• United States



IDG Enterprise Consulting Director

SonicWall CEO talks of life after Dell spinout

Jan 31, 201718 mins
Cloud SecuritySecurity

Clients get best of all worlds in new setup.

SonicWall has been through it all. The San Jose, CA-based security company began as a hot start up, went public, then private, was acquired by Dell and then spun off to a private equity firm as part of the massive Dell/EMC merger in 2016. In the wake of that change, SonicWall also got a new CEO, Bill Conner, a long-time security and tech industry leader, who took the helm in November.

In this installment of the IDG CEO Interview Series, Conner spoke with Chief Content Officer John Gallant about what the Dell spin out means for customers and where SonicWall is focusing its development efforts. Hint: Think IoT, mobile and hybrid data centers. He also discussed the company's cloud strategy and how the changing threat landscape opens up new opportunities in the enterprise for SonicWall, which is better known in the SMB space.

SonicWall was acquired by Dell, now it's spun out by Dell. What does all that mean for the company and for its customers?

SonicWall has been around about 25 years so customers and channel partners have known SonicWall through many incarnations. I actually was closest to it when I was with Thoma Bravo {a private equity firm} and the CEO of Entrust, which was their first security play. I met the team and the company. Of course, they sold their company before I did to Dell but it's been public, private with Thoma Bravo, with Dell and now private again with Francisco Partners {a private equity firm}. The good thing is it's independent, it's 100 percent focused on security, it's 100 percent focused now on its channel partners and its customers.

Going back to this customer perspective again, does this mean a change of direction or new investments in certain areas? Now that you're not part of Dell, which had a wider security portfolio or was at least affiliated with a wider security portfolio, what does it mean from a product direction perspective?

Let's start with the first thing the customers see different. We're 100 percent channel and we launched Nov. 1 our new partner program called SecureFirst. I love the channels. The good news is we keep the Dell relationship as well. We'll be an ingredient brand in their stack of solutions, as we were when we were together and, frankly, as we were before they bought us. Customers that want to go through Dell can have us as part of their solution stack.

Our clients get the best of all worlds, whether they're a Dell customer or one of our other channel customers, we'll be there to support them for that. As it relates to our product strategy, now that we're independent we hope to pick up the innovation around our products. Some of that will be on our existing product, firewalls and next-generation firewalls, and we'll pick up the pace and innovate much like what you saw this past year with Capture. That is our advanced threat protection capability that allows us to protect your business through a cloud-based sandbox.

You'll see some of those new products in the market mid- to third- quarter this year. You've already seen us announce some new capability around our mobile platform where we give you secure mobile access with our SMA product. We'll have some more next-generation capability there later in the year but what we just released allows you to have disaster recovery on any kind of media, any kind of data, any kind of device on the mobile network. Then you'll see us start to lean in to some other areas.

Now, 60 percent of the malware is coming in through encrypted email or traffic. That's our DNA in terms of deep-packet inspection around SSL and encrypted emails. Stay tuned for more offerings in that space in the very near future.

Can you talk a little bit more about the relationship with Dell? Obviously they have RSA and SecureWorks as part of the family. How do you strike a competitive balance with those companies in the market and still work with Dell.

We continue what we've done even before Dell acquired us. We had a very nice relationship with Dell as a firewall in their solutions and we'll continue that relationship. We'll be working toward an OEM agreement where we'll become more an ingredient in some of their solutions and carry their potential brand to market with us. We will continue to work with them as we have with the combined RSA, EMC/Dell property. We're complementary and fit into their security pillow.

You're new to this role but you're not new to the security industry. What's your strategic direction for the company? What did you want to address in taking over SonicWall?

Increasingly, how you play defense – now offense – around all the malware coming in is really going to be the next hot area. Clearly, SonicWall's deep roots and intellectual property and skill set are well respected for that. There are a lot of people that do it for the largest governments and enterprises, but there are not a lot of people that can take all that complexity, the volume of the threats and resolve/remediate the issues and keep small businesses running. [SMBs] don't have the money; they don't have the staff to do that. That's part of the secret sauce this company has that really got me excited.

I can build from that into campus and distributed networks and different architectures like mobile and Internet of Things. It's those same skills that will differentiate our strategy and our capability going forward. That's exactly where we'll go. We'll take our deep network knowledge in security and how we can do things faster, cheaper, more transparently with less resource and management.

I want to ask you about the SMB market. SonicWall is widely seen as being more of an SMB company than an enterprise company. Do you think that's a fair assessment? What would you tell people about your role in the enterprise market?

If you break the market into SMB, mid-tier and large enterprise, it's a sliding scale where we're a gorilla in SMB: Extremely well known and great market share almost by anyone's measure. Mid-tier we're still in the top five almost by everybody {analysts} and then we're in the top 10 on the enterprise side. Dell helped move the needle on the enterprise side.

