Dave Furneaux needs no introduction to anyone in the global cybersecurity ecosystem having entered the field in the late 90s. He has enjoyed a decorated career and came to prominence within the cybersecurity fraternity as the founding investor and chairman of the board at CyberSaint Security, which is comprised of a team of academics, technologists, and disruptors, that are motivated to make cybersecurity management scalable and secure.
However, it’s in his role as CEO of Virsec that I was granted an exclusive interview opportunity with the charismatic American, and we began our conversation by going back to the beginning and finding out the purpose and vision behind the inception of Virsec.
Furneaux stressed that the company was established out of a necessity to find a protection capability that equipped businesses with the security they needed to better protect their IT environments.
“Virsec is a very atypical cybersecurity company, and when I say it is an atypical company, I say that because the company was founded on a question of what do we need to do to really work on a new protection capability that will be stronger in the marketplace and allows companies, governments, and militaries to be more fully protected? It was a very provocative question that we started the company on, and it led to several years of working on the technology”, said Furneaux.
He disclosed that Virsec have 113 patents and many trade secrets around their body of work and said that it ultimately led them to a first-principle way of thinking, and illustrated how important it was to better understand the software at play when attempting to protect it.
“What a first principle way of thinking essentially means if you apply it is thinking about complicated problems, and we had to break the problem down into its most basic form. In the world of digital it means you are breaking the problem down right in to the software, and you’re saying that we have got to figure out and fully understand the software that needs to be protected if we are going to fully protect it. We spent 3 years building this technology, and then we spent a year testing it – and it was two years after that we came to market with the product. We really learned in 2020 with about 10-12 customers what it needed to look like, how does it need to work and where does it need to go – and then last year we really started to figure it out, and we are now starting to scale the business out globally”, said Furneaux.
Virsec have been an advocating for a deterministic approach to tackling cybersecurity problems versus the seemingly preferred probabilistic model being pursued by the industry. However, Furneaux stressed that Virsec is coming into market very humbly, and is looking to complement the existing processes.
“Virsec isn’t coming into the market saying we are here now, so you don’t need the other things, that’s not the case at all. We want to complement today’s security programs and fit into their customers’ existing security stack, and then over time the customer will undoubtedly see the ways in which they are getting efficiency out of this new protection approach because it automates, it is precise, and it is all done in real-time”, said Furneaux.
The CEO of Virsec then explained the differences between a probabilistic and deterministic approach.
“If you break down the word probabilistic then it means probable. We’ve built an industry on detection and response, and right in the middle there is that word probable. We are analysing data coming from the infrastructure and the software and we are trying to determine if an attack is occurring by detecting it in a probabilistic way, so we are probably protecting it, but we don’t know. Then we are trying as quick as we can to respond to it, so the response part is threat hunting, but during the hunting process the damage is already done and that’s what we call dwell time. Virsec comes in and we use the word determine, and are function is to determine whether the software that you want to protect is doing what it is intended to do and assure the security leader that the software is only doing what it was intended to do”, said Furneaux.
Furneaux detailed the gains of this approach and highlighted that another attractive characteristic of their deterministic model is that fact that enterprises don’t need to radically transform their operations to implement their solutions, but instead can integrate it in small stages.
“The benefits and gains are better protection, automated protection, and no need for full-time people managing the tool. In summary, we are coming in to complement the existing environments, and we’ve worked very hard at trying to make that as approachable and easy as possible for companies to bring it in, so they don’t need to make wholesale changes. They can start small and grow in confidence, and use the product more over time”, said Furneaux.
Virsec have recently received capital investment to the tune of $100m, but more significant is who the capital has been raised from.
John Chambers and Mike Ruettgers, two titans of the IT industry have given Virsec a ringing endorsement with their investment into the company, and as Furneaux revealed both are fully committed to helping Virsec achieve their mission statement.
“I see Virsec more like a movement. Yes, we are a company that is building a product and are solving a problem, but what we really want to do is encourage the industry to move in a first principle way towards protection. We would love nothing better than for all the major security companies to move in this direction too, because our mission is to help solve this problem, and gain more control out of the infrastructure we have today, because quite bluntly speaking it is out of control, and we can see that every day. In relation to building the company you need capital as fuel to grow and scale – and make the right investments to mature the product and simplify how you come to market. We chose very carefully who we wanted to raise the capital from to support our mission. John Chambers is one of the leading businesspeople of the last generation in building Cisco into such a dominant company. Mike Ruttguers came into EMC as a small company and built it into a billion-dollar company as the CEO, and he is now on our board. Both these gentlemen work with me on a day-to-day basis. We also went beyond that and built a growth advisory board of CIOs and CSOs, congressman and former CIA directors, and this group of people have accelerated and unlocked our growth and are on that mission with us to make cyberattacks irrelevant”, said Furneaux.
The second ever customer of Virsec was based in the Middle East, and Furneaux revealed that the company has ambitious aspirations in the region, and firmly believes they are well placed to become the go-to protection player in the region over the next 5 years.
“The Middle East is one of our priority regions. Early in the rollout of our product our second customer was based in the region, so that serves as a testament to how important a market it is for us. We have started selling more broadly in the Middle East, and we have spent the last two years building proof points and selling into five different countries, but with a real focus on the quality of engagements with the right partners. We are now at the point where we want to make an investment over the next 3-5 years to become the dominant protection capability provider in the region”, said Furneaux.