Forcepoint CEO Matt Moynahan On Placing Big Bets On Behavioral Analytics, Data Protection
Matt Moynahan dishes on the biggest missed opportunity in cybersecurity today, why point products will die within the next half-decade, and why Forcepoint needs mathematicians and behavioral psychologists.
A Human-Centric Approach
Organizations have for too long assumed they can secure their data by purchasing web application firewalls and data loss protection products that treat all users and behaviors identically, according to Forcepoint CEO Matt Moynahan.
Moynahan told CRN that data protection is the biggest missed opportunity in cybersecurity today due to the lack of behavioral analytics smarts in legacy DLP tools. The Austin, Texas-based cybersecurity company plans to double down on its behavioral analytics capabilities through the recent opening of a Cyber Experience Center in Boston that takes a multidisciplinary approach to generating behavioral algorithms.
Forcepoint has also moved away from a partner ecosystem oriented around a large number of transactional relationship to one that's focused on a smaller number of high-quality relationships. As point products die out, Moynahan said Forcepoint needs solution providers that can engage strategically and capitalize on the paradigm shifts around cloud services.
Here's what Moynahan had to say about hiring mathematicians and behavioral psychologists and how Amazon Web Services has changed the cybersecurity industry.
What threat are you keeping the closest eye on for midmarket or enterprise customers?
It's an old threat, but it has new consequences. Identity, account takeover and data theft. And AI around data manipulation, and deepfakes. The point products are still being sold today, but if they don't stop those issues—and it really is a behavior-centric approach, understanding behavior—I think you're going to come out on the short end of the stick more often than not.
What have been the most relevant changes in these spaces?
I think data protection is the single greatest underrepresented opportunity in cybersecurity. When people think about data security, they think of three products—database security, which is useless; data loss prevention [DLP], which is a billion-plus-dollar industry; and web application firewalls [WAFs]. That's it. And yet 80 percent of the world's critical information that's been produced in the past three years and is subject to regulatory and governance issues isn't protected. Database security, DLP, and WAFs have been around forever, yet they're not protecting the stuff that's exposed. I think you're going to see a massive explosion in data security in a different type of definition than the current market suggests. We would encourage all of our partners to partner with us to disrupt that space.
How's the definition going to change?
We launched Dynamic Data Protection at RSA that's getting a lot of traction in this space. It's not this static, one-size-fits-all DLP. I was in a large client the other day, and the client said, 'You know something, Matt, we're using your behavioral analytics platform, and we see more data exfiltration events than the DLP team that's using Symantec sees.' And I said, 'This makes sense because DLP doesn't see behavior. It reacts to behaviors, it applies policies in a way where it treats everyone the same. And that's not right.' So Dynamic Data Protection is a fusion of behavioral analytics with DLP. Oftentimes, I'll ask clients, 'Do you want dumb DLP or smart DLP?' And they'll say, 'Of course I want smart DLP.' And I'll say, 'Good, because you better have a data protection capability that understands who the user is, are they acting with proper intent or not regardless, and apply the right level of rules. And if they're doing OK, then take the guards down. Don't get in their way.' There's a massive imbalance in the amount of data that's protected and the need for it, and this is one of the big bets we're going to place as a company.
How significant of a threat do supply chain attacks pose to MSPs and MSSPs?
This cat is out of the bag. I was being interviewed about the DHS/FBI report on the nuclear power plant that was breached, and I got asked by the reporter, 'Was that a sophisticated attack?' And I said, 'Do you remember Target? This has been happening for years.' Everybody should be worried. Everybody. But we also can't ask everybody to become a security company or everybody to become a security expert. That's why this human-centric approach is essential. You have to assume one of your employees is going to be tricked and provide an adversary with some access. You have to assume it. If you're living in a bad house in a bad neighborhood and you knew your door literally couldn't be locked, how would you think about protecting your family? You wouldn't go buy locks. You'd think differently, like 'OK, somebody's going to get in.' It's a complete mind shift. You'd start thinking about motion sensors. You'd start thinking about tripwires. You'd start thinking about video cameras. That's where the world is, two out of every three streetlights in London has a video camera on it. Things have gotten that bad. When I see the news now, it's more of the same. You will see people wake up at one point and say, ‘I finally get it.’ It's all about users and data. And everything else should be secondary to that.
What are your top channel priorities for the remainder of 2019?
Fewer, high-quality relationships that we can double down on, that are committed to helping effect industry change with us. Point products will be sold, but we're not looking for partners that are just going to sell a point product. We need partners that are going to invest in long-term customer relationships and long-term outcome, and then sell point products against that. The days of point products are numbered. Within five years, you're not going to see point products anymore across many segments of the cybersecurity industry. The capabilities will live, but products will die. And I would encourage partners to understand how we can collectively bring cloud services to market. It's not the easiest thing. It requires re-architecting our thinking, it requires re-architecting our approach, it requires a selflessness and a thought leadership approach with our clients. And that's exactly what we're looking for. I was with a large partner a couple of days ago on the West Coast, and I said, 'We're looking for long-term solution partners, not point product partners.' So that's where our focus is.
How is the initiative to work with a smaller number of high-quality partners going?