As I look at that model, large data center enterprises are changing through virtualization. They're changing through storage in the cloud. Every business has multiple access points on the network or physical locations. Think of them as branches or remote offices. That looks like a small business but it needs to be tied together.

We'll take our strength in management and technology in the distributed network. I don't need to be in the large data center, virtual piece of that to compete with the Ciscos or Check Points or Palo Altos. I think large enterprises are starting to learn that protecting and segmenting your cloud and segmenting your network might not be a bad thing. Two security providers might be better than one. That's how we're going to play with the disruption of technologies and these next-generation networks.

You made mention a little while ago of being more on offense than defense around security. How do we do that? How do customers get on offense when it comes to security?

It's exactly what we're trying to do with Capture. Today the firewall is a detection kind of capability. [Malware] comes in, we detect it and we block it. Even with firewalls and next-generation firewalls, probably 3 percent – plus or minus depending on the vendor and depending on the type malware – gets through. Three percent sounds pretty good to the average person. But when you multiply that times hundreds of millions of attacks, 3 percent is a lot of people getting infected and a lot of business damage.

Capture is all about changing the paradigm. We created a network sandbox in the cloud. Now I can store all the things we've learned from the firewall and that 3 percent gets processed through three different engines. What that will do is allow you, for the first time, to find something that you would pass through, capture it, log it and now send the traffic back and stop it, block it or let it go. Because it's network-based it's preventive.

Now every other customer doesn't have to experience it. It's more prevention, which is offensive. That's a really important shift. You'll see us apply that now across our portfolio, not just our firewalls and next-generation firewalls but around email, around our mobile capability. At this kind of volume, you really have to look at different ways to detect the malware.

I'll give you a perfect example in the retail industry. Two years ago, the industry went to PIN and signature. The rest of the world had gone to chip and PIN but we went to chip and signature instead of PIN. Remarkably, in 2014 SonicWall wrote about 14 malware threat variance signatures against point-of-sale attacks. In 2015, there were about nine of them. In this past year, in 2016, we only wrote one. What that means is the bad guys are looking for easy money. The bad guys said let's go somewhere else.

Now guess what went up? Spam. Spam went up over 250 percent. If you think about spam, it's really spear phishing. You couple that with people shopping more online at the office and all of a sudden what used to be a consumer problem starts to look like a business problem, especially if that malware variance is coming in the form of ransomware, which is dramatically increasing. You'll see in our cyber report that we release at RSA, it's up almost exponentially. You look at spam as a vehicle coming in and you're going to see lots of not just zero-day stuff but a lot of ransomware. The offense there is how do you start to segment your networks and your storage so you get critical, sensitive information on a separate network than everything else? That's an offensive move.

How do you use something like Capture to go behind not just SonicWall's technology but other vendors' so you have a layered approach to prevention? How do you put firewalls and that technology in segments of both protected networks? How do you look at your distributed network as a business and diversify? One size doesn't fit all.

Then, look at what we're doing now with mobility. Increasingly, threats are coming in through Wi-Fi networks and mobile access points. Look at Internet of Things, which is not a consumer issue. It's really a business issue because all those things are connecting to business somehow. Our Global Response Intelligent Defense (GRID) network has over a million points out in the world where we're looking for malware and then feeding it back for us to learn and deal with.

Couple that with our network sandbox and it's a whole different way of thinking of it. Cameras and things like that usually are connected to a gateway or router somehow. What we've got to start thinking about is how do you start profiling that? We need to start looking at the traffic and figuring it out just like we did in the old wild, wild West 20 years ago. How do you start profiling that and looking for bad stuff? It's a brand new threat factor.

Security is a tough market in which to compete. You have some big competitors with a broad product line but there's also a huge influx of new companies trying to solve specific problems. How do you navigate that? How do you maintain a broader portfolio while continuing to innovate on those pressing point issues?

Security is a fractured market. You've got huge gorillas in the high-end enterprise from Check Point to Cisco, the Palo Altos, playing in that world. As you move to the low end you've got us, Fortinet and a cast of a jillion others that are pure startups. We benefit from having done this for so long.

It's not just can you find the next [solution], it's how do you fit it into the environment? How do you bring this kind of power and knowledge to bear to move it? I'm not going to go right at Palo Alto, Check Point and those guys. That would be stupid and I don't need to do it. The reality is that the value proposition for security is not about one vendor solving it all. It's about how you protect certain assets and start to think of your business differently, segment those networks and protect them differently. You increase the value of the whole that way.

The world is changing because topologies are changing. Mobile is changing networks. Cloud is changing networks. Virtual storage and virtual data centers are changing things. All those disrupters break up the business in different chunks. That is our skill. I'm not going to put a big army of direct sales on the big guys. I'm going to look for where my solution fits the security profile for your business and that's how we'll do it at the very high end.

