Gary Burnett meets Tom Keating, VP, Engineering and Belfast Site Leader at Proofpoint

Tom Keating made the move from Dublin last year to run the Belfast operation of top Silicon Valley cyber security, Proofpoint.

He talks about the company’s very positive experience in Northern Ireland and the cybersecurity threats facing us all.

GB: Tom, tell us briefly about what Proofpoint does.

TK: We’re a 15-year-old company. Our DNA is primarily in email protection. We offer technical solutions around cyber security at both the enterprise and SME level. As we continue to evolve, we see ourselves as a next generation cyber security company with advanced cloud-based solutions. For us, email is the number one attack vector but we also see growth in attacks via social media and mobile devices.

GB: So, you’re branching out from just focusing on email?

TK: Well, we’re evolving rather than branching out, so to speak,. The cloud has been evolving and it’s important that we evolve with it as new threats appear. We’re the fastest growing company in this particular area and we have many different offerings and solutions from a cloud perspective. What we’re doing is to help our customers protect themselves, their people and their data, and to manage their compliance risk.

In addition, there is our threat intelligence platform which we have built up over the years and we feel is world class. Our products use this extensively to help our customers identify threats, block them and then take appropriate action – that’s really the essence of it.

Proofpoint is based in Sunnyvale, California and the Belfast operation came into being five years ago from the acquisition of Mail Distiller in April 2013. At the time of the acquisition, there were seven people at Mail Distiller. Proofpoint was looking for a product offering in the small-medium business space that was designed for channel distribution through multi-level distribution and managed service providers to complement the enterprise market they were servicing. They saw the Mail Distiller product as the right one, and that is what has become Proofpoint Essentials.

The Belfast office has grown from those seven to more than 130 people, which is fantastic. We’ve grown steadily, not just with our engineering capability, but also operations, support, digital risk, marketing, HR, IT, facilities and professional services. And now we’re branching into some of the newer technologies, and as a site, we’re involved in developing some of Proofpoint’s next generation solutions.

The biggest success story for Proofpoint here in Belfast has been the quality of the staff we’ve hired which has resulted in driving great value into the organisation. That’s the main thing that has seen the organisation here grow in the way it has done. We’re now one of the largest and most significant sites for the company outside the United States, which is fantastic, and we are continuing to grow here.

GB: So, when you look at the people you’ve hired, and you look round at the rest of the industry, what do you think Northern Ireland has to offer in terms of its people. What are the characteristics that you value?

TK: The first thing is that the skilled people are here, coming out of the universities. That’s a massive win. But also culturally, for us at Proofpoint, the people in Northern Ireland have a can-do attitude, they’re very friendly and very productive. Our cultural alignment with the US staff makes the engagement so much easier. You know, we watch similar television shows, similar sport (to a certain degree!) and all those things help! Everyone who has visited us from Sunnyvale is so positive about our people’s work ethic, and that has driven the growth of the site.

GB: In terms of looking more generally at the problem you are addressing – we’ve all had the emails from the prince in Nigeria and the fake emails from PayPal – what is the extent of the problem?

TK: Well, the first thing to say is that everyone has email – companies and individuals, and it’s the number one attack vector for a various reasons, but the main one is that it easy to attack via email.

In days gone by in hacking, people were coming up with elaborate ways to penetrate organisations’ defences which takes a lot of resources and effort. But if an attacker concentrates on email, that requires a very lightweight effort and the targets are numerous. An attacker can send out millions of fake emails, and all they need is one person to act on it – click a link or download a compromised attachment – and they’re in. It’s easier because you write once and send to many, and also you’re dealing with a human that can be easily tricked.

The biggest trend we’re seeing currently is Business Email Compromise – BEC – or “email impersonation attacks.” The cost to an organization can be high. Why is that? Because the human being will get something specifically crafted to target them from an attacker who has done his research by looking through your contacts and your electronic footprint, especially on social media. They craft an email based on this information to encourage you to click on something in the email and then they can get access. An example of a Business Email Compromise is that an attacker sends an email purporting to come from you to your HR department asking to change your bank details. The HR department thinks it has come from you, and you’re none the wiser, but suddenly money is being transacted without your knowledge. The FBI recently said that this is one of the things that doesn’t get reported publicly that much because it’s not a breach per se, it’s classed as a compromise, and not publicly reported.

Another issue we see is that when people click on links they shouldn’t, they don’t want to own up and let’s face it – we’re all a bit naïve about this. For example, you get an email supposedly from Netflix, and you look at it and it tells you your Netflix account has been disabled and you feel compelled to click on the link. At Proofpoint, we realise how difficult all this is for an individual, and while we have a lot of technology to help, we also have training through our Wombat Security modules. What this training does is to help change behaviours of our customers’ employees so they can make the right decisions when they are face-to-face with security threats. For example, you want them to look at the email and, rather than blindly believing it is real, pause to think if the email is actually real, so they think more like “Mmm, let me look at the sender email address closer, let me look at the format of the email, and how genuine does that link look?” You want people to have a healthy paranoia.

