Proofpoint’s Ashan Willy is a rising star in the world of cybersecurity, now CEO of one of the largest companies in the market. He joined NightDragon’s Dave DeWalt on the eve of his one-year anniversary as CEO to discuss the changing market, recent acquisitions by the company and his vision for the future of Proofpoint.
Here are some takeaways from the conversation. A full video can also be found above.
- Defend the People, Defend the Organization – While email remains a major vector of attack representing 85% of the threat vector, Willy said that the threat landscape continues to evolve. The key to defending against this threat landscape is focusing on protecting the people in the organization, as no matter the vulnerability a single bad click on a bad link can still compromise even the largest of organizations. Personas there that could put the organization at risk include harried people making day-to-day mistakes, a person who has been compromised through account takeover or other means, and the malicious insider. “If we can go protect the people and tell you everything you need to know to protect that person, then that will make you much safer as a defender,” he said.
- Protecting Beyond Email – While email still accounts for a vast majority of threats, Willy said the threat actors are also moving to other communications channels to target victims, including Microsoft Teams, Slack and social media channels, with tactics such as smishing. “You’re going to see more of the threats move that way,” he said, especially as these vendors open their ecosystems and build connectors to other third-party vendors that may allow for more risk.
- Expanding Through Acquisition – Proofpoint has been an avid acquirer over the years, in addition to internal innovation. Its most recent acquisition Illusive Networks (a NightDragon portfolio company) expanded its capabilities around identity detection and response area, as well as around lateral movement and management. In the past few years, Proofpoint has also acquired companies such as ObserveIT (also a NightDragon company), Cloudmark, Weblife.io, Wombat Security, Meta Networks, Defense Works and InteliSecure to expand its platform capabilities in other areas.
- Defending Data in 2023 – The threats around data are morphing, said Willy. For instance, ransomware used to be focused on making systems inoperable, but many threat actors are now shifting to tactics such as extortion where attackers steal company data and charge victims to return it or release it in waves. Defending data becomes even more challenging or dynamic as technologies such as AI take center stage and the integrity and availability of data is more important than ever. Willy said he views the key still to protecting this data as focusing on the people and protecting the data through protecting the people within the organization.
- Best of Suite vs. Best of Breed – Whether it’s collaboration, networking or cybersecurity, Willy said customers he talks to are looking to consolidate vendors and work with platforms that can help them achieve outcomes better, faster, easier without needing to invest in 80-120 cybersecurity vendors (the average in the Fortune 500). For that reason, Willy said he is seeing the industry shift towards a best of suite approach, especially as organizations face talent shortages and other challenges. That said, he said it’s important for platform players to integrate and build best of breed solutions so customers still get the best of both worlds. “The balance is going to be between how do you drive best of breed and integrate that to defend better and be able to integrate with other best of suite? I think that’s where this is going,” he said. For Proofpoint, this means focusing on protecting people, across email, cloud, communication and other channels.
- CISO Budgets – “Everyone is feeling the headwinds,” Willy said, citing current economic challenges, inflation, interest rates, supply chain slowdowns and other areas impacting budgets across all categories. While budgets aren’t getting cut in most cases, he said he does see CISOs trying to derive more value from the assets they already have. Additionally, he said he sees CISOs looking to consolidate the investments they do have to a fewer number of overall partners that integrate well together, a trend he said is driven in large part by the ongoing cybersecurity talent gap.
- The Future of Proofpoint – “The way we have been successful and grown is that we have been able to solve what matters most. The reason we are able to solve what matters most is that we work with a lot of customers, and we really understand the landscape.” Armed with that understanding, he said Proofpoint is working to stitch together solutions to secure the entire attack chain in a meaningful way, then provide additional information as to what else could be going on in the rest of the organization. Acquisitions like Illusive are another meaningful step in that direction, he said. “That’s how you create value for a customer,” he said.
A full recording of the event can be found above. To view NightDragon’s other NightVision events, visit our Events page.
