Rashid Ali DTX 2019 Interview
NATALIE TURNER [00:00:12] Hello and welcome back to day two of the Digital Transformation expo. With me Natalie Turner from Disruptive Live and David Savage. You don’t get a pet name today.
DAVID SAVAGE [00:00:23] Right. Fine. Good.
NATALIE TURNER [00:00:24] It’s usually tremendous or marvellous or spectacular.
DAVID SAVAGE [00:00:27] Obviously done something wrong.
NATALIE TURNER [00:00:28] I’m not feeling that nice right now. But you are our spectacular guest today. So you get the pet name. But this is Rashid, he is the UK Enterprise Sales Manager for Wallix. Tell us about that.
RASHID ALI [00:00:41] So, yeah, I manage UK, Ireland and Nordics for Wallix. Wallix is a cyber security vendor. And we also are the European leader in privilege access management. We’ve got offices in the UK, our head office is in France, in Paris. We’ve got offices in the Dak region, US, Middle East. I think we pretty much cover the whole globe lets say as a company we’ve been going about 13 years. So we’re not a new start-up. Well, we’ve been around for quite a while and yeah we’re here today. We got a stand. We normally come to these events. We do a lot of other events as well. But it’s a great show. Been here and come here myself in the cyber security industry generally been about 20 years. So I’ve been coming to a lot of these shows for a very long time and you see all these new vendors popping up all the time, different technologies. It’s just crazy out there.
NATALIE TURNER [00:01:31] What’s the biggest difference you’ve seen over the years? You’ve said you’ve been in it for like 20 years.
RASHID ALI [00:01:35] Yeah. So I was going back 20 years when I was selling security or it was IT security then there was no thing as cyber security. So we were selling firewalls, AV and IPS devices and maybe DDoS mitigation. But nowadays, there’s so many different products out there and it’s very confusing for a lot of people. So if you’re if you’re new to tech or just getting into IT, you like looking around and your like what where do I start? Right. There’s so many different technologies and the markets changed. That’s because the threats are constantly changing. The bad guys, let’s say they are constantly evolving new ways to infiltrate people’s networks. So, let’s say cyber security people, we need to also innovate and we need to be consistent in that basis because the bad guys do not sleep. So we cannot sleep either. Right. And we need to be that one, two, three steps ahead, because if we get left behind, then breaches are going to happen no matter what.
NATALIE TURNER [00:02:27] So what’s your competitive advantage? What’s your USP? What do you sell to your customers?
RASHID ALI [00:02:32] Sure.
NATALIE TURNER [00:02:33] What’s so different about other vendors.
RASHID ALI [00:02:34] Yeah. So in regards to market, I mean, there’s some great vendors out there. Don’t get me wrong. Right. I love them all right. We’re in the same space where we’re competing for the similar sort of business. But what really differentiates us and it’s been something from day one our founder Jean-noel created the product. And it’s all about simplicity. So cybersecurity doesn’t have to be complicated. So some of our competitors come in and they’ve got products and they’ve got loads of features, loads of bells, whistles. It’s great. So when I’m talking to a customer asking, do you need that? No, not really. I just want A, B and C, and that’s what I need. And that’s where Wallix fits in, because it’s easy to use. It’s easy to install. And we get user buy in for a lot in that sense, because it’s just so simple as a product. So that’s our main key selling point compared to the other competitors. But we have a lot of other features and functionality in some of the other guys don’t. And they have some stuff that we don’t. So it comes down to the qualifying the customer’s requirements as well, because a customer might say, I just want these products and I want to do this and then we fit in. If they want X, Y, Z, then we say go someplace. There’s no problem.
NATALIE TURNER [00:03:40] Is there a particular product that you’re showcasing that’s better than all the rest, or are you just the one?
RASHID ALI [00:03:45] Well, we do all the privilege access management on the endpoints as well as the service and applications. Recently we did a partnership with another company called Alliance who work in the OT space. Because what’s happened over the years is you’ve got factories, manufacturing plants, utilities oil gas and so on. And these guys have put in machinery that’s been in there for 40, 50 years and it’s been there for quite a while. Right. Probably haven’t seen daylight since it’s put in. So now because all these digital transformation they’ve got this machinery and they want to try connecting it to the world. Right. They want to make sense of all the data and information this machinery has. It’s very difficult to do that. So we partnered with Alliance who actually got an industrial gateway product. But what happens is when you put these type of technologies in and these devices are connected, there’s no security. So we are the first in the market in that OT space to provide security around the gateway products as well. So the product called wall for IoT and that’s that information can be found on our website.
NATALIE TURNER [00:04:48] Fantastic, so you speak about digital transformation.
RASHID ALI [00:04:50] Yes.
NATALIE TURNER [00:04:51] What does that mean to you?
