Rob Amezcua On Managing Risk Across A Diverse Network

Networks today are a complex amalgamation of IT, IoT, and OT devices, each contributing its own unique functionalities—and vulnerabilities. And as networks continue to grow in terms of both scale and diversity, it’s the CISO’s job to ensure that each component is protected against emerging threats, whilst also maintaining seamless integration and performance.

“Non-traditional devices—the unmanaged and unmanageable, the un-agented and un-agentable devices—are showing up at a much higher rate than the traditional ones,” says Rob Amezcua, SVP of Worldwide Sales at Forescout. “There’s this convergence of a network that now contains IT, IoT, and OT devices, and [organizations] need a platform that can give them a full understanding of that picture, and the ability to assess the risk associated with it.”

Forescout is a cybersecurity provider that enables organizations to identify, secure, and ensure the compliance of all their managed and unmanaged cyber assets. Their eponymous, flagship platform offers extended detection and response (XDR), network security, and risk and exposure management capabilities.

In an exclusive interview with Expert Insights at the 2024 RSA Conference in San Fransisco, Amezcua discusses the need for cybersecurity companies to share their intelligence with the wider industry, the importance of a robust risk management strategy across diverse networks, and Forescout’s solutions to these two challenges.

Note: This interview has been edited for clarity.

Could you please introduce yourself and tell us a bit about your security background, and your current role at Forescout?

I’m Rob Amezcua, and I run the global sales organization at Forescout. I’ve been working in the security industry for the last 27 years; I spent a lot of time with McAfee and some time in Symantec and Broadcom, and then came to Forescout, where I’ve been for the last three and a half years.

What is the #1 topic that the Forescout team is here to discuss at this year’s conference?

Forescout is here to make sure that the world thinks about us the way that we think about ourselves. Forescout has a unique position of being in the business for the last 23 years—when you think about it, there aren’t a lot of cyber companies that have been around that long—and we’ve been transforming, especially over the last three and a half years. The world has previously known us as a network access control company, but the reality is, Forescout is far beyond that.

If you think about how you discover and classify an asset, before you can take a step towards controlling it, there’s a whole lot of things that have to happen in between. You need to understand the asset, the threat posture, and the risk of that device being on your network to be able to make the control decision.

Forescout is a platform that does all of those things: asset, risk, threat, and control—not just asset and control.

You mentioned the evolution of the Forescout platform—would you say that the company’s success and longevity in this field is down to that?

Yeah, I think it is, especially on the part of our most mature customers and advanced prospects. They see the power that we have in the platform and our ability to be agnostic to an existing customer’s toolset. That enables us to integrate, orchestrate, and automate.

I think the other big thing is being able to do what we do across both traditional IT and non-traditional IoT and OT devices. Because, while networks might function the same in terms of connectivity, the things that they’re connecting to are very different.

Forescout provides threat intelligence to some of the top public and private sector entities around the world. Why is it so important for cybersecurity companies to share their intelligence with the wider industry?

The bad guys band together. So, the good guys need to do the same. Nobody can win this battle alone; the reality is that this has been an ongoing concern ever since the world became connected. And as the world is becoming more connected, there are going to be more bad people doing more bad things. How are the good guys in the space going to get ahead of that if we don’t share information?

At Forescout, our research division is all around sharing. We don’t monetize any of our research in any way, shape, or form, except for the fact that it shows up in some ways inside of our platform. We openly share it with customers, partners, governments, and ISAC’s (Information Sharing and Analysis Centers)—we want to make sure that there’s an awareness around the risks associated with operating systems, whether traditional or embedded, and devices of critical types that are running operational technology all around the world. These devices are powering utilities, global transportation, and so on, and we want to share our understanding of those devices and the research that we do to make sure that they’re safe.

That being said, what are some of the key trends that Forescout has uncovered in your latest research?  

Networks are fundamentally built to connect things. A lot of people talk about how networks have modernized in certain ways, but at the end of the day, they serve to connect different types of devices and the people behind those devices to the operations behind those devices.

