New Proofpoint CEO Ashan Willy Pushes Information Protection

‘It was a very natural fit moving into the whole DLP/information protection space because we were already protecting people. Now we want to protect the data they create and move,’ says Proofpoint CEO Ashan Willy.

New Proofpoint CEO Ashan Willy plans to expand the company’s information protection capabilities and grow Proofpoint’s threat protection business outside North America.

The Sunnyvale, Calif.-based email security vendor named Willy interim CEO March 2 and elevated him to the permanent CEO role Monday, making him the second top executive in Proofpoint’s 20-year history. Willy, 50, started at Proofpoint in December 2016 and replaces Gary Steele as CEO. Steele, 59, founded Proofpoint in November 2002 and resigned in March to become CEO of data platform giant Splunk.

“I was pretty well-versed in the underpinnings of the company both from a go-to-market and product development standpoint before I took the CEO role, so it was a natural step up for me,” Willy told CRN during a March 16 interview. “You can’t control timing, but this was a planned progression.”

[Related: Splunk Snags Proofpoint Top Exec Gary Steele As New CEO]

Willy came to Proofpoint from Polycom to lead global customer service, renewals and systems engineering, and was promoted in July 2020 to executive vice president and general manager of security products and services, where he was responsible for the company’s email, threat intelligence and detection, authentication and response product lines. He received nearly $3.4 million in total compensation from Proofpoint in 2020.

Proofpoint staked its claim in the information protection space through its $225 million acquisition of ObserveIT in November 2019, and Willy said the company benefits from synthesizing the largest data set in the industry. The company’s technology has been able to identify a couple of huge data loss attempts and stop the threat actor from exfiltrating the information they unlawfully obtained, according to Willy.

The company’s data loss prevention (DLP) engine doesn’t just follow compliance-oriented rules and can instead correlate rules, threats and behavior to deliver a strong signal, Willy said. For instance, Willy said Proofpoint can determine if a customer’s sensitive files have been renamed, moved in an abnormal manner and targeted by a bad actor.

More recently, Willy said Proofpoint has benefited from January’s acquisition of data protection startup Dathena and the opportunity to go after the install base of legacy DLP vendors whose pace of innovation has slowed under new owners. Proofpoint’s cloud-native information protection platform allows customers to move from a compliance-centric to risk-centric approach, with a particular emphasis on insider risk.

These efforts have paid dividends, Willy said, with Proofpoint becoming the second-largest vendor in the highly fragmented DLP market behind only Forcepoint and growing fast. Proofpoint has long been the largest email DLP vendor in the industry due to the size of its email security business and entered the endpoint DLP market with its acquisition of ObserveIT, according to Willy.

“Data doesn’t grow legs and walk out by itself. People move data,” Willy said. “It was a very natural fit moving into the whole DLP/information protection space because we were already protecting people. Now we want to protect the data they create and move.”

In the email security space, Willy said Proofpoint is doing the product tuning and country-specific threat research needed to expand beyond the U.S. and into Europe and Asia. The company already has a European development center focused on email security and has invested in around-the-clock support for Europe as well as the infrastructure needed to support local data residency requirements.

Proofpoint’s email security business competes most often with Microsoft, and Willy said working with a third-party vendor like Proofpoint means that customers get best-of-breed defense against ransomware and business email compromise attacks. Willy said he’s focused on credential theft and multifactor authentication bypass kits since either can give adversaries access to a victim’s identity in Office 365.

“We want to tell customers who‘s being targeted, how they’re being targeted, and who they are being targeted by,” Willy said. “We give chapter and verse on that to all our clients so that they can take advantage of that to improve their security posture.”