AlienVault CEO: "If we could share threat data effectively, we would be unattackable"

ITProPortal spoke to Barmak Meftah, CEO of security startup AlienVault about what winds him up about the security industry, and why security companies making money off victims' data makes him mad as hell.

So you have a lot of companies out there that are in the business of putting a wall between the attackers and their assets. Then you have the other school of thought, which is looking at who's attacking you, where the breaches are coming from, which attack serves they're using and so on.

What we at Alienvault try to do is bring everything together, so you have full security visibility in your environment in one form factor. So you don't have to do all the integration, and go to all these different vendors. We essentially have an inbuilt security analytics platform.

The other big component of our business is the Open Threat Exchange (OTX), which is a crowdsourcing threat exchange platform. We now have around 10,000 OTX nodes in around 170 countries.

These are our open source users that subscribe to the exchange, and give us all their threat data – and in exchange, they receive threat data from everyone else. It's an opt-in model. And then we make all that data available to our paying customers as well.

I've been in security for 11 years, and everybody has always talked about threat sharing, but no one's actually done it. The best we have are these bodies that are very vertical silos aimed at business. It's a very closed network model.

We think that what the attackers have on their side is time and content. If they find an entry point into an network, they're very effective at sharing and monetising that information. But as an industry, we haven't been very effective at sharing threats – what they are, where they're coming from and so on.

And you know, in any other kind of security industry other than the cyber security industry, threat sharing is absolutely all over the place. Look at Interpol, or the FBI. Even a house on the street has neighbourhood watch. If a house is broken into, suddenly all the neighbours know about it, and we all become much smarter as a result.

Just imagine if we could share the threat data that's readily available across all industries. We would be unattackable. As soon as a breach occurred, within a matter of minutes, that information would be shared with everyone in the community. And then we'd be more proactive about protecting ourselves against attackers.

I have a big issue with vendors that make money out of victims' content. It's sort of accepted that as vendors we collect content from our customers and sell it back to them. I think it's a form of insanity. And the fact that our customers are okay with it is beyond me. So as a vendor community, we need to share our threat data together in an anonymous way, and not monetising it and selling it back to the customer.

What frustrates me about our hi-tech industry in general is that we love buzzwords. We invent these buzzwords and we think we've innovated something, but there's actually no innovation. Every year there's a new cool term: BYOD, virtualization – always!

We invent these products and want to sell them at the top of the market. And how do we do that? We invent a trend. And then the CIO or someone on the board says "What are we doing with that? Are we covered with that?" and the mid-market man, the SMB? They're running with their hair on fire. We tend to complicate and create a lot of exotics. It's true of security, but it's also true of technology in general. It's time to mature, to simplify and do the job of the client for them.