Q&A: FireEye EMEA VP Kevin Taylor
CRN sat down with FireEye EMEA VP Kevin Taylor, who joined the security vendor earlier this year as it attempts to reconnect with the channel
By their CEO's own admission, FireEye went through a transitional year in 2016 as it prepared for a second crack at the channel.
Speaking to CRN, FireEye's recently appointed EMEA VP Kevin Taylor (pictured) opened up on FireEye's re-emergence in the channel. Taylor arrived at FireEye in February, with a CV including VP roles at Symantec and Huawei, and also a spell as CEO at Storm Technologies.
FireEye's reputation in the industry seems to have changed from a fast-paced innovative start-up to a slow, legacy vendor, almost overnight. How would describe FireEye's development over the last few years?
Last year was very difficult for us - it was transitional organisationally and in terms of products and capabilities. We're in a different place now.
When you're growing so fast you make mistakes, and we undeniably made mistakes, but I think they're behind us. Our journey as a business is astonishing in some ways.
How do you cope with going from $50m to $500m to $750m (revenue) effectively from 2012 to 2015? Is it sustainable?
[Former CEO] Dave DeWalt hoped so, made the company incredibly valuable and with a very clear idea of a trade sale. There's no hidden agenda there.
If you set your stall out to do that and you fall short you will get some criticism, that's what happened.
The underlying capabilities of the business continued to improve, so we haven't become a $50m business again, we're still a $750m pure-play cyber-security company.
When you compare us to many of our competitors who are not pure-play cyber security players and you look at their real expertise, they are very often smaller than us. Even some of the big boys aren't very big security companies, and then at the low end there are many, many new entrants.
Do you think some of the criticism aimed at FireEye has been unfair, with some accusing it of not being channel friendly?
You could argue that a consulting firm like Mandiant (which FireEye acquired in 2014) isn't very channel friendly, and perhaps originally it didn't need to be. Today, as a core part of FireEye, it's essential that we have that capability because it drives the quality and the ethnicity of our engines. Those engines are productised and packaged in such a way that we do want to go to market with partners.
We do 200,000 hours of incident responding a year and that's anywhere between 400 and 600 major organisations where we get the call. That isn't a channel play - that's pure-play incident responding and consulting capability.
What we see in doing that is everything that everybody else misses. We see in incident response everybody's prevention and detection failures, including our own. In post-breach you learn vast amounts - what we're trying to do is take the knowledge, couple it with the threat intel that we have and bolt it onto products and services that we'll deliver in a package, ideally through channels.
As a company, from the CEO down to the regional bosses, you appear to be making a big noise about how important the channel is to its strategy. What would you say is driving that effort? If you listen to the quarterly earnings announcement, we made quite a big deal about how it's not a choice.
If you want to build scale into the business then you're very dependent on indirect routes to market. Even where you have direct sales efforts you still need indirect support. Sometimes it is fulfilment and sometimes you want channels to take your capabilities to market on your behalf.
Historically I don't think we were mature enough to even draw those distinctions, to be honest. I can certainly do that. I've had a lot of experience doing that, and Kevin [Mandia, CEO], gets it.
In the EMEA theatre, if you look at the volume of what we do, and the value of what we do, through the channel it's the lion's share of it in both categories. It's nearly all of it. Although the marketplace probably doesn't realise that because we don't necessary talk about it - but we are largely defined by indirect routes to market.
Continues on next page
Q&A: FireEye EMEA VP Kevin Taylor
CRN sat down with FireEye EMEA VP Kevin Taylor, who joined the security vendor earlier this year as it attempts to reconnect with the channel
Why would you say that now is the right time to increase this emphasis on channel partners?
We're evolving. You can always characterise three stages of evolution. In our 1.0 incarnation we were a pure-play detection product-based company and very successful market leaders. Very often when we turned up - directly or indirectly - our solution solved the problem because we had a pretty substantial hand in defining the problem statement in market terms.
In our 2.0 incarnation, that's probably two or three years ago, that happened less often. We had the same go-to-market idea but actually had become more broad based - beyond detection into a variety of other service types and products types - and actually the same sales motion was less successful.
Our third incarnation is a much more mature go-to-market than anything that we've had before. The next-generation architectures afford us the ability to move further down the segmentation.
The new platform capabilities that we've got (Helix) is effectively security operations in the cloud or in a box, in a pre-determined, pre-packaged way. You couldn't define a more appropriate, channel-ready opportunity.
Can you explain how the Helix offering and this new approach makes you more accessible to the channel?
It takes us to a lower level in the segmentation and territories which are less mature that don't need one of everything, and don't have lots of people.
A lot of the middleware and integration in cyber operations is people and big companies have a lot of people. Medium-sized companies can't afford that and as a consequence probably didn't do as much as they should have done over the last three-to-five years.
We work with the Verizons and the integrators, we co-exist and we work with them in the world's largest organisations, but as we come down that segmentation I think we can work with other types of security partners, and we are doing that.
You mentioned new entrants to the security sector earlier. FireEye is often grouped with the likes of Symantec and Trend Micro and accused of being slow and ineffective by VC-backed start-ups. What is your response to this?
They're start-ups, they're often well funded, and they can throw money at it. But when you look at it it's a $50m franchise doing the same thing that 50 others do already. Maybe you'll succeed, maybe you won't, but if I'm a channel partner do I want to throw money at the next bright, shiny thing?
The margin opportunity doesn't always follow the next company that comes along. How many of our competitors have got 800 experts doing intel or remediation? Very, very few.
A lot of our strength is born out of this unbelievable relevance. A lot of our competitors appear to be credible and capable, but if you scrape beneath the surface they're not. It doesn't mean they won't be, but many of them are pretenders to the throne. Certainly when I talk to partners they're interested in franchises. They don't want to build a business around shaky foundations.