Did you miss a session at the Data Summit? Watch On-Demand Here.
Skyhigh Security, which is the newly announced named for the McAfee Enterprise security service edge business, has a significant growth opportunity ahead thanks to its unique “data-aware” approach to meeting cloud security needs for customers, CEO Gee Rittenhouse told VentureBeat.
“Data is now in the cloud, in SaaS [software-as-a-service], in your data center. It’s just everywhere. And because of the pandemic, users are everywhere as well,” Rittenhouse said in an interview. “We’ve really focused on how the data is used. And that’s allowed us to look at the problem very differently than others — and radically simplify the problem.”
Normally, in order to protect data, a company will set up policies on endpoints, in the cloud and in SaaS applications — but “trying to keep track of all this stuff is complicated,” he said.
Instead, what Skyhigh Security does with its “data policy engine” is that all policies are “attached to the data itself,” Rittenhouse said. “That allows you to protect it, see it, understand where it’s going, who’s sharing — and do that in a much easier way.”
Ultimately, that provides a “very rich experience that can follow the data as you add new controls and new capabilities,” he said.
For the purposes of data loss prevention (DLP), for instance, “it all sits in the cloud and is cloud-native and can protect all of those assets. But what separates us a lot is the fact that it’s extendable into the endpoint,” Rittenhouse said. “And so having that capability, whether the data is on your endpoint, all the way through the cloud, is the key differentiator.”
Cloud security suite
Along with cloud DLP, Skyhigh Security’s offerings include secure web gateway (SWG), cloud access security broker (CASB), zero trust network access (ZTNA), remote browser isolation technology, cloud firewall and cloud-native application protection platform (CNAPP).
Within CNAPP, Skyhigh provides capabilities including cloud workload protection, container security and cloud security posture management (CSPM) for spotting misconfigurations in cloud infrastructure.
Notably, much of the core functionality that is part of Skyhigh Security dates back to the original Skyhigh Networks, a startup that was acquired by McAfee in 2018. And many members of that team are still with the company that is now known as Skyhigh Security, Rittenhouse noted.
In January, private equity firm Symphony Technology Group disclosed that McAfee Enterprise’s security service edge business would operate as a separate business from the rest of the company. The remainder of the McAfee Enterprise business was merged with FireEye has a new name, and renamed Trellix, with a focus on solutions for extended detection and response (XDR).
Symphony subsequently announced that Rittenhouse, who previously was general manager of Cisco’s security business group, would serve as CEO of the business now known as Skyhigh Security.
Skyhigh Security is not operating as a separate legal entity at this point from Trellix, though, with some back-office staff continuing to be shared between the two businesses, Rittenhouse said.
Trellix and Skyhigh are more “sister organizations,” he said. “But we have separate go-to-market, separate product, separate marketing.”
The business now known as Skyhigh generated revenue growth in 2021, and is expecting to grow again in 2022, though Rittenhouse said he couldn’t offer more specifics. The company has 3,000 customers, with a focus on financial services, healthcare and government.
San Jose, Calif.-based Skyhigh Security has 700 employees, Rittenhouse said. There are no imminent plans to look at taking the company public, he said.
‘Leader’ in SSE
In February, research firm Gartner positioned the business now known as Skyhigh Security in the “leaders” quadrant inaugural Magic Quadrant for Security Service Edge (SSE). Only two other vendors, Zscaler and Netskope, landed in the SSE leaders quadrant.
SSE includes the security-specific components — CASB, ZTNA and SWG — of the solution category known as secure access service edge (SASE).
“Customers are building out their SASE solutions in two components — the networking component and the security component. And those are typically different buying motions,” Rittenhouse said. “They can also be in different points of time. They may do their network transformation first, then add security second — or vice versa. So I think there’s a recognition, both from the Magic Quadrant perspective as well as from the industry perspective, that these two really are separate.”
In terms of future product development, Skyhigh plans to focus on enhancing its capabilities for protecting cloud workloads and bringing more automation, he said.
For instance, if a user attempts to visit a malicious website, they would normally get blocked — but via capabilities now in the works at Skyhigh, the user could automatically be switched to remote browser isolation, Rittenhouse said.
Or if a worker is using data incorrectly, they could be automatically required to log in again, he said.
“So there’s this dynamic element to the policy that extends zero trust beyond the login event, to how data is used,” Rittenhouse said.