We all have a healthy paranoia with the security of our house at home. We lock the doors, we lock the windows, we put an alarm on, and maybe have cameras inside or out. We wouldn’t think of just nipping out to the shops and leaving the house unlocked so someone can get in. So, we should take the same approach with our email.

GB: I heard you talking recently at a cyber security conference about what you termed a “very attacked person – a VAP.” What do you mean by that?

Yes, we talk about the VAPs, the Very Attacked Person. Suppose the bad guys want to get to a CEO, an obvious VIP, rather than a direct attack, the attackers will carefully figure out who in the organization is well connected and attack them to get at the real target. When we do an analysis for our customers, we can show them the VAP – that’s the entry point, someone who has a central role within an organization where an attacker can use that person’s credentials to jump on to other people in the organization and compromise them. When we show this to our customers they understand the need to educate all their employees, because any employee can become a VAP.

GB: So, as well as providing technology, Tom, are you providing consultancy and training services?

TK: We work with our enterprise customers to help them understand their VAPs and then that feeds into our training business too. That’s why earlier this year we acquired one of the leading security awareness and training companies, Wombat Security. That company is super and their training is very relevant.

And we train our own people too, so that we start thinking about the emails we get. So if any of us get an email, even on a personal email account, we’re now thinking, “hang on a minute,” and we try and work out if the email is fake or not! So we’re helping people build a healthy paranoia on emails they get, rather than just instantly accept them as genuine.

GB: Will we ever get rid of the problem?

TK: There is no 100% solution here, no silver bullet so to speak. I’d love if there were but it’s such a dynamic and changing attack vector that no sooner have you solved one problem, than a new way to attack appears. You’re playing catch-up the whole time, but we keep working on closing the gap between these new attacks and detecting them for our customers. We’ve been very successful in helping customers, but we’re continuing to evolve the solutions we offer.

GB: I was in a presentation recently given by the Ciaran Martin, the Director of the National Cyber Security Centre in London. And he asked, “What do you think the typical cyber criminal looks like?” And he threw up a picture of a shifty looking guy in a hoody, looking at a screen in a dark room. “Is that what the cyber crook looks like?” he said. And then he put up a picture of a very modern looking, comfortable office, with people sitting in front of their screens like any ordinary business. That’s the cyber-criminal organization – well funded, well organized, focused.

TK: He’s right – cybercriminals are people just like us. They’ve come out of university with computer science and engineering skills and qualifications, so we’re dealing with very smart people, who are coming up with creative ways to compromise targets that have something they want. It could be company information about some new innovations or about a business deal, or maybe they are trying to siphon off money, or get data on people that can be used. You name it, it’s been done, but remember it’s being done in a very organized manner.

Here at Proofpoint, we’re on the other side, we’ve a lot of very smart people coming up with better ways and means through our technology and solutions to help our customers detect and deal with these attacks quicker and easier.

There’s always going to be risks with using the Internet. Companies have valuable data and it’s no different from days of old when people tried to fool you from the side of the street for your money through selling snake oil. The human being is the weakest link, and they’re trying to catch you unawares. We’ve all been there. I know myself, at times, I’m about to click, and then… “hang on a minute!” And you think, that is so well done!

GB: Tell us how Proofpoint has got on in Northern Ireland, Tom.

TK: Well, it has been great since day one here in Northern Ireland. There is great access to qualified technical staff for all the various roles we have here in Proofpoint from both Queen’s and Ulster universities. There’s a great growth in terms of what Queen’s is doing on the research side in cyber security and while there are a few other companies involved in cyber security here, we’re one of the main global companies here in Northern Ireland and that’s exciting. And that’s why people love coming into this. This is a high-tech Silicon Valley company, we’re at the cutting edge of things, we’re involved in the operational, support and engineering, and that motivates people coming who out of college to say, “Great, I don’t have to leave Northern Ireland, I can do that here.”

I’m a recent blow-in from Dublin, originally from Limerick, and I made the move here to Belfast last year. Many people have asked me, “Tom, why are you moving to Belfast?” Simply I had the opportunity to work for one of the top Silicon Valley companies involved in cyber security and Belfast is a wonderful, vibrant city! There is a lot going on here and it’s a lovely place to live and work. The people here are great plus the cost of living and the quality of life are all great. Honestly, I could not give anyone any negative reason to be living and working here in Belfast.

Proofpoint is a perfect example of a company that has come in and set up, being very successful here and they love it! We’re continuing to grow here, and I’m delighted to be part of that journey.

GB: Thank you Tom!