Most of my customers would tell me they have a best-in-class security stack that keeps the bad guys from breaking into their network. That stack would consist of a firewall, IPS, antivirus, and some kind of SIEM to give them visibility into what's going on. And for traditional security protection, that's a good stack to have. But the adversaries are figuring out how to penetrate the network. Malware is one of the ways. I think malware is responsible for about 30 percent of the compromises, meaning if you just address malware, you're exposed at 70 percent.
When we think about the problem, we think about the life cycle of the threat, which has four legs. There is infiltration, which could be malware or they can hack in, etc. Then there's communications with an external malicious command and control system. The third leg is the propagation leg, where they move laterally inside your network, looking for higher levels of authority so they can access what they want. Then there's the exfiltration piece, which is how we got into this business, because we are the top data exfiltration company in the world, based on what Gartner says. We can face the internal part of the network and make sure nothing leaves.
But the four legs of the life cycle are the things that are important and malware is one of those legs and represents only about 30 percent of the problem.
Dix: So you got your start with the exfiltration part of this, but today address all four parts?
George: We do. And that's an interesting question, because when I joined the company four and a half years ago, we were then and today in the Gartner Data Leak Prevention Quadrant. But in those days DLP was just a broken business process. It was really inadvertent data leakage. Say a good guy trying to work on something over the weekend and sending a sensitive document to his Gmail account. That's what DLP used to be, because there were no nation-states trying to steal intellectual property, there were just good guys doing not-so-good things. And there are lots of good technologies to solve that.
But if you're a malicious insider or you're a nation-state and you can penetrate the network and you want to exfiltrate data, you're not doing it out Port 80, you're not doing it out of the email port, because somebody's watching that. You're going to bury it deep inside an attachment and you're going to send it out a port that nobody's looking at. And that's what we did better than anyone in the world. We're the only company in the world that can sit in the network and see applications and content and threats buried deep inside of the applications on all ports, inbound and outbound of a network.
There are 65,656 ports in a firewall, and we're the only company in the world that can give you visibility in and out. So again, if you're a good guy doing a not so good thing, you're going to send it to your email account, and someone can see that. But if you're a malicious insider, you're going to bury it deep inside a JPEG, rename it, compress it three times, and send it out a high port that nobody's watching. Well, that's what we were really good at, and when that became the problem, all of a sudden what we did different than everyone else became really important.
So the profile of our customer base has changed dramatically. It was 90 percent federal agencies four and a half years ago, and this year we'll be better than 50 percent/50 percent government and commercial, maybe even more commercial, because the threat factor has moved to the commercial enterprise. That part of our business is booming right now.