RASHID ALI [00:04:54] More risks, more vulnerabilities for organizations. It’s quite clear. So when you talk about digital transformation, organizations are having more devices connect to the network. They are having more data. The data is in the oil. They want to collect more information. There’s a whole point of dome for digital transformation. There’s more users connecting to network, internal and external. And there’s more compliance. So they have to adhere to because what they’re doing is now they’re putting the data and information into the cloud. Some of it on prem before it used to just be all on prem, right as a cloud, what was cloud ten, fifteen years ago, nobody knew about cloud. It’s just someone else’s data centre. Right. But it’s not in your data centre anymore. It’s somewhere else. Which means you have to a lot more compliances comes into GDPR, NIS, PCI, all these sorts of compliances come into it. So you’ve got a lot more risk of vulnerabilities going on with digital transformation. But saying all that the fact remains that 80 percent of the attacks come from with inside the network. So, yeah, you do digital transformation, but the attacks will still come from inside your network. And that’s where products like Wallix privilege access management solutions fit in because you’re doing all this stuff. But you’re what you’re doing is you’re building up your perimeter. So you put your firewalls in, you put AV in you put your IPS and so on. And then next year you got next generation IPS, next generation firewall your putting the perimeter up but in the meantime, what you’re doing is you’re opening the door, front door and say, hey, why don’t you come in? So the privilege users, you open the front door, let them come in. Let them do their work. You got external third party contractors because organisations are limited on resources or technical understanding. So they employ contractors at third parties to come into the network and do the work. Right. But nobody’s actually watching them. Nobody’s watching what they’re doing because they let them in from the front door. Yeah, security is great and you’re doing really well spending loads of money. However your letting them straight in. So that’s where privilege access management comes in. I’ve got an example I used yesterday in one of the talks, so I’ve watched a lot of films growing up cops and robbers, robbing banks and so on. And you’ve got the robbers go into a bank. They the first person they catch is the security guard, knock him on the head poor fellow always gets it right, tie him up. Then they go into that network and they’re the first person they want to catch or hold is a bank manager. Why do they want to get a bank manager? Right. The bank manager has the keys to everything he has the keys to the safes. He has the keys volts. He the keys to the safety deposit boxes, the cash registers. That’s the first person they want to go grab so go and open up the safe I want all the gold. So it’s a similar thing with privilege access management. You’ve got privilege users for every organisation, whether you go two three. Some companies have 100, some companies have thousands and they’re dotted around the world. And we talk about internal and external privilege users. Every single one of them is a risk is your bank manager as a company. So they’ve got the keys to your kingdom and you’ve got no idea what they’re doing. You’ve got no no visibility on what they’re doing at all.
DAVID SAVAGE [00:07:52] I suppose I would be quite interested to know what your business strategy is going forward. I mean, because is it to look at new features or is it to look at collaboration? Because you said there that simplicity is the key to why your getting some market share. But equally, in a market that’s continually evolving with more threat service than ever before because of connected devices. You don’t wanna have a Kodak moment, right?
RASHID ALI [00:08:10] No, exactly what we do is we work with other vendors that fit into the space. So for authentication or, you know, identity and access management. So whoever we feel that can add value to us and we can add value to them. We yeah, we create an ecosystem so we can connect to them and they can connect to us. We work together as partners when we go and see prospects and customers. So we’ve got a whole list of vendors on our website and you can request information from us, and it’s all there yeah.
NATALIE TURNER [00:08:41] Fantastic, so is there a key message that you want to get out to the audience today. There was a couple of sentences you’d like to say.
RASHID ALI [00:08:45] Yeah. It’s it’s it’s we’re not here to police the police. Privilege access management can be quite people think it’s intrusive, but what we’re doing is actually trying to protect the company. But your greatest asset is your employees. So, you know, we’re trying to protect your employees because what happens is someone could go and Bob could go in tomorrow morning, do some work on a particular server, makes a mistake. Human nature it happens. You know my fat fingers, whatever. Right. And he’s the networks down next day. Now you can have a seam, which is great, and you can have all these log management products. If you’re good at reading logs because something something goes wrong, then what you’re gonna do is you’re gonna go through the logs and you say, right, I need to pinpoint exactly what happened. And the CFO or the CEO said, show me what happened. They can’t read logs they’ve no idea what’s going on they just want to see what’s happened. What did he do? Did he do it deliberately? Was it accidental? But with a pam solution, you go in and say, okay, here’s the seam stuff. These are logs, metadata everything. Here’s a video of what exactly happened. And you know what, Bob? You could generally see he made a genuine mistake of what he did. Take that P45 back, don’t give it to me.
DAVID SAVAGE [00:09:50] On that point, do you find that security professionals still fear that the board is going to have a negative outlook on any breach immediately? Because that’s not gonna help security people come forward and explain that there has been a problem. They’re going to not be so forthcoming, which is gonna lead to problems.
RASHID ALI [00:10:06] Yeah. No. So again, pam comes to rescue. Right. So when someone’s about to do something. So we have commands within the platform. So if someone’s you can put it in you only give them access to what they’re allowed to have access in first and foremost. Right. So you control the whole access, whether it’s internal or external. Third party company, you control what time they can come in evenings, weekends. They come into the network and they’re only allowed to do the job that they’re allowed to. Now, if Bob comes in and he thinks, oh, I’m going to go and try doing something, maybe it might not be him. He might be compromised someone might have stole his credentials, trying to do something a bit malicious. The session gets automatically terminated, so they can’t actually do anything or load or try to go to another server and try to do anything malicious because the session totally gets terminated. The message will get sent to the manager, saying, hey, somebody or Bob, lets say, for example, has just tried doing something, maybe wanna go have a word. And you could also set the system where it gives you warnings, hey, you’re about to do something that you’re not supposed to don’t do it. And then they gives you two three whatever you set out attempts and yeah, you can manage the whole process so.
NATALIE TURNER [00:11:13] Fantastic, well look, we’re going to have to leave it on that note.
RASHID ALI [00:11:14] Oh right is that it? I was just getting in the flow.
NATALIE TURNER [00:11:17] That was fantastic. Thank you so much.
RASHID ALI [00:11:18] Thank you. Pleasure. Thank you very much, cheers guys.
NATALIE TURNER [00:11:20] So, oh stay where you are, take a seat he’s eager to get off isn’t he? So that is all from us for now, however, don’t go away. We will be back after a short break. As I have said before, please do follow us on Disruptive Live and hashtag DTX Europe. We’ll be back soon. See you in a bit.