"Security should be invisible"

A Q&A with Guy Guzner, Co-founder and CEO, Fireglass.

In the world of security startups, there are those crazy ones. As that Apple ad goes, they are the misfits, the rebels, the troublemakers. The round pegs in the square holes. The ones who see things differently. They're not fond of rules. And they have no respect for the status quo.

Society should celebrate entrepreneurs as agents of change. Yet the entrepreneur's journey is mired with challenges - raising capital, attracting first customers, earning trust one customer at a time. When a security entrepreneur wins, our digital world is safer.

In these "Innovators and Disruptors" Q & A series focussed on new innovations in security products, Mahendra Ramsinghani speaks with security entrepreneurs who are bold, crazy and creating the security platforms of the future. 

guy guzner Fireglass

Guy Guzner, Co-founder and CEO, Fireglass.

Guy Guzner, Co-founder and CEO, Fireglass is one of them - not fond of rules, breaks things and has no respect for the status quo. Guy wants to disrupt Secure Web Gateways. But most importantly he wants security to be simple and invisible.

How did you get started in security?

Guy: I was that kid who used to break stuff. Back in the days of the dial-up modem, I tried my hand at a few cyber tricks which almost got me in in a little trouble. This was in the pre-firewall era.  

And then you got a real job.

Guy: Checkpoint hired me and I spent thirteen years, eventually heading their network security products, which included everything from the Firewall to the sandbox. I played pivotal role in building their network security product lines which generates over a billion dollars in revenue.  

The rest of us get a midlife crisis. You got a startup itch. Why leave a nice company and a cushy job?

Guy: As technology evolves, new solutions can be developed that were once difficult, even impossible. Checkpoint is a big company and any new product line needs to make a big enough impact to generate attention. It was a classical innovator's dilemma. So I had to get out of my comfort zone and create a nimbler environment.  

At Fireglass, what are you solving for?

Guy: If you look at the browser, it’s basically an application that executes code. It is hard to know, really, what is going on. Malicious web sites code to cause havoc on your endpoints, and from there and entire enterprise network is wide open.. We all know about the phishing / ransomware attacks. So we protect the enterprise network as from the weakest link - human beings. We all can inadvertently go to a malicious website. Or become targets of phishing attacks. With Fireglass, we act as a secure web gateway that isolates that isolates and executes web traffic remotely and only sending to the end user a 100% safe visual stream of websites. No HTML code reaches our end-users. Any malicious activity is sandboxed and detonated without any impact to the end-user. Basically, it’s like browsing the web through a bullet proof glass.  

Why is this important?

Guy: Email and web are primary attack vectors. As attackers are getting more sophisticated, security needs to step up. It is no longer 200 days from infection to when attackers cause damage, today it’s a matter of in minutes. We can no longer be reactive and our security solutions need to be real-time. The attack surface has also expanded and industry lacks security talent. CISOs are in a perpetually re-active mode. This is unhealthy for our society.  

Secure Web Gateways is a $5bn market dominated by giants like Cisco, Bluecoat / Symantec, ZScaler and others. What are some differentiators you have focused upon?

Guy: Web gateways rely of being able to differentiate between good and bad content. They often use things like URL filtering, content inspection and sandboxes to make that differentiation. This approach has become ineffective in stopping modern threats. Attacks today constantly morph and learn how to circumvent these detection tools. Instead of telling good from bad, we treat everything as malicious, by isolating and executing web sessions remotely. In developing our product, we aimed for simplicity and speed of installation without impacting user experience, nor creating any latency. We realized that in today’s environment, a multitude of endpoint agents are competing for memory and chose to go down the agentless architecture path. Installing endpoint security products and managing them can be cumbersome. We developed a zero-touch installation. Other isolation products like virtual desktop interface (VDI) often have scalability issues beyond say, fifty users. As a proxy solution, we do not have any scalability issues, we can support thousands or users on a single box.   But if my traffic flows through your proxy servers, does that impact my privacy? Not really. We terminate packets in a virtual browser which lives a container. At the end of the session, . the container is disposed, vaporizing after the session is complete, deleting everything. By our design principles, we are unable to peek inside the traffic.  

Any innovator has to deal with adoption challenges. Startups are often seen as risky propositions for larger companies. The CISO’s job may be at risk for trying a product that's not robust, or does not have a meaningful SLA. How do you leap over such hurdles?  

Guy: Agreed that nobody got fired for using IBM. But startups offer innovative solutions that larger companies may not be able to offer at the same speed. We took well over a year to build and stress test our product. Initially our customers were concerned about latency, fidelity of web browsing or the ability to scale. Our team of over forty engineers have addressed these concerns and we have successfully installed on-prem, in the cloud and in hybrid production environments.  We have also found that customers who may be skeptical often start with partial traffic routing. We do this from all uncategorized website and gradually gain confidence. It’s about earning trust.

The value proposition also strikes home. No boxes to install or maintain. We are efficient, simple to install and easy to use. We have crossed the chasm and now have deployments in USA, Europe and Asia. And finally, we have raised $22 million from some of the leading Silicon Valley investors, who have intellectually grilled us much more than our customers could. So in a way, they prepared us for the journey.  

What does the future entail?

In our next phase, we are aiming for federating intelligence across multiple sources, correlating trends and generating relevant insights.

It is my belief that security should be simple, even invisible. We are getting there, slowly but surely.

This article is published as part of the IDG Contributor Network. Want to Join?

NEW! Download the Fall 2018 issue of Security Smart