Phil Fuster, vice president of federal sales at Proofpoint, recently spoke with ExecutiveGov regarding the challenges that the federal landscape is undergoing as zero-trust technology becomes a major focal point along with data security standards moving forward.
In addition, Fuster also discussed the recent growth initiatives to drive value for Proofpoint in the federal sector as well as the challenges of maintaining compliance standards such as CMMC and how that impacts the drive of innovation during the latest Executive Spotlight interview.
“Proofpoint takes a lot of pride in being able to elevate the threat intelligence that matters and gets into the hands of the right people at the right time. Zero-trust is a game-changer. We made a shift to a People-Centric approach to cyber security about six years ago so we were a little bit ahead of the curve and that’s given us a different perspective than a lot of the companies who are still trying to catch up.”
You can read the full interview with Phil Fuster below:
Table of Contents
ExecutiveGov: What can you tell us about the company’s recent growth initiatives and how you’re driving value for your customers through contract awards, acquisitions, and other aspects across the federal sector?
Phil Fuster: “With the recent announcement of Ashan Willy becoming our new CEO, you will see many organic changes as well as strategies put into place for exponential change. We’re really excited about having him at the helm of Proofpoint and he will be a huge help to us on the Federal side, and broader public sector side, of the business.
Proofpoint is a U.S. based company. In fact, we were actually taken private last year, so we were the largest public to private takeover for a software company in history. Thoma Bravo purchased us for $12.3 billion. Following the acquisition, it gave Proofpoint the chance to look at growth strategies without Wall Street judging us on our growth initiatives.
Our growth is coming in several different forms. From a federal perspective, Proofpoint has doubled the size of our federal team to expand our federal footprint into new customer missions using a broader set of products. We have had a moderate FedRamp posture on several components of our platform with a current roadmap to FedRamp High and Impact Level 5. Our platforms are expanding and we are looking forward to bringing them into the federal market.
Proofpoint is also containerizing our entire platform to drive capabilities for the future and options for our customer’s ever changing mission sets. We’ll be able to exist in multiple environments. Proofpoint is already an on prem and as a service company, but the ability to deliver our services ubiquitously is something that we’re working toward on the federal side.
That’s very important because we have customers that are on the civilian side as well as on the healthcare, defense, and intelligence sides of the business. Proofpoint wants to be able to deliver our solutions for our customers where they need it the most and when they need it most.
We’re elevating our posture in order to serve more missions, especially in the intelligence community. We’ve also made organic changes and continue to grow through acquisitions.
We recently purchased Dathena to help with enhancing our 6th generation AI/ML engine. We’ve added AI and ML capabilities to help with both at-rest data and in-flight data classification in our data archiving and e-discovery platform as well as around our data loss prevention solution. If you think about sensitive or top-secret documents that have certain words or information, we can look at the context and content to do data classification tagging, which is a significant and helpful change. Data is everywhere. It’s in the cloud or in our BYOB devices, which is another area of potential growth.
In terms of our capabilities in artificial intelligence and machine learning work, we’re already in our sixth generation AI/ML engine. Proofpoint will be launching its 7th generation soon. Proofpoint has one of the largest threat collection engines in the market today. We have over a trillion nodes that collect data for us and we see 25 percent of the world’s email and three-quarters of the SMS traffic on any given day.
Proofpoint takes the data from our NEXUS data lake and turns it into real intelligence using our AI and ML tools. We’re also investing in our ability to deliver threat intelligence as-a-service. You’ll see Proofpoint investing in the professional services area in a big way, both internally and through our trusted partners.”
ExecutiveGov: With zero-trust technology becoming a major focal point moving forward, what can you tell us about the difficulties of implementing zero-trust architectures and focusing on data security?
Phil Fuster: “We are seeing a lot of the events globally, including a 500 percent increase in mobile threat attacks during the weeks preceding Russia invading the Ukraine. Proofpoint has seen many unique threat actors pop up using very targeted attack methods targeting different parts of our customer base. However, we believe that this new threat intelligence group will be able to help our customers, especially in the intelligence community and adjacent areas, like Law Enforcement and Homeland Security.
Proofpoint has a data set as we’ve been told by the federal government that is unique to us. We feed a lot of the sensors out there that feed our platform and in turn we share data natively back and forth with other notable platforms like Palo Alto, Okta, Splunk, CrowdStrike, and many others. We have a symbiotic relationship with a lot of different organizations out there in the market today.
Proofpoint takes a lot of pride in being able to elevate the threat intelligence that matter and gets into the hands of the right people at the right time. Zero-trust is a game-changer. We made a shift to a People-Centric approach to cyber security about six years ago so we were a little bit ahead of the curve and that’s given us a different perspective than a lot of the companies who are still trying to catch up.
At Proofpoint, we have the ‘Nexus People Risk Explorer,’ which is an intriguing way to look inside of the available data, because cybersecurity really comes down to risk management. Who is going to be introducing the risk? How do you mitigate that risk and where can you eliminate it, especially in critical areas like National Security?
Our Nexus People Risk Explorer reports back in detail on which of your people introduce the most risk into your agency. Proofpoint measures different vectors with each having a lot of different components inside of them. The first is user behavior, then we get deeper into the attack footprint of a user and his/her privileges. That’s important in terms of how we’re looking and evaluating the risk to every person at Proofpoint.”
ExecutiveGov: With CMMC and other compliance standards changing to push the best business practices for federal contractors and companies, what can you tell us about the challenges of maintaining those standards and making changes to your own policies to remain compliant?
Phil Fuster: “CMMC is a great standard that’s still being developed, especially for supply chain management. The importance of understanding and knowing your supply chain cannot be overstated.
The next step is understanding your supply chain from a zero-trust perspective, which is going to be critically important and interesting to watch. Proofpoint has received a lot of interest from our customers in that area. As I mentioned, we can track who your riskiest suppliers are based on the ability to score how often they’re being attacked and tracking their changing behavior.
The government deals with many large systems integrators as a part of their daily business, along with a tremendous amount of supplier partners. It is hard to get visibility into your supply chain and each of the ways you are communicating with them. Additionally, understanding what privileges you give a partner or integrator into your systems is hard to understand, track and maintain. There are many moving parts.
Some of these suppliers are working on very critical missions and programs that impact our national security and being able to measure the risk for those suppliers create a substantial advantage. The other aspect is that the government and its partners are reaching a point where understanding where their data exists becomes very difficult.
It used to be that all your data was located in a data center right down the hallway behind a few security guards. In the modern day, your data exists everywhere (on prem, in the cloud, in SaaS applications, on mobile devices) and not all the tools are under the control of an agencies IT managers and security teams. The biggest question becomes how to protect your data when it’s everywhere, which has only become more complex following the pandemic and the move to telework.
We’re all teleworking full-time or at least part-time now, so we don’t all have the same hygiene for our data and some of us may not have better cyber hygiene at home than our companies do. Many of us aren’t using the latest and greatest devices either, or we’re not keeping them upgraded like we should be.
We are still working on securing new ways and implementing new techniques to protect them. In the end, data is out there now. The challenge to protect it has become a cost of our telework needs during this pandemic. Definitely interesting times.”
