Watch video interview

Speakers:
Charlene O’Hanlon, Managing Editor, MediaOps
Dave Furneaux, Virsec CEO

Charlene: Hey everybody, welcome back to TechStrong TV. I’m Charlene O’Hanlon, Managing Editor at MediaOps. I am here now with Dave Furneaux who is the new CEO of a company called Virsec. Thanks for much for taking the time to talk with me, I appreciate it.

Dave: Happy to be here.

Charlene: Awesome, awesome. Tell me a little bit about Virsec.

Dave: So Virsec was a company that I actually got involved with at the very beginning, which was 2014-2015 timeframe. And we got together as a group of technologists and entrepreneurs because we wanted to solve the application security problem in a new and really fundamental way.

Security of course is a big issue. Cybersecurity is a massive problem in the world. And we just didn’t think that the applications that run our world – they run our governments, they run our hospitals, they run our military – that they were being protected properly. And so we launched this company to do just that.

Charlene: So obviously application is a huge security issue, especially now with so many folks who are working from home. And the security issues that entails. So many people trying to access the network at once and the cloud-based applications and security attached to that. So I imagine you guys have a lot on your plate at the moment.

Dave: It’s an amazing time. Covid-19 has been a huge crisis for all of us, a really challenging time. But in the cybersecurity field, the problem has manifested itself in more cyberattacks and more challenges. In our industry, we call it attack surface areas. So when you start working remotely and putting stress on applications, it increases an attack surface area that an attacker can go after. So yes, we’ve seen an uptick in momentum and in the business itself.

Charlene: So how does your technology work and at what point in the application process is it engrained? Is it more in the development process, or from the DevOps perspective, are we looking more at the Shift Left idea of adding security at the application development process?

Dave: So, our technology, our product, is an end-to-end security product. So it does start on the Shift Left or the Dev side and then moves to the Security Operations side as well. In the CICD pipeline, when the developer is developing, our product is used to provide much deeper application visibility and much broader visibility into the security issues of that application. And then we provide remediation or virtual patching, and even compensating and controls. It’ll allow a developer, as the application comes through development, into runtime, into operation, to be able to have continuity, from a security perspective as well.

Then our product from a security operations side, is deployed in runtime. To protect the application from the inside out. So that as the application is instructing and its working, we’re able to secure it in real time.

Charlene: Gotcha. So it’s not just a development security offering, but it’s a post development security offering as well. That’s really kind of interesting. So are organizations deploying these attached via APIs? How are they connected to the security framework that organizations have?

Dave: Our product is the first product in the world to integrate security from the inside out. So we took a radically different view and said, ‘The world secures by creating perimeters, creating firewalls, and different types of antivirus rules and techniques.‘ We said, “Let’s integrate security into the application itself.’

So we instrument the application with a very light weight probe. And we’re able to understand as a result of that, given where we instrument the probe, we can see so much more about what’s going on in the development of the application or the running of it.

Charlene: OK, that makes a whole lot of sense. What are you guys seeing in the market these days? Are companies moving toward the idea of Shift Left, adding security earlier in the development pipeline and at runtime, as your technology does?

Dave: Yes, there’s a big trend toward integrating and creating harmony or more communication between the developers and the owners of the applications when they’re operating.

From a security point of view, I think there’s a huge push to provide to stronger application security level solutions because the attacks surface areas and the importance of applications are skyrocketing. So it’s a big trend.

Charlene: I remember before the world caught on fire and we were at the RSA conference. DevSecOps was a huge topic for not just speakers and presentations, but just even on the show floor. A lot of people were talking about DevSecOps and it really seemed to be gaining traction, finally. Do you see that the timing of your technology is in line with where the market is headed?

Dave: I think that’s true because the market evolves based on attack landscapes and types of attacks. What we’ve seen in the last 3 years is that the traditional technologies that were deployed are not working well enough.

Whether it’s Verizon’s recent report or FireEye’s or Mitre’s attack reports, everyone is seeing that the attacks are getting deeper and the existing products are not protecting them well enough or providing enough visibility. Including pen testing and trying to understand where your vulnerabilities are. They’re just operating at a level that’s too abstracted from where the attackers are today.

Charlene: So from a networking perspective also, is your technology helping in cases such as edge computing or even accommodating IoT devices and other devices on the network? Where does your technology stand in relation to those things?

Dave: So our technology started with, our passion as a team was coming together around securing the workload. Really, protecting the applications that run our customers’ businesses.

But as you evolve that thinking, and as we’ve evolved that thinking from the workload, the workload may reside on the edge. And so there’s this new edge coming. We see that our ability to protect at the edge is just an extension of our existing product. So we do that.

When it comes to IoT, that’s a different form factor. And because we’re integrated so deeply close to the microprocessor, it’s a different architecture than server workload. So that’s on our roadmap for something we’ll do in the future.

Charlene: Excellent. I’m hearing a lot from organizations who are looking more at edge computing as a way to help balance their load if you will and extend their networks beyond their standard networking environment. There’s definitely a lot of movement in that space.

Where do you see you guys, your technology, as opposed to other organizations, other security technologies in the market right now as it pertains to edge computing? Are you guys ahead, or is the market fairly nascent and we’ll see maybe in a year or so where things fall out? Where do you see yourselves?

Dave: I think edge computing and edge architectures have been evolving for a number of years. They’re starting to get into early deployments. Security is really an important part of that. Where we see ourselves is, we’re doing the same thing we’re doing in a traditional enterprise deployment. We’re securing from the inside out.

So as that application goes to the edge, we’re still protecting that application at a deeper, broader level. And more simply than the existing products. What’s happening with most of the security companies that are looking at the edge, is they’re looking at perimeter deployments or rules-based deployments or behavioral deployments. And we’re a deterministic solution that sits on the inside. So our benefits that we give in a non-edge world are extended to the edge world. That’s all.

Charlene: Alright, great. So where do you guys see yourselves and your technology moving forward?

Dave: Well, it’s a really big market. And we’re having a good time deploying and solving customers’ problems. We’re looking at growing. We got our start in aerospace and defense in government type customers. And now we’re starting to move into other types of enterprises, like hospitals, financial institutions, utilities. So it’s pretty diverse.

We just sold our first customer in Africa. Last month we sold our first customer in India. We just hired our first key member in Dubai. So it’s amazing to see the international flavor of customers who are interested in this type of security.

Charlene: That’s great, that’s great. I wish you guys all the luck in the world. I think it’s a great technology. Especially in the DevOps realm as more organizations are looking to shift left. It’s great to hear that there’s yet another technology on the market hat’s going to help them do that.

So Dave, thank you very much for your time and walking me through all the aspects of your company and the technology of your company. I wish you all the best.

Dave. Sure. Thank you. Take care.

Watch video interview