The startups? Look, I've got the best of all worlds. I've got a multi-hundred-million-dollar company that's acting like a startup. The R&D guys here are brilliant, they're innovative. More things have come just in the first 90 days of me being here than I could have dreamed of. It's amazing [what happens] when you turn on engineers that have a passion for this. Then you bring some new talent in and you've got an unbelievably good dynamic. We've got channels to market, we've got service. With the kind of backing we have from our private equity friends, we have the stability to build for the near and long term that a normal startup doesn't have.

Where are you directing your R&D efforts now? What should people expect from SonicWall going forward?

The good thing is Francisco Partners and Elliott understand this space tremendously and deeply. We're overinvesting in R&D this year and probably early into next year to really do two or three things. One is to push out innovation like Capture and get us into virtualization and cloud. Second, you'll see us really start to double down on some of our current investments to speed the time to market on capabilities we need for this space. You'll see us really overinvest on the pieces that make it simpler and easier to use and connect into. SonicWall has not always been strong on APIs. We're going to be stronger in that area. We'll have capabilities coming out this year to allow us to interconnect around analytics or other management tools in the industry and in the enterprise.

What capabilities are you offering in the cloud now and what will come in the future?

Today we've put our Global Management System (GMS) into a zero-touch cloud capability. We'll continue to invest on GMS so you can get it as a prem-based or, now, as a cloud-based [service]. One of the go-to-markets is around managed service providers or carriers and in some cases they'll want our virtualization or an API to connect into their own stuff or they'll run ours. As you look at a lot of the early cloud offerings, there are some limitations in the infrastructure to do our level of deep-packet filtering at the speed needed for the business not to have latency.

Our engineering is working on how we give a choice; on-prem hardware or software or a virtualized cloud offering for firewall and next-generation [firewall]. That's a market for it but we see it being more of a choice. What we're investing this year to do is consolidate our infrastructure or operating system, SonicOS, and some of our product onto single-string code. We're looking at how to virtualize that when the cloud infrastructure can actually perform at the level it needs to on that. You'll see that, hopefully, this year and early into next year.

Just to be clear on that, you don't have a cloud-based firewall today but you're saying you could have that in 2017?

No [we don't have cloud-based firewall]. We will be releasing stuff toward the end of the year and into next year for that because, as you know, our history is really high performance and low cost. Because we do such deep packet inspection at the speed we believe it needs to perform at for our kind of customers, the cloud just can't hold the performance today to scale.

As we see more customers embracing a hybrid cloud model, what pressure points does that put on security and what are you doing to help people with that?

We've been around long enough to know nothing ever goes one way or the other. That's why I talked about going to a single stream of software. We should give you a choice. If you want to virtualize we've got that. If you want it on your premise we've got that and you get the same functionality and performance either way. Our whole belief is to strengthen the management structure across the different models, improve your UI, improve your UX, make sure you're API-enabled, and then give you feature transparency across the product portfolio. That's what we're striving to do.

How do you see the threat landscape evolving? What should people be more focused on now than perhaps they are?

At Entrust we were one of the few security vendors that didn't get breached. I think a lot of that was how we segmented our networks and created virtual LANs and hardened networks for different parts of the business, for different sensitivities. Large and medium-tier enterprises are going to have to think differently about how they architect their business. They are already rearchitecting network storage and data centers and server farms anyway. Now we've got to think of the network attributes of that and the security profiles of those different networks in data and in storage.

The other piece that's clear in my mind is that the bad guys are moving. We are in a cyber-arms race. I just described how it changed from point of sale to spam and now it's moving into ransomware and other variants. Their means to get in are changing. Now 60 percent of the malware coming in is encrypted with SSL certificates in the wild that aren't publicly rooted and not enterprise rooted. They can pick those up in the open market.

When the malware guys are 24/7, it changes the nature for business. You're really going to have to do SSL, deep packet inspection. You're going to have to look at email differently because it's going to be coming in encrypted. On the good side, we see the actual number of threats going down and the variants changing going down. The problem is they're still big and they're coming in cloaked. We have to move with the way the bad guys are changing their behavior and I think that's what's going to happen in 2017. We've got to look at new threat vectors like IoT, mobile and how they're coming in through encrypted communication.

What security technologies or innovations hold the most promise for the future?

Some that I can't talk about today.

Sure you can! Don't be shy.

I can't, John. We've got to get some IP around it first. I'm excited by the amount of gold and diamonds in our developers' minds, what they're working on and the excitement to get these new capabilities to market. I'm just really excited about how this can change the threat landscape protection and offense that we have.

As a final question with a one-sentence answer, what do you want customers to know SonicWall as? You have that classic elevator moment.

We're your trusted adviser. We're really skilled at what we do and we want you to trust us and know that you're safe. If there's an issue, we've got the best service and channel partners to work with.