When you think about the device profiles that are showing up in environments today, in our research, we’re seeing a trend that the non-traditional devices—the unmanaged and unmanageable, the un-agented and un-agentable devices—are showing up at a much higher rate than the traditional ones.

People lack an understanding of those devices; nobody is really asking for permission to put them on networks, so now they’re showing up on parts of the network that they don’t really understand or, worst of all, that they don’t expect. And what our research is showing—and what our customers, prospects, and partners are showing an interest in—is bridging that gap. There’s this convergence of a network that now contains IT, IoT, and OT devices, and they need a platform that can give them a full understanding of that picture, and the ability to assess the risk associated with it.

How can Forescout’s XDR and risk and exposure management solutions support organizations through some of those challenges?

This is all about the data plane. People want to be able to create, store, and analyze mountains of data. And the only way in which you can do that cost effectively, is to basically get it up in a cloud plane, and start to run machine learning and artificial intelligence and analytics against it so that you can develop a broader understanding, You need the computing power of the cloud to be able to do that.

As people build an understanding of what they’re connecting and collecting in terms of data, we’re now giving them the ability and the power to be able to send that up in the cloud. So, you have a store there over longer durations of time, which you can use not only to make a control decision, but also to take other tools and other feeds that you have in your environment and obtain a very rich contextual view about your risk. We also offer AI-assisted recommendations around what you can do to address the exposure and limit the risk and then, utilizing our platform and that agnostic connection to your other tools, you can orchestrate a proper response.

Can you tell us more about how you help organizations make sense of all that data? Burnout is a huge problem right now for CISOs, so how is Forescout helping to reduce that, and ensure that they don’t miss any important alerts?

We see a lot of analyst burnout because these guys are looking at multiple different panes of glass. Back in the day, when the threat spectrum was a little tighter and the risk exposure framework was a little bit narrower, they were being asked to find a needle in a stack of hay. At least those two things look different. Today, a SOC analyst is being asked to identify and understand the 10 needles in the stack of needles that the organization needs to be concerned about. There are no disparate characteristics.

So, what they need now is a platform that has that research, intelligence, and assisted nature built into it. They need assist functions to give them clearer visibility across those multiple panes of glass, and to help them create a funnel that distils down to things that they need to action. And that’s exactly what our platform does.

What plans does Forescout have to innovate as we continue into 2024, then beyond into 2025? Do you have any exciting news you can share with us today on that front?

When you think about what we announced earlier this week in terms of risk and exposure, and threat detection and response—this notion of how we can extend Forescout into the cloud, bring assisted analytics, and help people prioritise—we want to continue in that direction.

There are finite amounts of three things: we hear from customers, prospects, and partners all the time that they don’t have enough resource, time, or money. As a supplier, this essentially means we need get lighter weight, more user friendly, and assist them more, and we need to do that cost effectively.

We’re out there meeting with our customers, making sure they understand that our platform is going to continue to be extensible and we’re going to be the best that we can be. But we’re also going to work really hard to continue to integrate, automate, orchestrate, and innovate with respect to others being able to use that power of the community. We can’t necessarily solve every problem for every customer, but we want to be able to stitch together a good solution that enables them to do their business in a safer way.

Finally, if you could give one last piece of advice to the CISOs and security leaders attending the conference this week, what would it be?

Community matters—not one of these guys has the blueprint or the playbook alone. And community matters with respect to partners as well. Find a vendor that you can partner with and be open and honest with; find one that is really working in your best interest.

And the most important thing is to be informed, not influenced. There are a lot of ways in which the organizations here at the show look to influence people, or try to sway their thinking or their direction. Make sure that you’re informed by working with a vendor and having that open and honest conversation. Talk to your vendors and share your challenges and the things you don’t really know or understand, and ask them how they can help you. It’s the quickest way to an outcome.

Thank you to Rob Amezcua for taking part in this interview. You can find out more about Forescout’s XDR and risk and exposure management solutions via their website.

Expert Insights provides leading research, reviews, and interviews to help organizations make the right IT purchasing decisions with confidence.

For more interviews with industry experts, visit our podcast page here.