Partner Perspectives: TUV Rheinland

Partner Perspectives is an occasional series of interviews with members of the FireEye Fuel Partner program discussing their perspective on the market and how they partner with FireEye. In our first interview, I spoke with Frank Melber from TUV Rheinland.
 

DW: Can you tell us a little bit about TUV and your role?

FM: The TUV Rheinland Group is an international technical services enterprise with branches in 65 countries and over 18,000 employees worldwide. With a team of over 270 experts in the field of information security, TUV Rheinland is Germany's leading independent service provider for information security and IT quality. Internationally, we are one of the key independent players on the market with locations across the globe, including the U.S., the U.K., Hungary, India, Indonesia and Singapore.

For more than 15 years, we have been offering companies and organizations consultation services and solution competence across the information security field - from strategic consultation, conceptual planning and process optimization through to the implementation, operation and the certification of systems. Besides that, we offer Incident Response Services as part of our SIRT (Security Incident Response Team). In my role, I'm the Head of Business Development in the Solutions division.

 

DW: Do you focus on specific markets?

FM: As an organization we serve many different types of customers and are not limited to specific verticals. We have customers in defense, aerospace, automotive, chemical, finance, insurance – almost every category of the German market.

What differentiates our approach is we truly understand security as a whole and have deep knowledge about the vertical specific requirements and needs.

 

DW: What are some of the pain points that you see in the German security industry?

FM: In the past everybody had their antivirus solutions, proxies, firewalls, and traditional defenses summarized as “state-of-the-art” security. The perception was that this is “fair enough” to protect the company from whatever threats came in.

Now, what you see when you integrate a FireEye box into a network is eye opening. In most cases you see existing malware infections the customer was not aware of. This causes people to start changing their mindsets to a certain extent, which means they begin to understand that the traditional security solutions are not enough to counter those advanced threats.

It’s no longer a black and white game. People will understand that there’s a lot of gray and not all the gray is light gray.

 

DW: Are customers surprised when you integrate a FireEye appliance on their network and find malware?

FM: We usually “prepare” them by telling them before we actually put the machines in place that we’re 99% sure that we will find existing infections. So, they are not entirely surprised but it’s always a little different when it’s “your network.” We usually also consult them concerning incident response processes in the first place so they are not entirely unprepared in responding to the appropriate findings.

 

DW: What other changes have you noticed taking place over the last few years?

FM: What we also noticed is that people are used to having a “click here to delete malware“ button to get rid of whatever threat they had on their networks. Now the situation has changed dramatically.

When dealing with advanced threats there usually is no easy mitigation. In most cases, the actual threat has to be understood. This includes infection vectors, how the malware persists and spreads itself, where the binaries are located just to name a few.

Customers need a combination of expertise and technology – either in-house or as an external service. That’s why we started the SIRT service about two years ago.

 

DW: How does TUV Rheinland work with FireEye?

FM: We’ve been a FireEye partner for about four years, probably the first one in Germany and work quite closely with sales and systems engineers.

When someone hears about APTs they usually think of FireEye because the company was the first to market with the technology that’s able to detect these threats. Being a FireEye partner gives us the opportunity to work with our customers to deliver one of the most notable products.

Besides that, we advise our customers to implement a so-called “self-defending network.” We usually deliver a mixture of integrated products and services, where FireEye is one of the core components. The goal is to deliver a solution that fixes severe problems and not just to sell a box.

 

DW: What are the most common questions that your customers have around security?

FM: It always changes. About three years ago there were a lot of questions about the transition to mobile and especially transitioning away from Blackberry. Today, there’s a lot of attention around the APT topic. Customers want to know what APT means for their enterprise, getting clarification about how advanced threats work and how to respond to an incident. Most customers are not aware in the first place that they need efficient incident response processes which define how departments work together to handle a security-related incident.

When we are talking to a customer, we have a holistic approach and solution for protection from APTs. FireEye’s partnerships with other vendors like Infoblox or Imperva help us to combine these solutions and contain a threat more or less automatically.

 

DW: What do you see is the biggest challenge in the market right now?

FM: There are a lot of vendors in the APT market right now. In addition to the mature solutions there are other vendors claiming they can detect and stop APT attacks using different approaches. In general there’s a certain number of solutions that might not do what the customer expects.

Helping customers to understand the various solutions is about explaining to customers how the solutions detect threats and how they match up against each other. Often we run head-to-head tests and let the customers review the results.

 

DW: Where do you see the market in three years?

FM: At the perimeter / network level you can't improve detection rates significantly. To get the real truth, you need to deploy agents on the endpoints. What FireEye is doing with HX technology is a step in the right direction.

 

DW: Is there another emerging trend or maybe even an emerging market that you see as a big growth opportunity for you?

FM: The big data approach to security is the right thing to invest in, at least at an international scope. What FireEye is doing with TAP and nPulse is very compelling, but we have particular challenges in Germany because of data privacy regulations.

Besides that, we expect significant growth in the industrial security market over the next years. This is mostly driven by the need to secure critical infrastructures.

 

About Frank Melber