and consult up front, a compromise assessment, or some sort of a Security-as-a-Service - will become a condition of insurance.

Is that becoming a part of your business model To go in as the initial consult on businesses -- such as on clients' HR policy, or looking at the credentials of a CISO

We're already seeing that happen in a lot of different places. There used to be a lot of companies that would promote the fact that they could come in and do a vulnerability assessment. As our boss Kevin Mandia would say, those days are long gone. It's now a compromise assessment.

Where have you been compromised How bad is it How long has it been going on Who's doing it What have they exfiltrated What's their pattern

Think about all the places we can apply that. If I'm a new CISO, I might want to do a risk assessment and know what I'm inheriting. If I'm an insurer, what do I need to know to write a policy If I'm on the board of directors, and you're legally liable, its about increasing your visibility to the risk.

Read more:Russian hackers manipulate the ASX

How do you create the right indices of risk profile so you can rate the company and make it more consumable for people The average joe doesn't know half of what we're talking about. But if you can translate that into business impact, and business risk that's what really matters.

That's what we're challenging our partners to do.

That is quite a challenge for a lot of partners. Most of them don't have a way of calculating business impact costs, money saved and how it affects the bottom line quarter to quarter. How are you helping

If you've been selling traditional firewalls, and other defenses such as anti-virus solutions, its tough. But that is ultimately what is required now.

Security is absolutely now a Line of Business concern. Its moved from the IT department, to the bespoke IT organisation, to the CISO. Now its at the CEO/CFO level, and even the board level.

It is a transition. We've had to transform ourselves too. That's why we've put our focus on producing a world class partner programme. Our partners are being challenged -- and in a good way. They are being asked to go back in and skill up.

Yes we invented this space, and its all new technology -- so they look to us for vendor support. Our Fuel Partner Program is more than just sales training. A new feature is 'The Anatomy of an Attack' -- it shows them how to explain how attacks work now.

But the number one way we help our partner sales reps teams learn that, is by teaming with our field. That's why our new teaming standards and the rules of engagement really matter. They go out on a sales call with one of our guys, and our sales reps have to go through their own personal certification. We love teaming up a sales rep from our partner, with our field guys. They go call on the customer together.

Any last words

We're on a tear. We have the right combination of technology, the intelligence and the expertise. I love that we're not just going out and telling partners to sell more boxes. We know that happens, but it gets pulled through. If you can formulate a architect-led motion, a services-led motion, and have that economic conversation -- the pull through is phenomenal. That's what we're trying to instil in our partners.

(www.arnnet.com.au)

Allan Swann

Zur Startseite