The final piece of the complicated Mandiant-FireEye split and subsequent FireEye-McAfee merger fell into place today, as McAfee’s cloud security business was officially spun off under the new name of Skyhigh Security.
McAfee Enterprise and FireEye were acquired by Symphony Technology Group last year as Mandiant became a standalone company. STG also owns RSA Security, which remains a separate company. Here’s how the companies stand:
- The FireEye-McAfee network security products business is operating under the name Trellix
- McAfee Cloud is now Skyhigh Security
- Mandiant is being acquired by Google
- And McAfee’s consumer business is going private
XDR and SASE in Focus
In an interview with eSecurity Planet, Skyhigh Security CEO Gee Rittenhouse – who previously led Cisco’s security business – explained the rationale behind the Trellix-Skyhigh split.
Trellix is focused on extended detection and response (XDR), a platform that unifies all the cybersecurity tools that fall within enterprise networks, from firewalls to SIEM, EDR and more.
Skyhigh is focused on the secure access service edge (SASE), or “security service edge” (SSE), as Skyhigh and Gartner are calling it: all the data, devices, users, apps and cloud services that reside outside of the traditional network perimeter. The name Skyhigh comes from McAfee’s 2018 acquisition of cloud access security broker (CASB) vendor Skyhigh Networks.
“In this distributed ecosystem, the traditional perimeters don’t really apply anymore,” Rittenhouse told eSecurity Planet. “As these functions move to the cloud, there are new models that have also appeared to help customers stay secure around SaaS applications … so you have cloud access service brokers, coupled in with zero trust architectures around access, and protection against the web and threats with secure web gateways.”
Rittenhouse said splitting the companies was the best way to manage the combined company’s vast product portfolio.
“As you take the XDR platform and the SSE platform and try to bring them together, two things happen that kind of strain that broader perspective,” he said.
The first challenge is that XDR requires an open platform, and in addition to its own products, Trellix has “hundreds of vendors and technology companies in their ecosystem, and so if you’re all in the same company, it raises questions about the level of integration versus openness.”
“The second thing is that when you’re trying to build a comprehensive platform of such size and breadth, the complexity can be very high and can tend to slow the roadmap down.”
As XDR and SASE are largely separate markets, focusing on them separately will “accelerate those roadmaps and their value to customers,” Rittenhouse said.
Having XDR and SASE as separate companies potentially creates more opportunities for partnerships and customer wins. Rittenhouse said the arrangement “allows for flexibility but the reason we’re doing this is to better serve customers. Bringing the technology to the market quickly is the primary purpose of this.”
The one use case where Trellix and Skyhigh will remain “very tightly coupled” is data loss prevention (DLP), Rittenhouse said. The DLP use case “really does connect and span these in a very material way, what happens on the endpoint, what happens on the SIEM and in the SOC and what happens in the cloud.”
‘Data is the New Perimeter’
Rittenhouse said Skyhgh has “radically simplified” how data is protected in the cloud by focusing on the importance of data rather than its location.
“The locations where your data resides have exploded,” he said. “They’re on the web, they’re in SaaS, they’re in hundreds of SaaS, they’re in the cloud, and if you’re using different technologies to protect your data depending on where it is, that adds a level of complexity.”
“Our approach is very different,” he said. “Our approach is that the visibility and the policy actually surrounds the data and define it for a particular type of data itself. If that data sits in a SaaS platform or on the web or in the cloud, it doesn’t matter. You define it and you understand it. So we’ve moved that security layer from the typical kind of network and enterprise perimeter to the application and data layer.”
In distributed systems, that critical application and data layer “is also the hardest to protect and so we’ve radically simplified that by having your security surround the data, and the data is the new perimeter.”
Skyhigh’s approach is to determine what data is important and sensitive, how it’s being used, and who has access to it, and then base security policies on that. “That’s a fundamental shift and it makes it much much easier,” he said, while still facilitating collaboration.
Setting policies is done in a few ways, he said:
- An organization could classify data based on role, application, department or a specific employee: a CFO, HR department, finance, dev team, sales staff, or application all might have protection policies.
- Employees can also tag data as sensitive.
- Skyhigh can also provide visibility into “shadow IT” so organizations have a better idea of the apps that are being used and their importance.
The Skyhigh Security SSE Portfolio includes Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA), Cloud Data Loss Prevention (DLP), Remote Browser Isolation technology, Cloud Firewall and Cloud Native Application Protection Platform (CNAPP).
STG managing partner William Chisholm said in a statement, “We’re committed to investing in this business, which is in one of the most important markets in security, SSE.”
Still to be determined are Trellix product names as the McAfee-FireEye portfolio gets consolidated, but otherwise the major moves appear to be done.
Read next: Top Cybersecurity Companies for 2022