Missed a session at the Data Summit? Watch On Demand here.
Skyhigh Security, the newly announced name for the McAfee Enterprise Security Service Edge business, has a significant growth opportunity ahead thanks to its unique “data-aware” approach to meeting customers’ cloud security needs, CEO Gee Rittenhouse told VentureBeat.
“Data is now in the cloud, in SaaS [software-as-a-service], in your data center. It’s everywhere. And because of the pandemic, users are everywhere, too,” Rittenhouse said in an interview. “We really focused on how the data is used. And that has allowed us to look at the problem in a very different way than others – and to radically simplify the problem.”
Typically, to protect data, a company puts policies in place on endpoints, in the cloud, and in SaaS applications — but “trying to keep track of all these things is complicated,” he said.
Instead, what Skyhigh Security is doing with its “data policy engine” is that all policies are “attached to the data itself,” Rittenhouse said. “It allows you to protect it, see it, understand where it’s going, who’s sharing it — in a much easier way.”
Ultimately, this provides a “very rich experience that can follow the data as you add new controls and new features,” he said.
For example, for data loss prevention (DLP) purposes, “everything resides in the cloud and is cloud native and can protect all of these assets. But what really sets us apart is the fact that it’s extensible to the endpoint,” said Rittenhouse. “So that ability, whether the data resides on your endpoint, all the way through the cloud, is the key differentiator.”
Cloud security suite
In addition to cloud DLP, Skyhigh Security offerings include Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA), remote browser isolation technology, cloud firewall, and cloud-native application protection platform ( CNAPP).
Within CNAPP, Skyhigh provides capabilities such as cloud workload protection, container security, and Cloud Security Posture Management (CSPM) to detect misconfigurations in cloud infrastructure.
Notably, much of the core functionality that is part of Skyhigh Security dates back to the original Skyhigh Networks, a startup acquired by McAfee in 2018. And many members of that team are still with the company now known as Skyhigh Security. Rittenhouse noted.
In January, private equity firm Symphony Technology Group announced that McAfee Enterprise’s security services edge business will operate as a separate business from the rest of the company. The rest of the McAfee Enterprise business has been merged with FireEye, has a new name and has been renamed Trellix, with a focus on Extended Detection and Response (XDR) solutions.
Symphony then announced that Rittenhouse, who was previously general manager of Cisco’s security business group, would serve as CEO of the company, now known as Skyhigh Security.
However, Skyhigh Security is not operating as a separate legal entity from Trellix at this time, as some back-office staff will continue to be shared between the two companies, Rittenhouse said.
Trellix and Skyhigh are more like “sister organizations,” he said. “But we have a separate launch, a separate product and a separate marketing.”
The company, now known as Skyhigh, delivered revenue growth in 2021 and expects to grow again in 2022, though Rittenhouse said he couldn’t be more specific. The company has 3,000 customers focused on financial services, healthcare and government.
Skyhigh Security, based in San Jose, Calif., has 700 employees, Rittenhouse said. There are no immediate plans to take the company public, he said.
“Leader” in SSE
In February, research firm Gartner positioned the company, now known as Skyhigh Security, in the first Magic Quadrant for Security Service Edge (SSE) in the “Leaders” quadrant. Only two other vendors, Zscaler and Netskope, landed in the SSE Leaders quadrant.
SSE comprises the security enforcing components – CASB, ZTNA and SWG – of the category of solutions known as the Secure Access Service Edge (SASE).
“Customers build their SASE solutions in two components – the network component and the security component. And those are typically different purchase requests,” said Rittenhouse. “They can also be at different times. They can perform their network transformation first and then add security second—or vice versa. So I think from both a Magic Quadrant perspective and an industry perspective, it’s recognized that these two are really separate.”
In terms of future product development, Skyhigh plans to focus on improving its cloud workload protection capabilities and more automation, he said.
For example, if a user tries to visit a malicious website, they would normally be blocked — but via features currently in the works at Skyhigh, the user could be automatically switched to remote browser isolation, Rittenhouse said.
Or if an employee misuses data, they could be automatically prompted to log in again, he said.
“So there’s this dynamic element in the policy that extends Zero Trust beyond the login event to the use of data,” Rittenhouse said.
VentureBeat’s mission is intended to be a digital marketplace for technical decision makers to acquire knowledge about transformative enterprise technology and to conduct transactions. Learn more
https://venturebeat.com/2022/03/21/mcafee-enterprise-cloud-security-biz-relaunches-as-skyhigh/ McAfee Enterprise’s cloud security business relaunches as Skyhigh