Thought Leaders in Cyber Security: Andrew McLennan, President, North America of Inside Secure (Part 3)

Sramana Mitra: I have a follow-up question. If you look at the space of security in the context of payments, both mobile payments and desktop payments, who are the major security vendors and what are the differences in the key approaches? You have, of course,  just described your approaches. What are the key approaches in the industry and why is one better than the other?

Andre McLennan: There are three basic approaches and a variety of vendors across the space. You can use hardware to secure where you host Java code. All the processing is done in the hardware, and you’ve the most secure processing environment. But I think we’re all aware now that hardware is never 100% secure. It’s a great paradigm for payment, but the problem is it requires the maker of the payment application to understand what the hardware is. This is where you see the likes of Apple Pay come in, because they understand what their hardware is.  They can devise a payment experience knowing exactly what the hardware platform is. Of course, what that means is if the hardware is compromised, everyone loses. Every single person’s security is compromised. >>>

Thought Leaders in Cyber Security: Andrew McLennan, President, North America of Inside Secure (Part 2)

Sramana Mitra: Let’s take a few examples. Let’s take maybe one example from the chip side and one example from the credit card side and talk us through how exactly this works.

Andrew McLennan: I’m the software specialist, so I can give you more detail on the software side and less detail on the hardware side. I’m going to take the use case for host card emulation. In October 2013, Google removed the need for radio device to have to talk directly with a hardware element. Before Google did this, the SIM card was holding a secure element, which is basically a cryptography engine and hardware. If you want to make a mobile payment, the mobile network operators are in control of the SIM; therefore, you had to work through them. The cost of mobile network operators was demanding at that point. Android Google topped the market by allowing anyone to make a payment without passing through the SIM. >>>

Thought Leaders in Cyber Security: Andrew McLennan, President, North America of Inside Secure (Part 1)

I am still digging into the issue of vastly enhanced exposure to cyber security threats with the advent of Internet of Things. Here we discuss that and other issues.

Sramana Mitra: Let’s start by introducing our audience to yourself as well as Inside Secure.

Andrew McLennan: I currently serve as the President of US for Inside Secure. Inside Secure is a public company headquartered in France. We basically focus very strongly on embedded security and in particular, security elements and software security. My own particular expertise is in the area of software security, which is quite hot in the payments industry and finance in general.

Sramana Mitra: Talk to me a bit about the broader trends in your space and how does what you are doing align with those trends? >>>

Bootstrapping Using Services First, Raising Money Later: Rohyt Belani, CEO of PhishMe (Part 7)

Rohyt Belani: Then, we’ll help you analyze this. We’ve built technology to not only  help with the analysis but also leverage existing security investments. If they’re using FireEye, we’re not competing with them. We actually fit along side them. Let’s say the Sandbox from FireEye, or the URL analysis product from WebSense, and take all these factors and say, “What is it that I’m looking at? How bad does it really look?” It’s very difficult to come up with a binary this-is-bad-for-sure or this-is-good-for-sure answer. It’s more of a confidence rating. That’s really what we look to do—operationalize human intelligence.

Sramana Mitra: What’s the competition? What’s the direct competition?

Rohyt Belani: If you look at the product portfolio that I just talked about going from simulation, assisting with reporting, to assisting teams analyze these reports. If you look at it holistically, we don’t have any company that offers this entire gamut of offerings holistically. We have competition on each one of these verticals, I would say. The simulation is the one that we’ve had around the longest. That’s where we have the >>>

Bootstrapping Using Services First, Raising Money Later: Rohyt Belani, CEO of PhishMe (Part 6)

Rohyt Belani: If you want, I can explain with a really good example in a story.

Sramana Mitra: Yes, go for it.

Rohyt Belani: If you think back to 2010, there was a bomb scare at Times Square. There was a Nissan Pathfinder parked right in the middle of Times Square, which is very unusual. If you’ve ever been to Times Square, you see that there are a lot of cops there walking around. None of these systems and technologies caught this anomalous SUV parked right in the middle of Times Square. It was two vendors who stood there everyday selling $2.99 I Love New York T-shirts that said, “This looks whacky.” They went to the cop and said, “We don’t see cars parked here.” The next thing you know they call the bomb squad. It was loaded up with explosives.

While these guys weren’t bomb experts, they were contextually aware. Our whole idea is how do we take that contextual awareness to cyber security. How do you do that? An example is I got hit by a phishing attack myself. We launched our most recent product. I guess the phishers just go after us for bragging rights. >>>

Bootstrapping Using Services First, Raising Money Later: Rohyt Belani, CEO of PhishMe (Part 5)

Sramana Mitra: One of the things that’s obviously a huge benefit of this model is valuation. I imagine your Series A valuation is way larger than many others who would try to go raise money early. We did the story of Tableau. Tableau raised Series A at a $20 million pre-money valuation. They bootstrapped for two years and they were $6 million before they raised their first round of financing. Their first round Series A valuation was $130 million. What was your experience in terms of valuation and where were you raising money?

Rohyt Belani: Our primary institutional investor has been Paladin Capital based in Washington DC. Especially in this latest round, we had a lot of interest from Silicon Valley investors. As you rightly pointed out, the valuation was pretty wide. By the way, I’ve read quite a few of your blog posts and I find them very intriguing. I’m not one of those entrepreneurs who’s solely focused on valuation. That’s not a criterion of success for me. A lot of people get the Unicorn status but they signed away for liquidation preference. I’m more of, “What’s the deal holistically?” If you seduce me with >>>

Thought Leaders in Cyber Security: Ray Rothrock, CEO of RedSeal (Part 5)

Ray Rothrock: We woke up just a couple of years ago. When Target happened, there’s some bad software inside networks. How did it get there? We say, “I have firewalls. I have data leak protection. I have all these stuff.” It happens because of mobile. It happens because of email. It turns out that the perimeter isn’t really the perimeter. We all live in a cloud world. BOYD devices show up on the network, bringing bad stuff. Now, that we’ve come to the conclusion that the bad stuff is inside, how do we deal with it? That’s what started in 2013 to now. Everybody’s got the bad stuff. They know they have the bad stuff. The question for a Senior Manager is it’s not a matter of if. It’s a question of when and what do I do about it when it happens. That’s RedSeal. We tuck into that trend where your networks got problems. We help sort it out. That’s the industry view.

By the way, as companies become more network-centric or using digital technologies to run their business, they become more vulnerable. Let me give you a specific example. July 8 this year. United Airlines, The Wall Street Journal, and the New York Stock Exchange all had a digital problem and all three shut down. It was a cyber event but it wasn’t a security problem. They just got problems. These things are complex. Three companies on the same day. Now, it’s with the CEOs because if you shut down an airline for a day, you affect the revenues. >>>

Thought Leaders in Cyber Security: Ray Rothrock, CEO of RedSeal (Part 4)

Sramana Mitra: Not at all. How long does it take to map a sizeable network like the kinds of numbers that you’re rolling out here?

Ray Rothrock: If you’re a skilled engineer, it could take a couple of weeks to a couple of months. Cisco took a couple of weeks.

Sramana Mitra: Is it a scan running continuously, or is it a scan running at certain times?

Ray Rothrock: It depends on the complexity and lots of other attributes of the network. Most people run it overnight because it usually takes a couple of hours.

Sramana Mitra: So the scan doesn’t take more than a couple of hours.
>>>