Sygate CEO outlines security strategy

A Q&A with Sygate CEO John DeSantis, who talks about the company’s plans for partnering with big names and improving its name recognition.

Sygate, a privately held company known for its personal firewalls, says its revenue will double this year to $10 million and projects it will double again next year as sales are boosting its budget by four to five times the current $500,000. The company recently received an additional $17.5 million from investors to rev up its name recognition. As part of that effort, Sygate has allied with big names such as Alcatel, AT&T Broadband, Cisco, e-Tunnels, Enterasys Networks, NetScreen Technologies and Nortel to use its VPN gear and services. Recently Sygate CEO John De Santis spoke with Network World Senior Editor Tim Greene to discuss how his company’s plans were proceeding.

Sygate has been around for seven years, during which security has become more important to customers. Has that changed what they’re asking for from you?

We made a conscious decision two years ago based upon the feedback from our customers to shift what problems we were trying to solve over into security problems. When we first got into it with personal firewalls and distributed personal firewalls, making people more secure was the focus. What we’ve seen happen in the last year, enterprises are telling us I’ve got to do more with less. By saying that they’re effectively saying, “I can’t keep spending money on security solutions. I need to know that your solution is doing more than just plugging holes.” That’s what drove us to this integrity checking. Some of the customers say, “Look, I spent all this money on security, but how do I know it’s working?”

What are you working on that customers have been asking for that you don’t yet have?

As PDAs become network-connected in large enterprises there’s a big policy issue there. You want to allow them to use their PDAs, you want them to be network-connected with them because they’re terrific tools, but you also want them to be safe. So you’re going to see more stuff in that area coming from us.

We’re finding that there’s more and more pull for controlling the internal exposure – the people already inside the network having improper access or improper behavior. While we’ve been very good at policy enforcement on a device before it gets on the network if it’s coming in from the outside, you’ll see more emphasis in the future on enforcing policies on devices that are inside. So the device has to have the right things in place before it gets access beyond the switch.

Don’t customers want a tool that coordinates security policy across security-point products like firewalls and intrusion-detection devices?

What you describe is the dream. We’re probably a couple of steps before that dream. Large enterprises with so many laptops to some degree are feeling a loss of control or at least loss of knowledge of what those machines are doing and what they are being used for. A lot of technologies that come out, like instant messaging and wireless, are great applications. They’re things you want to let people use as long as they use them correctly, but they also open up vulnerabilities to the enterprise. So the approach we’re trying to take is how can we give the enterprise an ability to control the safe usage of these applications. That’s what we mean by a policy-based approach as opposed to just the blacklisting approach. As you go forward, it would be really nice if we were able to put a solution in place that when there is a new vulnerability, instead of having to buy a new product to address that new vulnerability, wouldn’t it be great if it was just a new policy to address that vulnerability?

What other new concerns do you see?

With more and more internal users having laptops, there probably was a sense of security before about the internal user. All we have to do is make sure that they authenticate themselves and we should be all right. Now you have a third of your users of your internal network leave the office at 5:00 every day, and then they come back in the morning, and you don’t know where they’ve been. They physically come back, and they slap them onto their docking stations in the network. You have no idea what they’ve brought in with them, where they’ve been, what they’ve been doing, whose home Web site they have gone to, etc. That is a relatively new problem.