Phenomenally. The onus is on us. We're trying to effect change, and we need to help our partners create demand. We need to strategically partner around large opportunities to show them that the opportunities are out there. And the addition of Oni [Chakravaratti, global vice president, channel sales], and we've also got John Sorensen [vice president, global sales strategy and execution], who has a long history of serving the partner community over at Symantec. We've got a couple of heavy, heavy hitters who are making sure that Forcepoint walks the talk. It's one thing to just talk about this channel partner friendliness. But it's another thing to put in place the right programs and the economics to make sure that channel partners are truly strategic. Not just demand fulfillment, which might be interesting to them but not us. And not us trying to take advantage of our relationship with customers by giving them [partners] the short end of the stick. This is how we build a market together and take advantage of what I think is a seminal moment in cybersecurity. There's a paradigm shift happening, and let's help lead it as opposed to react to it.
What's different about your new Cyber Experience Center in Boston versus other satellite offices?
We have an executive briefing center in Austin where our headquarters are. What we wanted was an executive briefing center plus, and the plus is that experience. Cyber is an ethereal—can't touch it, can't see it—type of subject. And, at the end of the day, when we think about the threat vectors, they've fundamentally changed from this sort of underground-type of infrastructure, putting up walls and moats, to actually people being attacked. And we wanted to bring that attack vector to life. So the experience center is really just that. We're trying to show people how people become victims, whether it be by nation-state attack, whether companies are victims from insider employees turning against a company, whether employees are victims from bad security policies, and we can bring that to life here. It's much more than an EBC [executive briefing center]. It really is an interactive facility where hopefully people leave far more educated than they could be without the multimedia elements of what we put here.
Who are you looking to bring in, and what are you hoping they'll experience?
Anyone that has critical data or intellectual property that someone would be interested in stealing for some reason. If we had to segment our customers, I'd say we're medium-sized to enterprise and large enterprise. That is our core focus area. And organizations that are subject to regulatory and governance concerns around critical data, or have intellectual property that, if a company were to lose, would become some sort of market issue for them. That's the general focus area for the company.
What are the areas of expertise or specialty for the employees working here?
This is going to be our behavioral analytics center of excellence. So our head of behavioral analytics Toby Ryan will be based here. And that is the group that has developed software engineers that are responsible for building out our behavioral analytics platform, we call it Forcepoint Behavioral Analytics. And then within that capability set, we also have our group called X-Labs, which is our behavioral research lab. And that group has everything from mathematicians to data scientists to behavioral psychologists working there. So when you get this fusion, a cross-discipline set of scientists working on behavioral algorithms, those behavioral algorithms are then passed to the Forcepoint Behavioral Analytics platform. They come together to create what we called human-centric cybersecurity. So this is going to be the center of excellence for all things behavioral.
Are these existing Forcepoint employees who will relocate, or new people the company plans to hire?
The leadership and the core, we have those groups formed already. And so those groups will be relocating to Boston. Toby Ryan has already moved and bought a nice house up in New Hampshire. But the buildout will happen with folks from the Boston area. So that has begun, we hope to embed ourselves in the university programs and various centers of excellence they have, whether it be AI, ML, or what have you, and really tap the continuous flow of talent that comes through the universities. Also, quite frankly, RSA— one of the pioneering companies in security—was from here. ... A lot of companies have been spawned off the RSA university, and we intend to make this place a welcome home for them as we reach out and aggressively recruit in the area.
How will partners and customers benefit from growing the behavioral analytics and X-Labs teams?
The security industry is changing. Just like AWS changed a lot of things around how ecosystems work and suppliers work, the cybersecurity industry is changing. So I would really think that, for partners and channel and strategic partners, this facility is as much theirs as is it ours. Come in and understand the massive shifts that are happening in cybersecurity, and really position your organization—whether it's a transactional model or a more strategic consultative model—to not get caught in that shift. I think it's really, really important—come here, touch it, feel it, learn it. I would encourage them to take a thought leadership position in the industry. Customers do not want to buy boxes anymore. They do not want to buy tech. They really want to understand how to apply these capabilities to positive business outcomes. And that's very different. And I think everybody can feel that. I don't think there's anyone who hasn't felt the effect of Amazon. So if you're in a traditional, old-school model, I'd really encourage you to partner. And we'll do everything we possibly can to help you understand what's happening. And if there's things we can do for the partner community in making sure this experience center is tailored to their requirements, we'd be happy to do it. In fact, we had several partners here today with us from the channel and many walks of partner life that we hope to make this facility open to.
When do you expect to fully build out the Boston Cyber Experience Center?
We're not going to just hire anybody. We're going to be very disciplined with who we bring on. Obviously, these are really critical hires for us. They're expensive hires, and ones where we need to find the right mix of new hires out of college and old salty veterans. So that's not something you can just add water to and create overnight. We certainly anticipate having 50 to 100 people here by the end of the year, and we'll just continue to hire as fast as we can when the find the right candidates. I do think diversity is an incredibly important part of being able to look at a problem from all angles. And it's not just gender or race or ethnicity. It's also the educational disciplines. I personally was a history and economics major, so even though I got into cyber very early on, I think about things a little bit differently than other people. And I can't do it alone. This takes a multidiscipline and multithought process approach to thinking outside the box. So I would encourage everybody, whether they're a software developer or not, to come and consider a career at Forcepoint.
Is there anything else you want the channel community to know?
Forcepoint has been around for a while, even though the name is fairly new. I've been super appreciative of the partners who've been with us for a decade or more, in some cases. We're thrilled with the new partners that have been coming into our ecosystem, and they have our full commitment to stand true to our word. We're going to do what we say, and hopefully we can build a really transformative cybersecurity company together.