An Interview with Paul Hooper, CEO of Gigamon
Gigamon recently rang the New York Stock Exchange's famed closing bell in celebration of the unveiling of their call-to-arms for companies around the world. The NYSE spoke with Gigamon's CEO, Paul Hooper, about their mission and his thoughts on the current and future state of network security.
To start, can you describe Gigamon and its mission?
Paul Hooper: Gigamon is a 12-year-old company that was founded on the emerging need for improved visibility into network traffic. As networks become increasingly critical to our lives and everything we do, the volume of information on those networks continues to grow. This is why understanding what is happening on them is absolutely essential in order to manage, monitor and secure those environments. Gigamon is focused on helping companies establish improved visibility into the traffic and information that is flowing through and across their networks.
Gigamon recently issued what it described as a Call-to-Arms to companies across the world. Tell us what that was and how you want companies to respond.
Mr. Hooper: Our call to arms is “We Fight Smart,” and the premise behind the call is that the attackers are winning. The number of penetrations at private enterprises, federal locations and national infrastructure centers continues to increase, and at the same time so does the investment in the amount of technology deployed to stop them. Something’s not working. The security solutions are not preventing what they need to prevent, so we believe that the battle isn’t being fought in the right way.
Going forward, our objective, along with a large cohort of the world’s leading security vendors, is to say it’s time to change the game. It’s time to fight smart. So let’s engage in a dialogue over how we can work together to secure, manage and monitor infrastructure. Together, we are stronger; our combined technologies can see the threats earlier, isolate and eliminate them faster.
Gigamon talks about “The Hidden Man” as its icon of security threats. Describe him, what he wants and how companies defeat him.
Mr. Hooper: Well, that’s the key thing. No one knows who the hidden man is. However, we do know what he wants — and that’s anything he can translate into value for himself. That could mean taking assets, intellectual property exfiltration, stealing credit card information, the resale of personal identity information, any number of things.
We know for sure the thieves are out there . . . 97% of enterprises have been compromised to one degree or another and it takes an average of 120 days to identify a breach. In that time-window, the hidden man is walking around data centers all over the world taking whatever he wants.
Who is he? We don’t know. What does he want? Anything that he can turn into a profit. What are we doing about it? That’s what ‘We Fight Smart’ is all about. We want people to come together and shine a spotlight on him.
Gigamon states that the GigaSECURE platform is not necessarily meant to replace existing security apparatus, it is meant to enhance its effectiveness. Can you describe that relationship in more detail?
Mr. Hooper: It’s a relationship built around both effectiveness and efficiency. In other words, with the GigaSECURE platform the flow of information to security appliances is calibrated and controlled to make them as effective as they can possibly be. If they’re not getting enough information, they can’t react. If they receive too much, they’re going to be overwhelmed, which reduces their effectiveness.
If you shape the information flow and make sure they get just the right amount, at the right time, in the right location, with the right profile, the efficiency and effectiveness of the attached security devices improve dramatically.
How has the CISO role changed over the years?
Mr Hooper: It used to be that the CEO didn’t sleep; now it’s the CISO who’s not sleeping. The CISO role has evolved dramatically as security has gone from being a necessary evil – some might call it an insurance policy – to being front and center in IT investment. Last year, $77 billion dollars was spent on security and, as I said earlier, 97% of enterprises have been compromised. That’s why we’re finding a lot of support for our message amongst CISOs and it’s why we are trying to take a different approach with a different architecture.
How do you see the relationship between the CISO and the CEO evolving? Do they need to work more closely together?
Mr. Hooper: While many people think the CEO is the pinnacle of the company, I see that role as the gateway to the board of directors and, in turn, the board as the proxy for the investors. It’s the CISO who enables the CEO to best understand and communicate the risk structure to the board, along with the effectiveness of his security architecture, the possible penetrations, and the financial expectations underpinning the demand to be secure.
In other words, security today is a board-level conversation, whereas 10 years ago it wasn’t. This is why I think the relationship between the CISO and the CEO needs to be much tighter. It’s less of a transactional relationship and more of an advisory one so that the CEO can understand the risk profile and characteristics of the business.
7. How have you seen security budgets being spent in the past, and how are they being spent now? What has prompted the change?
It’s been said that the battle against security breaches is an “asymmetric” one, meaning companies need to cover every point of possible entry whereas a hacker only needs to find one weak spot. Can you talk about that?