An Interview with Paul Hooper, CEO of Gigamon

Gigamon recently rang the New York Stock Exchange's famed closing bell in celebration of the unveiling of their call-to-arms for companies around the world. The NYSE spoke with Gigamon's CEO, Paul Hooper, about their mission and his thoughts on the current and future state of network security.

To start, can you describe Gigamon and its mission?
Paul Hooper: Gigamon is a 12-year-old company that was founded on the emerging need for improved visibility into network traffic. As networks become increasingly critical to our lives and everything we do, the volume of information on those networks continues to grow. This is why understanding what is happening on them is absolutely essential in order to manage, monitor and secure those environments. Gigamon is focused on helping companies establish improved visibility into the traffic and information that is flowing through and across their networks.

Gigamon CEO Paul Hooper at the New York Stock Exchange Gigamon recently issued what it described as a Call-to-Arms to companies across the world. Tell us what that was and how you want companies to respond.
Mr. Hooper: Our call to arms is “We Fight Smart,” and the premise behind the call is that the attackers are winning. The number of penetrations at private enterprises, federal locations and national infrastructure centers continues to increase, and at the same time so does the investment in the amount of technology deployed to stop them. Something’s not working. The security solutions are not preventing what they need to prevent, so we believe that the battle isn’t being fought in the right way.

Going forward, our objective, along with a large cohort of the world’s leading security vendors, is to say it’s time to change the game. It’s time to fight smart. So let’s engage in a dialogue over how we can work together to secure, manage and monitor infrastructure. Together, we are stronger; our combined technologies can see the threats earlier, isolate and eliminate them faster.

Gigamon talks about “The Hidden Man” as its icon of security threats. Describe him, what he wants and how companies defeat him.
Mr. Hooper: Well, that’s the key thing. No one knows who the hidden man is. However, we do know what he wants — and that’s anything he can translate into value for himself. That could mean taking assets, intellectual property exfiltration, stealing credit card information, the resale of personal identity information, any number of things.

We know for sure the thieves are out there . . . 97% of enterprises have been compromised to one degree or another and it takes an average of 120 days to identify a breach. In that time-window, the hidden man is walking around data centers all over the world taking whatever he wants.

Who is he? We don’t know. What does he want? Anything that he can turn into a profit. What are we doing about it? That’s what ‘We Fight Smart’ is all about. We want people to come together and shine a spotlight on him.

Gigamon states that the GigaSECURE platform is not necessarily meant to replace existing security apparatus, it is meant to enhance its effectiveness. Can you describe that relationship in more detail?
Mr. Hooper: It’s a relationship built around both effectiveness and efficiency. In other words, with the GigaSECURE platform the flow of information to security appliances is calibrated and controlled to make them as effective as they can possibly be. If they’re not getting enough information, they can’t react. If they receive too much, they’re going to be overwhelmed, which reduces their effectiveness.

If you shape the information flow and make sure they get just the right amount, at the right time, in the right location, with the right profile, the efficiency and effectiveness of the attached security devices improve dramatically.

How has the CISO role changed over the years?
Mr Hooper: It used to be that the CEO didn’t sleep; now it’s the CISO who’s not sleeping. The CISO role has evolved dramatically as security has gone from being a necessary evil – some might call it an insurance policy – to being front and center in IT investment. Last year, $77 billion dollars was spent on security and, as I said earlier, 97% of enterprises have been compromised. That’s why we’re finding a lot of support for our message amongst CISOs and it’s why we are trying to take a different approach with a different architecture.

How do you see the relationship between the CISO and the CEO evolving? Do they need to work more closely together?
Mr. Hooper: While many people think the CEO is the pinnacle of the company, I see that role as the gateway to the board of directors and, in turn, the board as the proxy for the investors. It’s the CISO who enables the CEO to best understand and communicate the risk structure to the board, along with the effectiveness of his security architecture, the possible penetrations, and the financial expectations underpinning the demand to be secure.

In other words, security today is a board-level conversation, whereas 10 years ago it wasn’t. This is why I think the relationship between the CISO and the CEO needs to be much tighter. It’s less of a transactional relationship and more of an advisory one so that the CEO can understand the risk profile and characteristics of the business.

Gigamon CEO Paul Hooper on the frequency of network breaches

7. How have you seen security budgets being spent in the past, and how are they being spent now? What has prompted the change?
Mr. Hooper: I like to characterize it as Security 1.0 versus Security 2.0. Security 1.0 was reactive, tactical, and sometimes panic-driven buying: “One of our peers just got hacked and we can’t be next, so go out and buy all the security tools you can find…” That kind of non-strategic spend was fairly common, and while the need for investment in security was real and self-evident, the lack of structure supporting the buying decisions was problematic.

We’re now in the Security 2.0 phase. It’s more thoughtful and more architecture-centric than just buying lots of devices and plugging them in. Progressive companies are asking a lot more questions before buying the latest tools. They’re asking where do I plug them into my network? What information do they see? How do they get hold of that information? Where do I locate them?

As a whole, there’s more thought and strategic consideration going into security spend than we’ve seen over the last few years.

The number of channels and devices that businesses use is growing all the time. Can you talk about the complexity you’re seeing and the security challenges they present?
Mr. Hooper: It comes down to a reduced amount of control. The CIO used to have a lot more control - they had the data center under lock and key, they had their network access controlled, they had control of their edge devices because nothing could be deployed on the network unless it was issued by the IT team.

Now the data center is mobile and virtualized applications are moving around inside it. Where the edge of the network used to be the four walls of the office building, now it could be at home when employees are on their couches working from their phones, or it’s on the road when those same workers are connecting while traveling.

The control that they used to have is almost totally gone and it’s forced a change in how organizations look at security and how they spend their budgets on it. This is where the push for visibility comes into its own. All those new technologies - mobile, cloud computing and virtualization - demand the kind of holistic view that can ensure you maintain control and can manage them all.

Gigamon CEO Paul Hooper on the evolving relationship between the CEO and the CISO

It’s been said that the battle against security breaches is an “asymmetric” one, meaning companies need to cover every point of possible entry whereas a hacker only needs to find one weak spot. Can you talk about that?
Mr. Hooper: That’s very accurate when you’re thinking about external threats. But, once the attacker is inside, the balance of power inverts.

The CISO does have to protect everywhere, while the attacker has to find just one opportunity and exploit it. The attacker also has the luxury of time - he can spend all his time looking for that one area of weakness. However, once the attacker is inside the network, the tables turn. Now the attacker has to be very subtle, very cautious to avoid detection. At that point, the CISO only has to find one breadcrumb in order to expose the entire trail. But he only has that power if he has pervasive visibility.

Where is network security headed next? What trends do you see that will drive the future of the industry?
Mr. Hooper: Security needs to focus on four Ws: Who’s on the network? What are they doing? Where do they come from? Where are they going? Once you focus on those four things, you understand what your network looks like today, and what it should look like tomorrow.

I’d also say we are moving from a world where we used to try to watch everything to one where, in order to be effective in this war, we have to look at an extraction of data - at network metadata. We have to accept that we can’t be everywhere at once, but we can turn the data we have at our fingertips into actionable intelligence. Analyzing that larger, abstract picture will help identify areas of concern and then organizations can drill down into the details, find potential threats and stop them before they can do any harm.