Bigger than The Osmonds? Venafi CEO lays out ambitions
With its 'immune system for the internet' technology, Venafi could be the biggest thing to come out of Salt Lake City since the Osmonds, if its CEO is to be believed
Despite predicting that every Global 5000 firm will eventually deploy it, Venafi's "Immune System" technology still needs evangelism from the channel before it's an easy sell, according to its chief executive.
The Salt Lake City security start-up received a major boost last week when it bagged an additional $39m in funding from investors including Intel Capital and Silver Lake Waterman.
A portion of that will be ploughed into European channel expansion.
Venafi currently has just 250 global customers and has endured a mixed track record in Europe, where resellers tell us they've often found it hard to turn the hype around its technology into sales.
But according to CEO Jeff Hudson (pictured above), the concept behind Venafi's Immune System for the Internet offering is about to take the industry by storm as recent bugs such as Heartbleed and Shellshock prove the need for its technology.
As these attacks have shown, the status quo of building walls to keep the bad guys out is flawed, Hudson said. Instead, he argued, all firms will in the future invest in an "immune system" similar to that of the human body to protect themselves against the "pathogens" that inevitably make their way in.
"What Venafi has done is create an immune system for the internet," Hudson told CRN.
"Just like the human body, we crawl around and look for certificates that don't belong, and we disable them. That's why we got such good funding. You don't too often see names like Intel Security and Silver Lake unless it's a really big deal and my prediction, and their prediction, is that every one of the Global 5000 - or at least the ones that will survive - will adopt this strategy and will have an immune system."
Spool back two years and Venafi was not in a good place as its inability to keep expenses in line with income forced it to chop one in four of its staff.
It was also around that time that Venafi switched the marketing pitch for its technology from one of cost reduction and efficiency to one of protection as Heartbleed, Shellshock and other attacks on keys and certificates hit the headlines, Hudson said.
Since then, the firm has increased headcount from 100 to 180, Hudson said, adding that the $39m funding will be used to further develop Venafi's technology arsenal and expand into Europe and Asia.
"A world that blindly trusts certificates"
The human immune system works by crawling through your body and eliminating every cell that doesn't have a tag that identifies it as you, Hudson said.
But the internet currently lacks a parallel mechanism, he argued.
"We [the IT security industry] put certificates on codes and devices we trust and we've given them the ability to not only authenticate with each other but to use the certificate - or the encryption involved in the certificate - to encrypt messages back and forth. What we didn't do before is put an immune system in place that would crawl around and look for keys and certificates that are stolen or misused or fraudulently created by the bad guys. So what we've got now is a world that blindly trusts certificates - and the bad guys know this. And they know that if they can slip a certificate into a large corporate environment, they can be pretty much undetected."
Despite having been around for 10 years, Venafi sales are still hard to come by for partners and the vendor has just 14 European customers.
Hudson admitted his firm is still in education mode, something for which he said the $39m will come in handy, adding that Venafi had selected the wrong channel partners in the past.
"Not a sell, but an education"
"Is it a hard sell?" he asked. "It's not even a sell; it's an education.
"This is not a category like next-generation firewalls where people say ‘I need to buy one'. This category is not well understood yet and it's an education and there are a lot of [channel partners] that aren't good at educating - they'll say they are, but you can't be if you have a line-card with 40 vendors."
Hudson added: "We are educating like crazy. I've visited probably 30 CISOs around Europe in the last nine months and there are lots of plans being made in customers for this. At one point, we signed up too many resellers that were box shifters and that was the wrong approach. What we want to do now is help the [resellers and consultancies] we already have become wildly successful."