The good thing is Francisco Partners and Elliott understand this space tremendously and deeply. We’re overinvesting in R&D this year and probably early into next year to really do two or three things. One is to push out innovation like Capture and get us into virtualization and cloud. Second, you’ll see us really start to double down on some of our current investments to speed the time to market on capabilities we need for this space. You’ll see us really overinvest on the pieces that make it simpler and easier to use and connect into. SonicWall has not always been strong on APIs. We’re going to be stronger in that area. We’ll have capabilities coming out this year to allow us to interconnect around analytics or other management tools in the industry and in the enterprise.
What capabilities are you offering in the cloud now and what will come in the future?
Today we’ve put our Global Management System (GMS) into a zero-touch cloud capability. We’ll continue to invest on GMS so you can get it as a prem-based or, now, as a cloud-based [service]. One of the go-to-markets is around managed service providers or carriers and in some cases they’ll want our virtualization or an API to connect into their own stuff or they’ll run ours. As you look at a lot of the early cloud offerings, there are some limitations in the infrastructure to do our level of deep-packet filtering at the speed needed for the business not to have latency.
Our engineering is working on how we give a choice; on-prem hardware or software or a virtualized cloud offering for firewall and next-generation [firewall]. That’s a market for it but we see it being more of a choice. What we’re investing this year to do is consolidate our infrastructure or operating system, SonicOS, and some of our product onto single-string code. We’re looking at how to virtualize that when the cloud infrastructure can actually perform at the level it needs to on that. You’ll see that, hopefully, this year and early into next year.
Just to be clear on that, you don’t have a cloud-based firewall today but you’re saying you could have that in 2017?
No [we don’t have cloud-based firewall]. We will be releasing stuff toward the end of the year and into next year for that because, as you know, our history is really high performance and low cost. Because we do such deep packet inspection at the speed we believe it needs to perform at for our kind of customers, the cloud just can’t hold the performance today to scale.
As we see more customers embracing a hybrid cloud model, what pressure points does that put on security and what are you doing to help people with that?
We’ve been around long enough to know nothing ever goes one way or the other. That’s why I talked about going to a single stream of software. We should give you a choice. If you want to virtualize we’ve got that. If you want it on your premise we’ve got that and you get the same functionality and performance either way. Our whole belief is to strengthen the management structure across the different models, improve your UI, improve your UX, make sure you’re API-enabled, and then give you feature transparency across the product portfolio. That’s what we’re striving to do.
How do you see the threat landscape evolving? What should people be more focused on now than perhaps they are?
At Entrust we were one of the few security vendors that didn’t get breached. I think a lot of that was how we segmented our networks and created virtual LANs and hardened networks for different parts of the business, for different sensitivities. Large and medium-tier enterprises are going to have to think differently about how they architect their business. They are already rearchitecting network storage and data centers and server farms anyway. Now we’ve got to think of the network attributes of that and the security profiles of those different networks in data and in storage.
The other piece that’s clear in my mind is that the bad guys are moving. We are in a cyber-arms race. I just described how it changed from point of sale to spam and now it’s moving into ransomware and other variants. Their means to get in are changing. Now 60 percent of the malware coming in is encrypted with SSL certificates in the wild that aren’t publicly rooted and not enterprise rooted. They can pick those up in the open market.
When the malware guys are 24/7, it changes the nature for business. You’re really going to have to do SSL, deep packet inspection. You’re going to have to look at email differently because it’s going to be coming in encrypted. On the good side, we see the actual number of threats going down and the variants changing going down. The problem is they’re still big and they’re coming in cloaked. We have to move with the way the bad guys are changing their behavior and I think that’s what’s going to happen in 2017. We’ve got to look at new threat vectors like IoT, mobile and how they’re coming in through encrypted communication.
What security technologies or innovations hold the most promise for the future?
Some that I can’t talk about today.
Sure you can! Don’t be shy.
I can’t, John. We’ve got to get some IP around it first. I’m excited by the amount of gold and diamonds in our developers’ minds, what they’re working on and the excitement to get these new capabilities to market. I’m just really excited about how this can change the threat landscape protection and offense that we have.
As a final question with a one-sentence answer, what do you want customers to know SonicWall as? You have that classic elevator moment.
We’re your trusted adviser. We’re really skilled at what we do and we want you to trust us and know that you’re safe. If there’s an issue, we’ve got the best service and channel partners to work with.
Want to comment on this Q&A? Head over to our Facebook page.