Share

Related Links

Related Stories

Top 5 Stories

Feature

A No Bullshit Look at the Infosec Industry: An Interview with BeyondTrust’s CTO

13 March 2014
Eleanor Dallaway

Sat in the BeyondTrust glass cube meeting room on the RSA Conference show floor in San Francisco, Marc Maiffret, CTO of BeyondTrust, shares his thoughts on the information security market with me in the only way he knows how – sans “bullshit”.

“Look around the show, you’ll see a lot of ambulance chasing from vendors”, Maiffret says with disdain. “Snowden made a conversation happen, and the vendor community is responding with marketing messages”.

TargetSnowden…The threats haven’t changed, but the marketing messages have”, he observes.

And this, he tells me, is the worst thing about the information security industry. “There’s such a lack of honesty. Not every company solves every problem for everybody, that’s just bullshit. I don’t envy infosec professionals for having to get through the vendor clutter”.

Most vendors, he tells me, “feel the need to say they’d have prevented the Snowden revelations or the Target breach”, but they wouldn’t, he says with conviction. “It doesn’t make them more viable, it’s just disingenuous. Do they realize their sales pitch is hollow?”, he asks rhetorically. “No one product would have fixed either issue. People are over-simplifying it.”

BeyondTrust, to the contrary, he says, base their relationships with clients on honesty and transparency. “People like doing business with us because we’re not full of shit”, he says. “We like to tell our customers what we don’t do, not just what we do.”

And it works both ways. BeyondTrust choose their industry partners based on the very same criteria: trust, and consistency in their message. “Honesty equals longevity. We know what we’re not doing great and we work on fixing it.”

One vendor he does choose to give kudos to is FireEye. “They’re doing great. There’s a reason they grew as fast as they did”, he says.

Vendors he speaks less highly of are those that rely on acquiring innovation. “Symantec will continue to buy their way to relevance. These are not the companies we should look to for innovation.”

But whilst new technologies are important, it’s essential not to dismiss legacy technologies, Maiffret advises. “Everyone is looking for the new advanced thing, but forgetting about the basics. Anti-virus stops the noise and some of the bad stuff in the world. A businesses’ biggest challenge is known security weaknesses.”

Security budget should be assigned on the following criteria: what’s your adversary, and what is your risk.

Marc Maiffret, it has been a pleasure.

 

This article is featured in:
Industry News  •  Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×